avc denied even with proper policy added

Question

On AOSP build, I am getting following avc denied messages,

01-01 00:01:28.600    1458-1458/? W/iw﹕ type=1400 audit(0.0:5): avc: denied { create } for scontext=u:r:system_app:s0 tcontext=u:r:system_app:s0 tclass=netlink_socket permissive=0
01-01 00:01:28.660    1460-1460/? W/ndc﹕ type=1400 audit(0.0:6): avc: denied { write } for name="netd" dev="tmpfs" ino=1575 scontext=u:r:system_app:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=0
01-01 00:01:28.720    1461-1461/? W/ndc﹕ type=1400 audit(0.0:7): avc: denied { write } for name="netd" dev="tmpfs" ino=1575 scontext=u:r:system_app:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=0
01-01 00:01:28.790    1462-1462/? W/ndc﹕ type=1400 audit(0.0:8): avc: denied { write } for name="netd" dev="tmpfs" ino=1575 scontext=u:r:system_app:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=0
01-01 00:01:28.860    1463-1463/? W/ndc﹕ type=1400 audit(0.0:9): avc: denied { write } for name="netd" dev="tmpfs" ino=1575 scontext=u:r:system_app:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=0

Using the audit2allow I got following

allow system_app netd_socket:sock_file write; 
allow system_app self:netlink_socket create;

I have added the same to device//sepolicy/system_app.te Also excluded system app from neverallow policy as below in external/sepolicy/app.te

neverallow { appdomain -system_app }
    self:{
        netlink_socket
        netlink_firewall_socket
        netlink_tcpdiag_socket
        netlink_nflog_socket
        netlink_xfrm_socket
        netlink_audit_socket
        netlink_ip6fw_socket
        netlink_dnrt_socket
    } *;

But still getting the same permission denied avc logs.

avc denied even with proper policy added

Answers (1)

Related Questions