Host scans break when targeting Android 12/13 (SDK versions 32/33 respectively) due to SELinux blocking nlmsg_getneigh

[aaronjwood]

When targeting SDK version 32 or 33 we run into this:

type=1400 audit(0.0:21): avc: denied { nlmsg_getneigh } for scontext=u:r:untrusted_app:s0:c157,c256,c512,c768 tcontext=u:r:untrusted_app:s0:c157,c256,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.aaronjwood.portauthority.donate

The offender originates here:

	if (rtnl_dump_request_n(&rth, &req.n) < 0) {
		perror("Cannot send dump request");
		exit(1);
	}

sendmsg is our problem:

int rtnl_dump_request_n(struct rtnl_handle *rth, struct nlmsghdr *n)
{
	struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
	struct iovec iov = {
		.iov_base = n,
		.iov_len = n->nlmsg_len
	};
	struct msghdr msg = {
		.msg_name = &nladdr,
		.msg_namelen = sizeof(nladdr),
		.msg_iov = &iov,
		.msg_iovlen = 1,
	};

	n->nlmsg_flags = NLM_F_DUMP|NLM_F_REQUEST;
	n->nlmsg_pid = 0;
	n->nlmsg_seq = rth->dump = ++rth->seq;

	return sendmsg(rth->fd, &msg, 0);
}

[Silent-Hunter]

I assume this is why the app crashes when I do Discover Hosts? Is there any way to fix this problem?

[aaronjwood]

Yeah, that's probably what you're hitting. The latest version I've rolled out (v2.4.5) works around this for now. It's not a long term solution as I am just targeting an older API version rather than the very latest.

[chimpzilla]

Has anyone found a workaround for gathering mac addresses? Google Play won't let you publish now unless you target API33. It's so daft, because it means you can't know which device is which on a local network. I think Apple maybe has a similar policy and that Google have simply copied it, without properly thinking through the consequences.