Lines Matching refs:rule
117 不合理的权限配置,会触发编译报错,关键报错信息`check rule 'xxx' in user mode failed`,这里的`xxx`表示被拦截的检查项`name`,报错如下:
119 …check rule 'execute and execute_no_trans' in user mode failed, process label should transform whil…
124 2. Change the policy to avoid violating rule 'execute and execute_no_trans'
126 …check rule 'execute and execute_no_trans' in developer mode failed, process label should transform…
131 4. Change the policy to avoid violating rule 'execute and execute_no_trans'
174 …是未同时删除白名单时,也会触发编译报错,关键报错信息`remove the following unnecessary whitelists in rule 'xxx' part 'user'`,…
176 … check rule 'execute and execute_no_trans' failed in whitelist file 'perm_group_whitelist.json'
177 … remove the following unnecessary whitelists in rule 'execute and execute_no_trans' part 'user':
179 … check rule 'execute and execute_no_trans' failed in whitelist file 'perm_group_whitelist.json'
180 …remove the following unnecessary whitelists in rule 'execute and execute_no_trans' part 'developer…
229 … expect rule: (allow sh vendor_file (dir ())); actual rule: (allow sh vendor_file (dir (search)))
231 …1. Add the above actual rule to baseline file 'sh.baseline' under 'base/security/selinux_adapter/s…
232 2. Change the policy to satisfy expect rule
235 … expect rule: (allow sh vendor_file (dir ())); actual rule: (allow sh vendor_file (dir (search)))
237 …1. Add the above actual rule to baseline file 'sh.baseline' under 'base/security/selinux_adapter/s…
238 2. Change the policy to satisfy expect rule
249 - 方式一:将报错中`"actual rule"`字段的cil策略,作为新基线添加到`//base/security/selinux_adapter/sepolicy/`下的基线文件`xx.base…
265 … expect rule: (allow sh rootfs (dir (search))); actual rule: (allow sh rootfs (dir ()))
267 …1. Add the above actual rule to baseline file 'sh.baseline' under 'base/security/selinux_adapter/s…
268 2. Change the policy to satisfy expect rule
271 … expect rule: (allow sh rootfs (dir (search))); actual rule: (allow sh rootfs (dir ()))
273 …1. Add the above actual rule to baseline file 'sh.baseline' under 'base/security/selinux_adapter/s…
274 2. Change the policy to satisfy expect rule
279 这里根据报错,要删除基线`"(allow sh rootfs (dir (search)))"`,另外,以符合`"actual rule"`,其他冗余基线报错的删除位置参考下表:
296 配置的 allow 规则访问权限包含了 ioctl,但未限定 ioctl 权限参数时,会触发编译报错,关键报错信息`check ioctl rule in user mode failed.`,报错…
298 check ioctl rule in user mode failed.
303 please add "allowxperm" rule based on the above list.
349 在策略文件中增加 `permissive scontext;` 后,会触发编译报错,关键报错信息 `check permissive rule in user mode failed.`,报错如下:
351 check permissive rule in user mode failed.
356 2. Change the policy to avoid violating rule.