It looks like you've got some custom sepolicy that is violating neverallow
rules (https://source.android.com/security/selinux/customize#neverallow):
neverallow check failed at
out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:4265
* (neverallow base_typeattr_55_27_0 base_typeattr_56_27_0 (file (execute
execute_no_trans entrypoint)))* <root>
allow at
out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:10748
* (allow newtestapp newtestapp_exec (file (read getattr map execute
entrypoint open)))*
neverallow check failed at
out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4754
from *system/sepolicy/public/domain.te:668*
* (neverallow base_typeattr_55 base_typeattr_56 (file (execute
execute_no_trans entrypoint)))* <root>
allow at
out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:10748
* (allow newtestapp newtestapp_exec (file (read getattr map execute
entrypoint open)))*
You'll probably want to remove or limit the execute / entrypoint allows for
newtestapp -- see any comments around system/sepolicy/public/domain.te:668
for more details.
- Dan
On Mon, Jul 15, 2019 at 9:31 AM Shilesh Babu <[email protected]> wrote:
> Hi Kun Li,
> I am facing same issue could you plz suggest anything????
>
> system/core/liblog/include/log/log_main.h:240:52: note: expanded from
> macro 'ALOGE'
> #define ALOGE(...) ((void)ALOG(LOG_ERROR, LOG_TAG, __VA_ARGS__))
> ^~~~~~~~~~~
> system/core/liblog/include/log/log_main.h:306:67: note: expanded from
> macro 'ALOG'
> #define ALOG(priority, tag, ...) LOG_PRI(ANDROID_##priority, tag,
> __VA_ARGS__)
>
> ^~~~~~~~~~~
> system/core/liblog/include/log/log_main.h:70:69: note: expanded from macro
> 'LOG_PRI'
> #define LOG_PRI(priority, tag, ...) android_printLog(priority, tag,
> __VA_ARGS__)
>
> ^~~~~~~~~~~
> system/core/liblog/include/log/log_main.h:61:34: note: expanded from macro
> 'android_printLog'
> __android_log_print(prio, tag, __VA_ARGS__)
> ^~~~~~~~~~~
> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:849:55:
> warning: unused parameter 'hComponent' [-Wunused-parameter]
> OMX_ERRORTYPE omx_test_enc_ebd(OMX_OUT OMX_HANDLETYPE hComponent,
> ^
> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:850:59:
> warning: unused parameter 'pBuffer' [-Wunused-parameter]
> OMX_OUT OMX_PTR pAppData, OMX_OUT OMX_BUFFERHEADERTYPE* pBuffer)
> ^
> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:895:55:
> warning: unused parameter 'hComponent' [-Wunused-parameter]
> OMX_ERRORTYPE omx_test_enc_fbd(OMX_OUT OMX_HANDLETYPE hComponent,
> ^
> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:945:64:
> warning: unused parameter 'hComponent' [-Wunused-parameter]
> OMX_ERRORTYPE omx_test_enc_event_handler(OMX_IN OMX_HANDLETYPE hComponent,
> ^
> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:950:18:
> warning: unused parameter 'pEventData' [-Wunused-parameter]
> OMX_IN OMX_PTR pEventData)
> ^
> 9 warnings generated.
> [ 8% 372/4315] Copy: out/target/product/N1/obj/lib/libmmjpeg.so
> [ 8% 373/4315] build
> out/target/product/N1/obj/SHARED_LIBRARIES/libmmjpeg_intermediates/libmmjpeg.so.toc
> [ 8% 374/4315] Install: out/target/product/N1/vendor/lib/libmmjpeg.so
> [ 8% 375/4315] Copy: out/target/product/N1/obj/lib/libmmjpeg.so.toc
> [ 8% 376/4315] target Executable: mm-qomx-ienc-test
> (out/target/product/N1/obj/EXECUTABLES/mm-qomx-ienc-test_intermediates/LINKED/mm-qomx-ienc-test)
> [ 8% 377/4315] target SharedLib: libmmqjpeg_codec
> (out/target/product/N1/obj/SHARED_LIBRARIES/libmmqjpeg_codec_intermediates/LINKED/libmmqjpeg_codec.so)
> [ 8% 378/4315] target Pack Relocations: libmmqjpeg_codec
> (out/target/product/N1/obj/SHARED_LIBRARIES/libmmqjpeg_codec_intermediates/PACKED/libmmqjpeg_codec.so)
> [ 8% 379/4315] target Unpacked: mm-qomx-ienc-test
> (out/target/product/N1/obj/EXECUTABLES/mm-qomx-ienc-test_intermediates/PACKED/mm-qomx-ienc-test)
> [ 8% 380/4315] target Symbolic: libmmqjpeg_codec
> (out/target/product/N1/symbols/vendor/lib/libmmqjpeg_codec.so)
> [ 8% 381/4315] target Symbolic: mm-qomx-ienc-test
> (out/target/product/N1/symbols/system/bin/mm-qomx-ienc-test)
> [ 8% 382/4315] build
> out/target/product/N1/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
> FAILED:
> out/target/product/N1/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
>
> /bin/bash -c "out/host/linux-x86/bin/secilc -M true -G -c 30
> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil
> out/target/product/N1/obj/ETC/27.0.cil_intermediates/27.0.cil
> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil
> -o
> out/target/product/N1/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
> -f /dev/null"
> neverallow check failed at
> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:4265
> (neverallow base_typeattr_55_27_0 base_typeattr_56_27_0 (file (execute
> execute_no_trans entrypoint)))
> <root>
> allow at
> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:10748
> (allow newtestapp newtestapp_exec (file (read getattr map execute
> entrypoint open)))
>
> neverallow check failed at
> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4754
> from system/sepolicy/public/domain.te:668
> (neverallow base_typeattr_55 base_typeattr_56 (file (execute
> execute_no_trans entrypoint)))
> <root>
> allow at
> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:10748
> (allow newtestapp newtestapp_exec (file (read getattr map execute
> entrypoint open)))
>
> Failed to generate binary
> Failed to build policydb
>
>
>
>
>
>
> On Tuesday, November 7, 2017 at 9:27:49 PM UTC+5:30, Paul Chang wrote:
>>
>> You should delete this rule from nonplat_sepolicy.cil:
>> allow domain sysfs_qemu_trace (file (ioctl read write getattr lock append
>> map open))
>>
>> 2017-10-13 10:47 GMT+08:00 Kun Li <[email protected]>:
>>
>>> I met sepolicy error when build latest android O code
>>> with car_emu_x86_64-userdebug:
>>> ------------------
>>> [ 82% 60943/73832] build
>>> out/target/product/.-x86_64/obj/ETC/sepolicy_intermediates/sepolicy
>>> FAILED:
>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy
>>> /bin/bash -c "(out/host/linux-x86/bin/secilc -m -M true -G -c 30
>>> out/target/product/car-x86_64/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil
>>> out/target/product/car-x86_64/obj/ETC/10000.0.cil_intermediates/10000.0.cil
>>> out/target/product/car-x86_64/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil
>>> -o
>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.tmp
>>> -f /dev/null ) && (out/host/linux-x86/bin/sepolicy-analyze
>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.tmp
>>> permissive >
>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains
>>> ) && (if [ \"userdebug\" = \"user\" -a -s
>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains
>>> ]; then echo \"==========\" 1>&2; echo
>>> \"ERROR: permissive domains not allowed in user builds\" 1>&2;
>>> echo \"List of invalid domains:\" 1>&2; cat
>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains
>>> 1>&2; exit 1; fi ) && (mv
>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.tmp
>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy )"
>>> neverallow check failed at
>>> out/target/product/car-x86_64/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:11513
>>> from system/sepolicy/private/isolated_app.te:113
>>> (neverallow isolated_app base_typeattr_290 (file (ioctl read write
>>> create setattr lock relabelfrom append unlink link rename open)))
>>> <root>
>>> allow at
>>> out/target/product/car-x86_64/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6402
>>> (allow domain sysfs_qemu_trace (file (ioctl read write getattr
>>> lock append map open)))
>>>
>>> Failed to generate binary
>>> Failed to build policydb
>>> [ 82% 60946/73832] //frameworks/compile/slang:llvm-rs-cc clang++
>>> slang_rs_object_ref_count.cpp [linux_glibc]
>>> ninja: build stopped: subcommand failed.
>>> 19:10:30 ninja failed with: exit status 1
>>>
>>>
>>> No idea on this error , anyone met this before ?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> --
>>> You received this message because you are subscribed to the "Android
>>> Building" mailing list.
>>> To post to this group, send email to [email protected]
>>> To unsubscribe from this group, send email to
>>> [email protected]
>>> For more options, visit this group at
>>> http://groups.google.com/group/android-building?hl=en
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Android Building" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
> --
> You received this message because you are subscribed to the "Android
> Building" mailing list.
> To post to this group, send email to [email protected]
> To unsubscribe from this group, send email to
> [email protected]
> For more options, visit this group at
> http://groups.google.com/group/android-building?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Android Building" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/android-building/a513a2c9-2137-4f7e-bc7b-daad78e1529f%40googlegroups.com
> <https://groups.google.com/d/msgid/android-building/a513a2c9-2137-4f7e-bc7b-daad78e1529f%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
--
You received this message because you are subscribed to the "Android Building"
mailing list.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-building?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Building" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/android-building/CALQgHdkvBTr6eK%2Bq8hudt3DN%3DY0o4h%2BU695EUCk2Q_LFyvnhDw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
