Sure, will do that. On Wed, Jul 17, 2019 at 11:06 PM Jeffrey Vander Stoep <[email protected]> wrote: > > Can you create a patch in a standard format? Either upload to AOSP using > "repo upload" or use "git diff" and add the output to this email thread. > > On Wed, Jul 17, 2019 at 11:23 AM Shilesh Babu <[email protected]> wrote: >> >> Hi Jeffrey, >> Could you plz check my service and policy adding part to aosp. >> Thanks. >> >> On Wed, Jul 17, 2019 at 10:18 PM Shilesh Babu <[email protected]> wrote: >> > >> > Hi Jeffrey, >> > if i remove these below lines from aosp its working fine only facing >> > issue while adding newtestapp service, i think the way adding new >> > service in aosp that might be a problem. >> > following this docs for adding new service >> > ///https://source.android.com/security/selinux/device-policy >> > >> > service newtestapp /system/bin/newtestapp // added in >> > aosp-neo-n1/system/core/rootdir/init.rc >> > class core >> > >> > type newtestapp, domain; // added in >> > aosp-neo-n1/device/qcom/sepolicy/private/newtestapp.te >> > type newtestapp_exec, exec_type, file_type; >> > init_daemon_domain(newtestapp) >> > >> > /system/bin/newtestapp u:object_r:newtestapp_exec:s0 //added in >> > aosp-neo-n1/device/qcom/sepolicy/private/file_contexts >> > >> > On Wed, Jul 17, 2019 at 10:07 PM Jeffrey Vander Stoep <[email protected]> >> > wrote: >> > > >> > > Can you repo upload your change to aosp for review? >> > > >> > > On Wed, Jul 17, 2019 at 9:25 AM Shilesh Babu <[email protected]> >> > > wrote: >> > >> >> > >> Hi Jeffrey, >> > >> Thanks for your response!! >> > >> Now I am adding new service in background >> > >> like .. >> > >> >> > >> service newtestapp /system/bin/newtestapp >> > >> // added in aosp-neo-n1/system/core/rootdir/init.rc >> > >> class core >> > >> >> > >> # newtestapp service >> > >> // added in >> > >> aosp-neo-n1/device/qcom/sepolicy/private/newtestapp.te >> > >> type newtestapp, domain; >> > >> type newtestapp_exec, exec_type, file_type; >> > >> init_daemon_domain(newtestapp) >> > >> >> > >> /system/bin/newtestapp u:object_r:newtestapp_exec:s0 >> > >> //added in aosp-neo-n1/device/qcom/sepolicy/private/file_contexts >> > >> >> > >> ---->But while building the aosp getting the an >> > >> error................................................................................................... >> > >> >> > >> [ 0% 25/4326] build >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil >> > >> FAILED: >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil >> > >> /bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 >> > >> out/host/linux-x86/bin/checkpolicy -M -C -c 30 -o >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_policy.conf >> > >> ) && (cat system/sepolicy/private/technical_debt.cil >> >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil >> > >> ) && (out/host/linux-x86/bin/secilc -M true -G -c 30 >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil >> > >> -o /dev/null -f /dev/null )" >> > >> out/host/linux-x86/bin/checkpolicy: loading policy configuration from >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_policy.conf >> > >> out/host/linux-x86/bin/checkpolicy: policy configuration loaded >> > >> out/host/linux-x86/bin/checkpolicy: writing CIL to >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil >> > >> neverallow check failed at >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4760 >> > >> from system/sepolicy/public/domain.te:668 >> > >> (neverallow base_typeattr_55 base_typeattr_56 (file (execute >> > >> execute_no_trans entrypoint))) >> > >> <root> >> > >> allow at >> > >> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:13229 >> > >> (allow newtestapp newtestapp_exec (file (read getattr map >> > >> execute entrypoint open))) >> > >> >> > >> Failed to generate binary >> > >> Failed to build policydb >> > >> [ 0% 26/4326] target thumb C++: libqcrilFramework <= >> > >> vendor/qcom/proprietary/qcril-hal/framework/src/Looper.cpp >> > >> [ 0% 27/4326] target thumb C++: libqcrilFramework <= >> > >> vendor/qcom/proprietary/qcril-hal/framework/src/Message.cpp >> > >> [ 0% 28/4326] build >> > >> out/target/product/N1/obj/ETC/sepolicy.recovery_intermediates/sepolicy >> > >> device/qcom/sepolicy/msm8909/hal-server.te:37:WARNING 'unrecognized >> > >> character' at token '�' on line 66961: >> > >> typeattribute hal-server hal_drm_server; >> > >> typeattribute hal-server hal_drm; >> > >> device/qcom/sepolicy/msm8909/hal-server.te:37:WARNING 'unrecognized >> > >> character' at token '�' on line 66961: >> > >> typeattribute hal-server hal_drm_server; >> > >> typeattribute hal-server hal_drm; >> > >> device/qcom/sepolicy/msm8909/hal-server.te:37:WARNING 'unrecognized >> > >> character' at token '�' on line 66961: >> > >> typeattribute hal-server hal_drm_server; >> > >> typeattribute hal-server hal_drm; >> > >> device/qcom/sepolicy/msm8909/hal-server.te:37:WARNING 'unrecognized >> > >> character' at token '�' on line 66961: >> > >> typeattribute hal-server hal_drm_server; >> > >> typeattribute hal-server hal_drm; >> > >> out/host/linux-x86/bin/checkpolicy: loading policy configuration from >> > >> out/target/product/N1/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery.conf >> > >> out/host/linux-x86/bin/checkpolicy: policy configuration loaded >> > >> out/host/linux-x86/bin/checkpolicy: writing binary representation >> > >> (version 30) to >> > >> out/target/product/N1/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp >> > >> [ 0% 29/4326] Dexpreopt Jar: NWYConfig >> > >> (out/target/product/N1/obj/JAVA_LIBRARIES/NWYConfig_intermediates/oat/arm/javalib.odex) >> > >> [ 0% 30/4326] build out/target/product/N1/emmc_appsboot.mbn >> > >> make: Entering directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/bootable/bootloader/lk' >> > >> make[1]: Entering directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/bootable/bootloader/lk' >> > >> including app/aboot dev/fbcon dev/gcdb/display dev/keys >> > >> dev/pmic/pm8x41 dev/pmic/pmi8994 dev/qpnp_haptic dev/vib lib/debug >> > >> lib/heap lib/libc lib/libfdt lib/openssl lib/ptable >> > >> including lib/openssl/crypto lib/zlib_inflate >> > >> generating >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/config.h >> > >> generating >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/system-onesegment.ld >> > >> linking >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk >> > >> ../../../prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/arm-eabi-ld: >> > >> warning: >> > >> /home/shilesh/ather_source/source/aosp-neo-n1/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/../lib/gcc/arm-eabi/4.8/libgcc.a(bpabi.o) >> > >> uses 32-bit enums yet the output is to use variable-size enums; use of >> > >> enum values across objects may fail >> > >> ../../../prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/arm-eabi-ld: >> > >> warning: >> > >> /home/shilesh/ather_source/source/aosp-neo-n1/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/../lib/gcc/arm-eabi/4.8/libgcc.a(_divdi3.o) >> > >> uses 32-bit enums yet the output is to use variable-size enums; use of >> > >> enum values across objects may fail >> > >> ../../../prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/arm-eabi-ld: >> > >> warning: >> > >> /home/shilesh/ather_source/source/aosp-neo-n1/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/../lib/gcc/arm-eabi/4.8/libgcc.a(_udivdi3.o) >> > >> uses 32-bit enums yet the output is to use variable-size enums; use of >> > >> enum values across objects may fail >> > >> generating image: >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk.bin >> > >> generating listing: >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk.lst >> > >> text data bss dec hex filename >> > >> 368948 224632 202456 796036 c2584 >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk >> > >> ../../../prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/arm-eabi-objcopy >> > >> -O binary >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk.bin >> > >> generating listing: >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk.debug.lst >> > >> generating symbols: >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk.sym >> > >> generating size map: >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk.size >> > >> generating stripped elf: >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk_s.elf >> > >> cp -f >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/lk_s.elf >> > >> ../../../out/target/product/N1/obj/EMMC_BOOTLOADER_OBJ/../../emmc_appsboot.mbn >> > >> make[1]: Leaving directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/bootable/bootloader/lk' >> > >> make: Leaving directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/bootable/bootloader/lk' >> > >> [ 0% 31/4326] build out/target/product/N1/obj/kernel/msm-3.18/usr >> > >> make: Entering directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/kernel/msm-3.18' >> > >> make[1]: Entering directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/out/target/product/N1/obj/kernel/msm-3.18' >> > >> GEN ./Makefile >> > >> arch/arm/configs/msm8909_N1_defconfig:599:warning: override: >> > >> reassigning to symbol MEMCG >> > >> arch/arm/configs/msm8909_N1_defconfig:600:warning: override: >> > >> reassigning to symbol MEMCG_SWAP >> > >> # >> > >> # configuration written to .config >> > >> # >> > >> make[1]: Leaving directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/out/target/product/N1/obj/kernel/msm-3.18' >> > >> make: Leaving directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/kernel/msm-3.18' >> > >> make: Entering directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/kernel/msm-3.18' >> > >> make[1]: Entering directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/out/target/product/N1/obj/kernel/msm-3.18' >> > >> CHK include/generated/uapi/linux/version.h >> > >> make[1]: Leaving directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/out/target/product/N1/obj/kernel/msm-3.18' >> > >> make: Leaving directory >> > >> '/home/shilesh/ather_source/source/aosp-neo-n1/kernel/msm-3.18' >> > >> [ 0% 32/4326] target Java: SnapdragonCamera >> > >> (out/target/common/obj/APPS/SnapdragonCamera_intermediates/classes) >> > >> ninja: build stopped: subcommand failed. >> > >> 21:33:51 ninja failed with: exit status 1 >> > >> >> > >> #### failed to build some targets (05:39 (mm:ss)) #### >> > >> >> > >> >> > >> ============================================== >> > >> Build finished ! >> > >> ============================================== >> > >> >> > >> shilesh@shilesh-VirtualBox:~/ather_source/source/aosp-neo-n1$ >> > >> >> > >> Could you please tell me, do i am doing anything wrong while added new >> > >> service ?? >> > >> >> > >> On Wed, Jul 17, 2019 at 1:19 AM Jeffrey Vander Stoep <[email protected]> >> > >> wrote: >> > >> > >> > >> > See https://source.android.com/security/selinux/device-policy >> > >> > >> > >> > On Tue, Jul 16, 2019 at 11:22 AM Shilesh Babu >> > >> > <[email protected]> wrote: >> > >> >> >> > >> >> Hi guys, >> > >> >> I am not able to add service properly in init.rc, could you please >> > >> >> share any information like how to add and crate selinux policy. >> > >> >> I am doing..... >> > >> >> service testapp /system/bin/testapp //adding in init.rc >> > >> >> >> > >> >> Created policy in /device/../sepolicy/testapp.te >> > >> >> >> > >> >> Working on Android 8, please let me know if you have any inputs. >> > >> >> >> > >> >> On Mon, Jul 15, 2019, 11:40 PM 'Dan Willemsen' via Android Building >> > >> >> <[email protected]> wrote: >> > >> >>> >> > >> >>> It looks like you've got some custom sepolicy that is violating >> > >> >>> neverallow rules >> > >> >>> (https://source.android.com/security/selinux/customize#neverallow): >> > >> >>> >> > >> >>> neverallow check failed at >> > >> >>> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:4265 >> > >> >>> (neverallow base_typeattr_55_27_0 base_typeattr_56_27_0 (file >> > >> >>> (execute execute_no_trans entrypoint))) >> > >> >>> <root> >> > >> >>> allow at >> > >> >>> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:10748 >> > >> >>> (allow newtestapp newtestapp_exec (file (read getattr map >> > >> >>> execute entrypoint open))) >> > >> >>> >> > >> >>> neverallow check failed at >> > >> >>> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4754 >> > >> >>> from system/sepolicy/public/domain.te:668 >> > >> >>> (neverallow base_typeattr_55 base_typeattr_56 (file (execute >> > >> >>> execute_no_trans entrypoint))) >> > >> >>> <root> >> > >> >>> allow at >> > >> >>> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:10748 >> > >> >>> (allow newtestapp newtestapp_exec (file (read getattr map >> > >> >>> execute entrypoint open))) >> > >> >>> >> > >> >>> You'll probably want to remove or limit the execute / entrypoint >> > >> >>> allows for newtestapp -- see any comments around >> > >> >>> system/sepolicy/public/domain.te:668 for more details. >> > >> >>> >> > >> >>> - Dan >> > >> >>> >> > >> >>> On Mon, Jul 15, 2019 at 9:31 AM Shilesh Babu >> > >> >>> <[email protected]> wrote: >> > >> >>>> >> > >> >>>> Hi Kun Li, >> > >> >>>> I am facing same issue could you plz suggest anything???? >> > >> >>>> >> > >> >>>> system/core/liblog/include/log/log_main.h:240:52: note: expanded >> > >> >>>> from macro 'ALOGE' >> > >> >>>> #define ALOGE(...) ((void)ALOG(LOG_ERROR, LOG_TAG, __VA_ARGS__)) >> > >> >>>> ^~~~~~~~~~~ >> > >> >>>> system/core/liblog/include/log/log_main.h:306:67: note: expanded >> > >> >>>> from macro 'ALOG' >> > >> >>>> #define ALOG(priority, tag, ...) LOG_PRI(ANDROID_##priority, tag, >> > >> >>>> __VA_ARGS__) >> > >> >>>> >> > >> >>>> ^~~~~~~~~~~ >> > >> >>>> system/core/liblog/include/log/log_main.h:70:69: note: expanded >> > >> >>>> from macro 'LOG_PRI' >> > >> >>>> #define LOG_PRI(priority, tag, ...) android_printLog(priority, >> > >> >>>> tag, __VA_ARGS__) >> > >> >>>> >> > >> >>>> ^~~~~~~~~~~ >> > >> >>>> system/core/liblog/include/log/log_main.h:61:34: note: expanded >> > >> >>>> from macro 'android_printLog' >> > >> >>>> __android_log_print(prio, tag, __VA_ARGS__) >> > >> >>>> ^~~~~~~~~~~ >> > >> >>>> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:849:55: >> > >> >>>> warning: unused parameter 'hComponent' [-Wunused-parameter] >> > >> >>>> OMX_ERRORTYPE omx_test_enc_ebd(OMX_OUT OMX_HANDLETYPE hComponent, >> > >> >>>> ^ >> > >> >>>> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:850:59: >> > >> >>>> warning: unused parameter 'pBuffer' [-Wunused-parameter] >> > >> >>>> OMX_OUT OMX_PTR pAppData, OMX_OUT OMX_BUFFERHEADERTYPE* pBuffer) >> > >> >>>> ^ >> > >> >>>> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:895:55: >> > >> >>>> warning: unused parameter 'hComponent' [-Wunused-parameter] >> > >> >>>> OMX_ERRORTYPE omx_test_enc_fbd(OMX_OUT OMX_HANDLETYPE hComponent, >> > >> >>>> ^ >> > >> >>>> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:945:64: >> > >> >>>> warning: unused parameter 'hComponent' [-Wunused-parameter] >> > >> >>>> OMX_ERRORTYPE omx_test_enc_event_handler(OMX_IN OMX_HANDLETYPE >> > >> >>>> hComponent, >> > >> >>>> ^ >> > >> >>>> vendor/qcom/proprietary/mm-still/codec_v1/omx/test/qomx_jpeg_enc_test.c:950:18: >> > >> >>>> warning: unused parameter 'pEventData' [-Wunused-parameter] >> > >> >>>> OMX_IN OMX_PTR pEventData) >> > >> >>>> ^ >> > >> >>>> 9 warnings generated. >> > >> >>>> [ 8% 372/4315] Copy: out/target/product/N1/obj/lib/libmmjpeg.so >> > >> >>>> [ 8% 373/4315] build >> > >> >>>> out/target/product/N1/obj/SHARED_LIBRARIES/libmmjpeg_intermediates/libmmjpeg.so.toc >> > >> >>>> [ 8% 374/4315] Install: >> > >> >>>> out/target/product/N1/vendor/lib/libmmjpeg.so >> > >> >>>> [ 8% 375/4315] Copy: >> > >> >>>> out/target/product/N1/obj/lib/libmmjpeg.so.toc >> > >> >>>> [ 8% 376/4315] target Executable: mm-qomx-ienc-test >> > >> >>>> (out/target/product/N1/obj/EXECUTABLES/mm-qomx-ienc-test_intermediates/LINKED/mm-qomx-ienc-test) >> > >> >>>> [ 8% 377/4315] target SharedLib: libmmqjpeg_codec >> > >> >>>> (out/target/product/N1/obj/SHARED_LIBRARIES/libmmqjpeg_codec_intermediates/LINKED/libmmqjpeg_codec.so) >> > >> >>>> [ 8% 378/4315] target Pack Relocations: libmmqjpeg_codec >> > >> >>>> (out/target/product/N1/obj/SHARED_LIBRARIES/libmmqjpeg_codec_intermediates/PACKED/libmmqjpeg_codec.so) >> > >> >>>> [ 8% 379/4315] target Unpacked: mm-qomx-ienc-test >> > >> >>>> (out/target/product/N1/obj/EXECUTABLES/mm-qomx-ienc-test_intermediates/PACKED/mm-qomx-ienc-test) >> > >> >>>> [ 8% 380/4315] target Symbolic: libmmqjpeg_codec >> > >> >>>> (out/target/product/N1/symbols/vendor/lib/libmmqjpeg_codec.so) >> > >> >>>> [ 8% 381/4315] target Symbolic: mm-qomx-ienc-test >> > >> >>>> (out/target/product/N1/symbols/system/bin/mm-qomx-ienc-test) >> > >> >>>> [ 8% 382/4315] build >> > >> >>>> out/target/product/N1/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy >> > >> >>>> FAILED: >> > >> >>>> out/target/product/N1/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy >> > >> >>>> /bin/bash -c "out/host/linux-x86/bin/secilc -M true -G -c 30 >> > >> >>>> >> > >> >>>> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil >> > >> >>>> out/target/product/N1/obj/ETC/27.0.cil_intermediates/27.0.cil >> > >> >>>> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil >> > >> >>>> -o >> > >> >>>> out/target/product/N1/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy >> > >> >>>> -f /dev/null" >> > >> >>>> neverallow check failed at >> > >> >>>> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:4265 >> > >> >>>> (neverallow base_typeattr_55_27_0 base_typeattr_56_27_0 (file >> > >> >>>> (execute execute_no_trans entrypoint))) >> > >> >>>> <root> >> > >> >>>> allow at >> > >> >>>> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:10748 >> > >> >>>> (allow newtestapp newtestapp_exec (file (read getattr map >> > >> >>>> execute entrypoint open))) >> > >> >>>> >> > >> >>>> neverallow check failed at >> > >> >>>> out/target/product/N1/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4754 >> > >> >>>> from system/sepolicy/public/domain.te:668 >> > >> >>>> (neverallow base_typeattr_55 base_typeattr_56 (file (execute >> > >> >>>> execute_no_trans entrypoint))) >> > >> >>>> <root> >> > >> >>>> allow at >> > >> >>>> out/target/product/N1/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:10748 >> > >> >>>> (allow newtestapp newtestapp_exec (file (read getattr map >> > >> >>>> execute entrypoint open))) >> > >> >>>> >> > >> >>>> Failed to generate binary >> > >> >>>> Failed to build policydb >> > >> >>>> >> > >> >>>> >> > >> >>>> >> > >> >>>> >> > >> >>>> >> > >> >>>> >> > >> >>>> On Tuesday, November 7, 2017 at 9:27:49 PM UTC+5:30, Paul Chang >> > >> >>>> wrote: >> > >> >>>>> >> > >> >>>>> You should delete this rule from nonplat_sepolicy.cil: >> > >> >>>>> allow domain sysfs_qemu_trace (file (ioctl read write getattr >> > >> >>>>> lock append map open)) >> > >> >>>>> >> > >> >>>>> 2017-10-13 10:47 GMT+08:00 Kun Li >> > >> >>>>> <[email protected]>: >> > >> >>>>>> >> > >> >>>>>> I met sepolicy error when build latest android O code with >> > >> >>>>>> car_emu_x86_64-userdebug: >> > >> >>>>>> ------------------ >> > >> >>>>>> [ 82% 60943/73832] build >> > >> >>>>>> out/target/product/.-x86_64/obj/ETC/sepolicy_intermediates/sepolicy >> > >> >>>>>> FAILED: >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy >> > >> >>>>>> /bin/bash -c "(out/host/linux-x86/bin/secilc -m -M true -G -c 30 >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil >> > >> >>>>>> >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/10000.0.cil_intermediates/10000.0.cil >> > >> >>>>>> >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil >> > >> >>>>>> -o >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.tmp >> > >> >>>>>> -f /dev/null ) && (out/host/linux-x86/bin/sepolicy-analyze >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.tmp >> > >> >>>>>> permissive > >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains >> > >> >>>>>> ) && (if [ \"userdebug\" = \"user\" -a -s >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains >> > >> >>>>>> ]; then echo \"==========\" 1>&2; >> > >> >>>>>> echo \"ERROR: permissive domains not allowed in user builds\" >> > >> >>>>>> 1>&2; echo \"List of invalid domains:\" 1>&2; >> > >> >>>>>> cat >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains >> > >> >>>>>> 1>&2; exit 1; fi ) && (mv >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy.tmp >> > >> >>>>>> >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/sepolicy_intermediates/sepolicy >> > >> >>>>>> )" >> > >> >>>>>> neverallow check failed at >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:11513 >> > >> >>>>>> from system/sepolicy/private/isolated_app.te:113 >> > >> >>>>>> (neverallow isolated_app base_typeattr_290 (file (ioctl read >> > >> >>>>>> write create setattr lock relabelfrom append unlink link rename >> > >> >>>>>> open))) >> > >> >>>>>> <root> >> > >> >>>>>> allow at >> > >> >>>>>> out/target/product/car-x86_64/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6402 >> > >> >>>>>> (allow domain sysfs_qemu_trace (file (ioctl read write >> > >> >>>>>> getattr lock append map open))) >> > >> >>>>>> >> > >> >>>>>> Failed to generate binary >> > >> >>>>>> Failed to build policydb >> > >> >>>>>> [ 82% 60946/73832] //frameworks/compile/slang:llvm-rs-cc clang++ >> > >> >>>>>> slang_rs_object_ref_count.cpp [linux_glibc] >> > >> >>>>>> ninja: build stopped: subcommand failed. >> > >> >>>>>> 19:10:30 ninja failed with: exit status 1 >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> No idea on this error , anyone met this before ? >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> >> > >> >>>>>> -- >> > >> >>>>>> -- >> > >> >>>>>> You received this message because you are subscribed to the >> > >> >>>>>> "Android Building" mailing list. >> > >> >>>>>> To post to this group, send email to [email protected] >> > >> >>>>>> To unsubscribe from this group, send email to >> > >> >>>>>> [email protected] >> > >> >>>>>> For more options, visit this group at >> > >> >>>>>> http://groups.google.com/group/android-building?hl=en >> > >> >>>>>> >> > >> >>>>>> --- >> > >> >>>>>> You received this message because you are subscribed to the >> > >> >>>>>> Google Groups "Android Building" group. >> > >> >>>>>> To unsubscribe from this group and stop receiving emails from >> > >> >>>>>> it, send an email to [email protected]. >> > >> >>>>>> For more options, visit https://groups.google.com/d/optout. >> > >> >>>>> >> > >> >>>>> >> > >> >>>> -- >> > >> >>>> -- >> > >> >>>> You received this message because you are subscribed to the >> > >> >>>> "Android Building" mailing list. >> > >> >>>> To post to this group, send email to >> > >> >>>> [email protected] >> > >> >>>> To unsubscribe from this group, send email to >> > >> >>>> [email protected] >> > >> >>>> For more options, visit this group at >> > >> >>>> http://groups.google.com/group/android-building?hl=en >> > >> >>>> >> > >> >>>> --- >> > >> >>>> You received this message because you are subscribed to the Google >> > >> >>>> Groups "Android Building" group. >> > >> >>>> To unsubscribe from this group and stop receiving emails from it, >> > >> >>>> send an email to [email protected]. >> > >> >>>> To view this discussion on the web visit >> > >> >>>> https://groups.google.com/d/msgid/android-building/a513a2c9-2137-4f7e-bc7b-daad78e1529f%40googlegroups.com. >> > >> >>>> For more options, visit https://groups.google.com/d/optout. >> > >> >>> >> > >> >>> -- >> > >> >>> -- >> > >> >>> You received this message because you are subscribed to the >> > >> >>> "Android Building" mailing list. >> > >> >>> To post to this group, send email to >> > >> >>> [email protected] >> > >> >>> To unsubscribe from this group, send email to >> > >> >>> [email protected] >> > >> >>> For more options, visit this group at >> > >> >>> http://groups.google.com/group/android-building?hl=en >> > >> >>> >> > >> >>> --- >> > >> >>> You received this message because you are subscribed to the Google >> > >> >>> Groups "Android Building" group. >> > >> >>> To unsubscribe from this group and stop receiving emails from it, >> > >> >>> send an email to [email protected]. >> > >> >>> To view this discussion on the web visit >> > >> >>> https://groups.google.com/d/msgid/android-building/CALQgHdkvBTr6eK%2Bq8hudt3DN%3DY0o4h%2BU695EUCk2Q_LFyvnhDw%40mail.gmail.com. >> > >> >>> For more options, visit https://groups.google.com/d/optout. >> > >> >> > >> >> > >> >> > >> -- >> > >> Thanks&Regards >> > >> >> > >> Shilesh Babu >> > >> +91-9871740920 >> > >> [email protected] >> > >> > >> > >> > -- >> > Thanks&Regards >> > >> > Shilesh Babu >> > +91-9871740920 >> > [email protected] >> >> >> >> -- >> Thanks&Regards >> >> Shilesh Babu >> +91-9871740920 >> [email protected]
-- Thanks&Regards Shilesh Babu +91-9871740920 [email protected] -- -- You received this message because you are subscribed to the "Android Building" mailing list. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-building?hl=en --- You received this message because you are subscribed to the Google Groups "Android Building" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/android-building/CAFP7zaAP5qxYGw%3D%2B_wJ6pZxBqXn9%3D3GC9e-9FegUBs2oEp15rQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
