Hi,
I want to perform file read write operation from /hardware
<http://androidxref.com/8.0.0_r4/xref/hardware/>/qcom
<http://androidxref.com/8.0.0_r4/xref/hardware/qcom/>/audio
<http://androidxref.com/8.0.0_r4/xref/hardware/qcom/audio/>/post_proc
<http://androidxref.com/8.0.0_r4/xref/hardware/qcom/audio/post_proc/>/
volume_listener.c
<http://androidxref.com/8.0.0_r4/xref/hardware/qcom/audio/post_proc/volume_listener.c>
effect file. I have created directory at /data/vendor/misc/my_dir.
So i want to write effect data from volume_listener.c to my directory.
As per my understanding post_proc effect comes under hal_audio_default
domain. Then i have added "allow hal_audio_default system_data_file:file {
write create };" in hal_audio.te file. But after adding I'm facing
following issue while building AOSP
NOTE - I'm working on Android Oreo.
Error -
libsepol.report_failure: neverallow on line 856 of
system/sepolicy/public/domain.te (or line 9111 of policy.conf) violated by
allow hal_audio_default system_data_file:file { write create };
I hope you understand my issue. please help me to solve this issue.
Please find attached build log for more clarity.
Regards,
Mantesh
mantesh@PUNECPU373/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0:$
mantesh@PUNECPU373/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0:$adb
logcat -b all -d | audit2allow -p ../../../../../sepolicy/policy
- waiting for device -
#============= bluetooth ==============
allow bluetooth default_android_service:service_manager find;
#============= hal_graphics_composer_default ==============
allow hal_graphics_composer_default sysfs:file { getattr open read };
#============= hal_usb_default ==============
allow hal_usb_default self:capability dac_override;
#============= mediaextractor ==============
allow mediaextractor sdcardfs:file { getattr read };
#============= platform_app ==============
allow platform_app cache_file:lnk_file read;
allow platform_app wigig_prop:file { getattr open };
#============= qti_init_shell ==============
allow qti_init_shell default_prop:property_service set;
allow qti_init_shell sysfs_cpu_boost:file write;
#============= qvrd ==============
allow qvrd vendor_file:file execute;
#============= radio ==============
allow radio opengles_prop:file { getattr open read };
allow radio system_app_data_file:dir getattr;
#============= surfaceflinger ==============
allow surfaceflinger mediacodec:binder call;
#============= system_app ==============
allow system_app default_android_service:service_manager add;
#============= thermal-engine ==============
allow thermal-engine sysfs_uio:dir { open read search };
allow thermal-engine sysfs_uio:lnk_file read;
allow thermal-engine sysfs_uio_file:dir search;
allow thermal-engine sysfs_uio_file:file { getattr open read };
#============= ueventd ==============
allow ueventd mba_debug_dev:blk_file { open read };
#============= vendor-qti-testscripts ==============
allow vendor-qti-testscripts coresight_prop:file { getattr open read };
mantesh@PUNECPU373/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0:$
mantesh@PUNECPU373/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0:$adb
logcat -b all -d | audit2allow -p ../../../../../sepolicy/policy
adb server version (31) doesn't match this client (39); killing...
* daemon started successfully
#============= bluetooth ==============
allow bluetooth default_android_service:service_manager find;
#============= hal_graphics_composer_default ==============
allow hal_graphics_composer_default sysfs:file { getattr open read };
#============= hal_usb_default ==============
allow hal_usb_default self:capability dac_override;
#============= mediaextractor ==============
allow mediaextractor sdcardfs:file { getattr read };
#============= platform_app ==============
allow platform_app cache_file:lnk_file read;
allow platform_app wigig_prop:file { getattr open };
#============= qti_init_shell ==============
allow qti_init_shell default_prop:property_service set;
allow qti_init_shell sysfs_cpu_boost:file write;
#============= qvrd ==============
allow qvrd vendor_file:file execute;
#============= radio ==============
allow radio opengles_prop:file { getattr open read };
allow radio system_app_data_file:dir getattr;
#============= surfaceflinger ==============
allow surfaceflinger mediacodec:binder call;
#============= system_app ==============
allow system_app default_android_service:service_manager add;
#============= thermal-engine ==============
allow thermal-engine sysfs_uio:dir { open read search };
allow thermal-engine sysfs_uio:lnk_file read;
allow thermal-engine sysfs_uio_file:dir search;
allow thermal-engine sysfs_uio_file:file { getattr open read };
#============= ueventd ==============
allow ueventd mba_debug_dev:blk_file { open read };
#============= untrusted_app ==============
allow untrusted_app proc:file { getattr open read };
#============= vendor-qti-testscripts ==============
allow vendor-qti-testscripts coresight_prop:file { getattr open read };
mantesh@PUNECPU373/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0:$make
[1/1] out/soong/.bootstrap/bin/soong_build out/soong/build.ninja
No need to regenerate ninja file
[100% 2/2] out/soong/.bootstrap/bin/soong_build out/soong/build.ninja
[ 50% 1/2] glob art
[ 0% 2/1149] build
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy.conf
m4: device/qcom/sepolicy/common/fidodaemon.te: 21: deprecated:
unix_socket_connect(fidodaemon, property, init) Please use set_prop(fidodaemon,
<property name>) instead.
m4: device/qcom/sepolicy/common/hal_factory_qti_default.te: 35: deprecated:
unix_socket_connect(hal_factory_qti, property, init) Please use
set_prop(hal_factory_qti, <property name>) instead.
m4: device/qcom/sepolicy/common/qseecomd.te: 63: deprecated:
unix_socket_connect(tee, property, init) Please use set_prop(tee, <property
name>) instead.
m4: device/qcom/sepolicy/common/qseeproxy.te: 50: deprecated:
unix_socket_connect(qseeproxy, property, init) Please use set_prop(qseeproxy,
<property name>) instead.
m4: device/qcom/sepolicy/test/fidotest.te: 4: deprecated:
unix_socket_connect(fidotest, property, init) Please use set_prop(fidotest,
<property name>) instead.
m4: device/qcom/sepolicy/test/qseeproxysample.te: 31: deprecated:
unix_socket_connect(qseeproxysample, property, init) Please use
set_prop(qseeproxysample, <property name>) instead.
[ 0% 3/1149] build
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery.conf
m4: device/qcom/sepolicy/private/wfdservice.te: 72: deprecated:
unix_socket_connect(wfdservice, property, init) Please use set_prop(wfdservice,
<property name>) instead.
m4: device/qcom/sepolicy/common/fidodaemon.te: 21: deprecated:
unix_socket_connect(fidodaemon, property, init) Please use set_prop(fidodaemon,
<property name>) instead.
m4: device/qcom/sepolicy/common/hal_factory_qti_default.te: 35: deprecated:
unix_socket_connect(hal_factory_qti, property, init) Please use
set_prop(hal_factory_qti, <property name>) instead.
m4: device/qcom/sepolicy/common/qseecomd.te: 63: deprecated:
unix_socket_connect(tee, property, init) Please use set_prop(tee, <property
name>) instead.
m4: device/qcom/sepolicy/common/qseeproxy.te: 50: deprecated:
unix_socket_connect(qseeproxy, property, init) Please use set_prop(qseeproxy,
<property name>) instead.
m4: device/qcom/sepolicy/test/fidotest.te: 4: deprecated:
unix_socket_connect(fidotest, property, init) Please use set_prop(fidotest,
<property name>) instead.
m4: device/qcom/sepolicy/test/qseeproxysample.te: 31: deprecated:
unix_socket_connect(qseeproxysample, property, init) Please use
set_prop(qseeproxysample, <property name>) instead.
[ 0% 4/1149] build
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy_raw.cil
out/host/linux-x86/bin/checkpolicy: loading policy configuration from
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy.conf
out/host/linux-x86/bin/checkpolicy: policy configuration loaded
out/host/linux-x86/bin/checkpolicy: writing CIL to
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy_raw.cil.tmp
[ 0% 5/1149] build
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil
Parsing
out/target/product/msm8998/obj/FAKE/selinux_policy_intermediates/plat_pub_policy.cil
Parsing
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy_raw.cil
[ 0% 7/1149] Ensuring Jack server is installed and started
Jack server already installed in "/home/mantesh/.jack-server"
Server is already running
[ 0% 8/1149] build
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy
FAILED:
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy
/bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy
-M -c 30 -o
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery.conf
) && (out/host/linux-x86/bin/sepolicy-analyze
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp
permissive >
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy.permissivedomains
) && (if [ \"userdebug\" = \"user\" -a -s
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy.permissivedomains
]; then echo \"==========\" 1>&2; echo \"ERROR:
permissive domains not allowed in user builds\" 1>&2; echo \"List
of invalid domains:\" 1>&2; cat
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy.permissivedomains
1>&2; exit 1; fi ) && (mv
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy )"
libsepol.report_failure: neverallow on line 856 of
system/sepolicy/public/domain.te (or line 9111 of policy.conf) violated by
allow hal_audio_default system_data_file:file { write create };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
out/host/linux-x86/bin/checkpolicy: loading policy configuration from
out/target/product/msm8998/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery.conf
[ 0% 9/1149] build
out/target/product/msm8998/obj/ETC/sepolicy_intermediates/sepolicy
FAILED: out/target/product/msm8998/obj/ETC/sepolicy_intermediates/sepolicy
/bin/bash -c "(out/host/linux-x86/bin/secilc -M true -G -c 30
out/target/product/msm8998/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil
out/target/product/msm8998/obj/ETC/27.0.cil_intermediates/27.0.cil
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil
-o out/target/product/msm8998/obj/ETC/sepolicy_intermediates/sepolicy.tmp -f
/dev/null ) && (out/host/linux-x86/bin/sepolicy-analyze
out/target/product/msm8998/obj/ETC/sepolicy_intermediates/sepolicy.tmp
permissive >
out/target/product/msm8998/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains
) && (if [ \"userdebug\" = \"user\" -a -s
out/target/product/msm8998/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains
]; then echo \"==========\" 1>&2; echo \"ERROR:
permissive domains not allowed in user builds\" 1>&2; echo \"List
of invalid domains:\" 1>&2; cat
out/target/product/msm8998/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains
1>&2; exit 1; fi ) && (mv
out/target/product/msm8998/obj/ETC/sepolicy_intermediates/sepolicy.tmp
out/target/product/msm8998/obj/ETC/sepolicy_intermediates/sepolicy )"
neverallow check failed at
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:4201
(neverallow base_typeattr_68_27_0 system_data_file_27_0 (file (write create
setattr relabelfrom append unlink link rename)))
<root>
allow at
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:8335
(allow hal_audio_default system_data_file_27_0 (file (write create)))
neverallow check failed at
out/target/product/msm8998/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4855
from system/sepolicy/public/domain.te:856
(neverallow base_typeattr_68 system_data_file (file (write create setattr
relabelfrom append unlink link rename)))
<root>
allow at
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:8335
(allow hal_audio_default system_data_file_27_0 (file (write create)))
Failed to generate binary
Failed to build policydb
[ 0% 10/1149] build
out/target/product/msm8998/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
FAILED:
out/target/product/msm8998/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
/bin/bash -c "out/host/linux-x86/bin/secilc -M true -G -c 30
out/target/product/msm8998/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil
out/target/product/msm8998/obj/ETC/27.0.cil_intermediates/27.0.cil
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil
-o
out/target/product/msm8998/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
-f /dev/null"
neverallow check failed at
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:4201
(neverallow base_typeattr_68_27_0 system_data_file_27_0 (file (write create
setattr relabelfrom append unlink link rename)))
<root>
allow at
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:8335
(allow hal_audio_default system_data_file_27_0 (file (write create)))
neverallow check failed at
out/target/product/msm8998/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4855
from system/sepolicy/public/domain.te:856
(neverallow base_typeattr_68 system_data_file (file (write create setattr
relabelfrom append unlink link rename)))
<root>
allow at
out/target/product/msm8998/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:8335
(allow hal_audio_default system_data_file_27_0 (file (write create)))
Failed to generate binary
Failed to build policydb
[ 0% 11/1149] build out/target/product/msm8998/abl.elf
make: Entering directory
`/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2'
Loading previous configuration from
/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/Conf/BuildEnv.sh
WORKSPACE:
/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2
EDK_TOOLS_PATH:
/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/BaseTools
CONF_PATH:
/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/Conf
make[1]: Entering directory
`/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/BaseTools'
make[1]: warning: -jN forced in submake: disabling jobserver mode.
make -C Source/C
Attempting to detect ARCH from 'uname -m': x86_64
Detected ARCH of X64 using uname.
make[2]: Entering directory
`/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/BaseTools/Source/C'
mkdir -p .
make -C Common
make[3]: Entering directory
`/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/BaseTools/Source/C/Common'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory
`/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/BaseTools/Source/C/Common'
make -C GnuGenBootSector
make[3]: Entering directory
`/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/BaseTools/Source/C/GnuGenBootSector'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory
`/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/BaseTools/Source/C/GnuGenBootSector'
make -C BootSectImage
make[3]: Entering directory
`/media/mantesh/newhd/project/DTS/intrinsyc/oreo/OpenQ-835_Android-O_v2.0/Source_Package/APQ8098_LA.UM.6.4.r1-06900-8x98.0_OpenQ835-O_v2.0/bootable/bootloader/edk2/BaseTools/Source/C/BootSectImage'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/media/mantesh/newhd/project/DTS/intrinsyc/oreo/Open
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
