'修改测略':
log:01-01 00:00:20.828 3665 3665 W sh : type=1400 audit(0.0:12): avc: denied { write } for name="core_pattern" dev="proc" ino=11742 scontext=u:r:brlinkd:s0 tcontext=u:object_r:usermodehelper:s0 tclass=file permissive=0
分析: scontext=u:r:brlinkd
tcontext=u:object_r:usermodehelper
tclass=file
avc:denied{write}
解析:在brlinkd.te里面写
allow brlinkd usermodehelper:file write;
src:
device/xxfslxx/xxvinsonxx/sepolicy
system/sepolicy
define:
system/sepolicy/*/global_macros
'关闭selinux策略':
在system/core/init/init.rc里面
static selinux_enforcing_status selinux_status_from_cmdline() {
selinux_enforcing_status status = SELINUX_ENFORCING;
import_kernel_cmdline(false, [&](const std::string& key, const std::string& value, bool in_qemu) {
if (key == "androidboot.selinux" && value == "permissive") {
status = SELINUX_PERMISSIVE;
}
});
return status;
}
如上判断kernel_cmdline里面是否有androidboot.seliux;enforcing为打开,permissive为关上。
所以在Boardconfig.mk里面对BOARD_KERNEL_CMDLINE进行添加androidboot.selinux=permissive即可关闭selinux
ps:运行时的操作就是命令行下的
$getenforce
$setenforce