I traced our BlueZ Bluetooth software to the driver at kernel net/bluetooth. I did a diff between our code and the 4.4.2 branch kernel/msm/net/bluetooth. Although there are differences in these 2 versions, nothing stand out that our version doesn¹t call security_socket_post_create(). In fact, I can¹t find where the kernel/msm/net/bluetooth set the security context for its sockets.
Thus, I need your help to understand more on how the kernel/msm/net/bluetooth have their sockets labeled. Thanks, Tai On 2/18/14, 11:06 AM, "Stephen Smalley" <[email protected]> wrote: >On 02/18/2014 10:49 AM, Tai Nguyen (tainguye) wrote: >> Hi Stephen, >> >> Do you have any suggestion where and what do I look for in the kernel? >> What context should it have in this case? > >Sockets should be labeled with the context of the creating process. >So either there is something wrong in your kernel bluetooth code such >that a socket is being created without ever calling the corresponding >security hook to label it or you have a process running in unlabeled >that created the socket (the latter should only happen if you reloaded >policy and invalidated the context of an already running process). > >Normally this gets handled by the __sock_create() function in >net/socket.c, called by the various sock_create() functions. Calls >security_socket_create() before creating the socket to check permissions >and then calls security_socket_post_create() after creating the socket >to label it. The SELinux functions are then selinux_socket_create() and >selinux_socket_post_create(). > > > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
