Stack Overflow
Stack Overflow

Questions tagged [seandroid]

SEAndroid is the android version of SELinux - A mandatory access control (MAC) system for the Android operating system. As a MAC system, it differs from Linux’s familiar discretionary access control (DAC) system.

17 questions
10
votes
1 answer

My custom selinux policies seem to be ignored by android system

I have some trouble on getting custom selinux policies running properly on an AOSP based Android 7.1.2 (more precisely based on sony open devices tree). My problem is that the audit logs keep telling me about missing file access rules that I…
nexus
  • 236
  • 2
  • 10
6
votes
3 answers

init warning: Service myservice needs a SELinux domain defined. Please fix

I want to excute an executable on boot On a target board with Android 5.1 so I add this in init.rc: on boot start myservice service myservice /system/bin/myservice #class main user root group root #oneshot I did the unpack…
dudu
  • 801
  • 1
  • 10
  • 32
5
votes
2 answers

Is it possible to add a property on a non-rooted android phone?

For my non-rooted device (which I am not allowed to root, so I need to find another way around), if I do adb shell setprop MY_PROP 1 followed by adb shell getprop MY_PROP I get a blank line. How can I set a property?
Tom
  • 6,601
  • 12
  • 40
  • 48
4
votes
1 answer

SEAndroid: How to fix permissive domains not allowed

I've some SEAndroid question, when I create a new domain type for my timestamp process, but there still have some conflict problem with neverallow. Can somebody give me a hint or clue? please see the following descriptions. avc denied logs: [ …
Mars Yeh
  • 81
  • 1
  • 8
4
votes
0 answers

SEAndroid: Compile Error

i got some SEAndroid problem, please see the following details : Debug Command: adb shell logcat | findstr "denied:" 07-06 22:51:41.569 3418 3418 I sh : type=1400 audit(0.0:137): avc: denied { read } for name="demolog-executor.sh"…
Mars Yeh
  • 81
  • 1
  • 8
4
votes
0 answers

SELinux on android is blocking my app to use unix domain socket

I have an app that starts a native application and communicates with it using unix domain sockets. The app works fine on a NON-Rooted device. The problem is when I start the native application as root. The native application runs fine and is…
kuchi
  • 840
  • 11
  • 19
3
votes
1 answer

Can't open a device node after setenforce 0

im trying to get some data from a device file at path /dev/graphics/fb0 in service, U have root permission and execute the chmod 777 command, then I got an "permission denied" error. Then I excuted: setenforce 0, and the error disappears, but the…
Raisings Snow
  • 31
  • 2
2
votes
0 answers

why getpidcon() error on AOSP 7.1.2?

I am working on making a customized bsp based on AOSP Nougat latest source. Android service process ask service manager to find or add the service. And service manager try to check mac permissions by calling svc_can_register() or svc_can_find()…
Sangyong Lee
  • 23
  • 3
2
votes
0 answers

Why does the SELinux policy say /init is unlabeled on Android Things?

I'm trying to port Android Things to a binary code compatible hardware platform. What I've done so far is to convert the system.img sparse file to an ext4 partition which I copied to an SD card. Now I'm stuck at the point where /init is starting…
JohnnyFromBF
  • 9,873
  • 10
  • 45
  • 59
2
votes
0 answers

From SELinux denials, how can we map the exact line of source code that caused the denial

I am working on Android, and we have kept SELinux in permissive mode ( development stage). We see many SELinux denials from various domains. Would like to know, if there is a way to map the denial to the exact line of code that caused the denial.…
Chakkra
  • 337
  • 3
  • 10
1
vote
1 answer

SEPolicy for multiple services using AIDL in Android Native

I want to add multiple services with: MyService sv1 = MyService::getInstance(mode::mode1); defaultServiceManager()->addService(String16("Service1"), sv1); MyService sv2 =…
user3215865
  • 21
  • 2
1
vote
2 answers

SEAndroid: Does dump state get prop violate never allow rule

When building AOSP S(12), I encounter a strange problem, but maybe only in sometimes / some machine. The error.log is as follows neverallow check failed at out/target/product/msmnile_au/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:22861…
Yang Le
  • 19
  • 3
1
vote
0 answers

SElinux domain transition for non-init process/files ( Android Natvie )

I'm writing Android Native programs and setting their SEPolicy I want to know how to set the process context for non-init program, it seems that the domain transition doesn't work I wrote 2 programs and put the built executable in /vendor/bin One…
cshushu
  • 89
  • 1
  • 11
1
vote
1 answer

SEPolicy for Android Native binder client

I'm new to the Android world I want to know how to set SEPolicy for native binder client program (And what to set as well..) I'm using vendor binder (vndservicemanager) reference from Using Binde-IPC And I add some files for the required…
cshushu
  • 89
  • 1
  • 11
1
vote
1 answer

Map SELinux requested permission to string representing System Call

I am trying to map the requested access control vector to the corresponding textual representation of the system call in the following function: int avc_has_perm(security_id_t ssid, security_id_t tsid, security_class_t tclass,…
Giuseppe
  • 447
  • 2
  • 5
  • 14
1
2