On 02/13/2013 09:57 AM, Tai Nguyen (tainguye) wrote:
The macro unix_socket_connect(clientdomain, socket, serverdomain) uses the socket type. So, if I have processA talks to serverB via socket, thus, I use the rule unix_socket_connect(processA, serverB, serverB). Then I have to define the serverB_socket type. Do I need to define a transition rule to that socket type or is it done automatically?
For sockets created by init (i.e. when there is a socket line in the service section in the init.rc file), you can just add a line to file_contexts to specify the security context for the socket file and init will look it up and label it accordingly when it is created. See the existing entries for e.g. /dev/socket/adbd and friends.
For sockets created by the individual server daemon, you'll need to define a type_transition rule in policy so that the kernel will label it correctly when the daemon creates it. See existing examples in gpsd.te, system.te, and wpa_supplicant.te.
-- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
