首先我得到的日志为:
11-11 11:11:14.779 2287 2287 E SELinux : **avc: denied** { add } for interface=vendor.abc.wifi.wifidiagnostic::IWifiDiagnostic sid=u:r:wifidiagnostic:s0 pid=2838 scontext=u:r:wifidiagnostic:s0 tcontext=u:object_r:**default_android_hwservice**:s0 tclass=hwservice_manager permissive=1
11-11 11:11:14.781 2838 2838 I ServiceManagement: Registered [email protected]::IWifiDiagnostic/default (start delay of 128ms)
11-11 11:11:14.781 2838 2838 I ServiceManagement: Removing namespace from process name [email protected] to [email protected].
但是如果我添加
allow wifidiagnostic default_android_hwservice:hwservice_manager {add}
获取编译错误:
libsepol.report_failure: neverallow on line 511 of system/sepolicy/public/domain.te (or line 11982 of policy.conf) violated by allow wifidiagnostic default_android_hwservice:hwservice_manager { add };
libsepol.check_assertions: **1 neverallow failures occurred**
Error while expanding policy
我该如何解决?
wifidiagnostic是具有诊断功能的本机服务。我在wifidiagnostic.te中定义类型
# wifidiagnostic service
type wifidiagnostic, domain;
type wifidiagnostic_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(wifidiagnostic)
allow wifidiagnostic hwservicemanager_prop:file { getattr map open read };
allow wifidiagnostic hwservicemanager:binder { call transfer };
#allow wifidiagnostic default_android_hwservice:hwservice_manager { add };
allow wifidiagnostic hidl_base_hwservice:hwservice_manager { add };
并在file_contexts中添加标签
/vendor/bin/hw/[email protected] u:object_r:wifidiagnostic_exec:s0
要允许服务访问HAL,可以使用hal_client_domain()
宏(在system/sepolicy/public/te_macros中定义)。
我无法从您的描述中看出您的hal类型是什么。允许访问wifi HAL如下所示:
type wifidiagnostic, domain;
type wifidiagnostic_exec, exec_type, file_type, vendor_file_type;
# Allow context switch from init to wifidiagnostic.
init_daemon_domain(wifidiagnostic)
# Allow accessing wifi HAL.
hal_client_domain(wifidiagnostic, hal_wifi_hwservice)