Hello SEAndroid folks, I created and maintain an Android app called Network Log. It uses iptables logging to monitor network transmissions and record statistics about them.
Historically, Android has shipped with a Linux kernel with the iptables/netfilter LOG (CONFIG_NETFILTER_XT_TARGET_LOG) target enabled. To monitor the logging using the LOG target, you would typically read /proc/kmsg and watch for the logging output. Network Log has no problems doing this with SEAndroid since it uses the system's grep or cat commands in a su root shell to read /proc/kmsg. However, more recent Android systems have been using the newer(ish) NFLOG (CONFIG_NETFILTER_XT_TARGET_NFLOG) target instead. This target requires using netlink sockets to read the logging information. My app uses a native binary based on http://netfilter.org/projects/libnetfilter_log/ to interact with NFLOG. The app installs this binary to the app's files location (/data/data/com.googlecode.networklog/files/) and executes it in a su root shell. This has been working successfully until SEAndroid started shipping in Enforcing mode. My question is: Is there a simple way for the app or the end-user to allow the nflog binary to run without being restricted? What would be your recommendations? Alternatively, might there be a better approach for interacting with NFLOG of which SEAndroid is more tolerant? Thanks for your attention.
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
