转Android 安全攻防（一）：SEAndroid的編譯

Android 安全攻防（一）：SEAndroid的編譯

转自：http://rritw.com/a/ITxinwen/hulianwang/20121219/274871.html

SEAndroid（Security-Enhanced Android），是將原本運用在Linux操作系統上的MAC強制存取控管套件SELinux，移植到Android平台上。可以用來強化Android操作系統對App的存取控管，建立類似沙箱的執行隔離效果，來確保每一個App之間的獨立運作，也因此可以阻止惡意App對系統或其它應用程序的攻擊。
SEAndroid的中心理念是，即使root權限被篡奪，只求阻止應用的惡意行为。

下載源碼

1.把源碼全部拉下來

git clone https://bitbucket.org/seandroid/manifests.git mkdir seandroid
cd seandroid
repo init -u https://android.googlesource.com/platform/manifest repo sync
cp ../manifests/local_manifest.xml .repo
repo sync

2.拉下來對應分支的代碼

如果已有Android系統源碼，可以直接使用

Base Version       SE Branch
android-4.2.1_r1   seandroid-4.2
android-4.1.2_r1   seandroid-4.1.2
android-4.1.1_r6.1 seandroid-4.1.1
android-4.0.4_r2.1 seandroid-4.0.4

git clone -b seandroid-4.0.4 https://bitbucket.org/seandroid/manifests.git[/code] 
mkdir Android_src
cd Android_src
cp ../manifests/local_manifest.xml .repo/
repo sync


編譯
先編個虛擬機版本，內核需要有SELinux支持，暫先使用默認的config：

export PREFIX=/path/to/your/aospclone
cd $PREFIX/kernel/goldfish
make ARCH=arm goldfish_armv7_defconfig

make ARCH=arm CROSS_COMPILE=$PREFIX/prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin/arm-eabi-


以下是編譯Android 4.0.4的常見錯誤，這些錯誤的解决辦法收錄自互聯網。

Google group有個專門的Android Building組，有興趣的可以加入。

################# Fix 1 ##########################

Error:

frameworks/base/include/utils/KeyedVector.h:193:31: note: declarations in dependent base ‘android::KeyedVector<android::String8, android::sp<AaptDir> >’ are not found by unqualified lookup
frameworks/base/include/utils/KeyedVector.h:193:31: note: use ‘this->indexOfKey’ instead
make: *** [out/host/linux-x86/obj/EXECUTABLES/aapt_intermediates/AaptAssets.o] Error 1

Fix:

vi frameworks/base/tools/aapt/Android.mk

Add '-fpermissive' to line 31:

LOCAL_CFLAGS += -Wno-format-y2k -fpermissive

################## Fix 2 ##########################

Error：

frameworks/base/include/utils/KeyedVector.h:193:31: error: ‘indexOfKey’ was not declared in this scope, and no declarations were found by argument-dependent lookup at the point of instantiation
[-fpermissive]
frameworks/base/include/utils/KeyedVector.h:193:31: note: declarations in dependent base ‘android::KeyedVector<android::String8, android::wp<android::AssetManager::SharedZip> >’ are not found by unqualified lookup

frameworks/base/include/utils/KeyedVector.h:193:31: note: use ‘this->indexOfKey’ instead
make: *** [out/host/linux-x86/obj/STATIC_LIBRARIES/libutils_intermediates/AssetManager.o] Error 1

Fix:

vi frameworks/base/libs/utils/Android.mk

Add '-fpermissive' to line 64:

LOCAL_CFLAGS += -DLIBUTILS_NATIVE=1 $(TOOL_CFLAGS) -fpermissive

################## Fix 3 ##########################

Error:

external/srec/tools/thirdparty/OpenFst/fst/lib/cache.h:136:11: note: use ‘this->SetState’ instead

make: *** [out/host/linux-x86/obj/EXECUTABLES/grxmlcompile_intermediates/grxmlcompile.o] Error 1

Fix:

cd external/srec

wget "http://go.rritw.com/github.com/CyanogenMod/android_external_srec/commit/4d7ae7b79eda47e489669fbbe1f91ec501d42fb2.diff"

patch -p1 < 4d7ae7b79eda47e489669fbbe1f91ec501d42fb2.diff

rm -f 4d7ae7b79eda47e489669fbbe1f91ec501d42fb2.diff

cd ../..

################## Fix 4 ##########################

Error:

development/tools/emulator/opengl/host/tools/emugen/main.cpp:79:9: error: ‘optind’ was not declared in this scope

development/tools/emulator/opengl/host/tools/emugen/main.cpp:92:45: error: ‘optind’ was not declared in this scope

make: *** [out/host/linux-x86/obj/EXECUTABLES/emugen_intermediates/main.o] Error 1

Fix:

vi development/tools/emulator/opengl/host/tools/emugen/main.cpp

Add '#include <getopt.h>' to list of includes:

#include <getopt.h>

################## Fix 5 ##########################

Error:

host C++: liboprofile_pp <= external/oprofile/libpp/arrange_profiles.cpp

In file included from external/oprofile/libpp/arrange_profiles.cpp:24:0:

external/oprofile/libpp/format_output.h:94:22: error: reference ‘counts’ cannot be declared ‘mutable’ [-fpermissive]

make: *** [out/host/linux-x86/obj/STATIC_LIBRARIES/liboprofile_pp_intermediates/arrange_profiles.o] Error 1

Fix:

vi external/oprofile/libpp/format_output.h

Remove 'mutable' from 'mutable counts_t & counts;' on line 94:

counts_t & counts;

################## Fix 6 ##########################

Error:

development/tools/emulator/opengl/shared/OpenglCodecCommon/GLSharedGroup.cpp:345:65:   required from here

frameworks/base/include/utils/KeyedVector.h:193:31: error: ‘indexOfKey’ was not declared in this scope, and no declarations were found by argument-dependent lookup at the point of instantiation [-fpermissive]
frameworks/base/include/utils/KeyedVector.h:193:31: note: declarations in dependent base ‘android::KeyedVector<unsigned int, ShaderData*>’ are not found by unqualified lookup

frameworks/base/include/utils/KeyedVector.h:193:31: note: use ‘this->indexOfKey’ instead
make: *** [out/host/linux-x86/obj/STATIC_LIBRARIES/libOpenglCodecCommon_intermediates/GLSharedGroup.o] Error 1

Fix:

vi development/tools/emulator/opengl/Android.mk

Add '-fpermissive' to line 25:

EMUGL_COMMON_CFLAGS := -DWITH_GLES2 -fpermissive

################## Fix 7 ##########################

Error:

/usr/bin/ld: note: 'XInitThreads' is defined in DSO /lib/libX11.so.6 so try adding it to the linker command line

/lib/libX11.so.6: could not read symbols: Invalid operation

collect2: error: ld returned 1 exit status

make: *** [out/host/linux-x86/obj/EXECUTABLES/emulator_renderer_intermediates/emulator_renderer] Error 1

Fix:

vi development/tools/emulator/opengl/host/renderer/Android.mk

Add new entry 'LOCAL_LDLIBS += -lX11' after line 6 as shown:

LOCAL_SRC_FILES := main.cpp

LOCAL_CFLAGS    += -O0 -g

LOCAL_LDLIBS += -lX11

#ifeq ($(HOST_OS),windows)

#LOCAL_LDLIBS += -lws2_32 

################## Fix 8 ##########################

Error:

external/llvm/include/llvm/ADT/PointerUnion.h:56:10: error: enumeral mismatch in conditional expression: ‘llvm::PointerLikeTypeTraits<llvm::PointerUnion<clang::Stmt*, const clang::Type*> >::<anonymous enum>’ vs ‘llvm::PointerLikeTypeTraits<clang::ObjCInterfaceDecl*>::<anonymous
enum>’ [-Werror]

cc1plus: all warnings being treated as errors

make: *** [out/host/linux-x86/obj/EXECUTABLES/llvm-rs-cc_intermediates/slang_rs.o] Error 1

Fix:

vi frameworks/compile/slang/Android.mk

Remove '-Werror' from line 22:

local_cflags_for_slang := -Wno-sign-promo -Wall -Wno-unused-parameter 

################## Fix 9 ##########################

Error:

frameworks/base/libs/rs/rsFont.cpp:224:76:   required from here

frameworks/base/include/utils/KeyedVector.h:193:31: error: ‘indexOfKey’ was not declared in this scope, and no declarations were found by argument-dependent lookup at the point of instantiation [-fpermissive]
frameworks/base/include/utils/KeyedVector.h:193:31: note: declarations in dependent base ‘android::KeyedVector<unsigned int, android::renderscript::Font::CachedGlyphInfo*>’ are not found by unqualified lookup

frameworks/base/include/utils/KeyedVector.h:193:31: note: use ‘this->indexOfKey’ instead
make: *** [out/host/linux-x86/obj/STATIC_LIBRARIES/libRS_intermediates/rsFont.o] Error 1

Fix:

vi frameworks/base/libs/rs/Android.mk

Add '-fpermissive' to line 183

LOCAL_CFLAGS += -Werror -Wall -Wno-unused-parameter -Wno-unused-variable -fpermissive

################## Fix 10 #########################

Error:

external/mesa3d/src/glsl/linker.cpp:1394:49: error: expected primary-expression before ‘,’ token

......

external/mesa3d/src/glsl/linker.cpp:1734:59: error: ‘offsetof’ was not declared in this scope

make: *** [out/host/linux-x86/obj/STATIC_LIBRARIES/libMesa_intermediates/src/glsl/linker.o] Error 1

Fix:

vi external/mesa3d/src/glsl/linker.cpp

Add '#include <stddef.h>' to list of includes as shown: 

#include <climits>

#include <stddef.h>

#include <pixelflinger2/pixelflinger2_interface.h>

################## Fix 11 #########################

Error:

external/gtest/src/../include/gtest/gtest-param-test.h:287:58: note: ‘template<class Container> testing::internal::ParamGenerator<typename Container::value_type> testing::ValuesIn(const Container&)’ declared here, later in the translation unit

make: *** [out/host/linux-x86/obj/STATIC_LIBRARIES/libgtest_host_intermediates/gtest-all.o] Error 1

Two fixes required:

1)

vi external/gtest/src/Android.mk

Add '-fpermissive' to lines 52 and 70 (both lines contain same info)

LOCAL_CFLAGS += -O0 -fpermissive

2)

vi external/gtest/include/gtest/internal/gtest-param-util.h

Add '#include <stddef.h>' to list of includes as shown:

#include <vector>

#include <cstddef>

#include <gtest/internal/gtest-port.h>

################## Fix 12 #########################

Error:

host Executable: test-librsloader (out/host/linux-x86/obj/EXECUTABLES/test-librsloader_intermediates/test-librsloader)

out/host/linux-x86/obj/STATIC_LIBRARIES/libLLVMSupport_intermediates/libLLVMSupport.a(Signals.o)：在函數‘PrintStackTrace’中：

/home/crow/works/Android_src/external/llvm/lib/Support/Unix/Signals.inc:219：對‘dladdr’未定義的引用

/home/crow/works/Android_src/external/llvm/lib/Support/Unix/Signals.inc:231：對‘dladdr’未定義的引用

out/host/linux-x86/obj/STATIC_LIBRARIES/libLLVMSupport_intermediates/libLLVMSupport.a(Threading.o)：在函數‘llvm::llvm_execute_on_thread(void (*)(void*), void*, unsigned int)’中：

/home/crow/works/Android_src/external/llvm/lib/Support/Threading.cpp:96：對‘pthread_create’未定義的引用

/home/crow/works/Android_src/external/llvm/lib/Support/Threading.cpp:100：對‘pthread_join’未定義的引用

/home/crow/works/Android_src/external/llvm/lib/Support/Threading.cpp:91：對‘pthread_attr_setstacksize’未定義的引用

out/host/linux-x86/obj/STATIC_LIBRARIES/libLLVMSupport_intermediates/libLLVMSupport.a(Mutex.o)：在函數‘llvm::sys::MutexImpl::MutexImpl(bool)’中：

/home/crow/works/Android_src/external/llvm/lib/Support/Mutex.cpp:69：對‘pthread_mutexattr_init’未定義的引用

/home/crow/works/Android_src/external/llvm/lib/Support/Mutex.cpp:75：對‘pthread_mutexattr_settype’未定義的引用

/home/crow/works/Android_src/external/llvm/lib/Support/Mutex.cpp:80：對‘pthread_mutexattr_setpshared’未定義的引用

/home/crow/works/Android_src/external/llvm/lib/Support/Mutex.cpp:89：對‘pthread_mutexattr_destroy’未定義的引用

out/host/linux-x86/obj/STATIC_LIBRARIES/libLLVMSupport_intermediates/libLLVMSupport.a(Mutex.o)：在函數‘llvm::sys::MutexImpl::tryacquire()’中：

/home/crow/works/Android_src/external/llvm/lib/Support/Mutex.cpp:143：對‘pthread_mutex_trylock’未定義的引用

collect2: 錯誤： ld 返回 1

make: *** [out/host/linux-x86/obj/EXECUTABLES/test-librsloader_intermediates/test-librsloader] 錯誤 1

Fix:

$vi external/llvm/llvm-host-build.mk +

LOCAL_LDLIBS := -lpthread -ldl

運行測試
用上一步編譯出的內核來起動模擬器

emulator -show-kernel -kernel kernel/goldfish/arch/arm/boot/zImage