[prev in list] [next in list] [prev in thread] [next in thread] 

List:       seandroid-list
Subject:    RE: system server accessing dex2oat
From:       Inamdar Sharif <isharif () nvidia ! com>
Date:       2015-05-05 12:39:39
Message-ID: fa2a61ec5d9e414c9362e992199d54f1 () bgmail101 ! nvidia ! com
[Download RAW message or body]

Yes I wanted to have a look at that bug but I don't have visibility.
I think I have found the problem,  will try to see if I can fix that.

Do we have any code changes for this "neverallow" ??

Thanks.

-----Original Message-----
From: Stephen Smalley [mailto:sds@tycho.nsa.gov] 
Sent: Tuesday, May 05, 2015 5:48 PM
To: Inamdar Sharif; seandroid-list@tycho.nsa.gov
Subject: Re: system server accessing dex2oat

On 05/04/2015 11:29 PM, Inamdar Sharif wrote:
> 
> 
> -----Original Message-----
> From: Stephen Smalley [mailto:sds@tycho.nsa.gov]
> Sent: Monday, May 04, 2015 6:15 PM
> To: Inamdar Sharif; seandroid-list@tycho.nsa.gov
> Subject: Re: system server accessing dex2oat
> 
> On 05/04/2015 01:57 AM, Inamdar Sharif wrote:
> > Hi Guys,
> > 
> > I am facing the following avc denied
> > 
> > avc: denied { execute } for pid=667 comm="android.ui" name="dex2oat"
> > dev="sda22" ino=158 scontext=u:r:system_server:s0
> > tcontext=u:object_r:dex2oat_exec:s0 tclass=file
> > 
> > 
> > 
> > But on AOSP this is a neverallow rule.
> > 
> > https://android.googlesource.com/platform/external/sepolicy/+/361cdaf
> > f
> > 3096fafc16bbe88b84d6f99f7944def7
> > 
> > 
> > 
> > I can see that the process is "android.ui" (process running when this 
> > avc occured)
> > 
> > Is this a bug in Android or something in the code went wrong??
> 
> Are you running AOSP master?
> 
> No , I am not using AOSP master.
> [Sharif]I don't have this neverallow rule in my external/sepolicy.
> But since this will be coming in later releases ,it makes sense not to add as this \
> will be a part of CTS as well. 
> Did you get logcat output for the failure beyond just the avc denial?
> 
> [Sharif]I don't see any suspecting log in logcat beyond the avc.
> This happens while booting Android L.

If you have visibility into the bug 16317188 cited in the change that added the \
neverallow, that might help clarify matters.  I do not.

Regardless, you shouldn't assume that neverallows added to AOSP master are applicable \
to prior releases; they sometimes require code changes first that would only be in \
master or later releases.


-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution
is prohibited.  If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------

_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to Seandroid-list-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Seandroid-list-request@tycho.nsa.gov.


[prev in list] [next in list] [prev in thread] [next in thread]