You need not to add classes. Classes are already defiened there. You just have to add permissions in respective classes.
What you add in *.te files can you please just give one example so I can help you better On Thu, Jan 31, 2019, 9:03 PM mindentropy <[email protected] wrote: > > > On Wednesday, January 30, 2019 at 12:04:48 AM UTC+5:30, Akshay Mhaske > wrote: >> >> where you added permissions ? >> >> class file and other similar classes are defined in >> system/sepolicy/access_vectors file. >> If you add these permissions in system/sepolicy/access_vectors, it should >> solve your issue. >> >> > I have not added classes. Permissions are in device/../../*.te files. I > will have a look at access vectors for defining classes. > > -Gautam. > > >> On Sunday, 27 January 2019 05:11:44 UTC+5:30, mindentropy wrote: >>> >>> Hi, >>> >>> I am using Kernel 4.19 and Android Nougat r7.1.1_r58 and I am having >>> issues with selinux. During bootup I get this: >>> >>> [ 3.563247] SELinux: Permission validate_trans in class security not >>> defined in policy. >>> [ 3.572142] SELinux: Permission getrlimit in class process not >>> defined in policy. >>> [ 3.580066] SELinux: Class process2 not defined in policy. >>> [ 3.586061] SELinux: Permission map in class file not defined in >>> policy. >>> [ 3.593279] SELinux: Permission map in class dir not defined in >>> policy. >>> [ 3.600313] SELinux: Permission map in class lnk_file not defined in >>> policy. >>> [ 3.607872] SELinux: Permission map in class chr_file not defined in >>> policy. >>> [ 3.615429] SELinux: Permission map in class blk_file not defined in >>> policy. >>> [ 3.622979] SELinux: Permission map in class sock_file not defined >>> in policy. >>> [ 3.630554] SELinux: Permission map in class fifo_file not defined >>> in policy. >>> [ 3.638206] SELinux: Permission map in class socket not defined in >>> policy. >>> [ 3.645592] SELinux: Permission map in class tcp_socket not defined >>> in policy. >>> [ 3.653361] SELinux: Permission map in class udp_socket not defined >>> in policy. >>> [ 3.661024] SELinux: Permission map in class rawip_socket not >>> defined in policy. >>> [ 3.668952] SELinux: Permission map in class netlink_socket not >>> defined in policy. >>> [ 3.677043] SELinux: Permission map in class packet_socket not >>> defined in policy. >>> [ 3.685034] SELinux: Permission map in class key_socket not defined >>> in policy. >>> [ 3.692764] SELinux: Permission map in class unix_stream_socket not >>> defined in policy. >>> [ 3.701164] SELinux: Permission map in class unix_dgram_socket not >>> defined in policy. >>> [ 3.709554] SELinux: Permission map in class netlink_route_socket >>> not defined in policy. >>> [ 3.718219] SELinux: Permission map in class netlink_tcpdiag_socket >>> not defined in policy. >>> [ 3.727047] SELinux: Permission map in class netlink_nflog_socket >>> not defined in policy. >>> [ 3.735681] SELinux: Permission map in class netlink_xfrm_socket not >>> defined in policy. >>> [ 3.744244] SELinux: Permission map in class netlink_selinux_socket >>> not defined in policy. >>> [ 3.753078] SELinux: Permission map in class ne[ 3.779391] >>> SELinux: Permission map in class netlink_connector_socket not defined in >>> policy. >>> [ 3.788399] SELinux: Permission map in class >>> netlink_netfilter_socket not defined in policy. >>> [ 3.797408] SELinux: Permission map in class netlink_dnrt_socket not >>> defined in policy. >>> [ 3.805955] SELinux: Permission map in class >>> netlink_kobject_uevent_socket not defined in policy. >>> [ 3.815406] SELinux: Permission map in class netlink_generic_socket >>> not defined in policy. >>> [ 3.824230] SELinux: Permission map in class >>> netlink_scsitransport_socket not defined in policy. >>> [ 3.833597] SELinux: Permission map in class netlink_rdma_socket not >>> defined in policy. >>> [ 3.843730] SELinux: Permission map in class netlink_crypto_socket >>> not defined in policy. >>> [ 3.852587] SELinux: Permission map in class appletalk_socket not >>> defined in policy. >>> [ 3.860806] SELinux: Permission map in class dccp_socket not defined >>> in policy. >>> [ 3.868673] SELinux: Permission map in class tun_socket not defined >>> in policy. >>> [ 3.876421] SELinux: Class cap_userns not defined in policy. >>> [ 3.882507] SELinux: Class cap2_userns not defined in policy. >>> [ 3.888622] SELinux: Class sctp_socket not defined in policy. >>> [ 3.894785] SELinux: Class icmp_socket not defined in policy. >>> [ 3.900897] SELinux: Class ax25_socket not defined in policy. >>> [ 3.907074] SELinux: Class ipx_socket not defined in policy. >>> [ 3.913161] SELinux: Class netrom_socket not defined in policy. >>> [ 3.919459] SELinux: Class atmpvc_socket not defined in policy. >>> [ 3.925821] SELinux: Class x25_socket not defined in policy. >>> [ 3.931902] SELinux: Class rose_socket not defined in policy. >>> [ 3.938012] SELinux: Class decnet_socket not defined in policy. >>> [ 3.944376] SELinux: Class atmsvc_socket not defined in policy. >>> [ 3.950664] SELinux: Class rds_socket not defined in policy. >>> [ 3.956742] SELinux: Class irda_socket not defined in policy. >>> [ 3.962910] SELinux: Class pppox_socket not defined in policy. >>> [ 3.969111] SELinux: Class llc_socket not defined in policy. >>> [ 3.975517] SELinux: Class can_socket not defined in policy. >>> [ 4.094631] SELinux: the above unknown classes and permissions will >>> be denied >>> >>> audit: type=1400 audit(4.520:3): avc: denied { map } for pid=1 >>> comm="init" path="/file_contexts.bin" dev="rootfs" ino=8020 >>> scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file >>> permissive=1 >>> >>> .... >>> >>> >>> I added permissions for avc denied rules for map etc but while compiling >>> I get : >>> :ERROR 'permission map is not defined for class file' at token ';' on >>> line 20937 >>> >>> It is not clear in Android documentation where to add the permission for >>> the class and in which files. Could somebody please help me with this? >>> >>> Thanks, >>> Gautam. >>> >> -- > -- > You received this message because you are subscribed to the "Android > Building" mailing list. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/android-building?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "Android Building" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the "Android Building" mailing list. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-building?hl=en --- You received this message because you are subscribed to the Google Groups "Android Building" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
