1, ioctlcmd & ioctl
avc: denied { ioctl } for comm="bmpdump" path="socket:[159003]" dev="sockfs" ino=159003 ioctlcmd=0x8946 scontext=u:r:unlogger_bmpdump:s0 tcontext=u:r:unlogger_bmpdump:s0 tclass=unix_dgram_socket permissive=0
04-08 13:45:44.194 8519 8519 W bmpdump: type=1400 audit(0.0:1283): avc: denied { ioctl } for path="socket:[159003]" dev="sockfs" ino=159003 ioctlcmd=0x8946 scontext=u:r:unlogger_bmpdump:s0 tcontext=u:r:unlogger_bmpdump:s0 tclass=unix_dgram_socket permissive=0
(1)碰到这个问题我第一印象是加上这个
allow unlogger_bmpdump self:unix_dgram_socket { ioctl };
(2)发现失败,还是会报这个错误,就发现有这个 ioctlcmd=0x8946 首先要查找这个ioctlcmd对应的定义,查找android/system/sepolicy/public/ioctl_defines中对应的ioctlcmd在ioctl_defines中的定义,
ioctlcmd=0x8946 define(`SIOCETHTOOL', `0x00008946')
(3)需要在对应的te中添加:
allowxperm unlogger_bmpdump self: unix_dgram_socket ioctl { SIOCETHTOOL };
(4)远远没有想得简单,解决这个问题需要添加两个权限处理:
allowxperm unlogger_bmpdump self: unix_dgram_socket ioctl { SIOCETHTOOL };
allow unlogger_bmpdump self:unix_dgram_socket { ioctl };