On 08/26/2013 09:48 PM, Peck, Michael A wrote:
> Hi,
>
> When testing a bunch of applications, I'm getting a denial like the below
> from about 60% of the apps. I'm using a very recent master branch (AOSP + SE
> for Android) on a Galaxy Nexus.
> I don't see any recent, related changes to the SELinux policy so perhaps
> there was a recent change in AOSP causing many apps to try to get the
> attributes of /data/app? Is anyone else seeing anything similar?
>
> type=1400 msg=audit(1377395793.361:557): avc: denied { getattr } for
> pid=27640 comm="id.nycsubwaymap" path="/data/app" dev=mmcblk0p12 ino=773681
> scontext=u:r:untrusted_app:s0:c58,c256 tcontext=u:object_r:apk_data_file:s0
> tclass=dir
Interesting, I haven't seen that. Does it only happen with apps from
Google Play or with any of the AOSP apps?
I suppose we could add getattr to domain.te; we already allow search to
apk_data_file:dir and r_file_perms to apk_data_file:file there for all
domains. getattr only permits stat(2) so it isn't a big deal to permit it.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
