RE: system_app to access media_rw_data_file

I think we can make it generic in the AOSP policy itself. From: William Roberts [mailto:bill.c.robe...@gmail.com] Sent: Monday, January 18, 2016 10:34 PM To: Inamdar Sharif Cc: seandroid-list@tycho.nsa.gov Subject: Re: system_app to access media_rw_data_file On Jan 18, 2016 8:58 AM, "Inamdar

Re: avc denial while enabling zram

On Jan 19, 2016 12:20 PM, "Jeffrey Vander Stoep" wrote: > > Try adding notrim in your fstab. Trimming swap makes no sense. Does defaults include discard? I haven't looked. > > On Tue, Jan 19, 2016 at 9:31 AM William Roberts wrote: >> >> 1. The no

Re: avc denial while enabling zram

I had a few minutes over lunch to test Jeff's suggestion: I did a build with this patch: -/dev/block/zram0none swapdefaults zramsize=419430400 +/dev/block/zram0none swapdefaults

Re: avc denial while enabling zram

On Tue, Jan 19, 2016 at 12:26 PM, William Roberts wrote: > > On Jan 19, 2016 12:20 PM, "Jeffrey Vander Stoep" wrote: > > > > Try adding notrim in your fstab. Trimming swap makes no sense. > > Does defaults include discard? I haven't looked. > Ok I see

Re: system_app to access media_rw_data_file

On Tue, Jan 19, 2016 at 5:06 AM, Inamdar Sharif wrote: > I think we can make it generic in the AOSP policy itself. > Having system_app read from locations writable by untrusted_app affects the integrity of system_app, which is more trusted than platform_app. > > > > On Jan

RE: system_app to access media_rw_data_file

On Jan 19, 2016 2:06 AM, "Inamdar Sharif" wrote: > > I think we can make it generic in the AOSP policy itself. Why would we do this? Nothing is broken on aosp. What evidence can you present that this is needed? > > > > From: William Roberts [mailto:bill.c.robe...@gmail.com]

RE: avc denial while enabling zram

Checked init.rc as well, that’s perfectly alright. This avc I am facing while formatting the sdcard as internal storage. Any more ideas?? Thanks. -Original Message- From: Seandroid-list [mailto:seandroid-list-boun...@tycho.nsa.gov] On Behalf Of Inamdar Sharif Sent: Tuesday, January

Re: avc denial while enabling zram

On 01/19/2016 11:00 AM, Inamdar Sharif wrote: Checked init.rc as well, that’s perfectly alright. This avc I am facing while formatting the sdcard as internal storage. Any more ideas?? Could be a vold-spawned fsck, but why it would be running fsck on a swap partition I do not know. Would

Re: avc denial while enabling zram

Some options: 1. Ignore it. It's working as intended. 2. dontaudit it. Same as above but removes the denial 3. track down the source of the denial and fix. 4. File a bug against AOSP. On Tue, Jan 19, 2016 at 8:12 AM Inamdar Sharif wrote: > Checked init.rc as

Re: avc denial while enabling zram

I wonder if https://android.googlesource.com/platform/external/e2fsprogs/+/master/e2fsck/profile.c#270 is the cause. It's fstat'ing every file in the directory to see if it exists. On Tue, Jan 19, 2016 at 8:44 AM William Roberts wrote: > I was able to reproduce this

Re: avc denial while enabling zram

Does your zram have the notrim option set in the fstab? e.g. https://android.googlesource.com/device/htc/flounder/+/master/fstab.flounder#16 On Tue, Jan 19, 2016 at 9:18 AM Jeffrey Vander Stoep wrote: > I wonder if >