Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security warnings for system folders (startup logged messages) #110

Open
1 of 3 tasks
saropa opened this issue Nov 5, 2024 · 0 comments
Open
1 of 3 tasks

Security warnings for system folders (startup logged messages) #110

saropa opened this issue Nov 5, 2024 · 0 comments

Comments

@saropa
Copy link

saropa commented Nov 5, 2024

Steps to Reproduce

As reported in the original package: W/isarworker( 8160): avc: denied { getattr } for path="/metadata" on app startup

Code sample

        final Directory dir = await getApplicationDocumentsDirectory();

        _isar = await Isar.open(
          isarSchemas,
          directory: dir.path,
          inspector: isIsarInspectorEnabled,
        );
W/isarworker(27662): type=1400 audit(0.0:360): avc:  denied  { getattr } for  path="/metadata" dev="vdd1" ino=2 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:361): avc:  denied  { getattr } for  path="/system_dlkm" dev="dm-4" ino=38 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:system_dlkm_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:362): avc:  denied  { getattr } for  path="/apex/apex-info-list.xml" dev="tmpfs" ino=88 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:apex_info_file:s0 tclass=file permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:363): avc:  denied  { getattr } for  path="/linkerconfig" dev="tmpfs" ino=3 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:linkerconfig_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:364): avc:  denied  { getattr } for  path="/linkerconfig" dev="tmpfs" ino=3 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:linkerconfig_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:365): avc:  denied  { getattr } for  path="/metadata" dev="vdd1" ino=2 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:366): avc:  denied  { getattr } for  path="/system_dlkm" dev="dm-4" ino=38 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:system_dlkm_file:s0 tclass=dir permissive=0 app=com.sm.app

Details

Whilst not blocking, it is a bit concerning to get folder security warnings. Is there a way to configure the open() to avoid the protected systems folders?

  • I searched for similar issues already
  • I filled the details section with the exact device model and version
  • I am able to provide a reproducible example
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@saropa