本文介绍了Android 8.0以后SElinux策略的改变,并详细阐述了如何在Android 9.0上为xxx系统服务修改和添加SeLinux权限,包括修改多个sepolicy文件、service_contexts以及在SystemServer.java中注册服务。同时提供了服务的aidl定义、实现和服务注册的相关代码示例。
一、SElinux在Android 8.0后的差异:
从Android 4.4到Android 7.0的SELinux策略构建方式合并了所有sepolicy片段(平台和非平台),然后在根目录生成单一文件,而Android 8.0开始关于selinux架构也类似于HIDL想把系统平台的selinux策略和厂商自己维护的策略剥离开来, 允许合作伙伴单独自己的策略,构建他们的镜像(.img)引导,这样便可以独立于平台更新这些.img,反之亦然(即:在不更新合作伙伴jiang‘xaing像的情况下执行平台更新)。
二、修改xxx service示例:
以下便通过修改xxx系统服务的selinux权限作为例子参考(实际需根据SDK的版本修改对应目录):
1./system/sepolicy/prebuilts/api/26.0/nonplat_sepolicy.cil
(typeattribute xxx_service_26_0)
(roletype object_r xxx_service_26_0)
2./system/sepolicy/prebuilts/api/27.0/nonplat_sepolicy.cil
(typeattribute xxx_service_27_0)
(roletype object_r xxx_service_27_0)
3./system/sepolicy/prebuilts/api/28.0/private/compat/26.0/26.0.cil
(typeattributeset xxx_service_26_0 (xxx_service))
4./system/sepolicy/prebuilts/api/28.0/private/compat/27.0/27.0.cil
(typeattributeset xxx_service_27_0 (xxx_service))
5./system/sepolicy/prebuilts/api/28.0/private/service_contexts
xxx u:object_r:xxx_service:s0
6./system/sepolicy/prebuilts/api/28.0/public/service.te
type xxx_service, system_api_service, system_server_service, service_manager_type;
7./system/sepolicy/private/compat/26.0/26.0.cil
(typeattributeset xxx_service_26_0 (xxx_service))
8./system/sepolicy/private/compat/27.0/27.0.cil
(typeattributeset xxx_service_27_0 (xxx_service))
9./system/sepolicy/private/service_contexts
xxx u:object_r:xxx_service:s0
10./system/sepolicy/public/service.te
type xxx_service, system_api_service, system_server_service, service_manager_type;
三、使用修改selinux权限的系统服务:
//1.定义aidl文件:------------------------------------
package com.xxx.aidl;interfaceISecurityServer {voidstartLockAppSevice();
}//2.实现aidl接口:------------------------------------
package com.xxx.aidl;public classSecurityServer extends ISecurityServer.Stub{public voidstartLockAppSevice() {
}
}//3.提供对外接口类:----------------------------------
package com.xxx.security;public classSecurityManager {privatefinal ISecurityServer mService;publicSecurityManager(ISecurityServer service) {
mService=service;
}public voidstartLockAppSevice(){try{
mService.startLockAppSevice();
}catch(RemoteException e) {//TODO Auto-generated catch block
e.printStackTrace();
}
}
}//4.注册服务:---------------------------------------
SystemServiceRegistry.java 添加
registerService("xxx", com.xxx.SecurityManager.class,new CachedServiceFetcher() {
@Overridepubliccom.xxx.SecurityManager createService(ContextImpl ctx) {
IBinder b= ServiceManager.getService("xxx");return newcom.xxx.SecurityManager(com.xxx.aidl.ISecurityServer.Stub.asInterface(b));
}
});//5. SystemServer.java 将服务添加进ServiceManager -------------
try{//
com.xxx.aidl.SecurityServer Security = newcom.xxx.aidl.SecurityServer(mContext);
ServiceManager.addService("xxx", Security);
}catch(Throwable e) {
Log.e(TAG,"Failure starting olc_service_security", e);
}//6. 服务调用:-------------------------------------------------
SecurityManager securityManager = (SecurityManager)getSystemService("xxx");
-end-
扫一扫
1785
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
