SEPolicy in Android 9 RIL

#1

Hi, everyone!
We’re following the steps described in ReadMe.txt of Android 9 RIL and we followed every step. One of the steps was copy a lot of sepolicy files into Android. The files were:

  • device.te,
  • dhcp.te,
  • file.te,
  • file_contexts,
  • init.te,
  • netd.te,
  • property_contexts,
  • rild.te,
  • sierra_config_ip.te,
  • sierra_dhcpcd.te,
  • hal_gnss_default.te,
  • webview_zygote.te.

And we got the following error when we’re compiling:

FAILED: out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows 
/bin/bash -c "(rm -f out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows ) && (ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -c 		30 -o out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/policy.conf )"
libsepol.report_failure: neverallow on line 31 of system/sepolicy/private/domain.te (or line 26731 of policy.conf) violated by allow netd sysfs:file { write open };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_dhcpcd shell_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_dhcpcd sierra_dhcpcd_exec:file { execute entrypoint };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_config_ip sierra_config_ip_exec:file { execute entrypoint };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_config_ip toolbox_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_config_ip dhcp_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_config_ip shell_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_dhcpcd toolbox_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_dhcpcd dhcp_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 870 of system/sepolicy/public/domain.te (or line 10993 of policy.conf) violated by allow sierra_dhcpcd dhcp_data_file:dir { ioctl read write getattr lock add_name remove_name search open };
libsepol.report_failure: neverallow on line 870 of system/sepolicy/public/domain.te (or line 10993 of policy.conf) violated by allow sierra_config_ip net_data_file:dir { search };
libsepol.report_failure: neverallow on line 870 of system/sepolicy/public/domain.te (or line 10993 of policy.conf) violated by allow sierra_dhcpcd net_data_file:dir { search };
libsepol.report_failure: neverallow on line 843 of system/sepolicy/public/domain.te (or line 10942 of policy.conf) violated by allow sierra_config_ip net_data_file:file { open };
libsepol.report_failure: neverallow on line 843 of system/sepolicy/public/domain.te (or line 10942 of policy.conf) violated by allow sierra_dhcpcd dhcp_data_file:file { create setattr lock map unlink rename open };
libsepol.report_failure: neverallow on line 843 of system/sepolicy/public/domain.te (or line 10942 of policy.conf) violated by allow sierra_config_ip dhcp_data_file:file { create setattr lock map unlink rename open };
libsepol.check_assertions: 15 neverallow failures occurred
Error while expanding policy
out/host/linux-x86/bin/checkpolicy:  loading policy configuration from out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/policy.conf
[  0% 9/56693] build out/target/product/evk_8mm/obj/ETC/sepolicy.recovery_intermediates/sepolicy
out/host/linux-x86/bin/checkpolicy:  loading policy configuration from out/target/product/evk_8mm/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery.conf
out/host/linux-x86/bin/checkpolicy:  policy configuration loaded
out/host/linux-x86/bin/checkpolicy:  writing binary representation (version 30) to out/target/product/evk_8mm/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp

Ps: we can’t disable SELinux.

Can someone help with this? Is that a new sepolicy files?

Thanks in advance!