Monday, August 26, 2019

Android SEPolicy 初探

Introduction to SELinux:
SELinux Concepts:
SELinux on Project Treble:
Extremely useful example:

SE Policy Fix by looking at errors
Example Error
avc: denied { read write } for pid=29059 comm="i.tetherservice" name="ipa" dev="tmpfs" ino=11991 scontext=u:r:system_app:s0 tcontext=u:object_r:ipa_dev:s0 tclass=chr_file permissive=0 
SEPolicy Fix
allow system_app ipa_dev:chr_file {read write};
But beware sometimes you will give too much permission because no better available domain. For that scenario, you can create a new domain with smaller coverage.

No comments:

Post a Comment