Add “allow” rule for selinux (Android)
Question
I've a code like this:
type hal_foo_default, domain;
hal_server_domain (hal_foo_default, hal_example)
I need to add a new rule:
allow hal_foo_default hal_foo_default:tcp_socket { create bind listen accept };
Because I've denied message:
avc: denied { accept } for pid=1033 comm="android.hardwar" lport=33455 scontext=u:r:hal_foo_default:s0 tcontext=u:r:hal_foo_default:s0 tclass=tcp_socket permissive=1
But at the compilation stage I've an error because Android have a neverallow rule . How do I add a new rule in the correct way?
1 answers
solution1
0 2018-07-28 09:05:26
You can add you domain to this file like this
neverallow {
halserverdomain
-hal_automotive_socket_exemption
-hal_tetheroffload_server
-hal_wifi_server
-hal_wifi_hostapd_server
-hal_wifi_supplicant_server
-hal_telephony_server
-hal_foo_default //YOUR DOMAIN
} domain:{ tcp_socket udp_socket rawip_socket } *;
It is not canonic, but works
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Add new security policy in SElinux on Android 10
Updating Android 9 SELinux Policy To Allow OTA Updates by System App
Add vendor service to ServiceManager with android treble architecture[SELinux policy]
Android SELinux errors in logcat
Fix Android SELinux rules
SELinux issue in Android 6
Read SELinux in Android device
SElinux Android message interpretation
Selinux: how to allow an application to access a device
How to disable SELinux competely in android
Related Tags