AnsweredAssumed Answered

Selinux question in imx6dl with Android Oreo

Question asked by Benson Wu on May 27, 2019
Latest reply on Jun 13, 2019 by Diego Adrian Cuevas

I am porting 4G driver and facing Selinux issue 

After power on , I got error AVC message as follows:

 

avc: denied { search } for pid=1446 comm="rild" name="512" dev="proc" ino=13806 scontext=u:r:rild:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=dir permissive=1
[ 109.284200] type=1400 audit(1559015475.290:37): avc: denied { search } for pid=1446 comm="rild" name="512" dev="proc" ino=13806 scontext=u:r:rild:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=dir permissive=1
[ 109.310621] type=1400 audit(1559015475.310:38): avc: denied { read } for pid=1446 comm="rild" name="exe" dev="proc" ino=21320 scontext=u:r:rild:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=lnk_file permissive=1
[ 109.330606] type=1400 audit(1559015475.310:38): avc: denied { read } for pid=1446 comm="rild" name="exe" dev="proc" ino=21320 scontext=u:r:rild:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=lnk_file permissive=1
[ 109.348876] type=1400 audit(1559015475.310:39): avc: denied { read } for pid=1446 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=file permissive=1
[ 109.364862] type=1400 audit(1559015475.310:39): avc: denied { read } for pid=1446 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=file permissive=1
[ 109.379990] type=1400 audit(1559015475.310:40): avc: denied { read } for pid=1446 comm="rild" name="fd" dev="proc" ino=13948 scontext=u:r:rild:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=dir permissive=1
[ 109.397989] type=1400 audit(1559015475.310:40): avc: denied { read } for pid=1446 comm="rild" name="fd" dev="proc" ino=13948 scontext=u:r:rild:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=dir permissive=1
[ 109.415696] type=1400 audit(1559015475.310:41): avc: denied { search } for pid=1446 comm="rild" name="524" dev="proc" ino=13837 scontext=u:r:rild:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=1

 

However, I have add the following contents in my /system/sepolicy/provate/rild.te , but still not suppress the above messages

allow rild untrusted_app_25:dir { rw_dir_perms search };
allow rild untrusted_app_25:lnk_file rw_file_perms;
allow rild untrusted_app_25:file rw_file_perms;

allow rild platform_app:dir { rw_dir_perms search };

 

Did I miss something ?

Outcomes