kevin: selinux audit logspam seems to be back |
|||
Issue description
I've noticed recently that when I login to my kevin device that I tend to see a bunch of selinux_related log spam in my logs. Like:
---
[ 2485.321357] audit: type=1400 audit(1496177753.595:18): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/var/run/anr" dev="tmpfs" ino=21672 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:anr_data_file:s0 tclass=dir permissive=0
[ 2485.345745] audit: type=1400 audit(1496177753.620:19): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/var/run/camera" dev="tmpfs" ino=16889 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:camera_socket:s0 tclass=dir permissive=0
[ 2485.369417] audit: type=1400 audit(1496177753.643:20): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/var/run/chrome" dev="tmpfs" ino=8059 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:arc_dir:s0 tclass=dir permissive=0
[ 2485.392589] audit: type=1400 audit(1496177753.667:21): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/var/run/cras" dev="tmpfs" ino=426 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:cras_socket:s0 tclass=dir permissive=0
[ 2485.415964] audit: type=1400 audit(1496177753.690:22): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/var/run/inputbridge" dev="tmpfs" ino=25707 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:inputbridge:s0 tclass=dir permissive=0
[ 2485.440669] audit: type=1400 audit(1496177753.715:23): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/var/run/arc/bugreport" dev="tmpfs" ino=21618 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:debug_bugreport:s0 tclass=dir permissive=0
[ 2485.474443] audit: type=1400 audit(1496177753.748:24): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/mnt/media_rw" dev="tmpfs" ino=19406 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=0
[ 2486.577187] audit: type=1400 audit(1496177754.851:25): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/data/data/com.android.providers.telephony" dev="ecryptfs" ino=1442548 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:radio_data_file:s0 tclass=dir permissive=0
[ 2486.605627] audit: type=1400 audit(1496177754.880:26): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/data/data/org.chromium.arc.initializer" dev="ecryptfs" ino=1442522 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
[ 2486.636365] audit: type=1400 audit(1496177754.910:27): avc: denied { getattr } for pid=5866 comm="CTION_IDLE_MODE" path="/data/data/com.android.providers.settings" dev="ecryptfs" ino=1442544 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
---
These are quite distracting. In the past I think we had eliminated most (all?) of these.
I thought maybe they came back due to <https://chromium-review.googlesource.com/c/425787>, but I tried doing '# CONFIG_SECURITY_SELINUX_DEVELOP is not set' and that seem to get rid of the messages.
Maybe this happened starting with the transition to Android-N?
---
One other thing I remember noticing in the past (and I think I noticed recently again) is that when I add memory pressure that I often see selinux stuff show up in my traces. Are we sure these audit messages aren't affecting performance? I don't have any hard data on this yet, but I figured I'd mention it.
,
May 30 2017
This is an untrusted app, so these denials are legitimate and we should still be reporting them. Do you happen to know which app is this? It's kind of odd that the comm= string is bogus, though.
,
Oct 17
,
Jan 7
|
|||
►
Sign in to add a comment |
|||
Comment 1 by briannorris@chromium.org
, May 30 2017