Ubuntu
apparmor-easyprof-ubuntu package

Access to /vendor/lib/libGLES_mali.so denied when run under confinement

Bug #1219885 reported by Sergio Schvezov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor-easyprof-ubuntu (Ubuntu)
Fix Released
High
Jamie Strandboge
Saucy
Fix Released
High
Jamie Strandboge

Bug Description

This issue is with readonly images only.

This is what happens when running:
strace aa-exec -p com.ubuntu.dropping-letters_dropping-letters_0.1.2.2 -- qmlscene dropping-letters.qml --desktop_file_hint=/home/phablet/.local/share/applications/com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.desktop
...
access("/vendor/lib/egl/libGLES_mali.so", R_OK) = 0
stat64("/vendor/lib/egl/libGLES_mali.so", {st_mode=S_IFREG|0644, st_size=13129916, ...}) = 0
open("/vendor/lib/egl/libGLES_mali.so", O_RDONLY) = -1 EACCES (Permission denied)
stat64("/vendor/lib//vendor/lib/egl/libGLES_mali.so", 0xbe8e9b68) = -1 ENOENT (No such file or directory)
stat64("/system/lib//vendor/lib/egl/libGLES_mali.so", 0xbe8e9b68) = -1 ENOENT (No such file or directory)
open("/dev/alog/main", O_WRONLY) = -1 EACCES (Permission denied)
access("/vendor/lib/egl/libEGL_mali.so", R_OK) = -1 ENOENT (No such file or directory)
access("/system/lib/egl/libEGL_mali.so", R_OK) = -1 ENOENT (No such file or directory)
socket(PF_LOCAL, SOCK_STREAM, 0) = 4
connect(4, {sa_family=AF_LOCAL, sun_path="/dev/socket/property_service"}, 31) = 0
send(4, "\2\0\0\0debug.egl.callstack\0\0\0\0\0\0\0\0\0"..., 128, 0) = 128
recv(4, "\2\0\0\0debug.egl.callstack\0\0\0\0\0\0\0\0\0"..., 128, 0) = 128
recv(4, "", 128, 0) = 0
close(4) = 0
write(2, "ASSERT: \"eglBindAPI(EGL_OPENGL_E"..., 79ASSERT: "eglBindAPI(EGL_OPENGL_ES_API) == EGL_TRUE" in file screen.cc, line 80
) = 79
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
tgkill(3148, 3148, SIGABRT) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=3148, si_uid=32011} ---
+++ killed by SIGABRT (core dumped) +++
Aborted (core dumped)

contrary to without confinement:

...
access("/vendor/lib/egl/libGLES_mali.so", R_OK) = 0
stat64("/vendor/lib/egl/libGLES_mali.so", {st_mode=S_IFREG|0644, st_size=13129916, ...}) = 0
open("/vendor/lib/egl/libGLES_mali.so", O_RDONLY) = 8

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: apparmor-easyprof 2.8.0-0ubuntu26
ProcVersionSignature: Error: [Errno 2] No such file or directory: '/proc/version_signature'
Uname: Linux 3.4.0-4-manta armv7l
ApportVersion: 2.12.1-0ubuntu3
Architecture: armhf
Date: Mon Sep 2 15:32:10 2013
InstallationDate: Installed on 2013-09-02 (0 days ago)
InstallationMedia: Ubuntu Saucy Salamander (development branch) - armhf (20130902)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
 TERM=linux
 PATH=(custom, no user)
ProcKernelCmdline: vmalloc=512M debug_core.break_on_panic=0 debug_core.break_on_exception=0 no_console_suspend s3c2410-wdt.tmr_atboot=1 s3c2410-wdt.tmr_margin=30 s3cfb.bootloaderfb=0x60000000 androidboot.bootloader=MANTALJ12 androidboot.serialno=R32CB04SQ1J androidboot.wifimacaddr=BC:20:A4:7E:26:EC androidboot.btmacaddr=BC:20:A4:7E:26:EB
PstreeP: Error: [Errno 2] No such file or directory: '/usr/bin/pstree'
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Sergio Schvezov (sergiusens) wrote :
Sergio Schvezov (sergiusens)
description: updated
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

So, libraries have been moving around underneath apparmor. apparmor-easyprof-ubuntu 1.0.20 fixed a similar issue for /system -> /android/system. We now need another update for /vendor - > /android/vendor.

affects: apparmor (Ubuntu) → apparmor-easyprof-ubuntu (Ubuntu)
Changed in apparmor-easyprof-ubuntu (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → High
status: New → In Progress
Revision history for this message
Sergio Schvezov (sergiusens) wrote :

I can't open apps either on ro images on maguro either

Jamie Strandboge (jdstrand)
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.0.26

---------------
apparmor-easyprof-ubuntu (1.0.26) saucy; urgency=low

  * ubuntu-* template: allow accesses to /android/vendor/lib (LP: #1219885)
 -- Jamie Strandboge <email address hidden> Tue, 03 Sep 2013 09:38:03 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.