I tried to build with the gapps, I created a folder vendor/google and tried to reproduce the same order of the vendor/samsung/ folder. The problem is that when I try to build it says: "build/core/product_config.mk:195: *** device/samsung/maguro/full_maguro.mk: malformed COPY_FILE "vendor/google/maguro/proprietary/". Stop. I tried to investigate without success, so I decided to try to use the restorecon. is it needed to be root? on which files do I need to use restorecon? how? Thanks On Thu, Jul 12, 2012 at 1:35 PM, Robert Craig wrote: > Doing a restorecon might be the easiest solution as described by Stephen > Smalley. However, every time > you reflash your phone with new images you'll have to do a restorecon on > those apps. If you want to include > the gapps into your build harness you'll need to modify device specific > makefiles to PRODUCT_COPY_FILES > from the gapps directory you have downloaded. Best bet is to look at a > current working example under the 'vendor' > directory for the specific device your building. Then just create a > vendor/google to mimic its structure. > > > On Thu, Jul 12, 2012 at 7:06 AM, Alexandra Test < > testalexandrainstitute@gmail.com> wrote: > >> I added the gapps afterwards >> >> >> On Wed, Jul 11, 2012 at 2:50 PM, Robert Craig wrote: >> >>> Are you building your system.img with the gapps? Are you adding the >>> gapps afterwards (after the biuld and flash)? >>> If afterwards, the denials specific to the gapps below would explain >>> that. Try baking the gapps into the system >>> image before the system.img is built. >>> >> >> How to do that? I have a .zip file with some folder inside (system, >> optional and meta-data ) >> >> Thanks. >> >>> >>> On Wed, Jul 11, 2012 at 6:39 AM, Alexandra Test < >>> testalexandrainstitute@gmail.com> wrote: >>> >>>> Thanks for the suggestions, the phone is now working in permissive mode. >>>> I would like to set the enforcing mode but I still have some residual >>>> denials. >>>> The output of the >>>> >>>> adb shell dmesg | grep avc >>>> >>>> <5>[84589.029418] type=1400 audit(1341913871.476:458): avc: denied { read } for pid=130 comm="sh" path="/dev/ttyFIQ0" dev=tmpfs ino=2642 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file >>>> >>>> >>>> >>>> >>>> <5>[85517.133544] type=1400 audit(1341914799.582:459): avc: denied { open } for pid=10531 comm="SyncAdapterThre" name="ctrl" dev=proc ino=4026533139 scontext=u:r:trusted_app:s0:c46 tcontext=u:object_r:qtaguid:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[85519.959869] type=1400 audit(1341914802.410:460): avc: denied { read } for pid=338 comm="ndroid.systemui" name="Gmail.apk" dev=mmcblk0p10 ino=965 scontext=u:r:system_app:s0 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[85519.960449] type=1400 audit(1341914802.410:461): avc: denied { open } for pid=338 comm="ndroid.systemui" name="Gmail.apk" dev=mmcblk0p10 ino=965 scontext=u:r:system_app:s0 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86670.591888] type=1400 audit(1341915953.036:462): avc: denied { read } for pid=10727 comm="id.partnersetup" name="GooglePartnerSetup.apk" dev=mmcblk0p10 ino=971 scontext=u:r:trusted_app:s0:c52 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86670.592193] type=1400 audit(1341915953.036:463): avc: denied { open } for pid=10727 comm="id.partnersetup" name="GooglePartnerSetup.apk" dev=mmcblk0p10 ino=971 scontext=u:r:trusted_app:s0:c52 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86701.210266] type=1400 audit(1341915983.653:464): avc: denied { read } for pid=10754 comm="apters.calendar" name="GoogleCalendarSyncAdapter.apk" dev=mmcblk0p10 ino=967 scontext=u:r:trusted_app:s0:c50 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86701.210571] type=1400 audit(1341915983.653:465): avc: denied { open } for pid=10754 comm="apters.calendar" name="GoogleCalendarSyncAdapter.apk" dev=mmcblk0p10 ino=967 scontext=u:r:trusted_app:s0:c50 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86701.669555] type=1400 audit(1341915984.114:466): avc: denied { read } for pid=10770 comm="SyncAdapterThre" name="xt_qtaguid" dev=tmpfs ino=2623 scontext=u:r:trusted_app:s0:c50 tcontext=u:object_r:device:s0 tclass=chr_file >>>> >>>> >>>> >>>> >>>> <5>[86701.669860] type=1400 audit(1341915984.114:467): avc: denied { open } for pid=10770 comm="SyncAdapterThre" name="xt_qtaguid" dev=tmpfs ino=2623 scontext=u:r:trusted_app:s0:c50 tcontext=u:object_r:device:s0 tclass=chr_file >>>> >>>> >>>> >>>> >>>> <5>[86701.670349] type=1400 audit(1341915984.114:468): avc: denied { open } for pid=10770 comm="SyncAdapterThre" name="ctrl" dev=proc ino=4026533139 scontext=u:r:trusted_app:s0:c50 tcontext=u:object_r:qtaguid:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86703.330718] type=1400 audit(1341915985.778:469): avc: denied { open } for pid=10777 comm="SyncAdapterThre" name="ctrl" dev=proc ino=4026533139 scontext=u:r:trusted_app:s0:c46 tcontext=u:object_r:qtaguid:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86704.572326] type=1400 audit(1341915987.020:470): avc: denied { read } for pid=10781 comm="e.process.gapps" name="GoogleServicesFramework.apk" dev=mmcblk0p10 ino=973 scontext=u:r:trusted_app:s0:c48 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86704.573242] type=1400 audit(1341915987.020:471): avc: denied { open } for pid=10781 comm="e.process.gapps" name="GoogleServicesFramework.apk" dev=mmcblk0p10 ino=973 scontext=u:r:trusted_app:s0:c48 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86718.670806] type=1400 audit(1341916001.114:472): avc: denied { read } for pid=10820 comm="le.android.talk" name="Talk.apk" dev=mmcblk0p10 ino=980 scontext=u:r:trusted_app:s0:c59 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86718.671112] type=1400 audit(1341916001.114:473): avc: denied { open } for pid=10820 comm="le.android.talk" name="Talk.apk" dev=mmcblk0p10 ino=980 scontext=u:r:trusted_app:s0:c59 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86721.909545] type=1400 audit(1341916004.356:474): avc: denied { read } for pid=10863 comm="ApplicationsPro" name="Gmail.apk" dev=mmcblk0p10 ino=965 scontext=u:r:trusted_app:s0:c0 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> <5>[86721.909851] type=1400 audit(1341916004.356:475): avc: denied { open } for pid=10863 comm="ApplicationsPro" name="Gmail.apk" dev=mmcblk0p10 ino=965 scontext=u:r:trusted_app:s0:c0 tcontext=u:object_r:unlabeled:s0 tclass=file >>>> >>>> >>>> >>>> >>>> Do I need to do something before changing the secure mode? >>>> >>>> >>>> >>>> >>>> Thanks for your help >>>> >>>> >>>> On Mon, Jul 9, 2012 at 10:48 PM, Stephen Smalley wrote: >>>> >>>>> On Mon, 2012-07-02 at 16:05 +0200, Alexandra Test wrote: >>>>> >>>>> > I tried to install application from the google play website directly >>>>> > from the phone but it is not working. >>>>> >>>>> Not sure what you mean by "not working" above. You have to separately >>>>> install the gapps, but they work for us. Enforcing or permissive? >>>>> >>>>> > How to get the formal meaning of the files? I tried to look for it... >>>>> >>>>> seapp_contexts is only "documented" by the inline comments at the >>>>> moment. The SELinux policy language is documented in a variety of >>>>> places, including books (e.g. SELinux by Example, the SELinux >>>>> Notebook), >>>>> wiki pages (e.g. http://selinuxproject.org/page/PolicyLanguage), and >>>>> technical reports (e.g. >>>>> http://www.nsa.gov/research/selinux/docs.shtml#tech). >>>>> >>>>> > Yes, you are right, but I can't see any deny now... I only have to >>>>> > understand how to go on... >>>>> >>>>> No avc messages in the output of adb shell dmesg or adb logcat? >>>>> >>>>> >>>>> -- >>>>> Stephen Smalley >>>>> National Security Agency >>>>> >>>>> >>>> >>> >> >