flock(2) and SELinux permission issues

147 views
Skip to first unread message

Christoffer Ahlbin

unread,
Mar 21, 2016, 4:18:09 PM3/21/16
to android-ndk
I'm attempting to use flock(2) on a directory.

The code running is equivalent of:

const char* path = "/data/data/com.mypackage/files/somefilename";

mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP;
int fd = mkdir(path, mode);
fapi_.opendir(path);
int status = flock(fd, LOCK_EX | LOCK_NB);

=> status = 13


error shown in logcat:

03-21 20:12:22.530  1525  1525 W Thread-1027: type=1400 audit(0.0:536): avc: denied { lock } for path="/data/data/com.mypackage/files/somefilename" dev="mmcblk0p28" ino=114736 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0


So it seems like SELinux is prevent the flock?


Built Android API Level 9, running on an Nexus 5, Android 6.0.


Thanks

Message has been deleted

Christoffer Ahlbin

unread,
Mar 23, 2016, 10:15:50 AM3/23/16
to android-ndk
Ok, thanks!

On Tuesday, March 22, 2016 at 6:18:31 PM UTC+1, Nick Kralevich wrote:
Hi Christoffer,

This is a bug in Android's SELinux policy. A fix has been committed (https://googleplex-android-review.git.corp.google.com/891215) to the Android open source project and will be available in a future Android release.

-- Nick
Reply all
Reply to author
Forward
0 new messages