I have a sdk which has some native code. I am building the code into the shared libraries manually and copied those .so files to jniLibs folder. And I am using that sdk in an App. It was working fine with 5, 6 but with Nougat, it just got crashed every time I opened the App.
Note: I have updated the target version to 25 in the build.gradle file.
This is the error Log:
03-31 16:02:32.553 2050-2050/com.vinoth.sampleApp W/s.sampleApp: type=1400 audit(0.0:152): avc: denied { create } for uid=10156 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=netlink_kobject_uevent_socket permissive=0
03-31 16:02:32.553 2050-2050/com.vinoth.sampleApp W/s.sampleApp: type=1400 audit(0.0:153): avc: denied { read } for uid=10156 name="devices" dev="sysfs" ino=6380 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0
[ 03-31 16:02:32.563 382: 382 W/ ]
debuggerd: handling request: pid=2050 uid=10156 gid=10156 tid=2050
I have searched about this but ended up with no clue.
Someone please help. Thanks in advance.
Related
I've asked around and done some research on it but can't seem to find a fix
I/example.localme( 3862): type=1400 audit(0.0:2646): avc: denied {
write } for name="cache" dev="sdb3" ino=82035
scontext=u:r:untrusted_app:s0:c512,c768
tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
I/example.localme( 3862): type=1400 audit(0.0:2647): avc: denied {
add_name } for name="localmeGMGRPB"
scontext=u:r:untrusted_app:s0:c512,c768
tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
I/example.localme( 3862): type=1400 audit(0.0:2648): avc: denied {
create } for name="localmeGMGRPB"
scontext=u:r:untrusted_app:s0:c512,c768
tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir
permissive=1
I had the same issue and it turned out to be a network / connection issue with the simulator.
Possible solutions:
Turn on WiFi connection
Factory reset the simulator (This solved my issue)
Add internet permission if you are targeting older android versions:
<uses-permission android:name="android.permission.INTERNET"/>
I get this warning when I try to read a USB device
06-14 15:19:57.926 14580-14580/sadboy.circadian W/adboy.circadian: type=1400 audit(0.0:671): avc: denied { search } for name="usb" dev="tmpfs" ino=6196 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:usb_device:s0 tclass=dir permissive=0
I am seeing following sepolicy errors in Android-N.
W Binder:3929_E: type=1400 audit(0.0:29): avc: denied { write } for path="/dev/ttyGS0" dev="tmpfs" ino=73461 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:serial_ic:s0 tclass=chr_file permissive=0
I have created directory "vendor/qcom/sepolicy/acm/" and made its entry in BoardConfig.mk as shown below.
# ACM features belong in vendor/qcom/sepolicy
BOARD_SEPOLICY_DIRS := vendor/qcom/sepolicy/acm
Also I have commented in "device/qcom/sepolicy/common/file_contexts"
-/dev/ttyGS0 u:object_r:gadget_serial_device:s0
+#/dev/ttyGS0 u:object_r:gadget_serial_device:s0
I have changed sepolicy in following directories:
[1] vendor/qcom/sepolicy/acm/file_contexts
# These are the ports used to talk.
# We have to relabel these because domain.te has never allow rules that prevent
# any other domain (other than init or ueventd) from accessing these files
/dev/ttyGS0 u:object_r:serial_ic:s0
[2] vendor/qcom/sepolicy/acm/file.te
type serial_ic, dev_type, fs_type;
[3] vendor/qcom/sepolicy/acm/platform_app.te
allow platform_app serial_ic:chr_file { ioctl open read write };
[4] vendor/qcom/sepolicy/acm/system_server.te
#allow for acm node
allow system_server serial_ic:chr_file rw_file_perms;
[5] vendor/qcom/sepolicy/acm/untrusted_app.te
# for serial chat app
allow untrusted_app serial_ic:chr_file ioctl;
allow untrusted_app serial_ic:chr_file { read write };
[6] vendor/qcom/sepolicy/acm/system_app.te
#allow acm node
allow system_app serial_ic:chr_file { ioctl open read write};
Still I am not able to resolve "write" sepolicy error.Whenever from my serial chat application it tries to access node "/dev/ttyGS0" application crashes.
Posting logs for reference
--------- beginning of crash
01-01 07:11:46.954 15292 15292 E AndroidRuntime: FATAL EXCEPTION: main
01-01 07:11:46.954 15292 15292 E AndroidRuntime: Process: com.android.serialchat, PID: 15292
01-01 07:11:46.954 15292 15292 E AndroidRuntime: DeadSystemException: The system died; earlier logs will point to the root cause
01-01 07:11:46.960 3929 8483 W ActivityManager: Force finishing activity com.android.serialchat/.SerialChat
01-01 07:11:46.965 3929 8483 D ActivityTrigger: ActivityTrigger activityPauseTrigger
01-01 07:11:46.949 8597 8597 W Binder:3929_E: type=1400 audit(0.0:29): avc: denied { write } for path="/dev/ttyGS0" dev="tmpfs" ino=73461 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:serial_ic:s0 tclass=chr_file permissive=0
I have an app which is crashing from time to time and the only reason for the crash I can thing of, has to be the following LogCat content (yep, two times the same line):
07-19 18:16:16.636 W/the.app: type=1400 audit(0.0:4418): avc: denied { read } for comm=4173796E635461736B202331 name="mem" dev="debugfs" ino=81636 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0
07-19 18:16:16.636 W/the.app: type=1400 audit(0.0:4419): avc: denied { read } for comm=4173796E635461736B202331 name="mem" dev="debugfs" ino=81636 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0
Followed by "Force finishing activity". The biggest "surprise" here is, that it is sometimes working totally fine, but more often not. I have no idea what I can do with those messages.
Device: Zuk Z2 Pro (rooted)
OS: Android 6.0.1 (ZUI 2.0)
On AOSP build, I am getting following avc denied messages,
01-01 00:01:28.600 1458-1458/? W/iw﹕ type=1400 audit(0.0:5): avc: denied { create } for scontext=u:r:system_app:s0 tcontext=u:r:system_app:s0 tclass=netlink_socket permissive=0
01-01 00:01:28.660 1460-1460/? W/ndc﹕ type=1400 audit(0.0:6): avc: denied { write } for name="netd" dev="tmpfs" ino=1575 scontext=u:r:system_app:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=0
01-01 00:01:28.720 1461-1461/? W/ndc﹕ type=1400 audit(0.0:7): avc: denied { write } for name="netd" dev="tmpfs" ino=1575 scontext=u:r:system_app:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=0
01-01 00:01:28.790 1462-1462/? W/ndc﹕ type=1400 audit(0.0:8): avc: denied { write } for name="netd" dev="tmpfs" ino=1575 scontext=u:r:system_app:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=0
01-01 00:01:28.860 1463-1463/? W/ndc﹕ type=1400 audit(0.0:9): avc: denied { write } for name="netd" dev="tmpfs" ino=1575 scontext=u:r:system_app:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=0
Using the audit2allow I got following
allow system_app netd_socket:sock_file write;
allow system_app self:netlink_socket create;
I have added the same to device/<vendor-path>/sepolicy/system_app.te
Also excluded system app from neverallow policy as below in external/sepolicy/app.te
neverallow { appdomain -system_app }
self:{
netlink_socket
netlink_firewall_socket
netlink_tcpdiag_socket
netlink_nflog_socket
netlink_xfrm_socket
netlink_audit_socket
netlink_ip6fw_socket
netlink_dnrt_socket
} *;
But still getting the same permission denied avc logs.
Cannot see anything wrong from your change. Suppose your sepolicy change was not building into kernel.
pls try make kernelclean and rebuild kernel, vim at the following file:
out/target/product/xxxx/obj/ETC/sepolicy_intermediates/policy.conf
All the sepolicy should in the policy.conf, grep your new adding policy to check if it has been compiled into kernel.