SElinux avc dennied permission problem solution

Mobile 2023-09-30 00:56:31 views: null

SElinux avc insufficient permission problem:

1. Compile the debug version.
2. Capture the log: adb shell --> dmesg | grep avc
3. Supplement the corresponding .te file; you can also write the .te file yourself, you must first declare it in the system/sepolicy/file_contexts file;

The general principle is to provide whatever authority is missing! ! !

1. Add it manually based on the error report in the log.

1. The original .te file of the system

For example, the error message printed out is as follows:
Insert image description here
Log analysis:

read/write: means there is no read/write permission;
system_app: lack of permission in system_app, the file name is the same as this, xxx.te;
serial_device: lack of permission in the serial_device file system;
chr_file: file of type chr_file;

amendment:

在system_app.te文件中,添加下面语句:
allow system_app serial_device:chr_file read;
allow system_app serial_device:chr_file write;
2. Re-add the .te file
  1. First go to the system/sepolicy/file_contexts file and declare: (take adb.te as an example)
    Insert image description here
    specify the path of abc, and specify a name, which must service名(abc)+_execend with.
  2. Create a .te file:
    Insert image description here
    All the permissions granted above are filled step by step based on what is missing in the avc denied log.
3. Write the user version and see the results.

Second, use audio2allow to generate the format for adding permissions (convenient and quick)

android tool audit2allow generates security policy

1. Installation tools under ubuntu:
sudo apt-get install policycoreutils
sudo apt-get autoremove                    # 安装有问题时执行
2. Extract all avc logs:
adb shell dmesg | grep avc > avc_log.txt
3. Use tools to generate policy statements:
audio2allow -i avc_log.txt

Insert image description here
The execution result is shown in the picture above, where #============== adpl ============= represents the te file you want to add. Here we need to find adpl .te file, and then add
allow adpl diag_device:chr_file { read write };, just add whichever one you need;

3. Regarding the neverallow error problem encountered during compilation

Error:
Insert image description hereSolution:
Regarding the neverallow error when compiling, you can add the corresponding permissions to the corresponding script in the prompt;
Insert image description here

Guess you like

Origin blog.csdn.net/weixin_45639314/article/details/133320963
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com