Re: [android-porting] Selinux 'syntax' error in policy.

Thu, 19 Jul 2018 15:23:24 -0700 

On Thu, Jul 19, 2018 at 12:04 AM, <mindentr...@gmail.com> wrote:

> Hi,
>
> I am trying to port AOSP Marshmallow for Beaglebone black. I get a lot of
> AVC denied errors. When I tried to write a allow policy I get syntax error
> while the build checks the policy.
>
> Following is the avc denied error:
>
> ##avc: denied { open } for pid=630 comm="zygote" 
> path="/sys/kernel/debug/tracing/trace_marker"
> dev="tracefs" ino=62 scontext=u:r:zygote:s0 
> tcontext=u:object_r:debugfs_tracing:s0
> tclass=file permissive=1
>
> ​Try audit2allow. It frame the rule as per the denial message. (not all
but in most of the cases it does work good)
https://source.android.com/security/selinux/validate

For message:

<5> type=1400 audit: avc:  denied  { read write } for  pid=177
comm="rmt_storage" name="mem" dev="tmpfs" ino=6004 scontext=u:r:rmt:s0
tcontext=u:object_r:kmem_device:s0 tclass=chr_file


adb pull /sys/fs/selinux/policyadb logcat -b all -d | audit2allow -p policy


output

#============= shell ==============
allow shell kernel:security setenforce;
#============= rmt ==============
allow rmt kmem_device:chr_file { read write };

​


> Following is my rule:
> allow zygote debugfs_tracing:file {write}
>
> I am not sure what is wrong. Can somebody please help?
>
> Thanks.
>
> --
> --
> unsubscribe: android-porting+unsubscr...@googlegroups.com
> website: http://groups.google.com/group/android-porting
>
> ---
> You received this message because you are subscribed to the Google Groups
> "android-porting" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to android-porting+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Regards,
satish patel

-- 
-- 
unsubscribe: android-porting+unsubscr...@googlegroups.com
website: http://groups.google.com/group/android-porting

--- 
You received this message because you are subscribed to the Google Groups 
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to android-porting+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to