On Fri, 2012-07-27 at 14:50 -0400, Stephen Smalley wrote: > On Fri, 2012-07-27 at 11:30 -0700, William Roberts wrote: > > Yeah but the Zygote failures will be in logcat, so if you missed them > > when you were testing in permissive mode, then its your problem. This > > is the same behavior as the rest of the system, we just need to agree > > upon a "avc denied" message for Zygote and teach the SEAndroidManager > > app to look for those too. > > > > I don't think I can advise as to the best message and was looking to > > you for a possible formatting for it? > > It isn't an avc denial. I don't remember now whether we wired up the > callback to prefix these messages with SELinux? If so, then that should > suffice as a keyword for filtering the logs. Commented out the untrusted_app line and tried running a third party app. Got this message in logcat *:E: E/SELinux ( 1229): selinux_android_setcontext: No match for app with uid 10055, seinfo default, name com.adobe.reader So you can already use SELinux as the keyword for filtering, and then pull out the relevant fields. It isn't an AVC message though. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
