如何在android selinux上下文中标记进程?
[英]How process under android selinux context was labeled?
问题描述
I'm trying to do the Android SElinux implementation , For the files, I could define file selinux security context with the flie_contexts file , Say I was adding a /system/bin/mymodule file, So I could sign it's scontext with add it to /system/sepolicy/private/flie_contexts , But what if the process's selinux security context, I can't find somewhere I could simply define them 
我正在尝试执行Android SElinux实现 ,对于文件,我可以使用flie_contexts文件定义文件selinux安全上下文,比如说我要添加/ system / bin / mymodule文件,因此我可以对其进行签名并添加到/ system / sepolicy / private / flie_contexts ,但是如果进程是selinux安全上下文,我找不到可以简单定义它们的地方怎么办
I know the process security context was inherited by its parent process, But Is there any mechanism I could force setting process security context just like the file? 我知道流程安全性上下文是由其父流程继承的,但是是否有任何机制可以像文件一样强制设置流程安全性上下文?
Any Insight? 有见识吗?
1 个解决方案
解决方案1
1 已采纳 2019-07-17 08:53:26
There are two things you need to do: 您需要做两件事:
1. Define a Context 1.定义上下文
Let's assume you want to create a custom context called np_mybinary for your binary. 假设您要为二进制文件创建一个名为np_mybinary的自定义上下文。
This is what your .te file will have to contain: 这是您的.te文件将必须包含的内容:
type np_mybinary, domain;
type np_mybinary_exec, exec_type, vendor_file_type, file_type;
This is what your file_contexts file will have to contain: 这是您的file_contexts文件必须包含的内容:
/system/bin/mymodule u:object_r:np_mybinary_exec:s0
2. Define a Transition 2.定义过渡
You need to define the transition from the parent process context to np_mybinary_exec . 您需要定义从父流程上下文到np_mybinary_exec的过渡。
domain_auto_trans(<parent-context>, np_mybinary, np_mybinary_exec)
If your process is started by init, there is a simple macro available: 如果您的进程是通过init启动的,则可以使用一个简单的宏 :
init_daemon_domain(np_mybinary);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.