FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Android 9 Pie - Sepolicy

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Android 9 Pie - Sepolicy

‎12-24-2020 04:05 AM
594 Views
leonardoprates
Contributor III

In Android 9 I start a shell script at init.rc as a Android service. At ENG build I can see  AVC denied messages from Sepolicy and add all permissions requested, one by one, dozens of them.

In ENG build (even without giving SEPolicy the permissions) my script works as expected, but at USER build the script doesn't work. The problem is that at USER build I cant start the script manually to see any echo messages to debug whats happens and at USER I cant see any new AVC denied messages. If I give all SePolicy permissions why the script doesn't work at USER build? Are there a way to force Android show AVC denied messages from USER build (I'm considering that there are necessary permissions that were not requested with AVC messages in the ENG variant).

Thanks,

Leonardo

0 Kudos
Reply
1 Reply

‎12-28-2020 07:54 PM
577 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Hi

 

Sepolicy has three modes:Enforcing, Permissive,Disabled.You can use getenforce to see which mode it run.In/etc/selinux/config you can set sepolicy mode and i think you can set Permissive,the sepolicy will show avc messages but will not stop the scripts you add.

BR

Zhiming

0 Kudos
Reply