>-----Original Message----- >From: Roberts, William C [mailto:[email protected]] >Sent: Friday, August 19, 2016 10:41 AM >To: Mahaveer, Vishal; [email protected] >Subject: RE: unix_stream_socket erros on latest Marshmallow > > > >> -----Original Message----- >> From: Seandroid-list [mailto:[email protected]] On >> Behalf Of Mahaveer, Vishal >> Sent: Friday, August 19, 2016 8:00 AM >> To: [email protected] >> Subject: unix_stream_socket erros on latest Marshmallow >> >> Hi, >> >> After updating to latest AOSP Marshmallow release (moved from MOB30M >> to >> MOB30Z) We started seeing bunch of new selinux denials regarding >> unix_stream_socket. >> >> [ 141.546027] type=1400 audit(141.529:16): avc: denied { ioctl } for >> pid=233 comm="Binder_3" path="socket:[11553]" dev="sockfs" ino=11553 >> ioctlcmd=7704 >> scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 >> tclass=unix_stream_socket permissive=1 [ 141.570289] type=1400 >> audit(141.529:17): avc: denied { ioctl } for pid=233 comm="Binder_3" >> path="socket:[11553]" dev="sockfs" ino=11553 ioctlcmd=7704 >> scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 >> tclass=unix_stream_socket permissive=1 [ 141.833709] type=1400 >> audit(141.819:18): avc: denied { ioctl } for pid=233 comm="Binder_3" >> path="socket:[11665]" dev="sockfs" ino=11665 ioctlcmd=7704 >> scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 >> tclass=unix_stream_socket permissive=1 [ 141.857664] type=1400 >> audit(141.819:19): avc: denied { ioctl } for pid=233 comm="Binder_3" >> path="socket:[11665]" dev="sockfs" ino=11665 ioctlcmd=7704 >> scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 >> tclass=unix_stream_socket permissive=1 >> >> >> I guess this change that came in as part of the update is causing the >> issue >> https://android.googlesource.com/platform/external/sepolicy/+/556bb0f5 >> 5324e >> 8839d7b735a0de9bc31028e839e >> >> How do I resolve them, is fix available for the same in AOSP? >> > >This has been answered here: >http://www.mail-archive.com/seandroid-list%40tycho.nsa.gov/msg02806.html > >It should be this patch and IIRC it worked for me: >https://android-review.googlesource.com/#/c/198885/4/libs/binder/Parcel.cpp
Thank you, this worked. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
