I think a dynamic type trans is what you want here. I always forget the exact syntax but its something like:
type_trans bluetoothd unlabeled:socket "optional filename"; "Tai Nguyen (tainguye)" <[email protected]> wrote: I think this is a special type of socket – the socket is created based on the device id (i.e., sock = hci_open_dev(hci_get_route(NULL))). This socket is the connection to the microcontroller of the local bluetooth adapter. It is not typical client-server socket. Tai From: William Roberts <[email protected]<mailto:[email protected]>> Date: Monday, February 17, 2014 at 8:59 PM To: Tai Nguyen <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: How to set Security context for blueZ HCI socket Well it depends on who is doing the create and in that code its not obvious to me. Is your socket created by the service declaration in init.rc? If so then look at the readme, theirs an option for specifying the contexts. You may need to do a dynamic type trans for that socket type. Depending on kernel version you can use named dynamic type trans. On Feb 17, 2014 5:49 PM, "Tai Nguyen (tainguye)" <[email protected]<mailto:[email protected]>> wrote: This is a sample code of HCI socket that blueZ use (http://people.csail.mit.edu/albert/bluez-intro/c404.html) #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys/socket.h> #include <bluetooth/bluetooth.h> #include <bluetooth/hci.h> #include <bluetooth/hci_lib.h> int main(int argc, char **argv) { inquiry_info *ii = NULL; int max_rsp, num_rsp; int dev_id, sock, len, flags; int i; char addr[19] = { 0 }; char name[248] = { 0 }; dev_id = hci_get_route(NULL); sock = hci_open_dev( dev_id ); if (dev_id < 0 || sock < 0) { perror("opening socket"); exit(1); } len = 8; max_rsp = 255; flags = IREQ_CACHE_FLUSH; ii = (inquiry_info*)malloc(max_rsp * sizeof(inquiry_info)); num_rsp = hci_inquiry(dev_id, len, max_rsp, NULL, &ii, flags); if( num_rsp < 0 ) perror("hci_inquiry"); for (i = 0; i < num_rsp; i++) { ba2str(&(ii+i)->bdaddr, addr); memset(name, 0, sizeof(name)); if (hci_read_remote_name(sock, &(ii+i)->bdaddr, sizeof(name), name, 0) < 0) strcpy(name, "[unknown]"); printf("%s %s\n", addr, name); } free( ii ); close( sock ); return 0; } Tai From: William Roberts <[email protected]<mailto:[email protected]>> Date: Monday, February 17, 2014 at 8:27 PM To: Tai Nguyen <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: How to set Security context for blueZ HCI socket Depends on how the socket gets created. Could you provide more details? On Feb 17, 2014 4:01 PM, "Tai Nguyen (tainguye)" <[email protected]<mailto:[email protected]>> wrote: Our device uses blueZ stack instead of bluedroid, and we have audit message about unlabeled socket audit(1392652331.875:225): avc: denied { read } for pid=5249 comm="bluetoothd" scontext=u:r:bluetoothd:s0 tcontext=u:object_r:unlabeled:s0 tclass=socket This could be the hci socket that blueZ uses. How do I set security label for this type of socket? Thanks, Tai _______________________________________________ Seandroid-list mailing list [email protected]<mailto:[email protected]> To unsubscribe, send email to [email protected]<mailto:[email protected]>. To get help, send an email containing "help" to [email protected]<mailto:[email protected]>. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
