external/sepolicy/attributes:attributes类型定义
external/sepolicy/te_macros:系统定义的宏
external/sepolicy/users:Selinux用户
external/sepolicy/roles:Selinux角色
external/sepolicy/security_classes:Object class
external/sepolicy/access_vectors:Perm Set, Class被容许执行的命令
external/sepolicy/seapp_contexts:APP数据权限安全上下文
external/sepolicy/file_contexts:系统文件的安全上下文
external/sepolicy/property_contexts:系统属性的安全上下文
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
audit2allow:如何查找avc denied
audit2allow包在policycoreutils中
sudo apt-get install policycoreutils
audit2allow使用方法:
-i <inputfile>
-m <modulename>
-M <modulename>
-p <policyfile>
-o <outputfile>
查找avc denied访问权限 并生成规则
audit2allow -i ~/workspace/Log_avc_denied.log -p out/target/product/‘productname’/root/sepolicy -o avc_denied
如果出现 “policydb version 26 does not match“ 需要重新编译 external/selinux/libsepol/