android AVC错误修改权限方法

  • adb logcat日志报错:
1
init: avc: denied { set } for property=camera.gc02m1 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:camera_prop:s0tclass=property_service
  • SELinux的权限不足
1
标志性 log: avc: denied { 操作权限 } for pid=7201 comm=“进程名” scontext=u:r:源类型:s0 tcontext=u:r:目标类型:s0 tclass=访问类型 permissive=0
  • 修改配置

由于scontext是mm-qcamerad

所以,找到mm-qcamerad.te文件路径/home/scooper/workspace/ljh/msm8909/device/qcom/sepolicy/common/mm-qcamerad.te

  • 增加配置
1
allow mm-qcamerad camera_prop:property_service {set};

 一般添加权限的步骤:

adb shell

su

setenforce 0

exit //退出root用户

开一个终端adb shell logcat -b all|grep avc 抓avc权限

再开个终端去执行你要执行命令

示例:

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
03-31 03:02:45.563  3739  3739 I auditd  : type=1400 audit(0.0:158): avc: denied { search } for comm="sh" name="battery" dev="sysfs" ino=40646 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=dir permissive=1
03-31 03:02:45.563  3739  3739 I sh      : type=1400 audit(0.0:158): avc: denied { search } for name="battery" dev="sysfs" ino=40646 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=dir permissive=1
03-31 03:02:45.563  3739  3739 I auditd  : type=1400 audit(0.0:159): avc: denied { write } for comm="sh" name="input_suspend" dev="sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1
03-31 03:02:45.563  3739  3739 I sh      : type=1400 audit(0.0:159): avc: denied { write } for name="input_suspend" dev="sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1
03-31 03:02:45.563  3739  3739 I auditd  : type=1400 audit(0.0:160): avc: denied { open } for comm="sh" path="/sys/devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm2250@0:qcom,qpnp-smblite/power_supply/battery/input_suspend" dev="sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1
03-31 03:02:45.563  3739  3739 I sh      : type=1400 audit(0.0:160): avc: denied { open } for path="/sys/devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm2250@0:qcom,qpnp-smblite/power_supply/battery/input_suspend" dev="sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1
 
 
03-31 03:03:01.247  4128  4128 I auditd  : type=1400 audit(0.0:161): avc: denied { read } for comm="cat" name="input_suspend" dev="sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1
03-31 03:03:01.247  4128  4128 I cat     : type=1400 audit(0.0:161): avc: denied { read } for name="input_suspend" dev="sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1
03-31 03:03:01.247  4128  4128 I auditd  : type=1400 audit(0.0:162): avc: denied { open } for comm="cat" path="/sys/devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm2250@0:qcom,qpnp-smblite/power_supply/battery/input_suspend" dev="sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1
03-31 03:03:01.247  4128  4128 I cat     : type=1400 audit(0.0:162): avc: denied { open } for path="/sys/devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm2250@0:qcom,qpnp-smblite/power_supply/battery/input_suspend" dev="sysfs" ino=40674 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_sysfs_battery_supply:s0 tclass=file permissive=1
 
 
在shell.te中添加,一般在LA.UM.9.15.2.R1/device/qcom/sepolicy_vndr/generic/vendor/common/shell.te (scontext主体是shell,所以要在shell.te中添加)
allow shell vendor_sysfs_battery_supply:dir{ search};
allow shell vendor_sysfs_battery_supply:file{ open write read};
posted @   轻轻的吻  阅读(1188)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· DeepSeek 开源周回顾「GitHub 热点速览」
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
点击右上角即可分享
微信分享提示