Stack_the_Overflow February 2016

SELinux policy for running "ps" command from APP

I wish to run ps command to find number of running processes in the system. However I get SElinux violation in M

private int read_procs() {
    int nProcs = 0;
    String line = null;

    // "ps" output
    try {
        Process p = Runtime.getRuntime().exec("ps");
        BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
        if (in == null)  {
            mLog.e("cmd output _in_ is null");
            return 1;
        }

        while ((line = in.readLine()) != null) {
            nProcs++;
        }
        in.close();
        mLog.i("Processes :" + (nProcs-1));
    } catch (Exception e) {
        e.printStackTrace();
    }

    return nProcs;
}

how to set policy to allow "ps" command access :

 avc: denied { getattr } for path="/proc/2" dev="proc" ino=9461 scontext=u:r:system_app:s0 tcontext=u:r:kernel:s0 tclass=dir       permissive=0 ppid=3853 pcomm="Thread-52" tgid=3761 tgcomm="test:app"

Thanks

Answers


Stack_the_Overflow February 2016

I solved it by adding a rule like below

allow  [source context] [target context object]:[type] [permission needed];

allow system_app kernel:dir getattr;

-

Post Status

Asked in February 2016
Viewed 3,285 times
Voted 4
Answered 1 times

Search




Leave an answer