遇到一个selinux权限报错问题。
报错信息如下:
2037-12-25 00:36:12.244 2362-2362/? E/SELinux: avc: denied { find } for service=media.metrics pid=3713 uid=1002 scontext=u:r:bluetooth:s0 tcontext=u:object_r:mediametrics_service:s0 tclass=service_manager permissive=0
发现system/sepolicy中已经有对mediametrics_service的定义了
system/sepolicy/public/service.te:
type mediametrics_service, service_manager_type;
system/sepolicy/private/audioserver.te:
allow audioserver mediametrics_service:service_manager find;
system/sepolicy/private/priv_app.te:
allow priv_app mediametrics_service:service_manager find;
system/sepolicy/private/service_contexts:
media.metrics u:object_r:mediametrics_service:s0
新建目录和文件:
sepolicy
------ demo.te
demo.te
allow bluetooth mediametrics_service:service_manager find;
在/BoardConfig.mk讲放在app目录的sepolicy加进来:
#demo
DEMO_PROJECT_DIR := vendor/hsae/packages/apps/demo/sepolicy
BOARD_SEPOLICY_DIRS += $(DEMO_PROJECT_DIR )