* Problem with SEManager app on Seandroid 4.0.4
[not found] <CAN93RkJ63JnR-ajfVtKx772+NsFT=-P2_L7Cv3cr4rEAJxMYDg@mail.gmail.com>
@ 2012-09-11 20:23 ` Cesar Maiorino
2012-09-11 20:37 ` William Roberts
0 siblings, 1 reply; 11+ messages in thread
From: Cesar Maiorino @ 2012-09-11 20:23 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 518 bytes --]
I finally got a version of seandroid (4.0.4) running on my Qualcomm MSM8960
Mobile Development Platform. This required some manual intervention as the
patch files did not all apply cleanly, so it's possible that I've messed
something up in the process.
That being said, the SEManager app does not let me change any settings
aside from toggling "MAC Mode" on and off. So I can't change '"SELinux
Mode" (stuck in permissive), and I can't change any of the Booleans.
AVC and MAC logging seem to be working.
Any ideas?
[-- Attachment #2: Type: text/html, Size: 630 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-11 20:23 ` Problem with SEManager app on Seandroid 4.0.4 Cesar Maiorino
@ 2012-09-11 20:37 ` William Roberts
2012-09-12 15:01 ` Cesar Maiorino
0 siblings, 1 reply; 11+ messages in thread
From: William Roberts @ 2012-09-11 20:37 UTC (permalink / raw)
To: Cesar Maiorino; +Cc: selinux
My guess is you need to change the permissions of /selinux/*
(/selinux/booleans for the booleans) to system system.
the init.rc needs to have chown system system for all of the booleans,
setenforce etc
chown system system /selinux/enforce
chown -R system system /selinux/booleans
chown system system /selinux/commit_pending_bools
You'll need to patch in the recursive support or enumerate all the
bools. The patch for recursive support can be found:
https://android-review.googlesource.com/#/c/32220/
Hope this helps.
On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
<cesar.maiorino@gmail.com> wrote:
> I finally got a version of seandroid (4.0.4) running on my Qualcomm MSM8960
> Mobile Development Platform. This required some manual intervention as the
> patch files did not all apply cleanly, so it's possible that I've messed
> something up in the process.
>
> That being said, the SEManager app does not let me change any settings aside
> from toggling "MAC Mode" on and off. So I can't change '"SELinux Mode"
> (stuck in permissive), and I can't change any of the Booleans.
>
> AVC and MAC logging seem to be working.
>
> Any ideas?
>
--
Respectfully,
William C Roberts
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-11 20:37 ` William Roberts
@ 2012-09-12 15:01 ` Cesar Maiorino
2012-09-12 15:37 ` Joman Chu
0 siblings, 1 reply; 11+ messages in thread
From: Cesar Maiorino @ 2012-09-12 15:01 UTC (permalink / raw)
To: William Roberts; +Cc: selinux
[-- Attachment #1: Type: text/plain, Size: 1684 bytes --]
I did have these in my init.rc, but my build was not copying init.rc to to
the out directory.
I copied it over manually and rebuilt the boot.img and it now I can change
the values.
So that is progress.
Now, however, when I toggle on SELinux, my device locks up. On reboot it is
stuck at the
lock screen.
Thanks for the help.
On Tue, Sep 11, 2012 at 4:37 PM, William Roberts
<bill.c.roberts@gmail.com>wrote:
> My guess is you need to change the permissions of /selinux/*
> (/selinux/booleans for the booleans) to system system.
>
> the init.rc needs to have chown system system for all of the booleans,
> setenforce etc
>
> chown system system /selinux/enforce
> chown -R system system /selinux/booleans
> chown system system /selinux/commit_pending_bools
>
> You'll need to patch in the recursive support or enumerate all the
> bools. The patch for recursive support can be found:
> https://android-review.googlesource.com/#/c/32220/
>
> Hope this helps.
>
>
> On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
> <cesar.maiorino@gmail.com> wrote:
> > I finally got a version of seandroid (4.0.4) running on my Qualcomm
> MSM8960
> > Mobile Development Platform. This required some manual intervention as
> the
> > patch files did not all apply cleanly, so it's possible that I've messed
> > something up in the process.
> >
> > That being said, the SEManager app does not let me change any settings
> aside
> > from toggling "MAC Mode" on and off. So I can't change '"SELinux Mode"
> > (stuck in permissive), and I can't change any of the Booleans.
> >
> > AVC and MAC logging seem to be working.
> >
> > Any ideas?
> >
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
[-- Attachment #2: Type: text/html, Size: 2401 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-12 15:01 ` Cesar Maiorino
@ 2012-09-12 15:37 ` Joman Chu
2012-09-12 15:49 ` Cesar Maiorino
2012-09-12 18:48 ` Cesar Maiorino
0 siblings, 2 replies; 11+ messages in thread
From: Joman Chu @ 2012-09-12 15:37 UTC (permalink / raw)
To: Cesar Maiorino; +Cc: William Roberts, selinux
[-- Attachment #1: Type: text/plain, Size: 2057 bytes --]
On 09/12/2012 11:01 AM, Cesar Maiorino wrote:
> I did have these in my init.rc, but my build was not copying init.rc
> to to the out directory.
> I copied it over manually and rebuilt the boot.img and it now I can
> change the values.
> So that is progress.
> Now, however, when I toggle on SELinux, my device locks up. On reboot
> it is stuck at the
> lock screen.
> Thanks for the help.
>
> On Tue, Sep 11, 2012 at 4:37 PM, William Roberts
> <bill.c.roberts@gmail.com <mailto:bill.c.roberts@gmail.com>> wrote:
>
> My guess is you need to change the permissions of /selinux/*
> (/selinux/booleans for the booleans) to system system.
>
> the init.rc needs to have chown system system for all of the booleans,
> setenforce etc
>
> chown system system /selinux/enforce
> chown -R system system /selinux/booleans
> chown system system /selinux/commit_pending_bools
>
> You'll need to patch in the recursive support or enumerate all the
> bools. The patch for recursive support can be found:
> https://android-review.googlesource.com/#/c/32220/
>
> Hope this helps.
>
>
> On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
> <cesar.maiorino@gmail.com <mailto:cesar.maiorino@gmail.com>> wrote:
> > I finally got a version of seandroid (4.0.4) running on my
> Qualcomm MSM8960
> > Mobile Development Platform. This required some manual
> intervention as the
> > patch files did not all apply cleanly, so it's possible that
> I've messed
> > something up in the process.
> >
> > That being said, the SEManager app does not let me change any
> settings aside
> > from toggling "MAC Mode" on and off. So I can't change '"SELinux
> Mode"
> > (stuck in permissive), and I can't change any of the Booleans.
> >
> > AVC and MAC logging seem to be working.
> >
> > Any ideas?
> >
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
>
Perhaps you're running into AVC denials. Can you post the kernel logs
from /proc/kmsg?
[-- Attachment #2: Type: text/html, Size: 3724 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-12 15:37 ` Joman Chu
@ 2012-09-12 15:49 ` Cesar Maiorino
2012-09-12 18:48 ` Cesar Maiorino
1 sibling, 0 replies; 11+ messages in thread
From: Cesar Maiorino @ 2012-09-12 15:49 UTC (permalink / raw)
To: Joman Chu; +Cc: William Roberts, selinux
[-- Attachment #1: Type: text/plain, Size: 2089 bytes --]
I was definitely getting AVC denials when I was stuck in permissive mode. I
will address those and try it again.
On Wed, Sep 12, 2012 at 11:37 AM, Joman Chu <jcchu@tycho.ncsc.mil> wrote:
> On 09/12/2012 11:01 AM, Cesar Maiorino wrote:
>
> I did have these in my init.rc, but my build was not copying init.rc to
> to the out directory.
> I copied it over manually and rebuilt the boot.img and it now I can change
> the values.
> So that is progress.
> Now, however, when I toggle on SELinux, my device locks up. On reboot it
> is stuck at the
> lock screen.
> Thanks for the help.
>
> On Tue, Sep 11, 2012 at 4:37 PM, William Roberts <bill.c.roberts@gmail.com
> > wrote:
>
>> My guess is you need to change the permissions of /selinux/*
>> (/selinux/booleans for the booleans) to system system.
>>
>> the init.rc needs to have chown system system for all of the booleans,
>> setenforce etc
>>
>> chown system system /selinux/enforce
>> chown -R system system /selinux/booleans
>> chown system system /selinux/commit_pending_bools
>>
>> You'll need to patch in the recursive support or enumerate all the
>> bools. The patch for recursive support can be found:
>> https://android-review.googlesource.com/#/c/32220/
>>
>> Hope this helps.
>>
>>
>> On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
>> <cesar.maiorino@gmail.com> wrote:
>> > I finally got a version of seandroid (4.0.4) running on my Qualcomm
>> MSM8960
>> > Mobile Development Platform. This required some manual intervention as
>> the
>> > patch files did not all apply cleanly, so it's possible that I've messed
>> > something up in the process.
>> >
>> > That being said, the SEManager app does not let me change any settings
>> aside
>> > from toggling "MAC Mode" on and off. So I can't change '"SELinux Mode"
>> > (stuck in permissive), and I can't change any of the Booleans.
>> >
>> > AVC and MAC logging seem to be working.
>> >
>> > Any ideas?
>> >
>>
>>
>>
>> --
>> Respectfully,
>>
>> William C Roberts
>>
>
> Perhaps you're running into AVC denials. Can you post the kernel logs
> from /proc/kmsg?
>
[-- Attachment #2: Type: text/html, Size: 3921 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-12 15:37 ` Joman Chu
2012-09-12 15:49 ` Cesar Maiorino
@ 2012-09-12 18:48 ` Cesar Maiorino
2012-09-12 20:29 ` William Roberts
1 sibling, 1 reply; 11+ messages in thread
From: Cesar Maiorino @ 2012-09-12 18:48 UTC (permalink / raw)
To: Joman Chu; +Cc: William Roberts, selinux
[-- Attachment #1.1: Type: text/plain, Size: 2110 bytes --]
Here is my /proc/kmsg. I am going to dig into it myself, but if you have
the time to take a look, any
pointers would be appreciated.
On Wed, Sep 12, 2012 at 11:37 AM, Joman Chu <jcchu@tycho.ncsc.mil> wrote:
> On 09/12/2012 11:01 AM, Cesar Maiorino wrote:
>
> I did have these in my init.rc, but my build was not copying init.rc to
> to the out directory.
> I copied it over manually and rebuilt the boot.img and it now I can change
> the values.
> So that is progress.
> Now, however, when I toggle on SELinux, my device locks up. On reboot it
> is stuck at the
> lock screen.
> Thanks for the help.
>
> On Tue, Sep 11, 2012 at 4:37 PM, William Roberts <bill.c.roberts@gmail.com
> > wrote:
>
>> My guess is you need to change the permissions of /selinux/*
>> (/selinux/booleans for the booleans) to system system.
>>
>> the init.rc needs to have chown system system for all of the booleans,
>> setenforce etc
>>
>> chown system system /selinux/enforce
>> chown -R system system /selinux/booleans
>> chown system system /selinux/commit_pending_bools
>>
>> You'll need to patch in the recursive support or enumerate all the
>> bools. The patch for recursive support can be found:
>> https://android-review.googlesource.com/#/c/32220/
>>
>> Hope this helps.
>>
>>
>> On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
>> <cesar.maiorino@gmail.com> wrote:
>> > I finally got a version of seandroid (4.0.4) running on my Qualcomm
>> MSM8960
>> > Mobile Development Platform. This required some manual intervention as
>> the
>> > patch files did not all apply cleanly, so it's possible that I've messed
>> > something up in the process.
>> >
>> > That being said, the SEManager app does not let me change any settings
>> aside
>> > from toggling "MAC Mode" on and off. So I can't change '"SELinux Mode"
>> > (stuck in permissive), and I can't change any of the Booleans.
>> >
>> > AVC and MAC logging seem to be working.
>> >
>> > Any ideas?
>> >
>>
>>
>>
>> --
>> Respectfully,
>>
>> William C Roberts
>>
>
> Perhaps you're running into AVC denials. Can you post the kernel logs
> from /proc/kmsg?
>
[-- Attachment #1.2: Type: text/html, Size: 3946 bytes --]
[-- Attachment #2: seandroid_proc_kmsg.txt --]
[-- Type: text/plain, Size: 71723 bytes --]
<6>[ 0.000000] Booting Linux on physical CPU 0
<6>[ 0.000000] Initializing cgroup subsys cpu
<5>[ 0.000000] Linux version 3.0.8 (cmaiorin@ldiv-droid) (gcc version 4.4.3 (GCC) ) #1 SMP PREEMPT Wed Sep 12 12:01:09 EDT 2012
<4>[ 0.000000] CPU: ARMv7 Processor [511f04d0] revision 0 (ARMv7), cr=10c5387d
<4>[ 0.000000] CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
<4>[ 0.000000] Machine: QCT MSM8960 FLUID
<6>[ 0.000000] m0 size 8c00000 m1 start 90000000
<6>[ 0.000000] memory pool 3 (start ac200000 size 3c00000) initialized
<6>[ 0.000000] mm fw at afe00000 (fixed) size 200000
<6>[ 0.000000] fmem start b0000000 (fixed) size 7a02000
<4>[ 0.000000] Memory policy: ECC disabled, Data cache writealloc
<6>[ 0.000000] socinfo_init: v6, id=87, ver=3.1, raw_id=1712, raw_ver=4, hw_plat=3, hw_plat_ver=65536
<6>[ 0.000000] accessory_chip=0 hw_plat_subtype=0
<4>[ 0.000000] Zone PFN ranges:
<4>[ 0.000000] Normal 0x00080200 -> 0x000a8400
<4>[ 0.000000] HighMem 0x000a8400 -> 0x000c0000
<4>[ 0.000000] Movable zone start PFN for each node
<4>[ 0.000000] early_node_map[3] active PFN ranges
<4>[ 0.000000] 0: 0x00080200 -> 0x00088e00
<4>[ 0.000000] 0: 0x00090000 -> 0x000ac200
<4>[ 0.000000] 0: 0x000b7a02 -> 0x000c0000
<7>[ 0.000000] On node 0 totalpages: 185342
<7>[ 0.000000] Normal zone: 1445 pages used for memmap
<7>[ 0.000000] Normal zone: 0 pages reserved
<7>[ 0.000000] Normal zone: 133723 pages, LIFO batch:31
<7>[ 0.000000] HighMem zone: 855 pages used for memmap
<7>[ 0.000000] HighMem zone: 49319 pages, LIFO batch:15
<6>[ 0.000000] allocating 31825920 bytes at c19fd000 (81bfd000 physical) for fb
<6>[ 0.000000] PERCPU: Embedded 8 pages/cpu @c385a000 s10048 r8192 d14528 u32768
<7>[ 0.000000] pcpu-alloc: s10048 r8192 d14528 u32768 alloc=8*4096
<7>[ 0.000000] pcpu-alloc: [0] 0 [0] 1
<4>[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 183042
<5>[ 0.000000] Kernel command line: console=ttyHSL0,115200,n8 androidboot.hardware=qcom user_debug=31 androidboot.emmc=true androidboot.serialno=b1761b4c androidboot.authorized_kernel=true androidboot.baseband=msm
<6>[ 0.000000] PID hash table entries: 4096 (order: 2, 16384 bytes)
<6>[ 0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
<6>[ 0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
<6>[ 0.000000] Memory: 140MB 450MB 133MB = 723MB total
<5>[ 0.000000] Memory: 685604k/874028k available, 55764k reserved, 200696K highmem
<5>[ 0.000000] Virtual kernel memory layout:
<5>[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
<5>[ 0.000000] fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
<5>[ 0.000000] DMA : 0xff000000 - 0xffe00000 ( 14 MB)
<5>[ 0.000000] vmalloc : 0xe1800000 - 0xfa000000 ( 392 MB)
<5>[ 0.000000] lowmem : 0xc0000000 - 0xe1000000 ( 528 MB)
<5>[ 0.000000] pkmap : 0xbfe00000 - 0xc0000000 ( 2 MB)
<5>[ 0.000000] modules : 0xbf000000 - 0xbfe00000 ( 14 MB)
<5>[ 0.000000] .init : 0xc0008000 - 0xc005c000 ( 336 kB)
<5>[ 0.000000] .text : 0xc0100000 - 0xc0b7ca58 (10739 kB)
<5>[ 0.000000] .data : 0xc0c00000 - 0xc0cf9700 ( 998 kB)
<5>[ 0.000000] .bss : 0xc0cf9724 - 0xc0eebf00 (1994 kB)
<6>[ 0.000000] SLUB: Genslabs=11, HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
<6>[ 0.000000] Preemptible hierarchical RCU implementation.
<6>[ 0.000000] NR_IRQS:817
<6>[ 0.000000] sched_clock: 32 bits at 32kHz, resolution 30520ns, wraps every 131084001ms
<6>[ 0.000000] Console: colour dummy device 80x30
<6>[ 0.000000] kmemleak: Kernel memory leak detector disabled
<6>[ 0.150190] Calibrating delay using timer specific routine.. 13.53 BogoMIPS (lpj=67679)
<6>[ 0.150221] pid_max: default: 32768 minimum: 301
<6>[ 0.150495] Security Framework initialized
<6>[ 0.150526] SELinux: Initializing.
<7>[ 0.150618] SELinux: Starting in permissive mode
<6>[ 0.150740] Mount-cache hash table entries: 512
<6>[ 0.151991] Initializing cgroup subsys debug
<6>[ 0.152021] Initializing cgroup subsys cpuacct
<6>[ 0.152083] Initializing cgroup subsys freezer
<6>[ 0.152144] CPU: Testing write buffer coherency: ok
<6>[ 0.152571] hw perfevents: enabled with ARMv7 Krait PMU driver, 5 counters available
<6>[ 0.160598] Brought up 2 CPUs
<6>[ 0.160598] SMP: Total of 2 processors activated (27.07 BogoMIPS).
<6>[ 0.177933] print_constraints: dummy:
<3>[ 0.178055] rdev_init_debugfs: Error-Bad Function Input
<6>[ 0.178361] NET: Registered protocol family 16
<3>[ 0.178605] AXI: msm_bus_fabric_init_driver(): msm_bus_fabric_init_driver
<3>[ 0.180009] MSM_DCVS: msm_dcvs_early_init: Unable to initialize DCVS err=-95
<6>[ 0.181840] meminfo_init: smem ram ptable found: ver: 0 len: 5
<6>[ 0.181840] Found 1 memory banks grouped into 8 memory regions
<6>[ 0.181901] msm_tsens_early_init: done
<6>[ 0.181901] msm_rpm_init: RPM firmware 3.0.16842827
<6>[ 0.208362] rcg_clk_handoff: sdc1_clk rate=48000000
<6>[ 0.208423] rcg_clk_handoff: dsi1_byte_clk rate=1
<6>[ 0.208454] rcg_clk_handoff: dsi1_esc_clk rate=2
<6>[ 0.208484] rcg_clk_handoff: mdp_clk rate=200000000
<6>[ 0.211414] saw_probe: id=0, name=8921_s5
<6>[ 0.211933] saw_probe: id=1, name=8921_s6
<6>[ 0.212482] gpio_vreg_probe: id=202, name=ext_5v, gpio=202, gpio_label=ext_5v_en
<6>[ 0.212849] pm8921_probe: PMIC revision 1: F4
<6>[ 0.212849] pm8921_probe: PMIC revision 2: 06
<6>[ 0.212879] pm8921_probe: PMIC version: PM8921 rev 3.0
<6>[ 0.212879] pm8921_probe: PMIC Restart Reason: Triggered from CHG (usb charger insertion)
<6>[ 0.215260] pm_gpio_probe: OK: base=152, ngpio=44
<6>[ 0.215687] pm8xxx_mpp_probe: OK: base=196, ngpio=12
<6>[ 0.222524] gpio_vreg_probe: id=193, name=ext_otg_sw, gpio=193, gpio_label=ext_otg_sw_en
<6>[ 0.239096] select_freq_plan: ACPU PVS: Nominal
<6>[ 0.239127] select_freq_plan: Max ACPU freq: 1512000 KHz
<6>[ 0.242575] cpufreq_table_init: CPU0: 12 scaling frequencies supported.
<6>[ 0.242575] cpufreq_table_init: CPU1: 12 scaling frequencies supported.
<6>[ 0.248741] fmem phys b0200000 virt e2000000 size 7800000
<6>[ 0.249504] sps:REVISION of BAM 0xe1820000 is 0x5.
<6>[ 0.250083] sps is ready.
<6>[ 0.270502] bio: create slab <bio-0> at 0
<6>[ 0.271081] ION heap vmalloc created
<6>[ 0.271112] ION heap mm created at b0200000 with size 7800000
<6>[ 0.271142] ION heap mm_fw created at b0000000 with size 200000
<6>[ 0.271142] ION heap mfc created at b7a00000 with size 2000
<6>[ 0.271204] ION heap sf created at ac200000 with size 2800000
<6>[ 0.271204] ION heap iommu created
<6>[ 0.271234] ION heap qsecom created at aea00000 with size 600000
<6>[ 0.271295] ION heap audio created at af000000 with size 2b4000
<5>[ 0.271936] pm8xxx_pwm_probe: OK
<5>[ 0.272272] SCSI subsystem initialized
<6>[ 0.272363] sps:REVISION of BAM 0xe182c000 is 0x12.
<6>[ 0.273279] usbcore: registered new interface driver usbfs
<6>[ 0.273370] usbcore: registered new interface driver hub
<6>[ 0.273493] usbcore: registered new device driver usb
<7>[ 0.273981] Registered led device: led:battery_charging
<7>[ 0.274805] Registered led device: led:battery_full
<6>[ 0.275019] Advanced Linux Sound Architecture Driver Version 1.0.24.
<6>[ 0.275507] Bluetooth: Core ver 2.16
<6>[ 0.275568] NET: Registered protocol family 31
<6>[ 0.275568] Bluetooth: HCI device and connection manager initialized
<6>[ 0.275568] Bluetooth: HCI socket layer initialized
<6>[ 0.275568] Bluetooth: L2CAP socket layer initialized
<6>[ 0.275751] Bluetooth: SCO socket layer initialized
<6>[ 0.276148] cfg80211: Calling CRDA to update world regulatory domain
<6>[ 0.276392] Switching to clocksource gp_timer
<6>[ 0.298947] NET: Registered protocol family 2
<6>[ 0.299069] IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
<6>[ 0.299374] TCP established hash table entries: 131072 (order: 8, 1048576 bytes)
<6>[ 0.300473] TCP bind hash table entries: 65536 (order: 8, 1310720 bytes)
<6>[ 0.301113] TCP: Hash tables configured (established 131072 bind 65536)
<6>[ 0.301113] TCP reno registered
<6>[ 0.301144] UDP hash table entries: 512 (order: 2, 24576 bytes)
<6>[ 0.301175] UDP-Lite hash table entries: 512 (order: 2, 24576 bytes)
<6>[ 0.301510] NET: Registered protocol family 1
<6>[ 0.301815] RPC: Registered named UNIX socket transport module.
<6>[ 0.301846] RPC: Registered udp transport module.
<6>[ 0.301846] RPC: Registered tcp transport module.
<6>[ 0.301846] RPC: Registered tcp NFSv4.1 backchannel transport module.
<6>[ 0.302212] Trying to unpack rootfs image as initramfs...
<6>[ 0.314298] Freeing initrd memory: 240K
<6>[ 0.314481] PMU: registered new PMU device of type 0
<6>[ 0.314634] PMU: registered new PMU device of type 1
<6>[ 0.315275] msm_etb msm_etb: ETB initialized
<6>[ 0.315428] msm_tpiu msm_tpiu: TPIU initialized
<6>[ 0.315611] msm_funnel msm_funnel: FUNNEL initialized
<6>[ 0.316893] msm_etm msm_etm: ETM initialized
<6>[ 0.317350] msm_etb msm_etb: ETB disabled
<6>[ 0.317350] msm_tpiu msm_tpiu: TPIU disabled
<6>[ 0.318724] msm_etb msm_etb: ETB enabled
<6>[ 0.318724] msm_funnel msm_funnel: FUNNEL port mask 0x3 enabled
<6>[ 0.318785] msm_etm msm_etm: ETM tracing enabled
<6>[ 0.318876] QDSS initialized
<6>[ 0.319700] pil_qdsp6v4 pil_qdsp6v4.0: using secure boot
<6>[ 0.320708] pil_qdsp6v4 pil_qdsp6v4.1: using secure boot
<6>[ 0.321684] pil_qdsp6v4 pil_qdsp6v4.2: using secure boot
<6>[ 0.322844] pil_riva pil_riva: using secure boot
<3>[ 0.325560] smd_channel_probe_worker: allocation table not initialized
<6>[ 0.330688] msm_dsps driver version 3.02.
<6>[ 0.331725] NET: Registered protocol family 27
<6>[ 0.332580] dspcrashd_probe: Platform driver values: Base = 0x8da00000, Size = 0x1800000,pdata = 0xdeaddead
<6>[ 0.333496] usf_init: USF SW version 1.1.1.
<6>[ 0.333496] usf_init: Max 1 devs registration
<6>[ 0.334503] modem_8960_init: modem fatal driver init'ed.
<6>[ 0.334655] lpass_fatal_init: lpass SSR driver init'ed.
<6>[ 0.334777] wcnss_8960: module initialized
<5>[ 0.335113] msm_rpm_log_probe: OK
<6>[ 0.336639] audit: initializing netlink socket (disabled)
<5>[ 0.336670] type=2000 audit(0.330:1): initialized
<4>[ 0.433847] highmem bounce pool size: 64 pages
<6>[ 0.434060] ashmem: initialized
<6>[ 0.443644] fuse init (API version 7.16)
<6>[ 0.444071] msgmni has been set to 947
<7>[ 0.444101] SELinux: Registering netfilter hooks
<4>[ 0.444773] cryptomgr_test used greatest stack depth: 7008 bytes left
<6>[ 0.446513] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 248)
<6>[ 0.446513] io scheduler noop registered
<6>[ 0.446513] io scheduler deadline registered
<6>[ 0.446604] io scheduler cfq registered (default)
<6>[ 0.448374] mipi_dsi base phy_addr = 0x4700000 virt = 0xe1e00000
<6>[ 0.448374] mmss_sfpb base phy_addr = 0x5700000,virt = 0xe1854000
<4>[ 0.448557] msm_fb_detect_panel: not supported 'mipi_video_toshiba_wvga'
<6>[ 0.448924] setting pdata->panel_info.fb_num to 3. type: 8
<6>[ 0.455272] FrameBuffer[0] 600x1024 size=7471104 bytes is registered successfully!
<7>[ 0.455699] Registered led device: lcd-backlight
<4>[ 0.455760] msm_fb_detect_panel: not supported 'mipi_video_toshiba_wuxga'
<4>[ 0.455760] msm_fb_detect_panel: not supported 'mipi_video_novatek_qhd'
<4>[ 0.455760] msm_fb_detect_panel: not supported 'mipi_cmd_novatek_qhd'
<4>[ 0.455791] msm_fb_detect_panel: not supported 'mipi_video_renesas_fwvga'
<4>[ 0.455791] msm_fb_detect_panel: not supported 'mipi_cmd_renesas_fwvga'
<4>[ 0.455791] msm_fb_detect_panel: not supported 'mipi_video_chimei_wxga'
<4>[ 0.455791] msm_fb_detect_panel: not supported 'mipi_video_truly_wvga'
<4>[ 0.456462] hdmi_msm hdmi_msm.1: WARNING: HDCP disabled
<6>[ 0.456645] setting pdata->panel_info.fb_num to 1. type: 7
<6>[ 0.458446] FrameBuffer[1] 1920x1080 size=4149248 bytes is registered successfully!
<3>[ 0.458843] hdmi_msm hdmi_msm.1: external_common_state_create: sysfs group e026e208
<6>[ 0.458873] hdmi_msm hdmi_msm.1: HDMI HPD: ON
<3>[ 0.567007] Video format is : 15
<6>[ 0.567587] setting pdata->panel_info.fb_num to 1. type: 10
<3>[ 0.567739] Inside writeback_driver_init
<3>[ 0.567862] Inside writeback_probe
<6>[ 0.569510] FrameBuffer[2] 1920x1080 size=4149248 bytes is registered successfully!
<6>[ 0.571158]
<6>[ 0.571158] msm_vidc_enc: Inside vid_enc_init()
<6>[ 0.571555]
<6>[ 0.571555] msm_vidc_enc: Inside vid_enc_vcd_init()
<6>[ 0.660399] msm_serial: driver initialized
<6>[ 0.660613] msm_serial_hs.0: ttyHS0 at MMIO 0x16540000 (irq = 188) is a MSM HS UART
<6>[ 0.746802] msm_serial_hs module loaded
<6>[ 0.746894] msm_serial_hsl: detected port #0
<6>[ 0.746986] msm_serial_hsl.0: ttyHSL0 at MMIO 0x16440000 (irq = 186) is a MSM
<6>[ 0.747047] msm_serial_hsl: console setup on port #0
<6>[ 1.802533] console [ttyHSL0] enabled
<6>[ 1.917106] msm_serial_hsl: driver initialized
<6>[ 1.933251] msm_rotator: invalid HW version ver 0x102030a
<6>[ 1.937646] msm_rotator_probe: rotator_hw_revision=2
<6>[ 1.946436] kgsl kgsl-3d0: |kgsl_gpummu_init| MMU type set for device is GPUMMU
<6>[ 1.953883] kgsl kgsl-2d0: |kgsl_gpummu_init| MMU type set for device is GPUMMU
<6>[ 1.961117] kgsl kgsl-2d1: |kgsl_gpummu_init| MMU type set for device is GPUMMU
<6>[ 1.973691] brd: module loaded
<6>[ 1.978452] loop: module loaded
<6>[ 1.980741] pmem: Initializing pmem_audio (user-space) as non-cached
<6>[ 1.987181] allocating 2834432 bytes at (null) (af3b4000 physical) for pmem_audio
<4>[ 1.994689] i2c-core: driver [isa1200] using legacy suspend method
<4>[ 2.000732] i2c-core: driver [isa1200] using legacy resume method
<6>[ 2.007782] tabla-slim tabla-slim: Initialized slim device tabla-slim
<3>[ 2.097054] fail to get slimbus logical address -6
<6>[ 2.103341] tabla2x-slim tabla2x-slim: Initialized slim device tabla2x-slim
<6>[ 2.203052] tabla_device_init : Tabla version 2 initialized
<6>[ 2.207935] tabla_device_init : Tabla version 2 initialized
<4>[ 2.213245] i2c-core: driver [tabla-i2c-core] using legacy suspend method
<4>[ 2.219929] i2c-core: driver [tabla-i2c-core] using legacy resume method
<6>[ 2.227743] SCSI Media Changer driver v0.25
<6>[ 2.232046] SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256) (6 bit encapsulation enabled).
<6>[ 2.240683] CSLIP: code copyright 1989 Regents of the University of California.
<6>[ 2.248863] usbcore: registered new interface driver asix
<6>[ 2.253380] usbcore: registered new interface driver cdc_ether
<6>[ 2.259240] usbcore: registered new interface driver net1080
<6>[ 2.264855] usbcore: registered new interface driver cdc_subset
<6>[ 2.270776] usbcore: registered new interface driver zaurus
<6>[ 2.276270] cdc_ncm: 04-Aug-2011
<6>[ 2.279536] usbcore: registered new interface driver cdc_ncm
<6>[ 2.285182] usbcore: registered new interface driver rmnet_usb
<6>[ 2.291622] rmnet usb ctrl Initialized.
<6>[ 2.294826] wcnss_wlan probed in built-in mode
<6>[ 2.299587] rmnet_init: BAM devices[8]
<6>[ 2.306729] msm_otg msm_otg: msm_otg probe
<6>[ 2.309873] msm_otg msm_otg: OTG regs = e18a8000
<6>[ 2.316893] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
<6>[ 2.322844] usbcore: registered new interface driver cdc_acm
<6>[ 2.328032] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
<6>[ 2.335998] Initializing USB Mass Storage driver...
<6>[ 2.340943] usbcore: registered new interface driver usb-storage
<6>[ 2.346864] USB Mass Storage support registered.
<6>[ 2.351533] usbcore: registered new interface driver ums-alauda
<6>[ 2.357424] usbcore: registered new interface driver ums-cypress
<6>[ 2.363406] usbcore: registered new interface driver ums-datafab
<6>[ 2.369418] usbcore: registered new interface driver ums-freecom
<6>[ 2.375370] usbcore: registered new interface driver ums-isd200
<6>[ 2.381321] usbcore: registered new interface driver ums-jumpshot
<6>[ 2.387364] usbcore: registered new interface driver ums-karma
<6>[ 2.393193] usbcore: registered new interface driver ums-onetouch
<6>[ 2.399267] usbcore: registered new interface driver ums-sddr09
<6>[ 2.405157] usbcore: registered new interface driver ums-sddr55
<6>[ 2.411078] usbcore: registered new interface driver ums-usbat
<6>[ 2.416938] usbcore: registered new interface driver usbserial
<6>[ 2.422646] usbserial: USB Serial Driver core
<6>[ 2.427010] USB Serial support registered for Qualcomm USB modem
<6>[ 2.433053] usbcore: registered new interface driver qcserial
<6>[ 2.438760] usbcore: registered new interface driver usb_ehset_test
<6>[ 2.445017] usbcore: registered new interface driver diag_bridge
<6>[ 2.451060] usbcore: registered new interface driver mdm_bridge
<6>[ 2.457683] msm_hsusb msm_hsusb: [usb_gadget_probe_driver] hw_ep_max = 32
<6>[ 2.465862] android_usb gadget: Mass Storage Function, version: 2009/09/11
<6>[ 2.471753] android_usb gadget: Number of LUNs=1
<6>[ 2.476300] lun0: LUN: removable file: (no medium)
<6>[ 2.481428] android_usb gadget: android_usb ready
<6>[ 2.485853] msm_otg msm_otg: phy_reset: success
<6>[ 2.491774] diagchar initialized now
<6>[ 2.494430] mousedev: PS/2 mouse device common for all mice
<6>[ 2.500808] input: keypad_8960 as /devices/platform/msm_ssbi.0/pm8921-core/pm8xxx-keypad/input/input0
<6>[ 2.509751] usbcore: registered new interface driver xpad
<6>[ 2.514481] cyttsp_init:Cypress TrueTouch(R) Standard Product
<6>[ 2.520189] cyttsp_init:I2C Touchscreen Driver (Built Sep 12 2012 @ 12:00:28)
<6>[ 2.527330] cyttsp_probe:Start Probe 1.2
<6>[ 2.531207] cyttsp_initialize:cyttsp-i2c: Register input device
<6>[ 2.537280] input: cyttsp-i2c as /devices/i2c-3/3-0024/input/input1
<3>[ 2.544452] regulator_check_drms: 8921_lvs4: operation not allowed
<6>[ 2.660735] cyttsp_power_on:BL101: f=01 s=11 err=D0 bl=010B bld=010B R=16
<6>[ 2.666473] cyttsp_power_on:BL102: tver=14DC a_id=A009 aver=0200
<6>[ 2.672485] cyttsp_power_on:BL103: c_id=C0C1C2
<6>[ 2.888081] cyttsp_power_on:BL104: f=04 s=00 err=00bl=0000 bld=0000
<6>[ 3.000396] cyttsp_power_on:SI102: tver=0000 a_id=0000 aver=0000
<6>[ 3.005371] cyttsp_power_on:SI103: c_id=000000
<6>[ 3.137128] cyttsp_initialize:Setting up interrupt
<6>[ 3.141065] cyttsp_initialize:cyttsp-i2c: Successful registration
<6>[ 3.146955] cyttsp_probe:Start Probe PASS
<6>[ 3.151289] input: pmic8xxx_pwrkey as /devices/platform/msm_ssbi.0/pm8921-core/pm8xxx-pwrkey/input/input2
<6>[ 3.162093] using rtc device, pm8xxx_rtc, for alarms
<6>[ 3.165878] rtc-pm8xxx rtc-pm8xxx: rtc core: registered pm8xxx_rtc as rtc0
<6>[ 3.173142] i2c /dev entries driver
<6>[ 3.176957] lirc_dev: IR Remote Control driver registered, major 237
<6>[ 3.182786] IR NEC protocol handler initialized
<6>[ 3.187303] IR RC5(x) protocol handler initialized
<6>[ 3.192064] IR RC6 protocol handler initialized
<6>[ 3.196581] IR JVC protocol handler initialized
<6>[ 3.201098] IR Sony protocol handler initialized
<6>[ 3.205676] IR RC5 (streamzap) protocol handler initialized
<6>[ 3.211292] IR LIRC bridge handler initialized
<6>[ 3.215687] Linux video capture interface: v2.00
<6>[ 3.220479] usbcore: registered new interface driver uvcvideo
<6>[ 3.226003] USB Video Class driver (v1.1.0)
<6>[ 3.245170] msm_sensor_register mctl_node_name[0] = video1
<3>[ 3.289913] qup_i2c qup_i2c.4: QUP: I2C status flags :0x1343c8, irq:185
<3>[ 3.295498] qup_i2c qup_i2c.4: I2C slave addr:0x37 not connected
<3>[ 3.301480] s5k3l1yx_i2c_probe failed
<3>[ 3.305234] qup_i2c qup_i2c.4: QUP: I2C status flags :0x1343c8, irq:185
<3>[ 3.311735] qup_i2c qup_i2c.4: I2C slave addr:0x37 not connected
<4>[ 3.348756] s5k3l1yx: probe of 4-0020 failed with error -107
<6>[ 3.364840] msm_sensor_register mctl_node_name[1] = video3
<3>[ 3.409491] qup_i2c qup_i2c.4: QUP: I2C status flags :0x1343c8, irq:185
<3>[ 3.415077] qup_i2c qup_i2c.4: I2C slave addr:0x48 not connected
<3>[ 3.421059] mt9m114_i2c_probe failed
<4>[ 3.448741] mt9m114: probe of 4-0048 failed with error -107
<6>[ 3.477582] pm8xxx_tm_probe: OK
<6>[ 3.480695] device-mapper: ioctl: 4.20.0-ioctl (2011-02-02) initialised: dm-devel@redhat.com
<6>[ 3.488478] cpuidle: using governor ladder
<6>[ 3.492171] cpuidle: using governor menu
<6>[ 3.496444] mmc0: mci-version: 18
<6>[ 3.501022] mmc0: bam physical base=0x12402000
<6>[ 3.504440] mmc0: bam virtual base=0xe18bc000
<6>[ 3.508805] mmc0: BAM device registered. bam_handle=0xe0343e00
<6>[ 3.514512] sps:REVISION of BAM 0xe18bc000 is 0x5.
<6>[ 3.519578] mmc0: Qualcomm MSM SDCC-BAM at 0x0000000012402000 irq 130
<6>[ 3.525804] mmc0: Qualcomm MSM SDCC-DML at 0x0000000012400800
<3>[ 3.531573] mmc0: No card detect facilities available
<6>[ 3.536853] mmc0: Qualcomm MSM SDCC-core at 0x0000000012400000 irq 136,0 dma -1 dmacrcri -1
<6>[ 3.544971] mmc0: 8 bit data mode enabled
<6>[ 3.548908] mmc0: 4 bit data mode disabled
<6>[ 3.552968] mmc0: polling status mode disabled
<6>[ 3.557546] mmc0: MMC clock 400000 -> 48000000 Hz, PCLK 0 Hz
<6>[ 3.563039] mmc0: Slot eject status = 0
<6>[ 3.566854] mmc0: Power save feature enable = 1
<6>[ 3.571402] mmc0: SPS-BAM data transfer mode available
<6>[ 3.581657] mmc1: mci-version: 18
<6>[ 3.608454] mmc1: bam physical base=0x12182000
<6>[ 3.616877] mmc1: bam virtual base=0xe18c4000
<6>[ 3.625301] mmc1: BAM device registered. bam_handle=0xdfba8400
<6>[ 3.635067] sps:REVISION of BAM 0xe18c4000 is 0x5.
<6>[ 3.644254] mmc1: Qualcomm MSM SDCC-BAM at 0x0000000012182000 irq 128
<6>[ 3.654753] mmc1: Qualcomm MSM SDCC-DML at 0x0000000012180800
<6>[ 3.668823] mmc1: Qualcomm MSM SDCC-core at 0x0000000012180000 irq 134,657 dma -1 dmacrcri -1
<6>[ 3.676300] mmc1: 8 bit data mode disabled
<6>[ 3.680421] mmc1: 4 bit data mode enabled
<6>[ 3.684419] mmc1: polling status mode disabled
<6>[ 3.688875] mmc1: MMC clock 400000 -> 192000000 Hz, PCLK 0 Hz
<6>[ 3.694613] mmc1: Slot eject status = 0
<6>[ 3.698428] mmc1: Power save feature enable = 1
<6>[ 3.702945] mmc1: SPS-BAM data transfer mode available
<6>[ 3.708530] usbcore: registered new interface driver usbhid
<6>[ 3.713535] usbhid: USB HID core driver
<6>[ 3.719212] logger: created 256K log 'log_main'
<6>[ 3.722997] logger: created 256K log 'log_events'
<6>[ 3.728795] mmc0: new high speed MMC card at address 0001
<6>[ 3.733526] logger: created 256K log 'log_radio'
<6>[ 3.733587] mmcblk0: mmc0:0001 SEM16G 14.8 GiB
<6>[ 3.742530] logger: created 256K log 'log_system'
<6>[ 3.747718] qcache: cleancache enabled using kernel transcendent memory and compression buddies
<6>[ 3.755684] turning tmem on
<6>[ 3.758950] usbcore: registered new interface driver snd-usb-audio
<6>[ 3.765176] mmcblk0: p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21
<6>[ 3.766244] msm_pcm_probe: dev name msm-voip-dsp
<6>[ 3.766793] msm_pcm_probe: dev name msm-pcm-dsp
<6>[ 3.766946] msm_pcm_probe: dev name msm-multi-ch-pcm-dsp
<6>[ 3.767495] msm_compr_probe: dev name msm-compr-dsp
<6>[ 3.767648] msm-pcm-lpa msm-pcm-lpa: msm_pcm_probe: dev name msm-pcm-lpa
<3>[ 3.767709] msm_soc_platform_init
<6>[ 3.767831] msm_afe_probe: dev name msm-pcm-afe
<3>[ 3.768869] msm_audio_init: Not the right machine type
<3>[ 3.769235] msm_afe_afe_probe
<6>[ 3.835678] asoc: null-codec-dai <-> MultiMedia1 mapping ok
<6>[ 3.877765] asoc: null-codec-dai <-> MultiMedia2 mapping ok
<6>[ 3.889668] asoc: null-codec-dai <-> CS-VOICE mapping ok
<6>[ 3.898061] asoc: null-codec-dai <-> VoIP mapping ok
<6>[ 3.905936] asoc: null-codec-dai <-> MultiMedia3 mapping ok
<6>[ 3.914573] asoc: null-codec-dai <-> SLIMBUS0_HOSTLESS mapping ok
<6>[ 3.923729] asoc: null-codec-dai <-> INT_FM_HOSTLESS mapping ok
<3>[ 3.932549] msm_asoc_pcm_new
<6>[ 3.934442] asoc: msm-stub-rx <-> msm-dai-q6.241 mapping ok
<3>[ 3.944025] msm_asoc_pcm_new
<6>[ 3.945856] asoc: msm-stub-tx <-> msm-dai-q6.240 mapping ok
<6>[ 3.955470] asoc: null-codec-dai <-> MultiMedia4 mapping ok
<6>[ 3.964169] asoc: null-codec-dai <-> AUXPCM_HOSTLESS mapping ok
<6>[ 3.973050] asoc: null-codec-dai <-> HDMI_HOSTLESS mapping ok
<6>[ 3.981840] asoc: msm-stub-rx <-> msm-dai-q6.12288 mapping ok
<6>[ 3.990630] asoc: msm-stub-tx <-> msm-dai-q6.12289 mapping ok
<6>[ 3.999328] asoc: msm-stub-rx <-> msm-dai-q6.12292 mapping ok
<6>[ 4.008118] asoc: msm-stub-tx <-> msm-dai-q6.12293 mapping ok
<6>[ 4.016908] asoc: msm-stub-rx <-> msm-dai-q6-hdmi.8 mapping ok
<6>[ 4.025667] asoc: msm-stub-rx <-> msm-dai-q6.224 mapping ok
<6>[ 4.034243] asoc: msm-stub-tx <-> msm-dai-q6.225 mapping ok
<6>[ 4.042850] asoc: msm-stub-rx <-> msm-dai-q6.2 mapping ok
<6>[ 4.051152] asoc: msm-stub-tx <-> msm-dai-q6.3 mapping ok
<6>[ 4.060033] asoc: msm-stub-rx <-> msm-dai-q6.32773 mapping ok
<6>[ 4.069189] asoc: msm-stub-tx <-> msm-dai-q6.32772 mapping ok
<6>[ 4.077949] asoc: msm-stub-tx <-> msm-dai-q6.32771 mapping ok
<4>[ 4.118754] tabla_codec tabla_codec: ASoC: Failed to create Digital Mic1 debugfs file
<6>[ 4.130627] asoc: tabla_rx1 <-> msm-dai-q6.16384 mapping ok
<6>[ 4.140180] asoc: tabla_tx1 <-> msm-dai-q6.16385 mapping ok
<6>[ 4.145460] input: msm8960-snd-card Button Jack as /devices/platform/soc-audio.0/sound/card0/input3
<6>[ 4.154036] input: msm8960-snd-card Headset Jack as /devices/platform/soc-audio.0/sound/card0/input4
<6>[ 4.168106] ALSA device list:
<6>[ 4.170028] #0: msm8960-snd-card
<6>[ 4.173966] oprofile: using arm/armv7-krait
<6>[ 4.177750] u32 classifier
<6>[ 4.180283] Actions configured
<6>[ 4.183671] Netfilter messages via NETLINK v0.30.
<6>[ 4.188432] nf_conntrack version 0.5.0 (10716 buckets, 42864 max)
<6>[ 4.194933] ctnetlink v0.93: registering with nfnetlink.
<6>[ 4.199816] NF_TPROXY: Transparent proxy support initialized, version 4.1.0
<6>[ 4.206653] NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.
<6>[ 4.212940] xt_time: kernel timezone is -0000
<6>[ 4.216969] ip_tables: (C) 2000-2006 Netfilter Core Team
<6>[ 4.222340] arp_tables: (C) 2002 David S. Miller
<6>[ 4.226766] TCP cubic registered
<6>[ 4.230734] NET: Registered protocol family 10
<6>[ 4.235525] Mobile IPv6
<6>[ 4.236960] ip6_tables: (C) 2000-2006 Netfilter Core Team
<6>[ 4.242453] IPv6 over IPv4 tunneling driver
<6>[ 4.246970] NET: Registered protocol family 17
<6>[ 4.251121] Bluetooth: RFCOMM TTY layer initialized
<6>[ 4.255791] Bluetooth: RFCOMM socket layer initialized
<6>[ 4.260918] Bluetooth: RFCOMM ver 1.11
<6>[ 4.264642] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
<6>[ 4.269952] Bluetooth: BNEP filters: protocol multicast
<6>[ 4.275141] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
<5>[ 4.281153] Registering the dns_resolver key type
<6>[ 4.285762] VFP support v0.3: implementor 51 architecture 64 part 4d variant 1 rev 0
<5>[ 4.293453] Registering SWP/SWPB emulation handler
<6>[ 4.313139] clock_late_init() disabled 190 unused clocks
<6>[ 4.325103] MSM Watchdog Initialized
<3>[ 4.334930] msm_cache_dump_probe: could not register L1 buffer ret = -95.
<3>[ 4.340973] msm_cache_dump_probe: could not register L2 buffer ret = -95.
<6>[ 4.348969] rtc-pm8xxx rtc-pm8xxx: setting system clock to 1970-01-01 03:09:50 UTC (11390)
<4>[ 4.357515] set_battery_data: invalid battid, palladium 1500 assumed batt_id 8b82
<3>[ 4.364932] read_ocv_trim: program rev reg is 0x45
<3>[ 4.368777] read_ocv_trim: trim reg is 0x40
<3>[ 4.372897] read_ocv_trim: trim delta is 9
<6>[ 4.379368] mmc1: new high speed SDHC card at address b368
<6>[ 4.384282] mmcblk1: mmc1:b368 NCard 3.73 GiB
<6>[ 4.389928] mmcblk1: p1
<6>[ 4.417274] pm8921_bms_probe: OK battery_capacity_at_boot=49 volt = 3755595 ocv = 3820953
<3>[ 4.425545] power_supply usb: driver failed to report `present' property
<3>[ 4.431313] power_supply usb: driver failed to report `present' property
<3>[ 4.438089] power_supply pm8921-dc: driver failed to report `present' property
<3>[ 4.445414] power_supply pm8921-dc: driver failed to report `present' property
<3>[ 4.485273] Unable to register core for 0
<3>[ 4.488966] Unable to register core for 1
<6>[ 4.493422] Freeing init memory: 336K
<7>[ 4.502914] SELinux: 512 avtab hash slots, 1253 rules.
<7>[ 4.503555] SELinux: 512 avtab hash slots, 1253 rules.
<7>[ 4.503647] SELinux: 1 users, 2 roles, 238 types, 10 bools, 1 sens, 1024 cats
<7>[ 4.503677] SELinux: 84 classes, 1253 rules
<7>[ 4.504501] SELinux: Completing initialization.
<7>[ 4.504501] SELinux: Setting up existing superblocks.
<7>[ 4.504532] SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
<7>[ 4.504532] SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
<7>[ 4.504623] SELinux: initialized (dev bdev, type bdev), not configured for labeling
<7>[ 4.504654] SELinux: initialized (dev proc, type proc), uses genfs_contexts
<7>[ 4.504684] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
<7>[ 4.504715] SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
<7>[ 4.513230] SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
<7>[ 4.513261] SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
<7>[ 4.513291] SELinux: initialized (dev anon_inodefs, type anon_inodefs), not configured for labeling
<7>[ 4.513291] SELinux: initialized (dev devpts, type devpts), uses transition SIDs
<7>[ 4.513352] SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
<7>[ 4.513474] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
<7>[ 4.513505] SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
<5>[ 4.667511] type=1403 audit(11390.810:2): policy loaded auid=4294967295 ses=4294967295
<3>[ 4.679047] init: /init.qcom.rc: 399: invalid command '/system/bin/log'
<4>[ 4.684999] init (1): /proc/1/oom_adj is deprecated, please use /proc/1/oom_score_adj instead.
<5>[ 5.225728] type=1400 audit(11391.360:3): avc: denied { fowner } for pid=87 comm="ueventd" capability=3 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability
<7>[ 6.057988] SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
<7>[ 6.059789] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
<7>[ 6.060094] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
<7>[ 6.218068] SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
<6>[ 6.230520] qcache: created ephemeral tmem pool, id=0, client=65535
<6>[ 6.236258] EXT4-fs (mmcblk0p12): mounted filesystem with ordered data mode. Opts: barrier=1
<7>[ 6.244224] SELinux: initialized (dev mmcblk0p12, type ext4), uses xattr
<4>[ 6.730291] e2fsck used greatest stack depth: 5432 bytes left
<4>[ 6.743293] EXT4-fs (mmcblk0p13): warning: mounting fs with errors, running e2fsck is recommended
<6>[ 6.752540] qcache: created ephemeral tmem pool, id=1, client=65535
<6>[ 6.757851] EXT4-fs (mmcblk0p13): mounted filesystem with ordered data mode. Opts: noauto_da_alloc
<7>[ 6.766732] SELinux: initialized (dev mmcblk0p13, type ext4), uses xattr
<6>[ 6.774942] qcache: created ephemeral tmem pool, id=2, client=65535
<6>[ 6.780283] EXT4-fs (mmcblk0p14): mounted filesystem with ordered data mode. Opts: barrier=1
<7>[ 6.788646] SELinux: initialized (dev mmcblk0p14, type ext4), uses xattr
<6>[ 6.797344] qcache: created ephemeral tmem pool, id=3, client=65535
<6>[ 6.802807] EXT4-fs (mmcblk0p15): mounted filesystem with ordered data mode. Opts: barrier=1
<7>[ 6.811017] SELinux: initialized (dev mmcblk0p15, type ext4), uses xattr
<6>[ 6.820112] qcache: created ephemeral tmem pool, id=4, client=65535
<6>[ 6.825453] EXT4-fs (mmcblk0p16): mounted filesystem with ordered data mode. Opts: barrier=1
<7>[ 6.833816] SELinux: initialized (dev mmcblk0p16, type ext4), uses xattr
<7>[ 6.851884] SELinux: initialized (dev mmcblk0p1, type vfat), uses genfs_contexts
<5>[ 6.857988] type=1400 audit(11392.981:4): avc: denied { read write } for pid=99 comm="sh" path=2F6465762F5F5F6E756C6C5F5F202864656C6574656429 dev=tmpfs ino=4686 scontext=u:r:shell:s0 tcontext=u:object_r:tmpfs:s0 tclass=chr_file
<5>[ 6.881367] type=1400 audit(11393.011:5): avc: denied { getattr } for pid=99 comm="sh" path=2F6465762F5F5F6E756C6C5F5F202864656C6574656429 dev=tmpfs ino=4686 scontext=u:r:shell:s0 tcontext=u:object_r:tmpfs:s0 tclass=chr_file
<5>[ 6.944727] type=1400 audit(11393.071:6): avc: denied { getattr } for pid=102 comm="ls" path="/system/etc/firmware/modem.b00" dev=mmcblk0p12 ino=1381 scontext=u:r:shell:s0 tcontext=u:object_r:system_file:s0 tclass=lnk_file
<5>[ 7.462536] type=1400 audit(11393.592:7): avc: denied { read } for pid=187 comm="sh" name="init.qcom.usb.sh" dev=rootfs ino=1884 scontext=u:r:shell:s0 tcontext=u:object_r:rootfs:s0 tclass=file
<3>[ 7.473370] init: cannot find '/system/etc/install-recovery.sh', disabling 'flash_recovery'
<5>[ 7.492141] type=1400 audit(11393.622:8): avc: denied { open } for pid=187 comm="sh" name="init.qcom.usb.sh" dev=rootfs ino=1884 scontext=u:r:shell:s0 tcontext=u:object_r:rootfs:s0 tclass=file
<5>[ 7.520677] type=1400 audit(11393.652:9): avc: denied { write } for pid=187 comm="sh" name="iSerial" dev=sysfs ino=17496 scontext=u:r:shell:s0 tcontext=u:object_r:sysfs:s0 tclass=file
<5>[ 7.544849] type=1400 audit(11393.672:10): avc: denied { setattr } for pid=202 comm="chown" name="wakeup" dev=sysfs ino=17480 scontext=u:r:shell:s0 tcontext=u:object_r:sysfs:s0 tclass=file
<5>[ 7.561483] type=1400 audit(11393.692:11): avc: denied { chown } for pid=202 comm="chown" capability=0 scontext=u:r:shell:s0 tcontext=u:r:shell:s0 tclass=capability
<5>[ 7.588249] type=1400 audit(11393.712:12): avc: denied { fsetid } for pid=204 comm="chmod" capability=4 scontext=u:r:shell:s0 tcontext=u:r:shell:s0 tclass=capability
<6>[ 7.600091] warning: `rild' uses 32-bit capabilities (legacy support in use)
<6>[ 7.669250] msm_thermal: enabled = 0
<6>[ 7.671844] Current firmware: 9.2.0
<6>[ 7.675080] New firmware: 9.2.0
<6>[ 7.678223] cyttspfw_flash_start: Firmware version lesser/equal to existing firmware, upgrade not needed
<5>[ 7.703403] type=1400 audit(11393.832:13): avc: denied { search } for pid=221 comm="ueventd" name="/" dev=mmcblk0p1 ino=1 scontext=u:r:ueventd:s0 tcontext=u:object_r:sdcard:s0 tclass=dir
<5>[ 7.719517] type=1400 audit(11393.852:14): avc: denied { read } for pid=221 comm="ueventd" name="q6.mdt" dev=mmcblk0p1 ino=424 scontext=u:r:ueventd:s0 tcontext=u:object_r:sdcard:s0 tclass=file
<5>[ 7.736822] type=1400 audit(11393.872:15): avc: denied { open } for pid=221 comm="ueventd" name="q6.mdt" dev=mmcblk0p1 ino=424 scontext=u:r:ueventd:s0 tcontext=u:object_r:sdcard:s0 tclass=file
<5>[ 7.754066] type=1400 audit(11393.882:16): avc: denied { getattr } for pid=221 comm="ueventd" path="/firmware/image/q6.mdt" dev=mmcblk0p1 ino=424 scontext=u:r:ueventd:s0 tcontext=u:object_r:sdcard:s0 tclass=file
<3>[ 7.856645] android_usb: already disabled
<6>[ 7.869739] adb_bind_config
<6>[ 7.878895] frmnet_bind: RmNet(0) dual Speed, IN:ep7in OUT:ep5out
<6>[ 7.891957] adb_open
<5>[ 7.907309] type=1400 audit(11394.032:17): avc: denied { connectto } for pid=250 comm="start" path="/dev/socket/property_service" scontext=u:r:shell:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket
<4>[ 7.925652] avc: denied { set } for property=ctl.console scontext=u:r:shell:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=property_service
<4>[ 7.993010] avc: denied { set } for property=ctl.ril-daemon scontext=u:r:shell:s0 tcontext=u:object_r:ctl_rildaemon_prop:s0 tclass=property_service
<6>[ 7.999969] android_work: did not send uevent (0 0 (null))
<6>[ 8.038791] android_work: sent uevent USB_STATE=CONNECTED
<6>[ 8.044407] android_work: sent uevent USB_STATE=DISCONNECTED
<5>[ 8.057378] type=1400 audit(11394.182:18): avc: denied { net_admin } for pid=226 comm="sh" capability=12 scontext=u:r:shell:s0 tcontext=u:r:shell:s0 tclass=capability
<5>[ 8.068823] type=1400 audit(11394.202:19): avc: denied { read write } for pid=272 comm="sh" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<4>[ 8.090309] avc: denied { set } for property=wlan.driver.config scontext=u:r:shell:s0 tcontext=u:object_r:system_prop:s0 tclass=property_service
<5>[ 8.090645] type=1400 audit(11394.222:20): avc: denied { write } for pid=226 comm="sh" name="accept_ra_defrtr" dev=proc ino=2586 scontext=u:r:shell:s0 tcontext=u:object_r:proc:s0 tclass=file
<6>[ 8.121532] android_work: sent uevent USB_STATE=CONNECTED
<5>[ 8.143720] type=1400 audit(11394.272:21): avc: denied { dac_override } for pid=279 comm="touch" capability=1 scontext=u:r:shell:s0 tcontext=u:r:shell:s0 tclass=capability
<5>[ 8.164687] type=1400 audit(11394.292:22): avc: denied { write } for pid=279 comm="touch" name="settings" dev=mmcblk0p13 ino=24583 scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<6>[ 8.183305]
<6>[ 8.183305] Trip point triggered by current temperature (40 degrees) measured by Temperature-Sensor 0
<5>[ 8.187547] type=1400 audit(11394.312:23): avc: denied { setattr } for pid=281 comm="chmod" name="sensors" dev=mmcblk0p13 ino=24582 scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
<6>[ 8.213428] alarm_set_rtc: Failed to set RTC, time will be lost on reboot
<4>[ 8.223805] avc: denied { set } for property=sf.lcd_density scontext=u:r:shell:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service
<6>[ 8.289180] pil_tzapps pil_tzapps: brought out of reset
<5>[ 8.290767] type=1400 audit(11394.070:24): avc: denied { read } for pid=298 comm="sh" name="/" dev=tmpfs ino=4682 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=dir
<5>[ 8.290828] type=1400 audit(11394.070:25): avc: denied { open } for pid=298 comm="sh" name="/" dev=tmpfs ino=4682 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=dir
<5>[ 8.296047] type=1400 audit(11394.070:26): avc: denied { getattr } for pid=298 comm="ls" path="/dev/wcnss_wlan" dev=tmpfs ino=4883 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 8.296810] type=1400 audit(11394.070:27): avc: denied { open } for pid=227 comm="sh" name="wcnss_wlan" dev=tmpfs ino=4883 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<6>[ 8.296841] wcnss_wlan triggered by userspace
<4>[ 8.449015] ueventd used greatest stack depth: 5420 bytes left
<5>[ 8.637723] type=1400 audit(11394.410:28): avc: denied { read write } for pid=190 comm="rild" name="diag" dev=tmpfs ino=5559 scontext=u:r:rild:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 8.666625] type=1400 audit(11394.440:29): avc: denied { open } for pid=190 comm="rild" name="diag" dev=tmpfs ino=5559 scontext=u:r:rild:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<6>[ 8.784159] pil_riva pil_riva: brought out of reset
<5>[ 8.813459] type=1400 audit(11394.590:30): avc: denied { write } for pid=319 comm="rild" name="qmux_radio" dev=tmpfs ino=2468 scontext=u:r:rild:s0 tcontext=u:object_r:device:s0 tclass=dir
<5>[ 8.851518] type=1400 audit(11394.630:31): avc: denied { add_name } for pid=319 comm="rild" name=716D75785F636C69656E745F736F636B657420202020313930 scontext=u:r:rild:s0 tcontext=u:object_r:device:s0 tclass=dir
<5>[ 8.899191] type=1400 audit(11394.680:32): avc: denied { create } for pid=319 comm="rild" name=716D75785F636C69656E745F736F636B657420202020313930 scontext=u:r:rild:s0 tcontext=u:object_r:device:s0 tclass=sock_file
<5>[ 9.119517] type=1400 audit(11394.900:33): avc: denied { read write } for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559 scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 9.154951] type=1400 audit(11394.930:34): avc: denied { open } for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559 scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 9.185441] type=1400 audit(11394.960:35): avc: denied { ioctl } for pid=194 comm="mediaserver" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<6>[ 9.202990] pil_qdsp6v4 pil_qdsp6v4.0: brought out of reset
<5>[ 9.210682] type=1400 audit(11394.990:36): avc: denied { write } for pid=194 comm="mediaserver" name="mbhc.bin" dev=mmcblk0p13 ino=186 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<6>[ 9.222615] apr_tal:Q6 Is Up
<6>[ 9.223805] wcnss_wlan_ctrl_probe: SMD ctrl channel up
<5>[ 9.237234] type=1400 audit(11395.020:37): avc: denied { open } for pid=194 comm="mediaserver" name="mbhc.bin" dev=mmcblk0p13 ino=186 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<6>[ 9.347565] platform pil_dsps.0: brought out of reset
<6>[ 9.418037] apr_tal: SMD_EVENT_OPEN
<5>[ 9.498122] type=1400 audit(11395.270:38): avc: denied { read write } for pid=327 comm="SurfaceFlinger" name="genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 9.516526] type=1400 audit(11395.290:39): avc: denied { open } for pid=327 comm="SurfaceFlinger" name="genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 9.535266] type=1400 audit(11395.310:40): avc: denied { ioctl } for pid=327 comm="SurfaceFlinger" path="/dev/genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<6>[ 9.942133] dtv_on: tv_src_clk=148500kHz, pm_qos_rate=148500kHz, [0]
<6>[ 9.948451] hdmi_msm hdmi_msm.1: power: ON (1920x1080 148500000)
<6>[ 9.954585] hdmi_msm hdmi_msm.1: HPD: panel power without 'hpd' feature on
<6>[ 9.960903] hdmi_msm hdmi_msm.1: power=ON DVI= ON
<6>[ 9.965511] msm_fb msm_fb.458753: mdp4_overlay_dtv: on
<6>[ 9.999053] hdmi_msm hdmi_msm.1: power: OFF (audio off, Reset Core)
<6>[ 10.004578] hdmi_msm hdmi_msm.1: HDMI Audio: Disabled
<6>[ 10.011109] dtv_off
<6>[ 10.015138] msm_fb msm_fb.458753: mdp4_overlay_dtv: off
<5>[ 10.228719] type=1400 audit(11396.001:41): avc: denied { write } for pid=192 comm="zygote" name="property_service" dev=tmpfs ino=2382 scontext=u:r:zygote:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file
<5>[ 10.249534] type=1400 audit(11396.031:42): avc: denied { connectto } for pid=192 comm="zygote" path="/dev/socket/property_service" scontext=u:r:zygote:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket
<4>[ 10.268548] avc: denied { set } for property=sys.media.vdec.sw scontext=u:r:zygote:s0 tcontext=u:object_r:system_prop:s0 tclass=property_service
<6>[ 10.515092] pil_qdsp6v4 pil_qdsp6v4.1: brought out of reset
<6>[ 11.342560] android_usb gadget: high speed config #1: android
<6>[ 11.342743] msm_otg msm_otg: Avail curr from USB = 500
<7>[ 11.343110] diag: USB connected
<6>[ 11.399389] android_work: sent uevent USB_STATE=CONFIGURED
<5>[ 13.290981] type=1400 audit(11399.074:43): avc: denied { read } for pid=397 comm="sh" path="pipe:[2656]" dev=pipefs ino=2656 scontext=u:r:shell:s0 tcontext=u:r:init:s0 tclass=fifo_file
<5>[ 13.331970] type=1400 audit(11399.114:44): avc: denied { getattr } for pid=397 comm="sh" path="pipe:[2656]" dev=pipefs ino=2656 scontext=u:r:shell:s0 tcontext=u:r:init:s0 tclass=fifo_file
<5>[ 13.389287] type=1400 audit(11399.174:45): avc: denied { write } for pid=398 comm="rm" name="data_test" dev=mmcblk0p13 ino=19 scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
<5>[ 13.419136] type=1400 audit(11399.204:46): avc: denied { remove_name } for pid=398 comm="rm" name="modem_port_status" dev=mmcblk0p13 ino=199 scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
<5>[ 13.445566] type=1400 audit(11399.224:47): avc: denied { unlink } for pid=398 comm="rm" name="modem_port_status" dev=mmcblk0p13 ino=199 scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<5>[ 13.481550] type=1400 audit(11399.264:48): avc: denied { open } for pid=399 comm="sh" name="modem_port_timeout" dev=mmcblk0p13 ino=198 scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<6>[ 13.686250] alarm_set_rtc: Failed to set RTC, time will be lost on reboot
<5>[ 13.768777] type=1400 audit(86400.070:49): avc: denied { ioctl } for pid=327 comm="SurfaceFlinger" path="/dev/genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<6>[ 13.842911] pil_qdsp6v4 pil_qdsp6v4.2: brought out of reset
<3>[ 13.847733] smd_pkt_open: DATA5_CNTL open failed -19
<5>[ 13.962856] type=1400 audit(86400.270:50): avc: denied { read } for pid=447 comm="er.ServerThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 13.980039] type=1400 audit(86400.290:51): avc: denied { open } for pid=447 comm="er.ServerThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<3>[ 14.360079] smd_pkt_open: DATA5_CNTL open failed -19
<3>[ 14.496658] Notify: smsm init
<6>[ 14.498611] _smem_log_init: no static log or log_idx allocated
<6>[ 14.505234] _smem_log_init: no power log or log_idx allocated
<3>[ 14.867450] smd_pkt_open: DATA5_CNTL open failed -19
<5>[ 15.368564] type=1400 audit(86401.671:52): avc: denied { read write } for pid=472 comm="sh" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<3>[ 15.387822] smd_pkt_open: DATA5_CNTL open failed -19
<6>[ 15.581138] request_suspend_state: wakeup (3->0) at 15581495092 (1970-01-02 00:00:01.894292836 UTC)
<5>[ 15.757637] type=1400 audit(86402.061:53): avc: denied { read } for pid=482 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 15.774912] type=1400 audit(86402.081:54): avc: denied { open } for pid=482 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<3>[ 15.892659] smd_pkt_open: DATA5_CNTL open failed -19
<6>[ 15.898855] apr_tal: SMD_EVENT_OPEN
<6>[ 15.917381] acc_open
<6>[ 15.918541] acc_release
<5>[ 16.129528] type=1400 audit(86402.431:55): avc: denied { read } for pid=528 comm="ndroid.systemui" name="ion" dev=tmpfs ino=4847 scontext=u:r:system_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 16.147291] type=1400 audit(86402.451:56): avc: denied { open } for pid=528 comm="ndroid.systemui" name="ion" dev=tmpfs ino=4847 scontext=u:r:system_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 16.339905] type=1400 audit(86402.642:57): avc: denied { read } for pid=583 comm="d.process.media" name="ion" dev=tmpfs ino=4847 scontext=u:r:media_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 16.358248] type=1400 audit(86402.662:58): avc: denied { open } for pid=583 comm="d.process.media" name="ion" dev=tmpfs ino=4847 scontext=u:r:media_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 16.385045] type=1400 audit(86402.692:59): avc: denied { read } for pid=595 comm="putmethod.latin" name="ion" dev=tmpfs ino=4847 scontext=u:r:shared_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 16.385106] type=1400 audit(86402.692:60): avc: denied { open } for pid=595 comm="putmethod.latin" name="ion" dev=tmpfs ino=4847 scontext=u:r:shared_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<3>[ 16.415443] smd_pkt_open: DATA5_CNTL open failed -19
<4>[ 16.482801] netd used greatest stack depth: 5184 bytes left
<5>[ 16.521806] type=1400 audit(86402.832:61): avc: denied { read } for pid=616 comm="m.android.phone" name="ion" dev=tmpfs ino=4847 scontext=u:r:radio:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 16.541767] type=1400 audit(86402.852:62): avc: denied { open } for pid=616 comm="m.android.phone" name="ion" dev=tmpfs ino=4847 scontext=u:r:radio:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 16.618800] type=1400 audit(86402.922:63): avc: denied { write } for pid=652 comm="GpsLocationProv" name="qmux_radio" dev=tmpfs ino=2468 scontext=u:r:system:s0 tcontext=u:object_r:device:s0 tclass=dir
<5>[ 16.640500] type=1400 audit(86402.952:64): avc: denied { add_name } for pid=652 comm="GpsLocationProv" name=716D75785F636C69656E745F736F636B657420202020343231 scontext=u:r:system:s0 tcontext=u:object_r:device:s0 tclass=dir
<5>[ 16.675324] type=1400 audit(86402.982:65): avc: denied { create } for pid=652 comm="GpsLocationProv" name=716D75785F636C69656E745F736F636B657420202020343231 scontext=u:r:system:s0 tcontext=u:object_r:device:s0 tclass=sock_file
<6>[ 16.706455] apr_tal:Modem Is Up
<3>[ 16.933221] smd_pkt_open: DATA5_CNTL open failed -19
<5>[ 16.943964] type=1400 audit(86403.252:66): avc: denied { read write } for pid=372 comm=42696E646572205468726561642023 name="genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 16.974759] type=1400 audit(86403.272:67): avc: denied { open } for pid=372 comm=42696E646572205468726561642023 name="genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 17.046757] type=1400 audit(86403.342:68): avc: denied { read } for pid=704 comm="android.smspush" name="ion" dev=tmpfs ino=4847 scontext=u:r:release_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 17.071844] type=1400 audit(86403.372:69): avc: denied { open } for pid=704 comm="android.smspush" name="ion" dev=tmpfs ino=4847 scontext=u:r:release_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<6>[ 17.333953] sps:REVISION of BAM 0xe9f40000 is 0x5.
<3>[ 17.467846] smd_pkt_open: DATA5_CNTL open failed -19
<5>[ 17.564657] type=1400 audit(86403.863:70): avc: denied { read write } for pid=630 comm="ndroid.launcher" name="genlock" dev=tmpfs ino=4880 scontext=u:r:shared_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 17.594872] type=1400 audit(86403.893:71): avc: denied { open } for pid=630 comm="ndroid.launcher" name="genlock" dev=tmpfs ino=4880 scontext=u:r:shared_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 17.594933] type=1400 audit(86403.893:72): avc: denied { ioctl } for pid=630 comm="ndroid.launcher" path="/dev/genlock" dev=tmpfs ino=4880 scontext=u:r:shared_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 17.703311] type=1400 audit(86404.003:73): avc: denied { read write } for pid=528 comm="ndroid.systemui" name="kgsl-3d0" dev=tmpfs ino=4708 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<3>[ 17.717594] handle_bam_mux_cmd: dropping invalid LCID 10 reserved 0 cmd 4 pad 0 ch 10 len 0
<3>[ 17.717686] handle_bam_mux_cmd: dropping invalid LCID 11 reserved 0 cmd 4 pad 0 ch 11 len 0
<5>[ 17.738776] type=1400 audit(86404.033:74): avc: denied { open } for pid=528 comm="ndroid.systemui" name="kgsl-3d0" dev=tmpfs ino=4708 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 17.758156] type=1400 audit(86404.053:75): avc: denied { ioctl } for pid=528 comm="ndroid.systemui" path="/dev/kgsl-3d0" dev=tmpfs ino=4708 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 17.988615] type=1400 audit(86404.283:76): avc: denied { chown } for pid=756 comm="chown" capability=0 scontext=u:r:shell:s0 tcontext=u:r:shell:s0 tclass=capability
<5>[ 18.180833] type=1400 audit(86404.484:77): avc: denied { fsetid } for pid=778 comm="chmod" capability=4 scontext=u:r:shell:s0 tcontext=u:r:shell:s0 tclass=capability
<5>[ 18.373508] type=1400 audit(86404.674:78): avc: denied { connectto } for pid=809 comm="start" path="/dev/socket/property_service" scontext=u:r:shell:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket
<5>[ 18.478681] type=1400 audit(86404.774:79): avc: denied { read } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 18.506973] type=1400 audit(86404.804:80): avc: denied { read write } for pid=821 comm="sh" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 18.534259] type=1400 audit(86404.834:81): avc: denied { open } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 18.559987] type=1405 audit(86404.864:82): bool=app_bluetooth val=1 old_val=0 auid=4294967295 ses=4294967295
<5>[ 18.585106] type=1400 audit(86404.884:83): avc: denied { read write } for pid=823 comm="sh" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 18.607111] type=1400 audit(86404.914:84): avc: denied { read } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 18.644895] type=1400 audit(86404.944:85): avc: denied { read write } for pid=372 comm=42696E646572205468726561642023 name="genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 18.665099] type=1405 audit(86404.974:86): bool=app_ndk val=1 old_val=0 auid=4294967295 ses=4294967295
<5>[ 18.676423] type=1400 audit(86404.984:87): avc: denied { open } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 18.697970] type=1400 audit(86405.004:88): avc: denied { read } for pid=826 comm="sh" path="pipe:[6721]" dev=pipefs ino=6721 scontext=u:r:shell:s0 tcontext=u:r:init:s0 tclass=fifo_file
<5>[ 18.715916] type=1400 audit(86405.024:89): avc: denied { read write } for pid=828 comm="sh" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 18.742865] type=1400 audit(86405.044:90): avc: denied { read write open } for pid=372 comm=42696E646572205468726561642023 name="genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 18.764993] type=1400 audit(86405.074:91): avc: denied { getattr } for pid=826 comm="sh" path="pipe:[6721]" dev=pipefs ino=6721 scontext=u:r:shell:s0 tcontext=u:r:init:s0 tclass=fifo_file
<5>[ 18.803815] type=1400 audit(86405.104:92): avc: denied { dac_override } for pid=826 comm="sh" capability=1 scontext=u:r:shell:s0 tcontext=u:r:shell:s0 tclass=capability
<5>[ 18.819380] type=1400 audit(86405.124:93): avc: denied { read write } for pid=833 comm="sh" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 18.837753] type=1400 audit(86405.144:94): avc: denied { ioctl } for pid=372 comm=42696E646572205468726561642023 path="/dev/genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 18.875354] type=1400 audit(86405.174:95): avc: denied { read } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 18.892781] type=1405 audit(86405.204:96): bool=app_read_logs val=1 old_val=0 auid=4294967295 ses=4294967295
<5>[ 18.902517] type=1400 audit(86405.214:97): avc: denied { write } for pid=826 comm="sh" name="data_test" dev=mmcblk0p13 ino=19 scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
<5>[ 18.921806] type=1400 audit(86405.224:98): avc: denied { read write } for pid=833 comm="sh" path="/dev/smdcntl0" dev=tmpfs ino=5506 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 18.939813] type=1400 audit(86405.244:99): avc: denied { ioctl } for pid=372 comm=42696E646572205468726561642023 path="/dev/genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 18.959377] type=1400 audit(86405.264:100): avc: denied { read open } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 18.978910] type=1400 audit(86405.284:101): avc: denied { add_name } for pid=826 comm="sh" name="modem_port_status" scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
<5>[ 19.003357] type=1400 audit(86405.304:102): avc: denied { read write } for pid=528 comm="ndroid.systemui" name="genlock" dev=tmpfs ino=4880 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.022707] type=1400 audit(86405.325:103): avc: denied { read } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 19.041294] type=1400 audit(86405.345:104): avc: denied { read write } for pid=838 comm="sh" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.058110] type=1400 audit(86405.365:105): avc: denied { create } for pid=826 comm="sh" name="modem_port_status" scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<5>[ 19.075293] type=1400 audit(86405.385:106): avc: denied { open } for pid=528 comm="ndroid.systemui" name="genlock" dev=tmpfs ino=4880 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.093575] type=1400 audit(86405.405:107): avc: denied { open } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 19.112894] type=1400 audit(86405.415:108): avc: denied { read write } for pid=838 comm="sh" path="/dev/smdcntl0" dev=tmpfs ino=5506 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.130444] type=1400 audit(86405.435:109): avc: denied { write open } for pid=826 comm="sh" name="modem_port_status" dev=mmcblk0p13 ino=199 scontext=u:r:shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<5>[ 19.149336] type=1400 audit(86405.455:110): avc: denied { ioctl } for pid=528 comm="ndroid.systemui" path="/dev/genlock" dev=tmpfs ino=4880 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.191362] type=1400 audit(86405.495:111): avc: denied { read write } for pid=841 comm="sh" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.208606] type=1400 audit(86405.515:112): avc: denied { ioctl } for pid=327 comm="SurfaceFlinger" path="/dev/kgsl-3d0" dev=tmpfs ino=4708 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<6>[ 19.240012] wcnss_post_bootup: Cancel APPS vote for Iris & Riva
<5>[ 19.247062] type=1400 audit(86405.545:113): avc: denied { ioctl } for pid=528 comm="ndroid.systemui" path="/dev/kgsl-3d0" dev=tmpfs ino=4708 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.289027] type=1400 audit(86405.585:114): avc: denied { read write } for pid=841 comm="sh" path="/dev/smdcntl0" dev=tmpfs ino=5506 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.307065] type=1400 audit(86405.615:115): avc: denied { ioctl } for pid=528 comm="ndroid.systemui" path="/dev/kgsl-3d0" dev=tmpfs ino=4708 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.326812] type=1400 audit(86405.635:116): avc: denied { read } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 19.362124] type=1400 audit(86405.665:117): avc: denied { open } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 19.386845] type=1400 audit(86405.685:118): avc: denied { read } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 19.417182] type=1400 audit(86405.715:119): avc: denied { open } for pid=766 comm="SoundPoolThread" name="ion" dev=tmpfs ino=4847 scontext=u:r:system:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 19.471020] type=1400 audit(86405.775:120): avc: denied { ioctl } for pid=327 comm="SurfaceFlinger" path="/dev/genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.517045] type=1400 audit(86405.815:121): avc: denied { read write } for pid=383 comm=42696E646572205468726561642023 name="genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.517076] type=1400 audit(86405.815:122): avc: denied { open } for pid=383 comm=42696E646572205468726561642023 name="genlock" dev=tmpfs ino=4880 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.518663] type=1400 audit(86405.815:123): avc: denied { read write } for pid=528 comm="ndroid.systemui" name="genlock" dev=tmpfs ino=4880 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.518693] type=1400 audit(86405.815:124): avc: denied { open } for pid=528 comm="ndroid.systemui" name="genlock" dev=tmpfs ino=4880 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.518754] type=1400 audit(86405.815:125): avc: denied { ioctl } for pid=528 comm="ndroid.systemui" path="/dev/genlock" dev=tmpfs ino=4880 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 19.648588] type=1400 audit(86405.945:126): avc: denied { read } for pid=859 comm="alcomm.privinit" name="ion" dev=tmpfs ino=4847 scontext=u:r:system_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 19.667694] type=1400 audit(86405.965:127): avc: denied { open } for pid=859 comm="alcomm.privinit" name="ion" dev=tmpfs ino=4847 scontext=u:r:system_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<4>[ 19.706302] avc: received policyload notice (seqno=2)
<4>[ 19.712101] avc: received policyload notice (seqno=3)
<4>[ 19.717350] avc: received policyload notice (seqno=4)
<4>[ 19.721623] avc: received policyload notice (seqno=5)
<4>[ 19.726751] avc: received policyload notice (seqno=6)
<4>[ 19.732519] avc: received policyload notice (seqno=7)
<4>[ 19.737372] avc: received policyload notice (seqno=8)
<4>[ 19.742530] avc: received policyload notice (seqno=9)
<4>[ 19.748969] avc: received policyload notice (seqno=10)
<4>[ 19.754188] avc: received policyload notice (seqno=11)
<4>[ 19.761574] avc: denied { set } for property=net.dns.cache_size scontext=u:r:system_app:s0 tcontext=u:object_r:radio_prop:s0 tclass=property_service
<5>[ 19.839798] type=1400 audit(86406.145:128): avc: denied { read } for pid=876 comm=".qualcomm.wiper" name="ion" dev=tmpfs ino=4847 scontext=u:r:platform_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 19.839829] type=1400 audit(86406.145:129): avc: denied { open } for pid=876 comm=".qualcomm.wiper" name="ion" dev=tmpfs ino=4847 scontext=u:r:platform_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 19.936151] type=1400 audit(86406.235:130): avc: denied { write } for pid=876 comm=".qualcomm.wiper" name="wiper_pipe1" dev=mmcblk0p13 ino=32777 scontext=u:r:platform_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=fifo_file
<5>[ 19.936181] type=1400 audit(86406.235:131): avc: denied { open } for pid=876 comm=".qualcomm.wiper" name="wiper_pipe1" dev=mmcblk0p13 ino=32777 scontext=u:r:platform_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=fifo_file
<5>[ 19.936242] type=1400 audit(86406.235:132): avc: denied { read } for pid=876 comm=".qualcomm.wiper" name="wiper_pipe2" dev=mmcblk0p13 ino=32778 scontext=u:r:platform_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=fifo_file
<5>[ 19.998779] type=1400 audit(86406.306:133): avc: denied { write } for pid=319 comm="rild" name="qmux_connect_socket" dev=tmpfs ino=3011 scontext=u:r:rild:s0 tcontext=u:object_r:device:s0 tclass=sock_file
<4>[ 20.108988] avc: denied { set } for property=ctl.ppd scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=property_service
<5>[ 20.112803] type=1400 audit(86406.416:134): avc: denied { write } for pid=925 comm="DaemonConnector" name="pps" dev=tmpfs ino=5784 scontext=u:r:system_app:s0 tcontext=u:object_r:device:s0 tclass=sock_file
<5>[ 20.160415] type=1400 audit(86406.466:135): avc: denied { read } for pid=927 comm="viders.calendar" name="ion" dev=tmpfs ino=4847 scontext=u:r:release_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 20.160445] type=1400 audit(86406.466:136): avc: denied { open } for pid=927 comm="viders.calendar" name="ion" dev=tmpfs ino=4847 scontext=u:r:release_app:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<3>[ 20.165908] mdp_histogram_stop histogram already stopped
<5>[ 20.427041] type=1400 audit(86406.726:137): avc: denied { read write } for pid=963 comm="sh" path="/dev/diag" dev=tmpfs ino=5559 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 20.446390] type=1400 audit(86406.746:138): avc: denied { read write } for pid=963 comm="sh" path="socket:[3010]" dev=sockfs ino=3010 scontext=u:r:shell:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket
<5>[ 20.513230] type=1400 audit(86406.816:139): avc: denied { create } for pid=319 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=netlink_socket
<5>[ 20.532885] type=1400 audit(86406.836:140): avc: denied { bind } for pid=319 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=netlink_socket
<7>[ 20.742957] SELinux: initialized (dev mmcblk1p1, type vfat), uses genfs_contexts
<7>[ 20.745887] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
<5>[ 21.204303] type=1400 audit(86407.507:141): avc: denied { call } for pid=1030 comm="re-initialized>" scontext=u:r:zygote:s0 tcontext=u:r:servicemanager:s0 tclass=binder
<5>[ 21.219563] type=1400 audit(86407.517:142): avc: denied { receive } for pid=185 comm="servicemanager" scontext=u:r:zygote:s0 tcontext=u:r:system:s0 tclass=binder
<5>[ 21.235830] type=1400 audit(86407.537:143): avc: denied { call } for pid=1030 comm="re-initialized>" scontext=u:r:zygote:s0 tcontext=u:r:system:s0 tclass=binder
<5>[ 21.249504] type=1400 audit(86407.547:144): avc: denied { transfer } for pid=1030 comm="re-initialized>" scontext=u:r:zygote:s0 tcontext=u:r:zygote:s0 tclass=binder
<5>[ 21.264397] type=1400 audit(86407.567:145): avc: denied { receive } for pid=1030 comm="re-initialized>" scontext=u:r:system:s0 tcontext=u:r:zygote:s0 tclass=binder
<5>[ 21.289150] type=1400 audit(86407.587:146): avc: denied { call } for pid=443 comm=42696E646572205468726561642023 scontext=u:r:system:s0 tcontext=u:r:zygote:s0 tclass=binder
<5>[ 21.306180] type=1400 audit(86407.607:147): avc: denied { write } for pid=443 comm=42696E646572205468726561642023 name="oom_adj" dev=proc ino=6935 scontext=u:r:system:s0 tcontext=u:r:zygote:s0 tclass=file
<5>[ 21.337616] type=1400 audit(86407.637:148): avc: denied { receive } for pid=185 comm="servicemanager" scontext=u:r:zygote:s0 tcontext=u:r:surfaceflinger:s0 tclass=binder
<5>[ 21.354249] type=1400 audit(86407.657:149): avc: denied { call } for pid=1030 comm="quicinc.fmradio" scontext=u:r:zygote:s0 tcontext=u:r:surfaceflinger:s0 tclass=binder
<5>[ 21.372958] type=1400 audit(86407.677:150): avc: denied { read } for pid=1030 comm="quicinc.fmradio" name="ion" dev=tmpfs ino=4847 scontext=u:r:zygote:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 21.390569] type=1400 audit(86407.697:151): avc: denied { open } for pid=1030 comm="quicinc.fmradio" name="ion" dev=tmpfs ino=4847 scontext=u:r:zygote:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file
<5>[ 21.409674] type=1400 audit(86407.717:152): avc: denied { use } for pid=719 comm=42696E646572205468726561642023 path="/dev/ashmem" dev=tmpfs ino=4877 scontext=u:r:zygote:s0 tcontext=u:r:surfaceflinger:s0 tclass=fd
<5>[ 22.036166] type=1400 audit(86408.338:153): avc: denied { read write } for pid=1120 comm="omm.location.XT" name="diag" dev=tmpfs ino=5559 scontext=u:r:platform_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 22.056004] type=1400 audit(86408.358:154): avc: denied { open } for pid=1120 comm="omm.location.XT" name="diag" dev=tmpfs ino=5559 scontext=u:r:platform_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 22.061864] type=1400 audit(86408.358:155): avc: denied { ioctl } for pid=630 comm="ndroid.launcher" path="/dev/genlock" dev=tmpfs ino=4880 scontext=u:r:shared_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file
<5>[ 22.368564] type=1400 audit(86408.668:156): avc: denied { getattr } for pid=1139 comm="MediaScannerSer" path="/mnt/sdcard/.android_secure" dev=tmpfs ino=6894 scontext=u:r:media_app:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir
<5>[ 24.187517] type=1400 audit(86410.490:157): avc: denied { execute } for pid=1037 comm="Compiler" path="/dev/ashmem" dev=tmpfs ino=4877 scontext=u:r:zygote:s0 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file
<5>[ 49.200183] type=1400 audit(86435.507:158): avc: denied { syslog } for pid=1168 comm="cat" capability=34 scontext=u:r:shell:s0 tcontext=u:r:shell:s0 tclass=capability2
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-12 18:48 ` Cesar Maiorino
@ 2012-09-12 20:29 ` William Roberts
2012-09-12 20:50 ` Cesar Maiorino
2012-09-12 22:02 ` William Roberts
0 siblings, 2 replies; 11+ messages in thread
From: William Roberts @ 2012-09-12 20:29 UTC (permalink / raw)
To: Cesar Maiorino; +Cc: Joman Chu, selinux
So you have a lot of denials. You need to correct these before you go
to enforcing mode.
Below, I show you how you can use audit2allow to gather the rules to
add to your device policy. If you create a file called sepolicy.te in
your projects device directory or vendor directory with these rules it
should fix it. Take a look at external/sepolicy/Android.mk, that make
file searches vendor and device directories based on the lunch option
of the device being built for to automatically include specially named
policy files.
The general rule of thumb is NOT to add the shell allow rules. You
should also use the macro's when granting access that are defined in
external.sepolicy/global_macros
If you use the macro's this line:
allow media_app ion_device:chr_file { read open };
becomes:
allow media_app ion_device:chr_file r_file_perms;
The macro's help, you should really use them. If a process asks for
read, it likeley needs getattr and other accesses too and the macro's
wrap these up cleanly for you.
Also, never allow access to "device" or "block_device". These are
large domains and granting access to them is generally not a good
idea. This rule "allow mediaserver device:chr_file { read write ioctl
open };" is caused by these denied message:
<5>[ 9.119517] type=1400 audit(11394.900:33): avc: denied { read
write } for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559
scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
tclass=chr_file
<5>[ 9.154951] type=1400 audit(11394.930:34): avc: denied { open
} for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559
scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
tclass=chr_file
<5>[ 9.185441] type=1400 audit(11394.960:35): avc: denied { ioctl
} for pid=194 comm="mediaserver" path="/dev/diag" dev=tmpfs ino=5559
scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
which are accesses on:
/dev/diag
You should relabel dev diag in sepolicy.fc (again in your
device/vendor directory) to some other type and grant access on it. If
you allow mediaserver access to device, it could then read and write
to a lot of stuff under /dev that you may want to not give it access
too. (/dev is initially labeled as device, everything else gets a
specific label as needed)
Example of taking dmesg output and generating rules, don't just copy
and paste. Read these and make sure they make sense for your
application... We also may want to submit some of these upstream
(SELinux/Google).
$ cat /home/wroberts/Downloads/seandroid_proc_kmsg.txt | audit2allow
#============= media_app ==============
allow media_app ion_device:chr_file { read open };
allow media_app tmpfs:dir getattr;
#============= mediaserver ==============
allow mediaserver device:chr_file { read write ioctl open };
allow mediaserver system_data_file:file { write open };
#============= platform_app ==============
allow platform_app device:chr_file { read write open };
allow platform_app ion_device:chr_file { read open };
allow platform_app system_data_file:fifo_file { write read open };
#============= radio ==============
allow radio ion_device:chr_file { read open };
#============= release_app ==============
allow release_app ion_device:chr_file { read open };
#============= rild ==============
allow rild device:chr_file { read write open };
allow rild device:dir { write add_name };
allow rild device:sock_file { write create };
allow rild self:netlink_socket { bind create };
#============= shared_app ==============
allow shared_app device:chr_file { read write ioctl open };
allow shared_app ion_device:chr_file { read open };
#============= shell ==============
allow shell ctl_default_prop:property_service set;
allow shell ctl_rildaemon_prop:property_service set;
allow shell default_prop:property_service set;
allow shell device:chr_file { read write getattr open };
allow shell device:dir { read open };
allow shell init:fifo_file { read getattr };
allow shell init:unix_stream_socket { connectto read write };
allow shell proc:file write;
allow shell rootfs:file { read open };
allow shell self:capability { net_admin chown fsetid dac_override };
allow shell self:capability2 syslog;
allow shell sysfs:file { write setattr };
allow shell system_data_file:dir { write remove_name add_name setattr };
allow shell system_data_file:file { write create unlink open };
allow shell system_file:lnk_file getattr;
allow shell system_prop:property_service set;
allow shell tmpfs:chr_file { read write getattr };
#============= surfaceflinger ==============
allow surfaceflinger device:chr_file { read write ioctl open };
#============= system ==============
allow system device:dir { write add_name };
allow system device:sock_file create;
allow system ion_device:chr_file { read open };
allow system zygote:binder { receive call };
allow system zygote:file write;
#============= system_app ==============
allow system_app ctl_default_prop:property_service set;
allow system_app device:chr_file { read write ioctl open };
allow system_app device:sock_file write;
allow system_app ion_device:chr_file { read open };
allow system_app radio_prop:property_service set;
#============= ueventd ==============
allow ueventd sdcard:dir search;
allow ueventd sdcard:file { read getattr open };
allow ueventd self:capability fowner;
#============= zygote ==============
allow zygote ashmem_device:chr_file execute;
allow zygote init:unix_stream_socket connectto;
allow zygote ion_device:chr_file { read open };
allow zygote property_socket:sock_file write;
allow zygote self:binder transfer;
allow zygote servicemanager:binder call;
allow zygote surfaceflinger:binder { receive call };
allow zygote surfaceflinger:fd use;
allow zygote system:binder { receive call };
allow zygote system_prop:property_service set;
On Wed, Sep 12, 2012 at 11:48 AM, Cesar Maiorino
<cesar.maiorino@gmail.com> wrote:
> Here is my /proc/kmsg. I am going to dig into it myself, but if you have
> the time to take a look, any
> pointers would be appreciated.
>
> On Wed, Sep 12, 2012 at 11:37 AM, Joman Chu <jcchu@tycho.ncsc.mil> wrote:
>>
>> On 09/12/2012 11:01 AM, Cesar Maiorino wrote:
>>
>> I did have these in my init.rc, but my build was not copying init.rc to
>> to the out directory.
>> I copied it over manually and rebuilt the boot.img and it now I can change
>> the values.
>> So that is progress.
>> Now, however, when I toggle on SELinux, my device locks up. On reboot it
>> is stuck at the
>> lock screen.
>> Thanks for the help.
>>
>> On Tue, Sep 11, 2012 at 4:37 PM, William Roberts
>> <bill.c.roberts@gmail.com> wrote:
>>>
>>> My guess is you need to change the permissions of /selinux/*
>>> (/selinux/booleans for the booleans) to system system.
>>>
>>> the init.rc needs to have chown system system for all of the booleans,
>>> setenforce etc
>>>
>>> chown system system /selinux/enforce
>>> chown -R system system /selinux/booleans
>>> chown system system /selinux/commit_pending_bools
>>>
>>> You'll need to patch in the recursive support or enumerate all the
>>> bools. The patch for recursive support can be found:
>>> https://android-review.googlesource.com/#/c/32220/
>>>
>>> Hope this helps.
>>>
>>>
>>> On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
>>> <cesar.maiorino@gmail.com> wrote:
>>> > I finally got a version of seandroid (4.0.4) running on my Qualcomm
>>> > MSM8960
>>> > Mobile Development Platform. This required some manual intervention as
>>> > the
>>> > patch files did not all apply cleanly, so it's possible that I've
>>> > messed
>>> > something up in the process.
>>> >
>>> > That being said, the SEManager app does not let me change any settings
>>> > aside
>>> > from toggling "MAC Mode" on and off. So I can't change '"SELinux Mode"
>>> > (stuck in permissive), and I can't change any of the Booleans.
>>> >
>>> > AVC and MAC logging seem to be working.
>>> >
>>> > Any ideas?
>>> >
>>>
>>>
>>>
>>> --
>>> Respectfully,
>>>
>>> William C Roberts
>>
>>
>> Perhaps you're running into AVC denials. Can you post the kernel logs from
>> /proc/kmsg?
>
>
--
Respectfully,
William C Roberts
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-12 20:29 ` William Roberts
@ 2012-09-12 20:50 ` Cesar Maiorino
2012-09-12 21:08 ` William Roberts
2012-09-14 15:41 ` Joshua Brindle
2012-09-12 22:02 ` William Roberts
1 sibling, 2 replies; 11+ messages in thread
From: Cesar Maiorino @ 2012-09-12 20:50 UTC (permalink / raw)
To: William Roberts; +Cc: Joman Chu, selinux
[-- Attachment #1: Type: text/plain, Size: 9016 bytes --]
That is enormously helpful. Thanks.
So I have a couple more questions:
(1) I would naively expect that the denials would be more device-specific.
For example, there are
several related to zygote that look pretty generic. Shouldn't those already
be in the "base" policy?
Or am I missing something?
(2) If I don't add the "shell allow" rules, how do I deal with those
denials?
On Wed, Sep 12, 2012 at 4:29 PM, William Roberts
<bill.c.roberts@gmail.com>wrote:
> So you have a lot of denials. You need to correct these before you go
> to enforcing mode.
>
> Below, I show you how you can use audit2allow to gather the rules to
> add to your device policy. If you create a file called sepolicy.te in
> your projects device directory or vendor directory with these rules it
> should fix it. Take a look at external/sepolicy/Android.mk, that make
> file searches vendor and device directories based on the lunch option
> of the device being built for to automatically include specially named
> policy files.
>
> The general rule of thumb is NOT to add the shell allow rules. You
> should also use the macro's when granting access that are defined in
> external.sepolicy/global_macros
>
> If you use the macro's this line:
>
> allow media_app ion_device:chr_file { read open };
>
> becomes:
> allow media_app ion_device:chr_file r_file_perms;
>
> The macro's help, you should really use them. If a process asks for
> read, it likeley needs getattr and other accesses too and the macro's
> wrap these up cleanly for you.
>
> Also, never allow access to "device" or "block_device". These are
> large domains and granting access to them is generally not a good
> idea. This rule "allow mediaserver device:chr_file { read write ioctl
> open };" is caused by these denied message:
>
> <5>[ 9.119517] type=1400 audit(11394.900:33): avc: denied { read
> write } for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559
> scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
> tclass=chr_file
> <5>[ 9.154951] type=1400 audit(11394.930:34): avc: denied { open
> } for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559
> scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
> tclass=chr_file
> <5>[ 9.185441] type=1400 audit(11394.960:35): avc: denied { ioctl
> } for pid=194 comm="mediaserver" path="/dev/diag" dev=tmpfs ino=5559
> scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
>
> which are accesses on:
> /dev/diag
>
> You should relabel dev diag in sepolicy.fc (again in your
> device/vendor directory) to some other type and grant access on it. If
> you allow mediaserver access to device, it could then read and write
> to a lot of stuff under /dev that you may want to not give it access
> too. (/dev is initially labeled as device, everything else gets a
> specific label as needed)
>
>
> Example of taking dmesg output and generating rules, don't just copy
> and paste. Read these and make sure they make sense for your
> application... We also may want to submit some of these upstream
> (SELinux/Google).
>
> $ cat /home/wroberts/Downloads/seandroid_proc_kmsg.txt | audit2allow
>
> #============= media_app ==============
> allow media_app ion_device:chr_file { read open };
> allow media_app tmpfs:dir getattr;
>
> #============= mediaserver ==============
> allow mediaserver device:chr_file { read write ioctl open };
> allow mediaserver system_data_file:file { write open };
>
> #============= platform_app ==============
> allow platform_app device:chr_file { read write open };
> allow platform_app ion_device:chr_file { read open };
> allow platform_app system_data_file:fifo_file { write read open };
>
> #============= radio ==============
> allow radio ion_device:chr_file { read open };
>
> #============= release_app ==============
> allow release_app ion_device:chr_file { read open };
>
> #============= rild ==============
> allow rild device:chr_file { read write open };
> allow rild device:dir { write add_name };
> allow rild device:sock_file { write create };
> allow rild self:netlink_socket { bind create };
>
> #============= shared_app ==============
> allow shared_app device:chr_file { read write ioctl open };
> allow shared_app ion_device:chr_file { read open };
>
> #============= shell ==============
> allow shell ctl_default_prop:property_service set;
> allow shell ctl_rildaemon_prop:property_service set;
> allow shell default_prop:property_service set;
> allow shell device:chr_file { read write getattr open };
> allow shell device:dir { read open };
> allow shell init:fifo_file { read getattr };
> allow shell init:unix_stream_socket { connectto read write };
> allow shell proc:file write;
> allow shell rootfs:file { read open };
> allow shell self:capability { net_admin chown fsetid dac_override };
> allow shell self:capability2 syslog;
> allow shell sysfs:file { write setattr };
> allow shell system_data_file:dir { write remove_name add_name setattr };
> allow shell system_data_file:file { write create unlink open };
> allow shell system_file:lnk_file getattr;
> allow shell system_prop:property_service set;
> allow shell tmpfs:chr_file { read write getattr };
>
> #============= surfaceflinger ==============
> allow surfaceflinger device:chr_file { read write ioctl open };
>
> #============= system ==============
> allow system device:dir { write add_name };
> allow system device:sock_file create;
> allow system ion_device:chr_file { read open };
> allow system zygote:binder { receive call };
> allow system zygote:file write;
>
> #============= system_app ==============
> allow system_app ctl_default_prop:property_service set;
> allow system_app device:chr_file { read write ioctl open };
> allow system_app device:sock_file write;
> allow system_app ion_device:chr_file { read open };
> allow system_app radio_prop:property_service set;
>
> #============= ueventd ==============
> allow ueventd sdcard:dir search;
> allow ueventd sdcard:file { read getattr open };
> allow ueventd self:capability fowner;
>
> #============= zygote ==============
> allow zygote ashmem_device:chr_file execute;
> allow zygote init:unix_stream_socket connectto;
> allow zygote ion_device:chr_file { read open };
> allow zygote property_socket:sock_file write;
> allow zygote self:binder transfer;
> allow zygote servicemanager:binder call;
> allow zygote surfaceflinger:binder { receive call };
> allow zygote surfaceflinger:fd use;
> allow zygote system:binder { receive call };
> allow zygote system_prop:property_service set;
>
>
>
>
>
> On Wed, Sep 12, 2012 at 11:48 AM, Cesar Maiorino
> <cesar.maiorino@gmail.com> wrote:
> > Here is my /proc/kmsg. I am going to dig into it myself, but if you have
> > the time to take a look, any
> > pointers would be appreciated.
> >
> > On Wed, Sep 12, 2012 at 11:37 AM, Joman Chu <jcchu@tycho.ncsc.mil>
> wrote:
> >>
> >> On 09/12/2012 11:01 AM, Cesar Maiorino wrote:
> >>
> >> I did have these in my init.rc, but my build was not copying init.rc to
> >> to the out directory.
> >> I copied it over manually and rebuilt the boot.img and it now I can
> change
> >> the values.
> >> So that is progress.
> >> Now, however, when I toggle on SELinux, my device locks up. On reboot it
> >> is stuck at the
> >> lock screen.
> >> Thanks for the help.
> >>
> >> On Tue, Sep 11, 2012 at 4:37 PM, William Roberts
> >> <bill.c.roberts@gmail.com> wrote:
> >>>
> >>> My guess is you need to change the permissions of /selinux/*
> >>> (/selinux/booleans for the booleans) to system system.
> >>>
> >>> the init.rc needs to have chown system system for all of the booleans,
> >>> setenforce etc
> >>>
> >>> chown system system /selinux/enforce
> >>> chown -R system system /selinux/booleans
> >>> chown system system /selinux/commit_pending_bools
> >>>
> >>> You'll need to patch in the recursive support or enumerate all the
> >>> bools. The patch for recursive support can be found:
> >>> https://android-review.googlesource.com/#/c/32220/
> >>>
> >>> Hope this helps.
> >>>
> >>>
> >>> On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
> >>> <cesar.maiorino@gmail.com> wrote:
> >>> > I finally got a version of seandroid (4.0.4) running on my Qualcomm
> >>> > MSM8960
> >>> > Mobile Development Platform. This required some manual intervention
> as
> >>> > the
> >>> > patch files did not all apply cleanly, so it's possible that I've
> >>> > messed
> >>> > something up in the process.
> >>> >
> >>> > That being said, the SEManager app does not let me change any
> settings
> >>> > aside
> >>> > from toggling "MAC Mode" on and off. So I can't change '"SELinux
> Mode"
> >>> > (stuck in permissive), and I can't change any of the Booleans.
> >>> >
> >>> > AVC and MAC logging seem to be working.
> >>> >
> >>> > Any ideas?
> >>> >
> >>>
> >>>
> >>>
> >>> --
> >>> Respectfully,
> >>>
> >>> William C Roberts
> >>
> >>
> >> Perhaps you're running into AVC denials. Can you post the kernel logs
> from
> >> /proc/kmsg?
> >
> >
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
[-- Attachment #2: Type: text/html, Size: 11166 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-12 20:50 ` Cesar Maiorino
@ 2012-09-12 21:08 ` William Roberts
2012-09-14 15:41 ` Joshua Brindle
1 sibling, 0 replies; 11+ messages in thread
From: William Roberts @ 2012-09-12 21:08 UTC (permalink / raw)
To: Cesar Maiorino; +Cc: Joman Chu, selinux
1. Yes, their was some generic looking denials that should be in the
base policy as well as labeling /dev/diag. I have ran into that one
myself put could not verify other devices that used it. We would
appreciate to work with you and when your done modifying the base
policy (for those generic denials) gladly review a patch with you for
integration.
2. The shell denials are usually caused by you shelling in through
adbd and running commands. You really don't want to give those
accesses. However, as a caveat, if you look for domain_auto_trans in
sepolicy we see some going to the shell domain.
android/external/sepolicy$ grep domain_auto_trans *
adbd.te:domain_auto_trans(adbd, shell_exec, shell)
shell.te:domain_auto_trans(init, shell_exec, shell)
I have noticed that init's sometimes cause denials on shell domain. An
easy way to test this is to modify this line and have init transition
(on exec of shell_exec) to someother donmain, maybe init_shell that
has no "allow" rules. This will let you see exactly what your init is
doing and then determine if those rules should be allowed, or if your
init shell exec's should run in a separate domain. I tend not to add
any more allows's to shell, and if init shell exec's are cuasing more
denials, place it into its own domain specified in per device policy.
However, this requires you to comment out or remove the transition
rule for init in shell.te
Bill
On Wed, Sep 12, 2012 at 1:50 PM, Cesar Maiorino
<cesar.maiorino@gmail.com> wrote:
> That is enormously helpful. Thanks.
>
> So I have a couple more questions:
>
> (1) I would naively expect that the denials would be more device-specific.
> For example, there are
> several related to zygote that look pretty generic. Shouldn't those already
> be in the "base" policy?
> Or am I missing something?
>
> (2) If I don't add the "shell allow" rules, how do I deal with those
> denials?
>
>
>
>
> On Wed, Sep 12, 2012 at 4:29 PM, William Roberts <bill.c.roberts@gmail.com>
> wrote:
>>
>> So you have a lot of denials. You need to correct these before you go
>> to enforcing mode.
>>
>> Below, I show you how you can use audit2allow to gather the rules to
>> add to your device policy. If you create a file called sepolicy.te in
>> your projects device directory or vendor directory with these rules it
>> should fix it. Take a look at external/sepolicy/Android.mk, that make
>> file searches vendor and device directories based on the lunch option
>> of the device being built for to automatically include specially named
>> policy files.
>>
>> The general rule of thumb is NOT to add the shell allow rules. You
>> should also use the macro's when granting access that are defined in
>> external.sepolicy/global_macros
>>
>> If you use the macro's this line:
>>
>> allow media_app ion_device:chr_file { read open };
>>
>> becomes:
>> allow media_app ion_device:chr_file r_file_perms;
>>
>> The macro's help, you should really use them. If a process asks for
>> read, it likeley needs getattr and other accesses too and the macro's
>> wrap these up cleanly for you.
>>
>> Also, never allow access to "device" or "block_device". These are
>> large domains and granting access to them is generally not a good
>> idea. This rule "allow mediaserver device:chr_file { read write ioctl
>> open };" is caused by these denied message:
>>
>> <5>[ 9.119517] type=1400 audit(11394.900:33): avc: denied { read
>> write } for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559
>> scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
>> tclass=chr_file
>> <5>[ 9.154951] type=1400 audit(11394.930:34): avc: denied { open
>> } for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559
>> scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
>> tclass=chr_file
>> <5>[ 9.185441] type=1400 audit(11394.960:35): avc: denied { ioctl
>> } for pid=194 comm="mediaserver" path="/dev/diag" dev=tmpfs ino=5559
>> scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
>>
>> which are accesses on:
>> /dev/diag
>>
>> You should relabel dev diag in sepolicy.fc (again in your
>> device/vendor directory) to some other type and grant access on it. If
>> you allow mediaserver access to device, it could then read and write
>> to a lot of stuff under /dev that you may want to not give it access
>> too. (/dev is initially labeled as device, everything else gets a
>> specific label as needed)
>>
>>
>> Example of taking dmesg output and generating rules, don't just copy
>> and paste. Read these and make sure they make sense for your
>> application... We also may want to submit some of these upstream
>> (SELinux/Google).
>>
>> $ cat /home/wroberts/Downloads/seandroid_proc_kmsg.txt | audit2allow
>>
>> #============= media_app ==============
>> allow media_app ion_device:chr_file { read open };
>> allow media_app tmpfs:dir getattr;
>>
>> #============= mediaserver ==============
>> allow mediaserver device:chr_file { read write ioctl open };
>> allow mediaserver system_data_file:file { write open };
>>
>> #============= platform_app ==============
>> allow platform_app device:chr_file { read write open };
>> allow platform_app ion_device:chr_file { read open };
>> allow platform_app system_data_file:fifo_file { write read open };
>>
>> #============= radio ==============
>> allow radio ion_device:chr_file { read open };
>>
>> #============= release_app ==============
>> allow release_app ion_device:chr_file { read open };
>>
>> #============= rild ==============
>> allow rild device:chr_file { read write open };
>> allow rild device:dir { write add_name };
>> allow rild device:sock_file { write create };
>> allow rild self:netlink_socket { bind create };
>>
>> #============= shared_app ==============
>> allow shared_app device:chr_file { read write ioctl open };
>> allow shared_app ion_device:chr_file { read open };
>>
>> #============= shell ==============
>> allow shell ctl_default_prop:property_service set;
>> allow shell ctl_rildaemon_prop:property_service set;
>> allow shell default_prop:property_service set;
>> allow shell device:chr_file { read write getattr open };
>> allow shell device:dir { read open };
>> allow shell init:fifo_file { read getattr };
>> allow shell init:unix_stream_socket { connectto read write };
>> allow shell proc:file write;
>> allow shell rootfs:file { read open };
>> allow shell self:capability { net_admin chown fsetid dac_override };
>> allow shell self:capability2 syslog;
>> allow shell sysfs:file { write setattr };
>> allow shell system_data_file:dir { write remove_name add_name setattr };
>> allow shell system_data_file:file { write create unlink open };
>> allow shell system_file:lnk_file getattr;
>> allow shell system_prop:property_service set;
>> allow shell tmpfs:chr_file { read write getattr };
>>
>> #============= surfaceflinger ==============
>> allow surfaceflinger device:chr_file { read write ioctl open };
>>
>> #============= system ==============
>> allow system device:dir { write add_name };
>> allow system device:sock_file create;
>> allow system ion_device:chr_file { read open };
>> allow system zygote:binder { receive call };
>> allow system zygote:file write;
>>
>> #============= system_app ==============
>> allow system_app ctl_default_prop:property_service set;
>> allow system_app device:chr_file { read write ioctl open };
>> allow system_app device:sock_file write;
>> allow system_app ion_device:chr_file { read open };
>> allow system_app radio_prop:property_service set;
>>
>> #============= ueventd ==============
>> allow ueventd sdcard:dir search;
>> allow ueventd sdcard:file { read getattr open };
>> allow ueventd self:capability fowner;
>>
>> #============= zygote ==============
>> allow zygote ashmem_device:chr_file execute;
>> allow zygote init:unix_stream_socket connectto;
>> allow zygote ion_device:chr_file { read open };
>> allow zygote property_socket:sock_file write;
>> allow zygote self:binder transfer;
>> allow zygote servicemanager:binder call;
>> allow zygote surfaceflinger:binder { receive call };
>> allow zygote surfaceflinger:fd use;
>> allow zygote system:binder { receive call };
>> allow zygote system_prop:property_service set;
>>
>>
>>
>>
>>
>> On Wed, Sep 12, 2012 at 11:48 AM, Cesar Maiorino
>> <cesar.maiorino@gmail.com> wrote:
>> > Here is my /proc/kmsg. I am going to dig into it myself, but if you
>> > have
>> > the time to take a look, any
>> > pointers would be appreciated.
>> >
>> > On Wed, Sep 12, 2012 at 11:37 AM, Joman Chu <jcchu@tycho.ncsc.mil>
>> > wrote:
>> >>
>> >> On 09/12/2012 11:01 AM, Cesar Maiorino wrote:
>> >>
>> >> I did have these in my init.rc, but my build was not copying init.rc to
>> >> to the out directory.
>> >> I copied it over manually and rebuilt the boot.img and it now I can
>> >> change
>> >> the values.
>> >> So that is progress.
>> >> Now, however, when I toggle on SELinux, my device locks up. On reboot
>> >> it
>> >> is stuck at the
>> >> lock screen.
>> >> Thanks for the help.
>> >>
>> >> On Tue, Sep 11, 2012 at 4:37 PM, William Roberts
>> >> <bill.c.roberts@gmail.com> wrote:
>> >>>
>> >>> My guess is you need to change the permissions of /selinux/*
>> >>> (/selinux/booleans for the booleans) to system system.
>> >>>
>> >>> the init.rc needs to have chown system system for all of the booleans,
>> >>> setenforce etc
>> >>>
>> >>> chown system system /selinux/enforce
>> >>> chown -R system system /selinux/booleans
>> >>> chown system system /selinux/commit_pending_bools
>> >>>
>> >>> You'll need to patch in the recursive support or enumerate all the
>> >>> bools. The patch for recursive support can be found:
>> >>> https://android-review.googlesource.com/#/c/32220/
>> >>>
>> >>> Hope this helps.
>> >>>
>> >>>
>> >>> On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
>> >>> <cesar.maiorino@gmail.com> wrote:
>> >>> > I finally got a version of seandroid (4.0.4) running on my Qualcomm
>> >>> > MSM8960
>> >>> > Mobile Development Platform. This required some manual intervention
>> >>> > as
>> >>> > the
>> >>> > patch files did not all apply cleanly, so it's possible that I've
>> >>> > messed
>> >>> > something up in the process.
>> >>> >
>> >>> > That being said, the SEManager app does not let me change any
>> >>> > settings
>> >>> > aside
>> >>> > from toggling "MAC Mode" on and off. So I can't change '"SELinux
>> >>> > Mode"
>> >>> > (stuck in permissive), and I can't change any of the Booleans.
>> >>> >
>> >>> > AVC and MAC logging seem to be working.
>> >>> >
>> >>> > Any ideas?
>> >>> >
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> Respectfully,
>> >>>
>> >>> William C Roberts
>> >>
>> >>
>> >> Perhaps you're running into AVC denials. Can you post the kernel logs
>> >> from
>> >> /proc/kmsg?
>> >
>> >
>>
>>
>>
>> --
>> Respectfully,
>>
>> William C Roberts
>
>
--
Respectfully,
William C Roberts
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-12 20:29 ` William Roberts
2012-09-12 20:50 ` Cesar Maiorino
@ 2012-09-12 22:02 ` William Roberts
1 sibling, 0 replies; 11+ messages in thread
From: William Roberts @ 2012-09-12 22:02 UTC (permalink / raw)
To: Cesar Maiorino; +Cc: Joman Chu, selinux
Cesar,
I just sent out a patch for the ion denials, to make a generic fix for
that. I am waiting to hear the feedback on it.
Bill
On Wed, Sep 12, 2012 at 1:29 PM, William Roberts
<bill.c.roberts@gmail.com> wrote:
> So you have a lot of denials. You need to correct these before you go
> to enforcing mode.
>
> Below, I show you how you can use audit2allow to gather the rules to
> add to your device policy. If you create a file called sepolicy.te in
> your projects device directory or vendor directory with these rules it
> should fix it. Take a look at external/sepolicy/Android.mk, that make
> file searches vendor and device directories based on the lunch option
> of the device being built for to automatically include specially named
> policy files.
>
> The general rule of thumb is NOT to add the shell allow rules. You
> should also use the macro's when granting access that are defined in
> external.sepolicy/global_macros
>
> If you use the macro's this line:
>
> allow media_app ion_device:chr_file { read open };
>
> becomes:
> allow media_app ion_device:chr_file r_file_perms;
>
> The macro's help, you should really use them. If a process asks for
> read, it likeley needs getattr and other accesses too and the macro's
> wrap these up cleanly for you.
>
> Also, never allow access to "device" or "block_device". These are
> large domains and granting access to them is generally not a good
> idea. This rule "allow mediaserver device:chr_file { read write ioctl
> open };" is caused by these denied message:
>
> <5>[ 9.119517] type=1400 audit(11394.900:33): avc: denied { read
> write } for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559
> scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
> tclass=chr_file
> <5>[ 9.154951] type=1400 audit(11394.930:34): avc: denied { open
> } for pid=194 comm="mediaserver" name="diag" dev=tmpfs ino=5559
> scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
> tclass=chr_file
> <5>[ 9.185441] type=1400 audit(11394.960:35): avc: denied { ioctl
> } for pid=194 comm="mediaserver" path="/dev/diag" dev=tmpfs ino=5559
> scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
>
> which are accesses on:
> /dev/diag
>
> You should relabel dev diag in sepolicy.fc (again in your
> device/vendor directory) to some other type and grant access on it. If
> you allow mediaserver access to device, it could then read and write
> to a lot of stuff under /dev that you may want to not give it access
> too. (/dev is initially labeled as device, everything else gets a
> specific label as needed)
>
>
> Example of taking dmesg output and generating rules, don't just copy
> and paste. Read these and make sure they make sense for your
> application... We also may want to submit some of these upstream
> (SELinux/Google).
>
> $ cat /home/wroberts/Downloads/seandroid_proc_kmsg.txt | audit2allow
>
> #============= media_app ==============
> allow media_app ion_device:chr_file { read open };
> allow media_app tmpfs:dir getattr;
>
> #============= mediaserver ==============
> allow mediaserver device:chr_file { read write ioctl open };
> allow mediaserver system_data_file:file { write open };
>
> #============= platform_app ==============
> allow platform_app device:chr_file { read write open };
> allow platform_app ion_device:chr_file { read open };
> allow platform_app system_data_file:fifo_file { write read open };
>
> #============= radio ==============
> allow radio ion_device:chr_file { read open };
>
> #============= release_app ==============
> allow release_app ion_device:chr_file { read open };
>
> #============= rild ==============
> allow rild device:chr_file { read write open };
> allow rild device:dir { write add_name };
> allow rild device:sock_file { write create };
> allow rild self:netlink_socket { bind create };
>
> #============= shared_app ==============
> allow shared_app device:chr_file { read write ioctl open };
> allow shared_app ion_device:chr_file { read open };
>
> #============= shell ==============
> allow shell ctl_default_prop:property_service set;
> allow shell ctl_rildaemon_prop:property_service set;
> allow shell default_prop:property_service set;
> allow shell device:chr_file { read write getattr open };
> allow shell device:dir { read open };
> allow shell init:fifo_file { read getattr };
> allow shell init:unix_stream_socket { connectto read write };
> allow shell proc:file write;
> allow shell rootfs:file { read open };
> allow shell self:capability { net_admin chown fsetid dac_override };
> allow shell self:capability2 syslog;
> allow shell sysfs:file { write setattr };
> allow shell system_data_file:dir { write remove_name add_name setattr };
> allow shell system_data_file:file { write create unlink open };
> allow shell system_file:lnk_file getattr;
> allow shell system_prop:property_service set;
> allow shell tmpfs:chr_file { read write getattr };
>
> #============= surfaceflinger ==============
> allow surfaceflinger device:chr_file { read write ioctl open };
>
> #============= system ==============
> allow system device:dir { write add_name };
> allow system device:sock_file create;
> allow system ion_device:chr_file { read open };
> allow system zygote:binder { receive call };
> allow system zygote:file write;
>
> #============= system_app ==============
> allow system_app ctl_default_prop:property_service set;
> allow system_app device:chr_file { read write ioctl open };
> allow system_app device:sock_file write;
> allow system_app ion_device:chr_file { read open };
> allow system_app radio_prop:property_service set;
>
> #============= ueventd ==============
> allow ueventd sdcard:dir search;
> allow ueventd sdcard:file { read getattr open };
> allow ueventd self:capability fowner;
>
> #============= zygote ==============
> allow zygote ashmem_device:chr_file execute;
> allow zygote init:unix_stream_socket connectto;
> allow zygote ion_device:chr_file { read open };
> allow zygote property_socket:sock_file write;
> allow zygote self:binder transfer;
> allow zygote servicemanager:binder call;
> allow zygote surfaceflinger:binder { receive call };
> allow zygote surfaceflinger:fd use;
> allow zygote system:binder { receive call };
> allow zygote system_prop:property_service set;
>
>
>
>
>
> On Wed, Sep 12, 2012 at 11:48 AM, Cesar Maiorino
> <cesar.maiorino@gmail.com> wrote:
>> Here is my /proc/kmsg. I am going to dig into it myself, but if you have
>> the time to take a look, any
>> pointers would be appreciated.
>>
>> On Wed, Sep 12, 2012 at 11:37 AM, Joman Chu <jcchu@tycho.ncsc.mil> wrote:
>>>
>>> On 09/12/2012 11:01 AM, Cesar Maiorino wrote:
>>>
>>> I did have these in my init.rc, but my build was not copying init.rc to
>>> to the out directory.
>>> I copied it over manually and rebuilt the boot.img and it now I can change
>>> the values.
>>> So that is progress.
>>> Now, however, when I toggle on SELinux, my device locks up. On reboot it
>>> is stuck at the
>>> lock screen.
>>> Thanks for the help.
>>>
>>> On Tue, Sep 11, 2012 at 4:37 PM, William Roberts
>>> <bill.c.roberts@gmail.com> wrote:
>>>>
>>>> My guess is you need to change the permissions of /selinux/*
>>>> (/selinux/booleans for the booleans) to system system.
>>>>
>>>> the init.rc needs to have chown system system for all of the booleans,
>>>> setenforce etc
>>>>
>>>> chown system system /selinux/enforce
>>>> chown -R system system /selinux/booleans
>>>> chown system system /selinux/commit_pending_bools
>>>>
>>>> You'll need to patch in the recursive support or enumerate all the
>>>> bools. The patch for recursive support can be found:
>>>> https://android-review.googlesource.com/#/c/32220/
>>>>
>>>> Hope this helps.
>>>>
>>>>
>>>> On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
>>>> <cesar.maiorino@gmail.com> wrote:
>>>> > I finally got a version of seandroid (4.0.4) running on my Qualcomm
>>>> > MSM8960
>>>> > Mobile Development Platform. This required some manual intervention as
>>>> > the
>>>> > patch files did not all apply cleanly, so it's possible that I've
>>>> > messed
>>>> > something up in the process.
>>>> >
>>>> > That being said, the SEManager app does not let me change any settings
>>>> > aside
>>>> > from toggling "MAC Mode" on and off. So I can't change '"SELinux Mode"
>>>> > (stuck in permissive), and I can't change any of the Booleans.
>>>> >
>>>> > AVC and MAC logging seem to be working.
>>>> >
>>>> > Any ideas?
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Respectfully,
>>>>
>>>> William C Roberts
>>>
>>>
>>> Perhaps you're running into AVC denials. Can you post the kernel logs from
>>> /proc/kmsg?
>>
>>
>
>
>
> --
> Respectfully,
>
> William C Roberts
--
Respectfully,
William C Roberts
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Problem with SEManager app on Seandroid 4.0.4
2012-09-12 20:50 ` Cesar Maiorino
2012-09-12 21:08 ` William Roberts
@ 2012-09-14 15:41 ` Joshua Brindle
1 sibling, 0 replies; 11+ messages in thread
From: Joshua Brindle @ 2012-09-14 15:41 UTC (permalink / raw)
To: Cesar Maiorino; +Cc: William Roberts, Joman Chu, selinux
Cesar Maiorino wrote:
<snip>
> (2) If I don't add the "shell allow" rules, how do I deal with those
> denials?
>
During development I add a permissive rule for shell so that I can do
whatever I need to do while in enforcing, just add this to your shell.te
at the bottom and remember to remove it before production :) :
permissive shell;
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2012-09-14 15:41 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CAN93RkJ63JnR-ajfVtKx772+NsFT=-P2_L7Cv3cr4rEAJxMYDg@mail.gmail.com>
2012-09-11 20:23 ` Problem with SEManager app on Seandroid 4.0.4 Cesar Maiorino
2012-09-11 20:37 ` William Roberts
2012-09-12 15:01 ` Cesar Maiorino
2012-09-12 15:37 ` Joman Chu
2012-09-12 15:49 ` Cesar Maiorino
2012-09-12 18:48 ` Cesar Maiorino
2012-09-12 20:29 ` William Roberts
2012-09-12 20:50 ` Cesar Maiorino
2012-09-12 21:08 ` William Roberts
2012-09-14 15:41 ` Joshua Brindle
2012-09-12 22:02 ` William Roberts
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.