Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9e987cbb authored by Steven Moreland's avatar Steven Moreland
Browse files

Note selinux trans error happens in permissive. 

There was an email thread about this recently, and I've been asked many
times.

For instance, if this error wasn't attributed, denials a service is
hitting would be attributed to init, and that's a recipe for disaster.
Secondarily, thinking about SELinux whenever you write a new service is
good.

Bug: N/A
Test: N/A
Change-Id: Ib9d2c5d8947375a0d4c33ecf3d075caef6b41f70
parent e1948bf7

init/service.cpp

+3 −1
Original line number Diff line number Diff line
@@ -90,7 +90,9 @@ static Result<std::string> ComputeContextFromExecutable(const std::string& servi 
                       << "\") has incorrect label or no domain transition from " << mycon.get()

                       << " to another SELinux domain defined. Have you configured your "

                          "service correctly? https://source.android.com/security/selinux/"

                          "device-policy#label_new_services_and_address_denials";

                          "device-policy#label_new_services_and_address_denials. Note: this "

                          "error shows up even in permissive mode in order to make auditing "

                          "denials possible.";

    }

    if (rc < 0) {

        return Error() << "Could not get process context";