SELinux Permission拒绝在android中使用新的框架服务

时间:2015-05-11 10:55:07

标签: android selinux

我在Texas Instruments

的本教程后面的早期版本(4.4)中添加了一个新的系统服务到Android Framework

但是当我尝试在Android Lollipop中做类似的事情时,SELinux政策拒绝我这样做。 这是logcat的输出。 

05-11 15:49:51.362   248   248 I SystemServer: Test Service Starting
05-11 15:49:51.364   248   248 I TestManagerService: Started Test Manager Service
05-11 15:49:51.370    54    54 E SELinux : avc:  denied  { add } for service=TestManagerService scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager
05-11 15:49:51.371    54    54 E ServiceManager: add_service('TestManagerService',28) uid=1000 - PERMISSION DENIED
05-11 15:49:51.378   248   248 E SystemServer: Failure starting TestManagerService
05-11 15:49:51.378   248   248 E SystemServer: java.lang.SecurityException
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.BinderProxy.transactNative(Native Method)
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.BinderProxy.transact(Binder.java:496)
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.ServiceManagerProxy.addService(ServiceManagerNative.java:150)
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.ServiceManager.addService(ServiceManager.java:72)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.server.SystemServer.startOtherServices(SystemServer.java:551)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.server.SystemServer.run(SystemServer.java:257)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.server.SystemServer.main(SystemServer.java:171)
05-11 15:49:51.378   248   248 E SystemServer:  at java.lang.reflect.Method.invoke(Native Method)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:723)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:613)

我不想禁用SELinux政策。我只是希望政策允许我的新服务。我该怎么办?

4 个答案:

答案 0 :(得分:6)

Check this link: http://androidosp.blogspot.com.tr/2014/11/selinux-seandroid-exceptions-for-system.html

You can simply goto: /external/sepolicy/service_contexts

and add your new service there. Thats it!

答案 1 :(得分:4)

提交文件:

  

机器人-dev的\外部\ sepolicy \ service.te

添加:

  

输入mytest_service,system_api_service,system_server_service,   service_manager_type;

提交文件:

  

机器人-dev的\外部\ sepolicy \ service_contexts

添加:

  

mytestservice u:object_r:mytest_service:s0

mytestservice您的名称服务

它帮助我

答案 2 :(得分:1)

在Android 7.1.1中,service_contexts文件已移至system / sepolicy

添加服务" foo"将策略添加到文件service_contexts

  

foo u:object_r:foo_service:s0

在service.te中添加:

  

输入foo_service,app_api_service,system_server_service,service_manager_type;

可以通过添加service_contexts& amp;来创建特定于设备的策略。设备sepolicy目录中的service.te文件:device / myDevice / versionName / sepolicy

答案 3 :(得分:-2)

添加您的sepolicy文件

  • 允许system_server default_android_service:service_manager add
相关问题
最新问题