Hi, Stephen,
Could you give me some suggestions for the understanding the denials as shown below?
allow release_app zygote:netlink_selinux_socket getattr;
<5>[13011.539764] type=1400 audit(1343515886.695:592): avc: denied { getattr } for pid=10278 comm="ationTestRunner" path="socket:[1516]" dev=sockfs ino=1516 scontext=u:r:release_app:s0 tcontext=u:r:zygote:s0 tclass=netlink_selinux_socket
#============= untrusted_app ==============
allow untrusted_app self:netlink_route_socket create;
<5>[13900.251708] type=1400 audit(1343516775.406:801): avc: denied { create } for pid=15089 comm="WebViewCoreThre" scontext=u:r:untrusted_app:s0:c39 tcontext=u:r:untrusted_app:s0:c39 tclass=netlink_route_socket
-----------------------------------
Haiqing Jiang, PH.D studentComputer Science Department, North Carolina State University
