FROM:http://blog.csdn.net/evan_lo/article/details/62423780
在默认的selinux规则中, 非系统APP无权访问很多类型的字符设备.
下面以访问串行设备为例
确认android / platform / external / sepolicy / file_contexts 文件是否添加对应节点
串行设备的节点, android 原生系统已经声明, 不用另外添加, 如果是其他没有声明的设备, 可以自行添加.
/dev/ttyS[0-9]*
u:object_r:serial_device:s0
修改
android/external/sepolicy/
device.te。
diff --git a/device.te b/device.te
--- a/device.te
+++ b/device.te
@@ -33,7 +33,7 @@ type kmsg_device, dev_type;
type null_device, dev_type, mlstrustedobject;
type random_device, dev_type, mlstrustedobject;
type sensors_device, dev_type;
-type serial_device, dev_type;
+type serial_device, dev_type, mlstrustedobject;
type socket_device, dev_type;
type owntty_device, dev_type, mlstrustedobject;
type tty_device, dev_type;
--- a/device.te
+++ b/device.te
@@ -33,7 +33,7 @@ type kmsg_device, dev_type;
type null_device, dev_type, mlstrustedobject;
type random_device, dev_type, mlstrustedobject;
type sensors_device, dev_type;
-type serial_device, dev_type;
+type serial_device, dev_type, mlstrustedobject;
type socket_device, dev_type;
type owntty_device, dev_type, mlstrustedobject;
type tty_device, dev_type;
diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te
--- a/sepolicy/untrusted_app.te
+++ b/sepolicy/untrusted_app.te
@@ -16,3 +16,4 @@ allow system_server media_rw_data_file:dir relabelfrom;
allow untrusted_app domain:dir { getattr search };
allow untrusted_app domain:file { read getattr open };
allow untrusted_app domain:lnk_file read;
+allow untrusted_app serial_device:chr_file rw_file_perms;
扫一扫
436
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
