1.在frameworks/base/services/java/com/android/server/SystemServer.java文件中添加:
Slog.i(TAG, "Led Service");
ServiceManager.addService("led", new LedService());系统无法启动,通过logcat查看,报错如下:
E/SELinux ( 298): avc: denied { add } for service=led scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager
E/ServiceManager( 298): add_service('led',23) uid=1000 - PERMISSION DENIED
解决方法有3种:
1)进入文件系统,将SELinux的权限关闭:
adb shell
su
setenforce permissive,或者setenforce 0
2)修改external/sepolicy/service_contexts文件,添加:
led u:object_r:led_service:s0
修改external/sepolicy/service.te,添加:
type led_service, service_manager_type;
修改external/sepolicy/system_server.te,添加:
allow system_server led_service:service_manager add;
led_service就是要向SystemServer添加的服务,最后make bootimage -j32,将boot.img烧进系统即可。
3)修改external/sepolicy/service_contexts文件,添加:
led u:object_r:system_server_service:s0
2.删除文件系统中的文件,或者将文件push到文件系统,提示:Read-only file system,解决方法:
adb root
adb remount
之后就可以正常删除文件,也可以正常push文件。
3.JNI调用open等操作操作设备节点时,报错:
type=1400 audit(23080.829:6): avc: denied { read write } for pid=1353 comm="system_server" name="msmgpio" dev="tmpfs" ino=7902 scontext=u:r:system_server:s0 tcontext=u:object_r:gpio_device:s0 tclass=chr_file permissive=0
从log中可以看出,system_server对gpio_device文件缺少read和write权限,gpio_device是chr_file类型的文件,因此修改external/sepolicy/目录下对应的文件,该目录下有多种te文件,根据报错信息修改相应文件,本例中是system_server.te文件,在system_server.te文件中添加下面一行即可:
allow system_server gpio_device:chr_file {open read write ioctl};
由于上层应用调用了open,read,write,ioctl操作,所以大括号内有四项,修改完后编译kernel,重刷boot.img即可。
system_server需要访问/dev/msmgpio设备节点,在MSM8909平台上,需要增加如下配置,不然log中不会打印错误信息:
1)device/qcom/msm8909/init.target.rc文件:
on boot
start rmt_storage
insmod /system/lib/modules/adsprpc.ko
+ chown root system /dev/msmgpio
+ chmod 0660 /dev/msmgpio
2)device/qcom/sepolicy/common/device.te文件:
type at_device, dev_type;
+type gpio_device, dev_type;
3)device/qcom/sepolicy/msm8909/file_contexts文件:
/dev/block/platform/soc.0/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0
+/dev/msmgpio u:object_r:gpio_device:s0
4.在external/sepolicy/shell.te文件中添加权限allow shell device:chr_file {open read write ioctl getattr setattr};后编译报错:
libsepol.report_failure: neverallow on line 262 of external/sepolicy/domain.te (or line 5285 of policy.conf) violated by allow shell device:chr_file { read write open };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
make: *** [out/target/product/msm8909/obj/ETC/sepolicy_intermediates/sepolicy] Error 1
make: *** Waiting for unfinished jobs....
根据错误信息,定位到external/sepolicy/domain.te文件的第262行:
neverallow { domain -unconfineddomain -ueventd -recovery} device:chr_file { open read write };
可以看出,domain中明确没有对device的打开和读写权限,除了unconfineddomain,ueventd,recovery外。解决方法有两种:
1) 从neverallow中将shell减去:neverallow { domain -unconfineddomain -ueventd -recovery-shell} device:chr_file { open read write };
这样在做CTS测试的时候会过不了,所以不推荐这种方法。
2) 由于系统对/dev/ttyHSL1没有shell操作权限,所以修改如下三个文件:
1. external/sepolicy/file_contexts增加/dev/ttyHSL1的别名(uart_device,可自定义):
+/dev/ttyHSL1 u:object_r:uart_device:s0
2. external/sepolicy/device.te中将别名uart_device定义为dev_type类型:
+type uart_device, dev_type;
3. external/sepolicy/shell.te中添加shell操作的权限:
+allow shell uart_device:chr_file {open read write ioctl getattr};
之后重编kernel,烧写boot.img即可。
5.使用Android Studio开发区app时,如果APP的API LEVEL和系统不匹配,会抛出异常,导致程序直接退出,例如在通知管理的源码中(frameworks/base/core/java/android/app/NotificationManager.java),会检查application的sdk version:
public void notify(String tag, int id, Notification notification)
{
int[] idOut = new int[1];
INotificationManager service = getService();
String pkg = mContext.getPackageName();
if (notification.sound != null) {
notification.sound = notification.sound.getCanonicalUri();
if (StrictMode.vmFileUriExposureEnabled()) {
notification.sound.checkFileUriExposed("Notification.sound");
}
}
fixLegacySmallIcon(notification, pkg);
if (mContext.getApplicationInfo().targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1) {
if (notification.getSmallIcon() == null) {
throw new IllegalArgumentException("Invalid notification (no valid small icon): "
+ notification);
}
}
if (localLOGV) Log.v(TAG, pkg + ": notify(" + id + ", " + notification + ")");
Notification stripped = notification.clone();
Builder.stripForDelivery(stripped);
try {
service.enqueueNotificationWithTag(pkg, mContext.getOpPackageName(), tag, id,
stripped, idOut, UserHandle.myUserId());
if (id != idOut[0]) {
Log.w(TAG, "notify: id corrupted: sent " + id + ", got back " + idOut[0]);
}
} catch (RemoteException e) {
}
}在程序的13行,会判断targetSdkVersion,如果大于系统的版本,就会出错,此处Build.VERSION_CODES.LOLLIPOP_MR1的值为22,可以通过修改AndroidStudio工程的app/build.gradle文件,指定targetSdkVersion为21即可:
apply plugin: 'com.android.application'
android {
compileSdkVersion 25
buildToolsVersion "25.0.2"
defaultConfig {
applicationId "com.example.yuntaohe.lednotify"
minSdkVersion 15
- targetSdkVersion 25
+ targetSdkVersion 21
versionCode 1
versionName "1.0"
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}
dependencies {
compile fileTree(include: ['*.jar'], dir: 'libs')
testCompile 'junit:junit:4.12'
compile 'com.android.support:appcompat-v7:25.1.1'
}
6.在编译高通Android-5.1.1代码时,由于删除了所有目录下的.git目录和.gitignore文件,报错:
make: *** No rule to make target `external/chromium_org/third_party/angle/.git/index', needed by `out/target/product/msm8909/obj/GYP/shared_intermediates/angle/id/commit.h'. Stop.
解决方法:对于ARM32,修改文件external/chromium_org/third_party/angle/src/commit_id.target.linux-arm.mk的23行,ARM64修改external/chromium_org/third_party/angle/src/commit_id.target.linux-arm64.mk。
-$(gyp_shared_intermediate_dir)/angle/id/commit.h: $(gyp_shared_intermediate_dir)/angle/commit_id.py $(LOCAL_PATH)/third_party/angle/.git/index $(GYP_TARGET_DEPENDENCIES)
+$(gyp_shared_intermediate_dir)/angle/id/commit.h: $(gyp_shared_intermediate_dir)/angle/commit_id.py
就是将这一行最后的$(LOCAL_PATH)/third_party/angle/.git/index $(GYP_TARGET_DEPENDENCIES)去掉,不让源码编译.git/index的部分。
7.修改LK代码后,编译报错:
make[2]: *** No rule to make target `/home/yuntaohe/work/M1503_6.0.1-01610/LINUX/android/prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9/lib/gcc/arm-linux-androideabi/4.9.x-google/include/stdarg.h', needed by `../../../out/target/product/msm8909/obj/EMMC_BOOTLOADER_OBJ/build-msm8909/target/msm8909/init.o'. Stop.
删除out目录,重新编译LK即可。
8.安卓7.1.2代码删除.git目录和.gitignore文件后,编译报错:
Starting build with ninja
ninja: Entering directory `.'
[ 0% 15/38233] build out/target/product/msm8953_64/gen/EXECUTABLES/iw_intermediates/version.c
FAILED: /bin/bash -c "external/iw/version.sh out/target/product/msm8953_64/gen/EXECUTABLES/iw_intermediates/version.c"
fatal: No names found, cannot describe anything.
[ 0% 15/38233] Ensure Jack server is installed and started
Jack server already installed in "/home/yuntaohe/.jack-server"
Server is already running
修改external/iw/version.sh:
-if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null`; then
+if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null` && [$VERSION != "4.1"]; then
9. Senux权限报错:
01-01 00:51:19.459 5296 5296 W .testserialrola: type=1400 audit(0.0:66): avc: denied { write } for name="ttyHSL1" dev="tmpfs" ino=7748 s
context=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:tty_device:s0 tclass=chr_file permissive=0
解决方法:添加mlstrustedobject。
-type tty_device,dev_type;
+type tty_device,dev_type, mlstrustedobject
1703
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
