Yeah IMO the SELinux Error messages in Logact are sufficient and their is no need to make it more complex. I wasn't sure if we wanted to follow the kernel convention. On Fri, Jul 27, 2012 at 11:55 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On Fri, 2012-07-27 at 14:50 -0400, Stephen Smalley wrote: >> On Fri, 2012-07-27 at 11:30 -0700, William Roberts wrote: >> > Yeah but the Zygote failures will be in logcat, so if you missed them >> > when you were testing in permissive mode, then its your problem. This >> > is the same behavior as the rest of the system, we just need to agree >> > upon a "avc denied" message for Zygote and teach the SEAndroidManager >> > app to look for those too. >> > >> > I don't think I can advise as to the best message and was looking to >> > you for a possible formatting for it? >> >> It isn't an avc denial. I don't remember now whether we wired up the >> callback to prefix these messages with SELinux? If so, then that should >> suffice as a keyword for filtering the logs. > > Commented out the untrusted_app line and tried running a third party > app. Got this message in logcat *:E: > E/SELinux ( 1229): selinux_android_setcontext: No match for app with > uid 10055, seinfo default, name com.adobe.reader > > So you can already use SELinux as the keyword for filtering, and then > pull out the relevant fields. It isn't an AVC message though. > > -- > Stephen Smalley > National Security Agency > -- Respectfully, William C Roberts -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
