如何让system_app设置vendor_default_prop,或者mtk_hal_camera(在vnd分区)获取system_prop?

问题描述 投票:0回答:1

我尝试从 system_app 设置 

persist
道具,并从 
mtk_hal_camera
进程获取它。我尝试了两种方法,但都不起作用:

  1. system_app
    设置
    system_prop
    好,但是
    mtk_hal_camera
    得到
    system_prop
    失败:

09-30 15:04:09.248 7781 7781 W HwBinder:7781_2: 类型=1400 审核(0.0:520169):avc:拒绝{读取} 名称=“u:object_r:system_prop:s0”dev=“tmpfs”ino=385 scontext=u:r:mtk_hal_camera:s0 tcontext=u:object_r:system_prop:s0 tclass=文件许可=0

system_prop
就像:
persist.sys.foo

我尝试在文件中添加

allow mtk_hal_camera system_prop:file { read };

设备/mediatek/sepolicy/自定义/模块/相机/non_plat/mtk_hal_camera.te

但导致编译错误:

2023-10-16 11:16:29 neverallow 检查失败于 out_vnd_hal/target/product/mgvi_64_nfc_armv82/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:22518 来自系统/sepolicy/private/property.te:150 2023-10-16 11:16:29 (绝不允许 base_typeattr_733 base_typeattr_743(文件(ioctl 读取 write 创建 setattr lock relabelfrom 追加 unlink 链接重命名 open 手表 watch_mount watch_sb watch_with_perm watch_reads))) 2023-10-16 11:16:29 2023-10-16 11:16:29 允许在 out_vnd_hal/target/product/mgvi_64_nfc_armv82/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil:12983 2023-10-16 11:16:29(允许 mtk_hal_camera system_prop_31_0(文件 (读)))

  1. mtk_hal_camera
    获取
    vendor_default_prop
    好,但是
    system_app
    设置
    vendor_default_prop
    失败:

2023-10-01 19:45:35.156 1-1/? W//系统/bin/init:类型=1107 审核(0.0:6250):uid = 0 auid = 4294967295 ses = 4294967295 subj = u:r:init:s0 msg='avc: 拒绝 { set } for 属性=persist.vendor.camera.foo pid=13714 uid=1000 gid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service 允许=0'

vendor_default_prop
就像:
persist.vendor.camera.foo

我尝试在文件中添加

allow system_app vendor_default_prop:file { write };

设备/mediatek/sepolicy/自定义/模块/相机/non_plat/system_app.te

再次导致编译错误:

2023-10-14 22:31:31 libsepol.report_failure:neverallow 位于第 507 行 system/sepolicy/public/domain.te(或policy.conf的第12716行) 违反了允许 system_appvendor_default_prop:file { write }; 2023-10-14 22:31:32 libsepol.check_assertions:1 不允许失败 发生了

android android-source selinux
1个回答
0
投票

您应该使用宏 system_public_prop 或 system_restricted_prop 来定义新的 prop 类型。它不会违反绝不允许的规则。

# define a new prop type in property.te 
system_public_prop(mtk_camera_prop)

# label the prop in property_contexts
persist.vendor.camera.foo  u:object_r:mtk_camera_prop:s0 exact int

# allow system_app to set
set_prop(system_app, mtk_camera_prop)

# allow vendor to read
get_prop(mtk_hal_camera, mtk_camera_prop)
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.