堆栈内存溢出
  简体   繁体   English

SELinux Permission拒绝在android中使用新的框架服务

[英]SELinux Permission Denied for a new framework service in android

 原文  2015-05-11 10:55:06       android/ selinux

问题描述

I have added a new System Service into Android Framework in earlier versions (4.4) following this tutorial from Texas Instruments 我在德州仪器(TI )的本教程之后,在早期版本(4.4)中向Android Framework添加了一个新的系统服务

But when I try to do a similar thing in Android Lollipop, the SELinux policy denies me to do so. 但是当我尝试在Android Lollipop中做类似的事情时,SELinux政策拒绝我这样做。 This is the output from logcat. 这是logcat的输出。 

05-11 15:49:51.362   248   248 I SystemServer: Test Service Starting
05-11 15:49:51.364   248   248 I TestManagerService: Started Test Manager Service
05-11 15:49:51.370    54    54 E SELinux : avc:  denied  { add } for service=TestManagerService scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager
05-11 15:49:51.371    54    54 E ServiceManager: add_service('TestManagerService',28) uid=1000 - PERMISSION DENIED
05-11 15:49:51.378   248   248 E SystemServer: Failure starting TestManagerService
05-11 15:49:51.378   248   248 E SystemServer: java.lang.SecurityException
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.BinderProxy.transactNative(Native Method)
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.BinderProxy.transact(Binder.java:496)
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.ServiceManagerProxy.addService(ServiceManagerNative.java:150)
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.ServiceManager.addService(ServiceManager.java:72)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.server.SystemServer.startOtherServices(SystemServer.java:551)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.server.SystemServer.run(SystemServer.java:257)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.server.SystemServer.main(SystemServer.java:171)
05-11 15:49:51.378   248   248 E SystemServer:  at java.lang.reflect.Method.invoke(Native Method)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:723)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:613)

I do not want to disable SELinux policy. 我不想禁用SELinux策略。 I just want the policy to allow my new service too. 我只是希望政策允许我的新服务。 What should I do? 我该怎么办?

4 个解决方案

解决方案1
 6 已采纳  2015-05-24 22:13:15

Check this link: http://androidosp.blogspot.com.tr/2014/11/selinux-seandroid-exceptions-for-system.html 请访问此链接: http//androidosp.blogspot.com.tr/2014/11/selinux-seandroid-exceptions-for-system.html

You can simply goto: /external/sepolicy/service_contexts 你可以简单地转到:/ external / sepolicy / service_contexts

and add your new service there. 并在那里添加您的新服务。 Thats it! 而已!

解决方案2
 4  2016-03-24 10:46:23

To file: 提交:

android-dev\\external\\sepolicy\\service.te Android的开发\\外部\\ sepolicy \\ service.te

Add: 加:

type mytest_service, system_api_service, system_server_service, service_manager_type; 输入mytest_service,system_api_service,system_server_service,service_manager_type;

To file: 提交:

android-dev\\external\\sepolicy\\service_contexts Android的开发\\外部\\ sepolicy \\ service_contexts

Add: 加:

mytestservice u:object_r:mytest_service:s0 mytestservice u:object_r:mytest_service:s0

where mytestservice your name service mytestservice你的名字服务在哪里

It's help me 这对我很有帮助

解决方案3
 1  2017-09-08 15:29:36

In Android 7.1.1 the service_contexts file has moved to system/sepolicy 在Android 7.1.1中,service_contexts文件已移至system / sepolicy

to add A service "foo" to the policy add to the file service_contexts 将一个服务“foo”添加到策略添加到文件service_contexts

foo u:object_r:foo_service:s0 foo u:object_r:foo_service:s0

And in service.te add: 并在service.te添加:

type foo_service, app_api_service, system_server_service, service_manager_type; 输入foo_service,app_api_service,system_server_service,service_manager_type;

A device specific policy can be created by adding a service_contexts & service.te file in the devices sepolicy directory: device/myDevice/versionName/sepolicy 可以通过在设备sepolicy目录中添加service_contexts&service.te文件来创建特定于设备的策略:device / myDevice / versionName / sepolicy

解决方案4
 -2  2015-07-02 15:15:24

add in your sepolicy file 添加你的sepolicy文件

  • allow system_server default_android_service:service_manager add 允许system_server default_android_service:service_manager add

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 新创建的服务的 AndroidP-SELinux 权限被拒绝 - AndroidP-SELinux Permission Denied for a new created service SELinux拒绝Android读取文件 - Android Read file denied by SELinux Selinux拒绝在Android 8上启动服务 - Selinux Denies Starting Service on Android 8 Android-拒绝创建新文件的权限 - Android - Permission Denied for creating new file 如果权限被拒绝,则打开一个新活动android - If Permission Denied open a new activity android Android Marshmallow:新文件(...)授予权限被拒绝 - Android Marshmallow: new File (…) gives permission denied 创建Android新文件时权限被拒绝 - Permission Denied when creating new file Android Android服务异常-权限被拒绝缺少INTERNET权限 - Android Service Exception - Permission denied missing INTERNET permission android.permission.BIND_TELECOM_CONNECTION_SERVICE 权限被拒绝 - android.permission.BIND_TELECOM_CONNECTION_SERVICE permission denied SELinux Unix Socket权限被拒绝。 怎么修? - SELinux Unix Socket permission denied. How to fix?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM