I've a code like this:
type hal_foo_default, domain;
hal_server_domain (hal_foo_default, hal_example)
I need to add a new rule:
allow hal_foo_default hal_foo_default:tcp_socket { create bind listen accept };
Because I've denied message:
avc: denied { accept } for pid=1033 comm="android.hardwar" lport=33455 scontext=u:r:hal_foo_default:s0 tcontext=u:r:hal_foo_default:s0 tclass=tcp_socket permissive=1
But at the compilation stage I've an error because Android have a neverallow rule . How do I add a new rule in the correct way?
You can add you domain to this file like this
neverallow {
halserverdomain
-hal_automotive_socket_exemption
-hal_tetheroffload_server
-hal_wifi_server
-hal_wifi_hostapd_server
-hal_wifi_supplicant_server
-hal_telephony_server
-hal_foo_default //YOUR DOMAIN
} domain:{ tcp_socket udp_socket rawip_socket } *;
It is not canonic, but works
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.