在Android selinux中转义冒号字符
[英]Escaping colon character in Android selinux
问题描述
I'm trying to create a custom selinux policy for my AOSP build wherein untrusted apps can write to /sys/class/leds/led:flash_torch/brightness thereby controlling the flashlight. 
我正在尝试为我的AOSP构建创建自定义selinux策略,其中不受信任的应用程序可以写入/sys/class/leds/led:flash_torch/brightness从而控制手电筒。
To do this, I edited the following files in external/sepolicy 为此,我在external/sepolicy编辑了以下文件
domain.te domain.te
allow domain sys_flashlight:file rw_file_perms;
file.te file.te
type sys_flashlight, fs_type;
untrusted_app.te untrusted_app.te
allow untrusted_app sys_flashlight:file rw_file_perms;
Now, the final piece of the puzzle is the file genfs_contexts . 现在,最后一个难题是文件genfs_contexts 。 Ideally, I would want to change this file to contain something like: 理想情况下,我想将此文件更改为包含以下内容:
genfscon proc /sys/class/leds/led:flash_torch/brightness u:object_r:sys_flashlight:s0
First, bear in mind that the above statement is wrong . 首先,请记住上述说法是错误的 。 genfscon proc is meant to only be used with procfs . genfscon proc仅应与procfs一起使用。 Ignoring that, Since the file path contains the : character, the build process complains by stating: 忽略这一点,由于文件路径包含:字符,因此构建过程会抱怨:
external/sepolicy/genfs_contexts:11:ERROR 'syntax error' at token ':' on line 12972:
genfscon proc /sys/class/leds/led:flash_torch/brightness u:object_r:sysfs_flashlight:s0
genfscon proc /foreground u:object_r:proc_foreground:s0
checkpolicy: error(s) encountered while parsing configuration
make: *** [out/target/product/hammerhead/obj/ETC/sepolicy_intermediates/sepolicy] Error 1
make: *** Waiting for unfinished jobs....
How can I escape the : character while writing the selinux policies? 编写selinux策略时如何转义:字符?
edit : I've already tried quoting the path and using \\ to try and escape the : with no luck 编辑 :我已经尝试引用路径并使用\\来尝试逃脱:没有运气
1 个解决方案
解决方案1
0 2016-06-13 19:12:19
Looking at the parser statements for checkpolicy: 查看解析器语句中的checkpolicy:
policy_parse.y:139:%token GENFSCON
policy_parse.y:750:genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def
policy_parse.y:752: | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
policy_parse.y:754: | GENFSCON filesystem path
We see GENFSCON's path token is what is expanding, which is defined as: 我们看到GENFSCON的路径令牌正在扩展,其定义为:
policy_scan.l:252:"/"({alnum}|[_\.\-/])* { return(PATH); }
Thus : is not valid in the set. 因此:在集合中无效。
This seems like a bug that the character set does not include these. 字符集不包含这些字符,这似乎是一个错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.