android2上的unix socket的audit2allow给出了空白输出(audit2allow for unix socket on android gives blank output)

android2上的unix socket的audit2allow给出了空白输出(audit2allow for unix socket on android gives blank output)

我有一个应用程序连接到我在mediaserver中运行的套接字服务器（在我的音频HAL中）

连接时，SElinux会抛出此日志（来自dmesg）：

[ 251.022149] type=1400 audit(1491810054.932:24): avc: denied { connectto } for pid=9065 comm="com.gps.app1" path=0073727663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:mediaserver:s0 tclass=unix_stream_socket permissive=1

我尝试将它提供给audit2allow以获取te文件，但它返回一个空白规则：

gps@gps-HP-ProBook-4540s:~$ audit2allow -i ~/gps-ott/selinux/denied.txt -m appcon module appcon 1.0; gps@gps-HP-ProBook-4540s:~$

有人能指出我做错了什么，或者用什么te文件来允许这种连接？

I have an app that connects to my socket server running within mediaserver (in my audio HAL)

SElinux throws this log when connecting (from dmesg):

[ 251.022149] type=1400 audit(1491810054.932:24): avc: denied { connectto } for pid=9065 comm="com.gps.app1" path=0073727663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:mediaserver:s0 tclass=unix_stream_socket permissive=1

I tried feeding it to audit2allow to get te file, but it returns a blank rule:

gps@gps-HP-ProBook-4540s:~$ audit2allow -i ~/gps-ott/selinux/denied.txt -m appcon module appcon 1.0; gps@gps-HP-ProBook-4540s:~$

Can someone point me to what I did wrong, or what te file could be used to allow this connection?

最满意答案

你是否从'out'提供了编译后的sepolicy？ 你应该。

audit2allow -p ./out/target/product/<your-device>/root/sepolicy

Did you supply the compiled sepolicy from 'out'? You should.

audit2allow -p ./out/target/product/<your-device>/root/sepolicy