Your kernel likely has this patch: https://android-review.googlesource.com/#/c/58360/ Nexus9 does not.
Without this patch all inodes in / have the rootfs label (which init has the mounton permission for in core policy). You can cherrypick the upstream fix from AOSP master: https://android-review.googlesource.com/#/c/161780/1 or add the new rules to your device specific policy. On Tue, Oct 20, 2015 at 8:00 AM YongQin Liu <yongqin....@linaro.org> wrote: > Hi, All > > When I tried the Marshmallow version on our platforms, I got following > warnings: > avc: denied { mounton } for pid=1 comm="init" path="/cache" dev="rootfs" > ino=73 scontext=u:r:init:s0 tcontext=u:object_r:cache_file:s0 tclass=dir > permissive=1 > avc: denied { mounton } for pid=1 comm="init" path="/storage" dev="rootfs" > ino=73 scontext=u:r:init:s0 tcontext=u:object_r:storage_file:s0 tclass=dir > permissive=1 > > To remove this warnings, I need to add following rules into the init.te > file: > allow init cache_file:dir mounton; > allow init storage_file:dir mounton; > > but I did not see similar rules added into the init.te file for Nexus9 > build(device/htc/flounder/sepolicy/), > and there is no such warnings on the Nexus9 build too. > > I am confused on why Nexus9 does not need the mounton rules for init > domain, and does not have the warnings. > > Anyone here can help to explain for me or point me where I should check? > > Thanks in advance! > -- > Best Regards, > Yongqin Liu > --------------------------------------------------------------- > #mailing list > linaro-andr...@lists.linaro.org <linaro-...@lists.linaro.org> > http://lists.linaro.org/mailman/listinfo/linaro-android > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
