Closed Bug 1375076 Opened 7 years ago Closed 3 years ago

Run Fennec with SELinux to detect issues

Categories

(Firefox for Android Graveyard :: General, enhancement, P3)

enhancement

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: mkaply, Unassigned)

References

Details

We have a partner that ran Fennec with SELinux and got this: 

for firefox we got this deinal after sanity test performed

<36>[ 5364.753481,1] type=1400 audit(1491465095.203:177): avc: denied { unlink } for pid=5708 comm="GeckoBackground" uid=10118 name="lib" dev="dm-2" ino=5523 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0 tclass=lnk_file permissive=0

The reason request for above operation(unlink/delete) is denied is because Android do not allow apps to create/delete data files outside of their specific allocated storage area. below is the policy enforced by Android on all devices.
 
# Do not allow untrusted_app to create/unlink files outside of its sandbox,
# internal storage or sdcard.
# World accessible data locations allow application to fill the device
# with unaccounted for data. This data will not get removed during
# application un-installation.

neverallow untrusted_app {
  file_type
  -app_data_file            # The apps sandbox itself
}:dir_file_class_set { create unlink };

IT looks like something that could be ignored and we told them so, but we should still diagnose and figure out what is going on.

See also bug 1338807
We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.