问题描述
我无法理解我在android应用程序中收到的此消息.房子里有专家吗?
I am unable to make sense of this message which I get on my android application. Any experts in the house ?
type=1400 audit(0.0:2233): avc: denied { create } for name="access_control.new_commit.cv" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:fuse:s0:c512,c768 tclass=fifo_file permissive=0
推荐答案
给定的SELinux违规行为:
The given SELinux violation:
type=1400 audit(0.0:2233): avc: denied { create } for name="access_control.new_commit.cv" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:fuse:s0:c512,c768 tclass=fifo_file permissive=0
以下,我将尝试解释上述违规的重要部分:
Below I'll try to give explanation of important parts of above violation:
拒绝的{create}
:操作权限状态:请求/执行的拒绝权限.在这种情况下,这是一个 create 操作.SELinux拒绝执行 create dir / file 操作的权限.
denied { create }
: Operation Permission State : The denied permission that was requested / executed. In this case, it is a create operation. SELinux denying permission to execute create dir/file operation.
name ="access_control.new_commit.cv"
:目标名称:目标名称(在这种情况下,为 file/dir >名称),可能是您的应用程序尝试创建的名称.
name="access_control.new_commit.cv"
: Target name : The name of the target (in this case, the file/dir name) which your application, probably, trying to create.
scontext = u:r:untrusted_app:s0
:源上下文:此安全冲突的源上下文.这表明哪个 domain/proces 正在尝试执行 create 功能.在这里, untrusted_app
应用程序是由受精卵启动的应用程序
scontext=u:r:untrusted_app:s0
: Source Context : The Source Context for this security violation. This indicates which domain/process is trying to execute create functionality. Here, untrusted_app
applications are those which are launched by zygote
tcontext = u:object_r:fuse:s0
:目标上下文:目标资源(在本例中为文件)的安全上下文.在此,源试图在已被拒绝的保险丝文件系统中创建文件.
tcontext=u:object_r:fuse:s0
: Target Context : The security context of the target resource (in this case the file). Here, the source tried to create file in Fuse file system which has been denied.
tclass = fifo_file
:目标类别:目标的类别.
在一句话中,SELinux拒绝了 untrusted_app
来创建 access_control.new_commit.cv
文件的权限在 fuse
中.
In one sentence, SELinux denied the permission to untrusted_app
to create
the access_control.new_commit.cv
file in fuse
.
从Google来源检查SEPolicy文件 untrusted_app.te 如何拒绝该权限.
From Google source, check SEPolicy file untrusted_app.te how the permission has been denied.
注意:如果您对答案有任何建议,请告诉我.
NB: If you any suggestion with the answer, let me know.
这篇关于SElinux Android消息解释的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!