Run Fennec with SELinux to detect issues

NEW
Unassigned

Status

()

Firefox for Android
General
8 months ago
8 months ago

People

(Reporter: mkaply, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 months ago
We have a partner that ran Fennec with SELinux and got this: 

for firefox we got this deinal after sanity test performed

<36>[ 5364.753481,1] type=1400 audit(1491465095.203:177): avc: denied { unlink } for pid=5708 comm="GeckoBackground" uid=10118 name="lib" dev="dm-2" ino=5523 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0 tclass=lnk_file permissive=0

The reason request for above operation(unlink/delete) is denied is because Android do not allow apps to create/delete data files outside of their specific allocated storage area. below is the policy enforced by Android on all devices.
 
# Do not allow untrusted_app to create/unlink files outside of its sandbox,
# internal storage or sdcard.
# World accessible data locations allow application to fill the device
# with unaccounted for data. This data will not get removed during
# application un-installation.

neverallow untrusted_app {
  file_type
  -app_data_file            # The apps sandbox itself
}:dir_file_class_set { create unlink };

IT looks like something that could be ignored and we told them so, but we should still diagnose and figure out what is going on.

See also bug 1338807
You need to log in before you can comment on or make changes to this bug.