问题
I am unable to make sense of this message which I get on my android application. Any experts in the house ?
type=1400 audit(0.0:2233): avc: denied { create } for name="access_control.new_commit.cv" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:fuse:s0:c512,c768 tclass=fifo_file permissive=0
回答1:
The given SELinux violation:
type=1400 audit(0.0:2233): avc: denied { create } for name="access_control.new_commit.cv" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:fuse:s0:c512,c768 tclass=fifo_file permissive=0
Below I'll try to give explanation of important parts of above violation:
denied { create } : Operation Permission State : The denied permission that was requested / executed. In this case, it is a create operation. SELinux denying permission to execute create dir/file operation.
name="access_control.new_commit.cv": Target name : The name of the target (in this case, the file/dir name) which your application, probably, trying to create.
scontext=u:r:untrusted_app:s0 : Source Context : The Source Context for this security violation. This indicates which domain/process is trying to execute create functionality. Here, untrusted_app applications are those which are launched by zygote
tcontext=u:object_r:fuse:s0 : Target Context : The security context of the target resource (in this case the file). Here, the source tried to create file in Fuse file system which has been denied.
tclass=fifo_file : Target Class : The class of the target.
In one sentence, SELinux denied the permission to untrusted_app to create the access_control.new_commit.cv file in fuse.
From Google source, check SEPolicy file untrusted_app.te how the permission has been denied.
NB: If you any suggestion with the answer, let me know.
回答2:
I found an interesting page on disecting the "avc : denied" issue here.
https://wiki.gentoo.org/wiki/SELinux/Tutorials/Where_to_find_SELinux_permission_denial_details
来源:https://stackoverflow.com/questions/44743797/selinux-android-message-interpretation