Any inputs guys . Please help if have some idea.
From: Inamdar Sharif
Sent: Thursday, November 19, 2015 3:09 PM
To: [email protected]
Subject: avc denied due to mls constraints
Hi Stephen/William,
I am getting the below avc denied:
type=1400 audit(0.0:7): avc: denied { search } for
name="com.android.providers.downloads" dev="mmcblk0p23" ino=81932
scontext=u:r:system_app:s0 tcontext=u:object_r:app_data_file:s0:c512,c768
tclass=dir permissive=0
System.err: java.io.FileNotFoundException:
/data/user/0/com.android.providers.downloads/cache/xxxxxxxx: open failed:
EACCES (Permission denied)
I saw that the permission to allow this is already present
allow { appdomain -isolated_app } app_data_file:dir create_dir_perms;
I am still confused why this is happening even when the allow rule is present.
Also I have not changed the user.
Various solutions I can think are:
1)Remove search permission from mlsconstrain.
2)Make app_data_file as mlstrusted.
3)Make change what Stephen did in
https://android.googlesource.com/platform/external/sepolicy/+/27042f6da110b8bef9ff291f724351464958da86
Can you guys help me to solve such issues??
Thanks.
-Sharif
-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may
contain
confidential information. Any unauthorized review, use, disclosure or
distribution
is prohibited. If you are not the intended recipient, please contact the
sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
