Yes I wanted to have a look at that bug but I don't have visibility. I think I have found the problem, will try to see if I can fix that.
Do we have any code changes for this "neverallow" ?? Thanks. -----Original Message----- From: Stephen Smalley [mailto:[email protected]] Sent: Tuesday, May 05, 2015 5:48 PM To: Inamdar Sharif; [email protected] Subject: Re: system server accessing dex2oat On 05/04/2015 11:29 PM, Inamdar Sharif wrote: > > > -----Original Message----- > From: Stephen Smalley [mailto:[email protected]] > Sent: Monday, May 04, 2015 6:15 PM > To: Inamdar Sharif; [email protected] > Subject: Re: system server accessing dex2oat > > On 05/04/2015 01:57 AM, Inamdar Sharif wrote: >> Hi Guys, >> >> I am facing the following avc denied >> >> avc: denied { execute } for pid=667 comm="android.ui" name="dex2oat" >> dev="sda22" ino=158 scontext=u:r:system_server:s0 >> tcontext=u:object_r:dex2oat_exec:s0 tclass=file >> >> >> >> But on AOSP this is a neverallow rule. >> >> https://android.googlesource.com/platform/external/sepolicy/+/361cdaf >> f >> 3096fafc16bbe88b84d6f99f7944def7 >> >> >> >> I can see that the process is "android.ui" (process running when this >> avc occured) >> >> Is this a bug in Android or something in the code went wrong?? > > Are you running AOSP master? > > No , I am not using AOSP master. > [Sharif]I don't have this neverallow rule in my external/sepolicy. > But since this will be coming in later releases ,it makes sense not to add as > this will be a part of CTS as well. > > Did you get logcat output for the failure beyond just the avc denial? > > [Sharif]I don't see any suspecting log in logcat beyond the avc. > This happens while booting Android L. If you have visibility into the bug 16317188 cited in the change that added the neverallow, that might help clarify matters. I do not. Regardless, you shouldn't assume that neverallows added to AOSP master are applicable to prior releases; they sometimes require code changes first that would only be in master or later releases. ----------------------------------------------------------------------------------- This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ----------------------------------------------------------------------------------- _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
