【Android】SELinux初探

查看/data/local/tmp路径下文件的context
Sunday:/data/local/tmp
$ ls -Z






u:object_r:shell_data_file:s0 
tServer






可以看到关键词shell_data_file
Sunday:/data/local/tmp
$ ./tServer
add
myService
num
= 0








查看进程的上下文
D:\2016\11\adb>adb 
shell
Sunday:/
$ ps -Z|grep tServ
u:r:shell:s0                   shell     9911 
5385  21972  2308 
binder_thr 7c3997a8c4
S ./tServer






u:object_r:rootfs:s0            init.aee.rc
u:object_r:rootfs:s0            init.common.rc
u:object_r:rootfs:s0            init.common_svc.rc


在根目录下执行ls命令，如果没有设置权限，会报avc问题
1|Sunday:/
$ ls -l init
ls:
init: Permission denied
抓取log
logcat
| grep avc:






01-03
08:37:51.260 10524 10524 W ls      :
type=1400 audit(0.0:716): avc: denied






 { getattr } for path="/init"
dev="rootfs" ino=6172 scontext=u:r:shell:s0 tconte






xt=u:object_r:init_exec:s0 
tclass=file permissive=0
 


如果要解决这个权限问题，可以进行赋权操作
allow 
shell init_exec:file  { getattr }
 






1|Sunday:/system/bin
$ cat vold






/system/bin/sh:
cat: vold: Permission denied






 






01-03
08:45:31.500 10370 10370 W sh      :
type=1400 audit(0.0:741): avc: denied






 { read } for name="vold"
dev="dm-0" ino=605 scontext=u:r:shell:s0 tcontext=u:ob






ject_r:vold_exec:s0
 tclass=file permissive=0




写一个程序来读文件，查看对应的sepolice处理


int 
main(int argc, char* const argv[])






{






const char* file =
"/init.aee.rc";






if (argc > 1)






        file = argv[1];






 






        int fd = open(file, O_RDONLY);






        if(fd < 0)






        {






                printf("fd < 0,
errno=%d \n", errno);






                return -1;






        }






printf("open \n");






close(fd);






 






return 0;






}






 






 






1|Sunday:/data/local/tmp
$ ./wtRootFile /system/bin/vold






fd
< 0, errno=13






 






01-03
11:43:25.590 11125 11125 W wtRootFile: type=1400 audit(0.0:793): avc: denied {
read } for 


name="vold" 
dev="dm-0" ino=605 scontext=u:r:shell:s0
tcontext=u:object_r:vold_exec:s0 tclass=file permissive=0






 






手机root后






01-03
11:46:48.420 11159 11159 I ls      :
type=1400 audit(0.0:795): avc: denied






 { getattr } for path="/init"
dev="rootfs" ino=6172 scontext=u:r:shell:s0 tconte






xt=u:object_r:init_exec:s0
tclass=file permissive=1






 






Sunday:/
# ls -l /system/bin/vold






-rwxr-xr-x
1 root shell 641984 2017-07-10 05:01 /system/bin/vold






Sunday:/
# ls -Z /system/bin/vold






u:object_r:vold_exec:s0
/system/bin/vold






 






 






01-03
11:54:21.710 11189 11189 I wtRootFile: type=1400 audit(0.0:805): avc: deni






ed {
read } for name="init.aee.rc" dev="rootfs" ino=22
scontext=u:r:shell:s0 tco






ntext=u:object_r:rootfs:s0
tclass=file permissive=1






01-03
11:54:21.710 11189 11189 I wtRootFile: type=1400 audit(0.0:806): avc: deni






ed {
open } for path="/init.aee.rc" dev="rootfs" ino=22 scontext=u:r:shell:s0
tc






ontext=u:object_r:rootfs:s0
tclass=file permissive=1






01-03
11:56:57.710 11193 11193 I wtRootFile: type=1400 audit(0.0:807): avc: deni






ed {
read } for name="vold" dev="dm-0" ino=605
scontext=u:r:shell:s0 tcontext=u:






object_r:vold_exec:s0
tclass=file permissive=1






01-03
11:56:57.710 11193 11193 I wtRootFile: type=1400 audit(0.0:808): avc: deni






ed {
open } for path="/system/bin/vold" dev="dm-0" ino=605
scontext=u:r:shell:s0






 tcontext=u:object_r:vold_exec:s0 tclass=file
permissive=1