报错信息
type=1400 audit(0.0:75): avc: denied { read } for name="u:object_r:serialno_prop:s0" dev="tmpfs" ino=10729 scontext=u:r:system_app:s0 tcontext=u:object_r:serialno_prop:s0 tclass=file permissive=0
添加allow system_app serialno_prop:file read 违反了neverallow
如何绕过
目录system/sepolicy
diff --git a/private/coredomain.te b/private/coredomain.te
index 86e800962..828a44e12 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -109,6 +109,7 @@ full_treble_only(`
coredomain
-init
-ueventd
+ -system_app_sysfs
-vold
} sysfs:file no_rw_file_perms;
diff --git a/private/system_app.te b/private/system_app.te
index 0b77bb372..356afc561 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -4,7 +4,13 @@
### server.
###
-typeattribute system_app coredomain;
+# ota
+allow sy