source.android.com has a number of resources https://source.android.com/security/selinux/ including a quick-start guide on writing device-specific policy for Android https://source.android.com/security/selinux/device-policy.
On Wed, May 30, 2018 at 7:22 AM Mantesh Eksambe < mantesh.eksambe....@gmail.com> wrote: > Thank you sir. > > I would like to learn in detail about android SELINUX. Could you please > suggest me the correct reference for that. > > > On Tue, May 29, 2018 at 7:12 PM, Stephen Smalley <s...@tycho.nsa.gov> > wrote: > >> On 05/27/2018 09:08 AM, Mantesh Eksambe wrote: >> > Hi, >> > >> > I want to perform file read write operation from /hardware < >> http://androidxref.com/8.0.0_r4/xref/hardware/>/qcom < >> http://androidxref.com/8.0.0_r4/xref/hardware/qcom/>/audio < >> http://androidxref.com/8.0.0_r4/xref/hardware/qcom/audio/>/post_proc < >> http://androidxref.com/8.0.0_r4/xref/hardware/qcom/audio/post_proc/>/volume_listener.c >> < >> http://androidxref.com/8.0.0_r4/xref/hardware/qcom/audio/post_proc/volume_listener.c> >> effect file. I have created directory at /data/vendor/misc/my_dir. >> > So i want to write effect data from volume_listener.c to my directory. >> > >> > As per my understanding post_proc effect comes under hal_audio_default >> domain. Then i have added "allow hal_audio_default system_data_file:file { >> write create };" in hal_audio.te file. But after adding I'm facing >> following issue while building AOSP >> > >> > NOTE - I'm working on Android Oreo. >> > >> > Error - >> > >> > libsepol.report_failure: neverallow on line 856 of >> system/sepolicy/public/domain.te (or line 9111 of policy.conf) violated by >> allow hal_audio_default system_data_file:file { write create }; >> > >> > I hope you understand my issue. please help me to solve this issue. >> > Please find attached build log for more clarity. >> >> You need to define a type other than system_data_file and assign it to >> your directory via file_contexts so that your process only needs >> create/write to your own type and not arbitrary system data files. >> >> > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
