You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adding allow init system_file:dir relabelfrom; is not possible as it violates a neverallow rule in system/sepolicy/public/domain.te:
# Nobody should be doing writes to /system & /vendor
# These partitions are intended to be read-only and must never be
# modified. Doing so would violate important Android security guarantees
# and invalidate dm-verity signatures.
neverallow {
domain
with_asan(`-asan_extract')
recovery_only(`userdebug_or_eng(`-fastbootd')')
} {
system_file_type
vendor_file_type
exec_type
}:dir_file_class_set { create write setattr relabelfrom append unlink link rename };
Should we care about this? Maybe add an ignore rule to init.te.
The text was updated successfully, but these errors were encountered:
Seemingly some (pre-treble) devices try to do something to the /system partition causing this denial:
avc: denied { relabelfrom } for comm="init" name="modules" dev="sda66" ino=1179683 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 ppid=0 pcomm="swapper/0"Adding
allow init system_file:dir relabelfrom;is not possible as it violates a neverallow rule in system/sepolicy/public/domain.te:Should we care about this? Maybe add an ignore rule to init.te.
The text was updated successfully, but these errors were encountered: