> -----Original Message----- > From: Seandroid-list [mailto:[email protected]] On Behalf > Of Mahaveer, Vishal > Sent: Friday, August 19, 2016 8:00 AM > To: [email protected] > Subject: unix_stream_socket erros on latest Marshmallow > > Hi, > > After updating to latest AOSP Marshmallow release (moved from MOB30M to > MOB30Z) We started seeing bunch of new selinux denials regarding > unix_stream_socket. > > [ 141.546027] type=1400 audit(141.529:16): avc: denied { ioctl } for pid=233 > comm="Binder_3" path="socket:[11553]" dev="sockfs" ino=11553 ioctlcmd=7704 > scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 > tclass=unix_stream_socket permissive=1 [ 141.570289] type=1400 > audit(141.529:17): avc: denied { ioctl } for pid=233 comm="Binder_3" > path="socket:[11553]" dev="sockfs" ino=11553 ioctlcmd=7704 > scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 > tclass=unix_stream_socket permissive=1 [ 141.833709] type=1400 > audit(141.819:18): avc: denied { ioctl } for pid=233 comm="Binder_3" > path="socket:[11665]" dev="sockfs" ino=11665 ioctlcmd=7704 > scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 > tclass=unix_stream_socket permissive=1 [ 141.857664] type=1400 > audit(141.819:19): avc: denied { ioctl } for pid=233 comm="Binder_3" > path="socket:[11665]" dev="sockfs" ino=11665 ioctlcmd=7704 > scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 > tclass=unix_stream_socket permissive=1 > > > I guess this change that came in as part of the update is causing the issue > https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e > 8839d7b735a0de9bc31028e839e > > How do I resolve them, is fix available for the same in AOSP? >
This has been answered here: http://www.mail-archive.com/seandroid-list%40tycho.nsa.gov/msg02806.html It should be this patch and IIRC it worked for me: https://android-review.googlesource.com/#/c/198885/4/libs/binder/Parcel.cpp _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
