Android 中怎样查找SELinux导致的权限受限问题
2015-08-06 17:29
567 查看
以adb remount为例
首先运行命令:
adb remount
然后
adb shell dmesg -C | grep avc
<36>[ 113.241627]<0> (0)[281:logd.auditd]type=1400 audit(1438851627.212:214): avc: denied { ioctl } for pid=5684 comm="adbd" path="/dev/block/mmcblk0p20" dev="tmpfs" ino=317 scontext=u:r:adbd:s0 tcontext=u:object_r:platformblk_device:s0 tclass=blk_file
permissive=0
<36>[ 113.242282]<0> (0)[281:logd.auditd]type=1400 audit(1438851627.212:215): avc: denied {
remount } for pid=5684 comm="adbd" scontext=u:r:adbd:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0
<36>[ 113.242551]<0> (0)[281:logd.auditd]type=1400 audit(1438851627.212:216): avc: denied { sys_admin } for pid=5684 comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0
从日志中,我们发现类型为labeledfs, 缺少权限remount
所以要在策略中配置
allow adbd labeledfs:filesystem remount;
其他两条类似
首先运行命令:
adb remount
然后
adb shell dmesg -C | grep avc
<36>[ 113.241627]<0> (0)[281:logd.auditd]type=1400 audit(1438851627.212:214): avc: denied { ioctl } for pid=5684 comm="adbd" path="/dev/block/mmcblk0p20" dev="tmpfs" ino=317 scontext=u:r:adbd:s0 tcontext=u:object_r:platformblk_device:s0 tclass=blk_file
permissive=0
<36>[ 113.242282]<0> (0)[281:logd.auditd]type=1400 audit(1438851627.212:215): avc: denied {
remount } for pid=5684 comm="adbd" scontext=u:r:adbd:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0
<36>[ 113.242551]<0> (0)[281:logd.auditd]type=1400 audit(1438851627.212:216): avc: denied { sys_admin } for pid=5684 comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0
从日志中,我们发现类型为labeledfs, 缺少权限remount
所以要在策略中配置
allow adbd labeledfs:filesystem remount;
其他两条类似
相关文章推荐
- linux批量替换多个文件的字符串
- Centos 6.4 搭建SVN服务
- linux中断--中断下半部机制的使用&amp;中断编程
- linux下iptables配置详解
- Linux启动(续)
- CentOS 6.4下Percona Xtrabackup安装部署错误处理
- linux虚拟机安装vmtools
- 每天一个linux命令【转】
- 另一个ISIS配置-来自leaf(linux embedded a f)
- nodejs环境搭建(linux版)
- linux查看RAID信息
- 总结Linux下查看流量工具
- Linux学习(三) 展讯Android 4.0编译 -- Makefile
- linux内核日志 dmesg 出现的提示及含意
- 为Python配置caffe(基于linux)
- Linux 磁盘挂载共享
- 开发笔记-Linux-VI-MySQL
- Linux时间子系统之八:动态时钟框架(CONFIG_NO_HZ、tickless)
- Linux进程间通讯基础
- Linux时间子系统之七:定时器的应用--msleep(),hrtimer_nanosleep()