On 02/18/2014 10:49 AM, Tai Nguyen (tainguye) wrote: > Hi Stephen, > > Do you have any suggestion where and what do I look for in the kernel? > What context should it have in this case?
Sockets should be labeled with the context of the creating process. So either there is something wrong in your kernel bluetooth code such that a socket is being created without ever calling the corresponding security hook to label it or you have a process running in unlabeled that created the socket (the latter should only happen if you reloaded policy and invalidated the context of an already running process). Normally this gets handled by the __sock_create() function in net/socket.c, called by the various sock_create() functions. Calls security_socket_create() before creating the socket to check permissions and then calls security_socket_post_create() after creating the socket to label it. The SELinux functions are then selinux_socket_create() and selinux_socket_post_create(). _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
