Home Ask Login Register

Developers Planet

Your answer is one click away!

Stack_the_Overflow February 2016

SELinux policy for running "ps" command from APP

I wish to run ps command to find number of running processes in the system. However I get SElinux violation in M

private int read_procs() {
    int nProcs = 0;
    String line = null;

    // "ps" output
    try {
        Process p = Runtime.getRuntime().exec("ps");
        BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
        if (in == null)  {
            mLog.e("cmd output _in_ is null");
            return 1;

        while ((line = in.readLine()) != null) {
        mLog.i("Processes :" + (nProcs-1));
    } catch (Exception e) {

    return nProcs;

how to set policy to allow "ps" command access :

 avc: denied { getattr } for path="/proc/2" dev="proc" ino=9461 scontext=u:r:system_app:s0 tcontext=u:r:kernel:s0 tclass=dir       permissive=0 ppid=3853 pcomm="Thread-52" tgid=3761 tgcomm="test:app"



Stack_the_Overflow February 2016

I solved it by adding a rule like below

allow  [source context] [target context object]:[type] [permission needed];

allow system_app kernel:dir getattr;


Post Status

Asked in February 2016
Viewed 3,285 times
Voted 4
Answered 1 times


Leave an answer

Quote of the day: live life