I have an app that starts a native application and communicates with it using unix domain sockets. The app works fine on a NON-Rooted device.
The problem is when I start the native application as root. The native application runs fine and is waiting for messages from the app. The app then tries to send a message to the native application using the unix domain socket. The app is using JNI to call "sendto"; but SELinux is blocking sendto calls from my app.
This is the logs written when i try to call "sendto" blocked.
type=1400 audit(0.0:27806): avc: denied { sendto } for uid=10220 comm=4173796E635461736B202331 path=0044726F696456504E456E67696E65536F636B6574 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:init:s0 tclass=unix_dgram_socket permissive=0
The only thing that makes it work again is if I disable selinux (eg: setenforce 0)
Is there any other way to fix this? Like an semanage command so that I wont have to fully disable SELinux and only allow what my app needs and that is to just use unix domain sockets?