[英]Escaping colon character in Android selinux
I'm trying to create a custom selinux policy for my AOSP build wherein untrusted apps can write to /sys/class/leds/led:flash_torch/brightness
thereby controlling the flashlight. 我正在尝试为我的AOSP构建创建自定义selinux策略,其中不受信任的应用程序可以写入
/sys/class/leds/led:flash_torch/brightness
从而控制手电筒。
To do this, I edited the following files in external/sepolicy
为此,我在
external/sepolicy
编辑了以下文件
allow domain sys_flashlight:file rw_file_perms;
type sys_flashlight, fs_type;
allow untrusted_app sys_flashlight:file rw_file_perms;
Now, the final piece of the puzzle is the file genfs_contexts
. 现在,最后一个难题是文件
genfs_contexts
。 Ideally, I would want to change this file to contain something like: 理想情况下,我想将此文件更改为包含以下内容:
genfscon proc /sys/class/leds/led:flash_torch/brightness u:object_r:sys_flashlight:s0
First, bear in mind that the above statement is wrong . 首先,请记住上述说法是错误的 。
genfscon proc
is meant to only be used with procfs
. genfscon proc
仅应与procfs
一起使用。 Ignoring that, Since the file path contains the :
character, the build process complains by stating: 忽略这一点,由于文件路径包含
:
字符,因此构建过程会抱怨:
external/sepolicy/genfs_contexts:11:ERROR 'syntax error' at token ':' on line 12972:
genfscon proc /sys/class/leds/led:flash_torch/brightness u:object_r:sysfs_flashlight:s0
genfscon proc /foreground u:object_r:proc_foreground:s0
checkpolicy: error(s) encountered while parsing configuration
make: *** [out/target/product/hammerhead/obj/ETC/sepolicy_intermediates/sepolicy] Error 1
make: *** Waiting for unfinished jobs....
How can I escape the :
character while writing the selinux policies? 编写selinux策略时如何转义
:
字符?
edit : I've already tried quoting the path and using \\
to try and escape the :
with no luck 编辑 :我已经尝试引用路径并使用
\\
来尝试逃脱:
没有运气
Looking at the parser statements for checkpolicy: 查看解析器语句中的checkpolicy:
policy_parse.y:139:%token GENFSCON
policy_parse.y:750:genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def
policy_parse.y:752: | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
policy_parse.y:754: | GENFSCON filesystem path
We see GENFSCON's path token is what is expanding, which is defined as: 我们看到GENFSCON的路径令牌正在扩展,其定义为:
policy_scan.l:252:"/"({alnum}|[_\.\-/])* { return(PATH); }
Thus : is not valid in the set. 因此:在集合中无效。
This seems like a bug that the character set does not include these. 字符集不包含这些字符,这似乎是一个错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.