flock(2) and SELinux permission issues

Skip to first unread message

Christoffer Ahlbin

Mar 21, 2016, 4:18:09 PM3/21/16
to android-ndk
I'm attempting to use flock(2) on a directory.

The code running is equivalent of:

const char* path = "/data/data/com.mypackage/files/somefilename";

mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP;
int fd = mkdir(path, mode);
int status = flock(fd, LOCK_EX | LOCK_NB);

=> status = 13

error shown in logcat:

03-21 20:12:22.530  1525  1525 W Thread-1027: type=1400 audit(0.0:536): avc: denied { lock } for path="/data/data/com.mypackage/files/somefilename" dev="mmcblk0p28" ino=114736 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0

So it seems like SELinux is prevent the flock?

Built Android API Level 9, running on an Nexus 5, Android 6.0.


Message has been deleted

Christoffer Ahlbin

Mar 23, 2016, 10:15:50 AM3/23/16
to android-ndk
Ok, thanks!

On Tuesday, March 22, 2016 at 6:18:31 PM UTC+1, Nick Kralevich wrote:
Hi Christoffer,

This is a bug in Android's SELinux policy. A fix has been committed (https://googleplex-android-review.git.corp.google.com/891215) to the Android open source project and will be available in a future Android release.

-- Nick
Reply all
Reply to author
0 new messages