android selinux

最新推荐文章于 2024-08-15 13:24:05 发布

yue_zhong

最新推荐文章于 2024-08-15 13:24:05 发布

阅读量459

点赞数 1

分类专栏： android

android 专栏收录该内容

6 篇文章 0 订阅

订阅专栏

1.涉及文件

android/device/qcom/sepolicy/common/*.te
android/external/sepolicy/*.te
2.检查是否为selinux权限问题

seteforce 0 // 关闭selinux

W/vold ( 338): type=1400 audit(0.0:34): avc: denied { create } for name=”smdl76259125.tmp.asec” scontext=u:r:vold:s0 tcontext=u:object_r:vold_tmpfs:s0 tclass=file

W/vold ( 338): type=1400 audit(0.0:35): avc: denied { open } for name=”smdl76259125.tmp.asec” dev=”tmpfs” ino=24405 scontext=u:r:vold:s0 tcontext=u:object_r:vold_tmpfs:s0 tclass=file

W/vold ( 338): type=1400 audit(0.0:36): avc: denied { getattr } for path=”/mnt/secure/asec/smdl76259125.tmp.asec” dev=”tmpfs” ino=24405 scontext=u:r:vold:s0 tcontext=u:object_r:vold_tmpfs:s0 tclass=file

W/vold ( 338): type=1400 audit(0.0:37): avc: denied { rename } for name=”smdl76259125.tmp.asec” dev=”tmpfs” ino=24405 scontext=u:r:vold:s0 tcontext=u:object_r:vold_tmpfs:s0 tclass=file

W/m.android.phone( 1148): type=1400 audit(0.0:38): avc: denied { getattr } for path=”/mnt/asec/com.baidu.appsearch-2/base.apk” dev=”dm-0″ ino=12 scontext=u:r:radio:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file

W/m.android.phone( 1148): type=1400 audit(0.0:39): avc: denied { read } for name=”base.apk” dev=”dm-0″ ino=12 scontext=u:r:radio:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file

W/m.android.phone( 1148): type=1400 audit(0.0:40): avc: denied { open } for name=”base.apk” dev=”dm-0″ ino=12 scontext=u:r:radio:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file

W/installd( 257): type=1400 audit(0.0:41): avc: denied { getattr } for path=”/mnt/secure/asec/com.baidu.appsearch-2.asec” dev=”tmpfs” ino=24405 scontext=u:r:installd:s0 tcontext=u:object_r:vold_tmpfs:s0 tclass=file

3.工具转换

audit2allow -i avc.txt -o avc.te

#============= installd ==============
4 allow installd vold_tmpfs:file getattr;
5
6 #============= radio ==============
7 allow radio asec_apk_file:file { read getattr open };
8
9 #============= vold ==============
10 allow vold vold_tmpfs:file { rename create open getattr };
4.权限解析

W/vold ( 338): type=1400 audit(0.0:34): avc: denied { create } for name=”smdl76259125.tmp.asec” scontext=u:r:vold:s0 tcontext=u:object_r:vold_tmpfs:s0 tclass=file

denied 表示权限 u表示进程 object_r 表示文件