这些propert_get的属性值如果不去定义,对应的SELinux权限为default_prop.AVC 的审计log会打印
03-27 11:19:59.322 13405 13405 I android.hardwar: type=1400 audit(0.0:1796): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=25020 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
03-27 11:19:59.322 13405 13405 I android.hardwar: type=1400 audit(0.0:1797): avc: denied { open } for path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=25020 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
03-27 11:19:59.322 13405 13405 I android.hardwar: type=1400 audit(0.0:1798): avc: denied { getattr } for path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=25020 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
03-27 11:19:59.322 13405 13405 I android.hardwar: type=1400 audit(0.0:1799): avc: denied { map } for path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=25020 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
转换成的SE语句为
allow hal_sensors_default default_prop:file { getattr map open read };
这时就会报错
neverallow check failed at out/target/product/***/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:22912 from system/sepolicy/private/property.te:47
解决方法
property_contexts
persist.vendor.invn.hal. u:object_r:vendor_imu_sensor_prop:s0
property.te
vendor_public_prop(vendor_imu_sensor_prop)
*.te
set_prop(hal_sensors_default, vendor_imu_sensor_prop);
get_prop(hal_sensors_default, vendor_imu_sensor_prop);