You should delete this rule from nonplat_sepolicy.cil: allow domain sysfs_qemu_trace (file (ioctl read write getattr lock append map open))
2017-10-13 10:47 GMT+08:00 Kun Li <[email protected]>: > I met sepolicy error when build latest android O code > with car_emu_x86_64-userdebug: > ------------------ > [ 82% 60943/73832] build out/target/product/.-x86_64/obj/ETC/sepolicy_ > intermediates/sepolicy > FAILED: out/target/product/car-x86_64/obj/ETC/sepolicy_ > intermediates/sepolicy > /bin/bash -c "(out/host/linux-x86/bin/secilc -m -M true -G -c 30 > out/target/product/car-x86_64/obj/ETC/plat_sepolicy.cil_ > intermediates/plat_sepolicy.cil out/target/product/car-x86_64/ > obj/ETC/10000.0.cil_intermediates/10000.0.cil > out/target/product/car-x86_64/obj/ETC/nonplat_sepolicy.cil_ > intermediates/nonplat_sepolicy.cil -o out/target/product/car-x86_64/ > obj/ETC/sepolicy_intermediates/sepolicy.tmp -f /dev/null ) && > (out/host/linux-x86/bin/sepolicy-analyze out/target/product/car-x86_64/ > obj/ETC/sepolicy_intermediates/sepolicy.tmp permissive > > out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains > ) && (if [ \"userdebug\" = \"user\" -a -s out/target/product/car-x86_64/ > obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ]; then > echo \"==========\" 1>&2; echo \"ERROR: permissive > domains not allowed in user builds\" 1>&2; echo \"List of > invalid domains:\" 1>&2; cat out/target/product/car-x86_64/ > obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains 1>&2; > exit 1; fi ) && (mv out/target/product/car-x86_64/ > obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/car-x86_64/ > obj/ETC/sepolicy_intermediates/sepolicy )" > neverallow check failed at out/target/product/car-x86_64/ > obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:11513 from > system/sepolicy/private/isolated_app.te:113 > (neverallow isolated_app base_typeattr_290 (file (ioctl read write > create setattr lock relabelfrom append unlink link rename open))) > <root> > allow at out/target/product/car-x86_64/obj/ETC/nonplat_sepolicy.cil_ > intermediates/nonplat_sepolicy.cil:6402 > (allow domain sysfs_qemu_trace (file (ioctl read write getattr lock > append map open))) > > Failed to generate binary > Failed to build policydb > [ 82% 60946/73832] //frameworks/compile/slang:llvm-rs-cc clang++ > slang_rs_object_ref_count.cpp [linux_glibc] > ninja: build stopped: subcommand failed. > 19:10:30 ninja failed with: exit status 1 > > > No idea on this error , anyone met this before ? > > > > > > > > > > > > -- > -- > You received this message because you are subscribed to the "Android > Building" mailing list. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/android-building?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "Android Building" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the "Android Building" mailing list. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-building?hl=en --- You received this message because you are subscribed to the Google Groups "Android Building" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
