SElinux Android消息解释 [英] SElinux Android message interpretation

问题描述

我无法理解我在android应用程序中收到的此消息.房子里有专家吗?

I am unable to make sense of this message which I get on my android application. Any experts in the house ?

type=1400 audit(0.0:2233): avc: denied { create } for name="access_control.new_commit.cv" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:fuse:s0:c512,c768 tclass=fifo_file permissive=0

推荐答案

给定的SELinux违规行为:

The given SELinux violation:

type=1400 audit(0.0:2233): avc: denied { create } for name="access_control.new_commit.cv" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:fuse:s0:c512,c768 tclass=fifo_file permissive=0

以下，我将尝试解释上述违规的重要部分:

Below I'll try to give explanation of important parts of above violation:

拒绝的{create} :操作权限状态:请求/执行的拒绝权限.在这种情况下，这是一个 create 操作.SELinux拒绝执行 create dir / file 操作的权限.

denied { create } : Operation Permission State : The denied permission that was requested / executed. In this case, it is a create operation. SELinux denying permission to execute create dir/file operation.

name ="access_control.new_commit.cv" :目标名称:目标名称(在这种情况下，为 file/dir >名称)，可能是您的应用程序尝试创建的名称.

name="access_control.new_commit.cv": Target name : The name of the target (in this case, the file/dir name) which your application, probably, trying to create.

scontext = u:r:untrusted_app:s0 :源上下文:此安全冲突的源上下文.这表明哪个 domain/proces 正在尝试执行 create 功能.在这里， untrusted_app 应用程序是由受精卵启动的应用程序

scontext=u:r:untrusted_app:s0 : Source Context : The Source Context for this security violation. This indicates which domain/process is trying to execute create functionality. Here, untrusted_app applications are those which are launched by zygote

tcontext = u:object_r:fuse:s0 :目标上下文:目标资源(在本例中为文件)的安全上下文.在此，源试图在已被拒绝的保险丝文件系统中创建文件.

tcontext=u:object_r:fuse:s0 : Target Context : The security context of the target resource (in this case the file). Here, the source tried to create file in Fuse file system which has been denied.

tclass = fifo_file :目标类别:目标的类别.

在一句话中，SELinux拒绝了 untrusted_app 来创建 access_control.new_commit.cv 文件的权限在 fuse 中.

In one sentence, SELinux denied the permission to untrusted_app to create the access_control.new_commit.cv file in fuse.

从Google来源检查SEPolicy文件

From Google source, check SEPolicy file untrusted_app.te how the permission has been denied.

注意:如果您对答案有任何建议，请告诉我.

NB: If you any suggestion with the answer, let me know.

这篇关于SElinux Android消息解释的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！