SEPolicy in Android 9 RIL

natmendes · May 7, 2019, 6:03pm

Hi, everyone!
We’re following the steps described in ReadMe.txt of Android 9 RIL and we followed every step. One of the steps was copy a lot of sepolicy files into Android. The files were:

device.te,
dhcp.te,
file.te,
file_contexts,
init.te,
netd.te,
property_contexts,
rild.te,
sierra_config_ip.te,
sierra_dhcpcd.te,
hal_gnss_default.te,
webview_zygote.te.

And we got the following error when we’re compiling:

FAILED: out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows 
/bin/bash -c "(rm -f out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows ) && (ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -c 		30 -o out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/policy.conf )"
libsepol.report_failure: neverallow on line 31 of system/sepolicy/private/domain.te (or line 26731 of policy.conf) violated by allow netd sysfs:file { write open };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_dhcpcd shell_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_dhcpcd sierra_dhcpcd_exec:file { execute entrypoint };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_config_ip sierra_config_ip_exec:file { execute entrypoint };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_config_ip toolbox_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_config_ip dhcp_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_config_ip shell_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_dhcpcd toolbox_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow sierra_dhcpcd dhcp_exec:file { execute execute_no_trans };
libsepol.report_failure: neverallow on line 870 of system/sepolicy/public/domain.te (or line 10993 of policy.conf) violated by allow sierra_dhcpcd dhcp_data_file:dir { ioctl read write getattr lock add_name remove_name search open };
libsepol.report_failure: neverallow on line 870 of system/sepolicy/public/domain.te (or line 10993 of policy.conf) violated by allow sierra_config_ip net_data_file:dir { search };
libsepol.report_failure: neverallow on line 870 of system/sepolicy/public/domain.te (or line 10993 of policy.conf) violated by allow sierra_dhcpcd net_data_file:dir { search };
libsepol.report_failure: neverallow on line 843 of system/sepolicy/public/domain.te (or line 10942 of policy.conf) violated by allow sierra_config_ip net_data_file:file { open };
libsepol.report_failure: neverallow on line 843 of system/sepolicy/public/domain.te (or line 10942 of policy.conf) violated by allow sierra_dhcpcd dhcp_data_file:file { create setattr lock map unlink rename open };
libsepol.report_failure: neverallow on line 843 of system/sepolicy/public/domain.te (or line 10942 of policy.conf) violated by allow sierra_config_ip dhcp_data_file:file { create setattr lock map unlink rename open };
libsepol.check_assertions: 15 neverallow failures occurred
Error while expanding policy
out/host/linux-x86/bin/checkpolicy:  loading policy configuration from out/target/product/evk_8mm/obj/ETC/sepolicy_neverallows_intermediates/policy.conf
[  0% 9/56693] build out/target/product/evk_8mm/obj/ETC/sepolicy.recovery_intermediates/sepolicy
out/host/linux-x86/bin/checkpolicy:  loading policy configuration from out/target/product/evk_8mm/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery.conf
out/host/linux-x86/bin/checkpolicy:  policy configuration loaded
out/host/linux-x86/bin/checkpolicy:  writing binary representation (version 30) to out/target/product/evk_8mm/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp

Ps: we can’t disable SELinux.

Can someone help with this? Is that a new sepolicy files?

Thanks in advance!

Topic		Replies	Views
Ril 9 SElinux	5	607	March 23, 2021
Android RIL integration guide is wrong! Documentation feedback	3	1160	April 4, 2019
Android 9 RIL and Kernel 4.14	1	1128	May 7, 2019
RIL 9 binaries location IoT Modules	7	295	March 23, 2021
source code compilation	6	2992	December 10, 2014

SEPolicy in Android 9 RIL

Related Topics