android AVC错误修改权限方法
- adb logcat日志报错:
1 | init: avc: denied { set } for property=camera.gc02m1 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:camera_prop:s0tclass=property_service |
- SELinux的权限不足
1 | 标志性 log : avc: denied { 操作权限 } for pid=7201 comm=“进程名” scontext=u:r:源类型:s0 tcontext=u:r:目标类型:s0 tclass=访问类型 permissive=0 |
- 修改配置
由于scontext是mm-qcamerad
所以,找到mm-qcamerad.te文件路径/home/scooper/workspace/ljh/msm8909/device/qcom/sepolicy/common/mm-qcamerad.te
- 增加配置
1 | allow mm-qcamerad camera_prop:property_service {set}; |
一般添加权限的步骤:
adb shell
su
setenforce 0
exit //退出root用户
开一个终端adb shell logcat -b all|grep avc 抓avc权限
再开个终端去执行你要执行命令
示例:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | 03-31 03:02:45.563 3739 3739 I auditd : type=1400 audit(0.0:158): avc: denied { search } for comm= "sh" name= "battery" dev= "sysfs" ino=40646 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=dir permissive=1 03-31 03:02:45.563 3739 3739 I sh : type=1400 audit(0.0:158): avc: denied { search } for name= "battery" dev= "sysfs" ino=40646 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=dir permissive=1 03-31 03:02:45.563 3739 3739 I auditd : type=1400 audit(0.0:159): avc: denied { write } for comm= "sh" name= "input_suspend" dev= "sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1 03-31 03:02:45.563 3739 3739 I sh : type=1400 audit(0.0:159): avc: denied { write } for name= "input_suspend" dev= "sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1 03-31 03:02:45.563 3739 3739 I auditd : type=1400 audit(0.0:160): avc: denied { open } for comm= "sh" path= "/sys/devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm2250@0:qcom,qpnp-smblite/power_supply/battery/input_suspend" dev= "sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1 03-31 03:02:45.563 3739 3739 I sh : type=1400 audit(0.0:160): avc: denied { open } for path= "/sys/devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm2250@0:qcom,qpnp-smblite/power_supply/battery/input_suspend" dev= "sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1 03-31 03:03:01.247 4128 4128 I auditd : type=1400 audit(0.0:161): avc: denied { read } for comm= "cat" name= "input_suspend" dev= "sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1 03-31 03:03:01.247 4128 4128 I cat : type=1400 audit(0.0:161): avc: denied { read } for name= "input_suspend" dev= "sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1 03-31 03:03:01.247 4128 4128 I auditd : type=1400 audit(0.0:162): avc: denied { open } for comm= "cat" path= "/sys/devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm2250@0:qcom,qpnp-smblite/power_supply/battery/input_suspend" dev= "sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1 03-31 03:03:01.247 4128 4128 I cat : type=1400 audit(0.0:162): avc: denied { open } for path= "/sys/devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm2250@0:qcom,qpnp-smblite/power_supply/battery/input_suspend" dev= "sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1 在shell.te中添加,一般在LA.UM.9.15.2.R1/device/qcom/sepolicy_vndr/generic/vendor/common/shell.te (scontext主体是shell,所以要在shell.te中添加) allow shell vendor_sysfs_battery_supply:dir{ search}; allow shell vendor_sysfs_battery_supply:file{ open write read}; |
分类:
Andorid
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了