Help me with sepolicy

1,099 views

Skip to first unread message

Pig

unread,

Jun 26, 2017, 11:26:07 AM6/26/17

to android-porting

Hi, I'm building AOSP for my Xiaomi device. My fingerprint policy are denied and I'm trying to make it work

[ 35.665744] type=1400 audit(1498189086.388:22): avc: denied { execute_no_trans } for pid=3018 comm="init" path="/system/bin/gx_fpd" dev="mmcblk0p24" ino=271 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0

I was use

allow init system_file:file execute_no_trans;

for this but I got this when trying to build

libsepol.report_failure: neverallow on line 294 of external/sepolicy/init.te (or line 7687 of policy.conf) violated by allow init system_file:file { execute_no_trans };
libsepol.check_assertions: 1 neverallow failures occurred

Renjith Rajagopal

unread,

Sep 5, 2017, 11:47:10 AM9/5/17

to android-porting

Please carefully go through the policy definitions/rules made for the fingerprint.

What I understand is your service/daemon is trying to access device mmcblk0p24 which you need to provide policy rules.

Interpret your denial message using audit2allow tool that ships with AOSP.

https://source.android.com/security/selinux/validate

Reply all

Reply to author

Forward

0 new messages