Something went wrong on our end
-
Nick Kralevich authoredCommit 92dfa31f added "seinfo=platform" to all fixed UID domains. However, that caused problems for shared_relro. shared_relro runs like an isolated app, and doesn't have an seinfo field associated with it. This causes a crash when system_server attempts to start shared_relro. W art : PreZygoteFork called when we already have a zygote space. E SELinux : seapp_context_lookup: No match for app with uid 1037, seinfo (null), name WebViewLoader-armeabi-v7a E SELinux : selinux_android_setcontext: Error setting context for app with uid 1037, seinfo (null): Success E Zygote : selinux_android_setcontext(1037, 0, "(null)", "WebViewLoader-armeabi-v7a") failed F art : art/runtime/jni_internal.cc:508] JNI FatalError called: RuntimeAbort I ActivityManager: Start proc WebViewLoader-armeabi-v7a [android.webkit.WebViewFactory$RelroFileCreator] for : pid=2717 uid=1037 gids={} abi=armeabi-v7a W libbacktrace: virtual bool BacktraceThread::Unwind(size_t, ucontext_t*): tgkill 1176 failed: No such process W libbacktrace: virtual bool BacktraceThread::Unwind(size_t, ucontext_t*): tgkill 1176 failed: No such process F art : art/runtime/runtime.cc:331] Runtime aborting... F art : art/runtime/runtime.cc:331] Aborting thread: F art : art/runtime/runtime.cc:331] "main" prio=5 tid=1 Native F art : art/runtime/runtime.cc:331] | group="" sCount=0 dsCount=0 obj=0x7298f000 self=0xb4827800 F art : art/runtime/runtime.cc:331] | sysTid=1176 nice=0 cgrp=default sched=0/0 handle=0xb6f22d80 F art : art/runtime/runtime.cc:331] | state=? schedstat=( 0 0 0 ) utm=0 stm=0 core=0 HZ=100 F art : art/runtime/runtime.cc:331] | stack=0xbe39d000-0xbe39f000 stackSize=8MB F art : art/runtime/runtime.cc:331] | held mutexes= "abort lock" "mutator lock"(shared held) F art : art/runtime/runtime.cc:331] kernel: (couldn't read /proc/self/task/1176/stack) F art : art/runtime/runtime.cc:331] native: (backtrace::Unwind failed for thread 1176) F art : art/runtime/runtime.cc:331] at com.android.internal.os.Zygote.nativeForkAndSpecialize(Native method) F art : art/runtime/runtime.cc:331] at com.android.internal.os.Zygote.forkAndSpecialize(Zygote.java:91) F art : art/runtime/runtime.cc:331] at com.android.internal.os.ZygoteConnection.runOnce(ZygoteConnection.java:227) removing seinfo=platform from shared_relro fixed this bug, but then revealed two new SELinux denials: E SELinux : avc: denied { find } for service=webviewupdate scontext=u:r:shared_relro:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager E SELinux : avc: denied { find } for service=activity scontext=u:r:shared_relro:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager Add the needed SELinux rule. Change-Id: I4372ccfe2e9f3d982796d2c0dc79259aa8a31810
Nick Kralevich authoredCommit 92dfa31f added "seinfo=platform" to all fixed UID domains. However, that caused problems for shared_relro. shared_relro runs like an isolated app, and doesn't have an seinfo field associated with it. This causes a crash when system_server attempts to start shared_relro. W art : PreZygoteFork called when we already have a zygote space. E SELinux : seapp_context_lookup: No match for app with uid 1037, seinfo (null), name WebViewLoader-armeabi-v7a E SELinux : selinux_android_setcontext: Error setting context for app with uid 1037, seinfo (null): Success E Zygote : selinux_android_setcontext(1037, 0, "(null)", "WebViewLoader-armeabi-v7a") failed F art : art/runtime/jni_internal.cc:508] JNI FatalError called: RuntimeAbort I ActivityManager: Start proc WebViewLoader-armeabi-v7a [android.webkit.WebViewFactory$RelroFileCreator] for : pid=2717 uid=1037 gids={} abi=armeabi-v7a W libbacktrace: virtual bool BacktraceThread::Unwind(size_t, ucontext_t*): tgkill 1176 failed: No such process W libbacktrace: virtual bool BacktraceThread::Unwind(size_t, ucontext_t*): tgkill 1176 failed: No such process F art : art/runtime/runtime.cc:331] Runtime aborting... F art : art/runtime/runtime.cc:331] Aborting thread: F art : art/runtime/runtime.cc:331] "main" prio=5 tid=1 Native F art : art/runtime/runtime.cc:331] | group="" sCount=0 dsCount=0 obj=0x7298f000 self=0xb4827800 F art : art/runtime/runtime.cc:331] | sysTid=1176 nice=0 cgrp=default sched=0/0 handle=0xb6f22d80 F art : art/runtime/runtime.cc:331] | state=? schedstat=( 0 0 0 ) utm=0 stm=0 core=0 HZ=100 F art : art/runtime/runtime.cc:331] | stack=0xbe39d000-0xbe39f000 stackSize=8MB F art : art/runtime/runtime.cc:331] | held mutexes= "abort lock" "mutator lock"(shared held) F art : art/runtime/runtime.cc:331] kernel: (couldn't read /proc/self/task/1176/stack) F art : art/runtime/runtime.cc:331] native: (backtrace::Unwind failed for thread 1176) F art : art/runtime/runtime.cc:331] at com.android.internal.os.Zygote.nativeForkAndSpecialize(Native method) F art : art/runtime/runtime.cc:331] at com.android.internal.os.Zygote.forkAndSpecialize(Zygote.java:91) F art : art/runtime/runtime.cc:331] at com.android.internal.os.ZygoteConnection.runOnce(ZygoteConnection.java:227) removing seinfo=platform from shared_relro fixed this bug, but then revealed two new SELinux denials: E SELinux : avc: denied { find } for service=webviewupdate scontext=u:r:shared_relro:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager E SELinux : avc: denied { find } for service=activity scontext=u:r:shared_relro:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager Add the needed SELinux rule. Change-Id: I4372ccfe2e9f3d982796d2c0dc79259aa8a31810