大部分的permission开启enforing后可以解决
call ipc find pty permission
chmod 666 /dev/ptmx
chown root:root /dev/ptmxnetlink find permission
# AI 生成的代码
extern "C" JNIEXPORT jstring JNICALL
Java_com_jee_test_MainActivity_netlinkCheck(JNIEnv* env, jobject /* this */) {
int sock;
struct sockaddr_nl addr;
sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if (sock < 0) {
LOGD("socket failed: %s", strerror(errno));
return env->NewStringUTF("Netlink socket creation failed");
}
addr.nl_family = AF_NETLINK;
addr.nl_pad = 0;
addr.nl_pid = getpid();
addr.nl_groups = 0;
if (bind(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
if (errno == EPERM) {
close(sock);
return env->NewStringUTF("Permission denied");
} else {
close(sock);
return env->NewStringUTF("Netlink bind failed");
}
}
close(sock);
return env->NewStringUTF("Netlink accessible");
}permissive下实际检测效果
开启enforcing后
hunter 从原本的跳两个netlink变成一个,继续修改policy,将untrusted_app_all:netlink_route_socket 排除在外 不然下边咋删allow全都没效果 剩余的其他权限可以自己allow调整
allow {netdomain -untrusted_app_all} self:netlink_route_socket { create read getattr write setattr lock append connect getopt setopt shutdown nlmsg_read };
