Discussion:
AF_UNIX sockets and targetSdkVersion >= 26
Flavio
2018-08-01 11:05:51 UTC
Permalink
Hi all,

my app uses AF_UNIX sockets with 'abstract socket address' to send a file
descriptor to do shared memory with another app from native code.
I've just discovered that if I switch targetSdkVersion from 24 to 26 the
socket request incurs in a permission denied error.
The log looks like this: *... type=1400 audit(0.0:7733): avc: denied {
sendto } for path ...*
I believe that this is SElinux getting in the way. The app has the INTERNET
permission.
Is there any other permission that I have to add or is AF_UNIX sockets
blocked altogether?
The doc for the migration to Android P mentions that *"**Apps may continue
to share data using IPC mechanisms, including by passing FDs" *(
https://developer.android.com/preview/migration)
So it looks like my use case is still supported? Or maybe not from the NDK
side?
I'm not even testing on Android P yet, I'm setting targetSdkVersion to 26
and testing on an Android 8.1 device.

Thanks for any help.

Flavio.
--
You received this message because you are subscribed to the Google Groups "android-ndk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-ndk+***@googlegroups.com.
To post to this group, send email to android-***@googlegroups.com.
Visit this group at https://groups.google.com/group/android-ndk.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-ndk/a1c7d92a-33b6-4c30-a8f6-b5c74dcb62fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
lala chen
2018-08-16 03:50:04 UTC
Permalink
Hi Flavio,

I encounter same problem when I try HardwareBuffer in android 8.0.

The solution I found is setenforce to permissive in your device.

The command is "su 0 setenforce 0"

And you can check the result via getenforce.

If it return the Permission, it's represent you set up OK.

The solution is turn off SELinux, so it may cause some secure problems.(I'm
not sure.)

B.R.
LaChen

Flavioæ–Œ 2018幎8月1日星期䞉 UTC+8䞋午7時05分51秒寫道
Post by Flavio
Hi all,
my app uses AF_UNIX sockets with 'abstract socket address' to send a file
descriptor to do shared memory with another app from native code.
I've just discovered that if I switch targetSdkVersion from 24 to 26 the
socket request incurs in a permission denied error.
The log looks like this: *... type=1400 audit(0.0:7733): avc: denied {
sendto } for path ...*
I believe that this is SElinux getting in the way. The app has the
INTERNET permission.
Is there any other permission that I have to add or is AF_UNIX sockets
blocked altogether?
The doc for the migration to Android P mentions that *"**Apps may
continue to share data using IPC mechanisms, including by passing FDs" *(
https://developer.android.com/preview/migration)
So it looks like my use case is still supported? Or maybe not from the NDK
side?
I'm not even testing on Android P yet, I'm setting targetSdkVersion to 26
and testing on an Android 8.1 device.
Thanks for any help.
Flavio.
--
You received this message because you are subscribed to the Google Groups "android-ndk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-ndk+***@googlegroups.com.
To post to this group, send email to android-***@googlegroups.com.
Visit this group at https://groups.google.com/group/android-ndk.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-ndk/bae08718-4ef0-4e97-af53-4e7e1e5b7eac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...