Skip to content
This repository was archived by the owner on Aug 18, 2025. It is now read-only.
This repository was archived by the owner on Aug 18, 2025. It is now read-only.

Security warnings for system folders (startup logged messages) #110

Open
Open
Security warnings for system folders (startup logged messages)#110
@saropa

Description

@saropa
saropa
opened on Nov 5, 2024

Steps to Reproduce

As reported in the original package: W/isarworker( 8160): avc: denied { getattr } for path="/metadata" on app startup

Code sample

        final Directory dir = await getApplicationDocumentsDirectory();

        _isar = await Isar.open(
          isarSchemas,
          directory: dir.path,
          inspector: isIsarInspectorEnabled,
        );
W/isarworker(27662): type=1400 audit(0.0:360): avc:  denied  { getattr } for  path="/metadata" dev="vdd1" ino=2 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:361): avc:  denied  { getattr } for  path="/system_dlkm" dev="dm-4" ino=38 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:system_dlkm_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:362): avc:  denied  { getattr } for  path="/apex/apex-info-list.xml" dev="tmpfs" ino=88 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:apex_info_file:s0 tclass=file permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:363): avc:  denied  { getattr } for  path="/linkerconfig" dev="tmpfs" ino=3 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:linkerconfig_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:364): avc:  denied  { getattr } for  path="/linkerconfig" dev="tmpfs" ino=3 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:linkerconfig_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:365): avc:  denied  { getattr } for  path="/metadata" dev="vdd1" ino=2 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 app=com.sm.app

W/isarworker(27662): type=1400 audit(0.0:366): avc:  denied  { getattr } for  path="/system_dlkm" dev="dm-4" ino=38 scontext=u:r:untrusted_app:s0:c190,c256,c512,c768 tcontext=u:object_r:system_dlkm_file:s0 tclass=dir permissive=0 app=com.sm.app

Details

Whilst not blocking, it is a bit concerning to get folder security warnings. Is there a way to configure the open() to avoid the protected systems folders?

  • I searched for similar issues already
  • I filled the details section with the exact device model and version
  • I am able to provide a reproducible example

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions