sepolicy: open a file by Surfaceflinger

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

sepolicy: open a file by Surfaceflinger

JerryJerryGo
Hello.

I need to make Surfaceflinger open my test file.
(Dev Env: Androd11, Pixel5)

So, I created mysufaceflinger.te in target device directory.
The file has the following content.
allow surfaceflinger app_data_file:file { read write open getattr };

But... When I tried to build.
Android build system gave me sad message like that...

libsepol.report_failure: neverallow on line 194 of system/sepolicy/private/domain.te (or line 39297 of policy.conf) violated by allow surfaceflinger app_data_file:file { open };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
17:39:57 ninja failed with: exit status 1

I learned that it is not allowed for Surfaceflinger open any file. That is default policy for surfaceflinge.

However, I need it. I should make Surfaceflinger access my data. I have not find a proper solution.
I am stuck on this issue for a long time

Could you give me any advice for that?

Thank you.





--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/2600de68-797b-4beb-86f4-ae7d2dbcb675n%40googlegroups.com.