sepolicy修改后 快速验证
编译:(只针对 .te 的文件, 如果file_contexts service_contexts 这种文件好像不行)
make selinux_policy -j8 // vendor 和system 都修改了
make selinux_policy_nonsystem -j8 // 只修改 vendor相关的sepolicy
编译成功后,只需要替换如下文件 vendor_sepolicy.cil,即可快速验证
/vendor/etc/selinux/vendor_sepolicy.cil
添加native 服务后 selinux配置:
file_contexts:
/system/bin/clouddiskdaemon u:object_r:clouddiskd_exec:s0
service_contexts:
CloudDiskDaemon u:object_r:clouddiskd_service:s0
clouddiskd.te
# clouddisk daemon
type clouddiskd, domain,coredomain;
type clouddiskd_exec, system_file_type, exec_type, file_type;
typeattribute clouddiskd mlstrustedsubject;
#allow clouddiskd self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid sys_admin };
init_daemon_domain(clouddiskd)
binder_call(clouddiskd, servicemanager)
allow system_server clouddiskd_service:service_manager { find };
add_service(clouddiskd, clouddiskd_service)
allow system_app clouddiskd:binder { call };
#allow clouddiskd clouddiskd:capability { dac_read_search dac_override };