Neverallow failures occurred

What does that even mean? Let’s take a look at the code:

[CODE]
libsepol.report_failure: neverallow on line 574 of system/sepolicy/system_server.te (or line 18452 of policy.conf) violated by allow system_server system_server:process { execmem };
libsepol.report_failure: neverallow on line 544 of system/sepolicy/domain.te (or line 9255 of policy.conf) violated by allow mediaserver shell_data_file:dir { search };
libsepol.report_failure: neverallow on line 459 of system/sepolicy/domain.te (or line 9170 of policy.conf) violated by allow mm-qcamerad system_file:file { execmod };
libsepol.report_failure: neverallow on line 459 of system/sepolicy/domain.te (or line 9170 of policy.conf) violated by allow mediaserver system_file:file { execmod };
libsepol.report_failure: neverallow on line 459 of system/sepolicy/domain.te (or line 9170 of policy.conf) violated by allow system_server system_file:file { execmod };
libsepol.report_failure: neverallow on line 433 of system/sepolicy/domain.te (or line 9159 of policy.conf) violated by allow mm-qcamerad system_file:file { execmod };
libsepol.report_failure: neverallow on line 433 of system/sepolicy/domain.te (or line 9159 of policy.conf) violated by allow mediaserver system_file:file { execmod };
libsepol.report_failure: neverallow on line 433 of system/sepolicy/domain.te (or line 9159 of policy.conf) violated by allow system_server system_file:file { execmod };
libsepol.check_assertions: 8 neverallow failures occurred
Error while expanding policy
[/CODE]

From the error output, I can only discern that these should never be allowed to happen in a sepolicy configuration. So, to make ammends with the compiler, I edited build_aokp7/device/samsung/jf-common/sepolicy/system_server.te, build_aokp7/device/samsung/jf-common/sepolicy/mm-qcamerad.te, and build_aokp7/device/samsung/jf-common/sepolicy/media_server.te, simply removing the sepolicy rule that was causing the issue, namely

[CODE]system_file:file { execmod };[/CODE]

It is worth noting that they do appear twice in the list of errors, but only once in the file itself. Hopefully that will help me as I compile AOKP 7.0 for the jfltetmo Samsung Galaxy S4, T-Mobile edition.

Linux – keep it simple.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s