[英]SELinux Permission Denied for a new framework service in android
I have added a new System Service into Android Framework in earlier versions (4.4) following this tutorial from Texas Instruments 我在德州仪器(TI )的本教程之后,在早期版本(4.4)中向Android Framework添加了一个新的系统服务
But when I try to do a similar thing in Android Lollipop, the SELinux policy denies me to do so. 但是当我尝试在Android Lollipop中做类似的事情时,SELinux政策拒绝我这样做。 This is the output from logcat.
这是logcat的输出。
05-11 15:49:51.362 248 248 I SystemServer: Test Service Starting
05-11 15:49:51.364 248 248 I TestManagerService: Started Test Manager Service
05-11 15:49:51.370 54 54 E SELinux : avc: denied { add } for service=TestManagerService scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager
05-11 15:49:51.371 54 54 E ServiceManager: add_service('TestManagerService',28) uid=1000 - PERMISSION DENIED
05-11 15:49:51.378 248 248 E SystemServer: Failure starting TestManagerService
05-11 15:49:51.378 248 248 E SystemServer: java.lang.SecurityException
05-11 15:49:51.378 248 248 E SystemServer: at android.os.BinderProxy.transactNative(Native Method)
05-11 15:49:51.378 248 248 E SystemServer: at android.os.BinderProxy.transact(Binder.java:496)
05-11 15:49:51.378 248 248 E SystemServer: at android.os.ServiceManagerProxy.addService(ServiceManagerNative.java:150)
05-11 15:49:51.378 248 248 E SystemServer: at android.os.ServiceManager.addService(ServiceManager.java:72)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.server.SystemServer.startOtherServices(SystemServer.java:551)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.server.SystemServer.run(SystemServer.java:257)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.server.SystemServer.main(SystemServer.java:171)
05-11 15:49:51.378 248 248 E SystemServer: at java.lang.reflect.Method.invoke(Native Method)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:723)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:613)
I do not want to disable SELinux policy. 我不想禁用SELinux策略。 I just want the policy to allow my new service too.
我只是希望政策允许我的新服务。 What should I do?
我该怎么办?
Check this link: http://androidosp.blogspot.com.tr/2014/11/selinux-seandroid-exceptions-for-system.html 请访问此链接: http : //androidosp.blogspot.com.tr/2014/11/selinux-seandroid-exceptions-for-system.html
You can simply goto: /external/sepolicy/service_contexts 你可以简单地转到:/ external / sepolicy / service_contexts
and add your new service there. 并在那里添加您的新服务。 Thats it!
而已!
To file: 提交:
android-dev\\external\\sepolicy\\service.te
Android的开发\\外部\\ sepolicy \\ service.te
Add: 加:
type mytest_service, system_api_service, system_server_service, service_manager_type;
输入mytest_service,system_api_service,system_server_service,service_manager_type;
To file: 提交:
android-dev\\external\\sepolicy\\service_contexts
Android的开发\\外部\\ sepolicy \\ service_contexts
Add: 加:
mytestservice u:object_r:mytest_service:s0
mytestservice u:object_r:mytest_service:s0
where mytestservice
your name service mytestservice
你的名字服务在哪里
It's help me 这对我很有帮助
In Android 7.1.1 the service_contexts file has moved to system/sepolicy 在Android 7.1.1中,service_contexts文件已移至system / sepolicy
to add A service "foo" to the policy add to the file service_contexts 将一个服务“foo”添加到策略添加到文件service_contexts
foo u:object_r:foo_service:s0
foo u:object_r:foo_service:s0
And in service.te add: 并在service.te添加:
type foo_service, app_api_service, system_server_service, service_manager_type;
输入foo_service,app_api_service,system_server_service,service_manager_type;
A device specific policy can be created by adding a service_contexts & service.te file in the devices sepolicy directory: device/myDevice/versionName/sepolicy 可以通过在设备sepolicy目录中添加service_contexts&service.te文件来创建特定于设备的策略:device / myDevice / versionName / sepolicy
add in your sepolicy file 添加你的sepolicy文件
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.