Dear William Roberts Okey, that is another good idea. I will check the method after compatibility between the recent policy and my device.
Thank you Best regards 2014-04-14 10:54 GMT+09:00 William Roberts <[email protected]>: > IMHO you would probably be best advised to pull in all the current work on > master into you're external project. > On Apr 13, 2014 4:56 PM, "Jaejyn Shin" <[email protected]> wrote: > >> Dear Nick Kralevich >> >> Thank you for your nice advice !! >> I will apply those commit and test it again. >> >> Thank you >> Best regards >> >> >> 2014-04-13 23:15 GMT+09:00 Nick Kralevich <[email protected]>: >> >>> >>> Dave Platt committed the zygote socket changes. They are available by >>> looking at his commit history: >>> >>> https://android-review.googlesource.com/#/q/owner:%22Dave+Platt%22 >>> >>> Applying those patches should be sufficient to resolve this problem. >>> >>> >>> >>> On Sat, Apr 12, 2014 at 10:19 PM, Jaejyn Shin <[email protected]>wrote: >>> >>>> Dear SEAndroid developer >>>> >>>> I found the below denial logs in my device >>>> >>>> 01-01 01:41:08.270 E/auditd ( 2997): auditd: type=1400 >>>> msg=audit(1388540468.270:6): avc: denied { getopt } for pid=3489 comm= >>>> "zygote" path="/dev/socket/zygote" scontext=u:r:untrusted_app:s0 >>>> tcontext=u:r:zygote:s0 tclass=unix_stream_socket >>>> 01-01 01:41:16.490 E/auditd ( 2997): auditd: type=1400 >>>> msg=audit(1388540476.490:8): avc: denied { getattr } for pid=4519 comm= >>>> "zygote" path="socket:[10409]" dev="sockfs" ino=10409 >>>> scontext=u:r:untrusted_app:s0 tcontext=u:r:zygote:s0 >>>> >>>> This logs are shown many times from the lots of different applications. >>>> >>>> During analyzing this denial, I found a aosp commit >>>> >>>> https://android-review.googlesource.com/#/c/81300/ >>>> >>>> # Needed to close the zygote socket, which involves getopt / getattr >>>> # This should be deleted after b/12061011 is fixed >>>> allow appdomain zygote:unix_stream_socket { getopt getattr }; >>>> >>>> According the the comment of the commit, I understood that the allow >>>> rule was removed after modifying zygote source (b/12061011 is fixed). >>>> >>>> I also don't want write the allow rule, but I want to modify my zygote >>>> source. >>>> >>>> Is there anybody who know how to modify the zygote source ? >>>> >>>> Thank you >>>> Best regards >>>> >>> >>> >>> >>> -- >>> Nick Kralevich | Android Security | [email protected] | 650.214.4037 >>> >> >>
