Help me with sepolicy

1.106 Aufrufe

Direkt zur ersten ungelesenen Nachricht

Pig

ungelesen,

26.06.2017, 11:26:0726.06.17

an android-porting

Hi, I'm building AOSP for my Xiaomi device. My fingerprint policy are denied and I'm trying to make it work

[ 35.665744] type=1400 audit(1498189086.388:22): avc: denied { execute_no_trans } for pid=3018 comm="init" path="/system/bin/gx_fpd" dev="mmcblk0p24" ino=271 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0

I was use

allow init system_file:file execute_no_trans;

for this but I got this when trying to build

libsepol.report_failure: neverallow on line 294 of external/sepolicy/init.te (or line 7687 of policy.conf) violated by allow init system_file:file { execute_no_trans };
libsepol.check_assertions: 1 neverallow failures occurred

Renjith Rajagopal

ungelesen,

05.09.2017, 11:47:1005.09.17

an android-porting

Please carefully go through the policy definitions/rules made for the fingerprint.

What I understand is your service/daemon is trying to access device mmcblk0p24 which you need to provide policy rules.

Interpret your denial message using audit2allow tool that ships with AOSP.

https://source.android.com/security/selinux/validate

Allen antworten

Antwort an Autor

Weiterleiten

0 neue Nachrichten