On Thu, Feb 14, 2013 at 8:13 PM, Saurabh Sharma <[email protected]> wrote: > Hello, > For connectto permission using unix_stream_socket, the system throws write > avc denial is on sock_file > e.g > allow abcd xyz:unix_stream_socket connectto; > > connect function call throws > avc: denied { write } for pid=12345 scontext=u:r:abcd:s0 > tcontext=u:object_r:xyz:s0 tclass=sock_file > > Does connect call in socket opens a file for writing ? > If its so, is connectto rule is dependent on write permission in case of > socket ? > What am i missing here ? > Note: pid, source context and target context are taken only for example > reference. > Regards, > Saurabh Sharma >
Saurabh, connectto and write are 2 separate permissions. connectto lets you connect to a server socket, write, lets you write an fd of that type and class. Typically a client program connects to a server and then reads and writes data. If you are facing a specific denial we could help you. I wasn't quite clear on your question, hopefully this answers it or makes it more clear. -- Respectfully, William C Roberts -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
