Dear SEAndroid developers
Always thank your for your help.
I saw the bellow denial log
*avc: denied { execute_no_trans } for pid=18451 comm="process_a"
path="/system/bin/toolbox" dev="mmcblk0p53" ino=916 scontext=u:r:shell:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1*
But my device already have the following policy
*domain_auto_trans(shell, toolbox_exec, toolbox)*
Certainly I allowed the domain transition but I wonder why execute_no_trans
violation arose.
After looking into the kernel source, I found some hints in the hooks.c
*if (new_tsec->sid == old_tsec->sid) {*
* rc = avc_has_perm(old_tsec->sid, isec->sid,*
* SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);*
* if (rc)*
* return rc;*
*} else {*
Then... my question is...
Was the denials log arisen because both of scontext=u:r:shell:s0 and
tcontext=u:object_r:toolbox_exec:s0 have same sid ?
Thank you
Best regards
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
