android2上的unix socket的audit2allow给出了空白输出(audit2allow for unix socket on android gives blank output)
我有一个应用程序连接到我在mediaserver中运行的套接字服务器(在我的音频HAL中)
连接时,SElinux会抛出此日志(来自dmesg):
[ 251.022149] type=1400 audit(1491810054.932:24): avc: denied { connectto } for pid=9065 comm="com.gps.app1" path=0073727663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:mediaserver:s0 tclass=unix_stream_socket permissive=1我尝试将它提供给audit2allow以获取te文件,但它返回一个空白规则:
gps@gps-HP-ProBook-4540s:~$ audit2allow -i ~/gps-ott/selinux/denied.txt -m appcon module appcon 1.0; gps@gps-HP-ProBook-4540s:~$有人能指出我做错了什么,或者用什么te文件来允许这种连接?
I have an app that connects to my socket server running within mediaserver (in my audio HAL)
SElinux throws this log when connecting (from dmesg):
[ 251.022149] type=1400 audit(1491810054.932:24): avc: denied { connectto } for pid=9065 comm="com.gps.app1" path=0073727663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:mediaserver:s0 tclass=unix_stream_socket permissive=1I tried feeding it to audit2allow to get te file, but it returns a blank rule:
gps@gps-HP-ProBook-4540s:~$ audit2allow -i ~/gps-ott/selinux/denied.txt -m appcon module appcon 1.0; gps@gps-HP-ProBook-4540s:~$Can someone point me to what I did wrong, or what te file could be used to allow this connection?
最满意答案
你是否从'out'提供了编译后的sepolicy? 你应该。
audit2allow -p ./out/target/product/<your-device>/root/sepolicyDid you supply the compiled sepolicy from 'out'? You should.
audit2allow -p ./out/target/product/<your-device>/root/sepolicy更多推荐
发布评论