Hi, William Sorry for late response, my laptop OS was crashed last Friday:(
Thanks for your suggestion first, and some comments in line. On 17 June 2016 at 07:50, William Roberts <[email protected]> wrote: > Typing this from my phone, might not be great. Dac override is triggered > when the process permissions don't match with the owner group and mode of a > file. Dan Walsh has info on it here: > http://danwalsh.livejournal.com/69478.html > I checked that, but still not find a good method to know which file/operation caused that denials. > I would try and add an auditallow statement(s) to find what file it's > accessing that might be causing this, and then adjust the dac permissions > accordingly. > After I added following rule: auditallow logd self:capability dac_override; I got following message in console log: [ 7.076059] audit: type=1400 audit(10.759:3): avc: denied { dac_override } for pid=1734 comm="logd" capability=1 scontext=u:r:logd:s0 tcontext=u:r:logd:s0 tclass=capability permissive=1 [ 7.093377] audit: type=1400 audit(10.775:4): avc: granted { dac_override } for pid=1734 comm="logd" capability=1 scontext=u:r:logd:s0 tcontext=u:r:logd:s0 tclass=capability [ 7.107007] (stk) :ldisc installation timeout [ 7.114174] (stk) :ldisc_install = 0 [ 7.114176] audit: type=1400 audit(10.795:5): avc: granted { dac_override } for pid=1734 comm="logd" capability=1 scontext=u:r:logd:s0 tcontext=u:r:logd:s0 tclass=capability [ 7.149786] logd.auditd: start [ 7.152983] logd.klogd: 7110154165 [ 7.193079] logd.auditd: policy loaded [ 7.199590] logd.auditd: integrity enforcement suppressed; not rebooting Seems no clue on which file caused that denials. Do you have any comments on the output above? Thanks, Yongqin Liu > On Jun 16, 2016 09:50, "YongQin Liu" <[email protected]> wrote: > >> Hi, ALL >> >> I am playing the AOSP master with hikey board, and I get the >> following dac_override avc denial on logd command: >> >> avc: denied { dac_override } for pid=1763 comm="logd" capability=1 >> scontext=u:r:logd:s0 tcontext=u:r:logd:s0 tclass=capability permissive=1 >> >> I built the same source for Nexus9 board, and I did not see such >> dac_override denial on logd with that Nexus9 board. >> >> Searched "logd" in he device projects for hikey and Nexus9, but did not >> find any clue on that >> why I got the dac_override avc denial on logd with the hikey build, >> >> >> Referenced the document here: >> >> http://source.android.com/security/selinux/device-policy.html#granting_the_dac_override_capability >> >> But still have no idea how to change to eliminate the dac_override denial >> for logd command. >> >> Do you have any idea on what happens there, or where to check on it? >> >> Thanks in advance! >> >> -- >> Best Regards, >> Yongqin Liu >> --------------------------------------------------------------- >> #mailing list >> [email protected] <[email protected]> >> http://lists.linaro.org/mailman/listinfo/linaro-android >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] >> To unsubscribe, send email to [email protected]. >> To get help, send an email containing "help" to >> [email protected]. >> > -- Best Regards, Yongqin Liu --------------------------------------------------------------- #mailing list [email protected] <[email protected]> http://lists.linaro.org/mailman/listinfo/linaro-android
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
