chcon可实现对文件的SEAndroid安全标签的修改
2015-10-16 15:53
603 查看
chcon可实现对文件的SEAndroid安全标签的修改
参考使用如下:
chcon -u u system/app/
chcon -r object_r system/app/
chcon -t system_file system/app/
chcon -u u system/priv-app/
chcon -r object_r system/priv-app/
chcon -t system_file system/priv-app/
chcon -u u system b/.so
chcon -r object_r system b/.so
chcon -t system_library_file system b/*.so
chcon -u u xxx
chcon -r object_r xxx
chcon -t system_file xxx
chcon--reference=RFILE dest
详情请查询 man chcon
chcon的使用需要系统支持selinux,否则命令可能执行失败。
sudo apt-get install selinux
修改配置文件
修改/etc/selinux/config 文件
有效将SELINUX=enforcing
无效SELINUX=disabled
SELINUX=permissive 表示如果不符合selinux规则,仍然可以执行,只是会发出警告
重启机器生效
分类: android安全
参考使用如下:
chcon -u u system/app/
chcon -r object_r system/app/
chcon -t system_file system/app/
chcon -u u system/priv-app/
chcon -r object_r system/priv-app/
chcon -t system_file system/priv-app/
chcon -u u system b/.so
chcon -r object_r system b/.so
chcon -t system_library_file system b/*.so
chcon -u u xxx
chcon -r object_r xxx
chcon -t system_file xxx
chcon--reference=RFILE dest
详情请查询 man chcon
chcon的使用需要系统支持selinux,否则命令可能执行失败。
安装selinux
首先应用安装一下sudo apt-get install selinux
修改配置文件
修改/etc/selinux/config 文件
有效将SELINUX=enforcing
无效SELINUX=disabled
SELINUX=permissive 表示如果不符合selinux规则,仍然可以执行,只是会发出警告
重启机器生效
我的安装日志
apt-get install selinux Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen selinux-policy-ubuntu selinux-utils Suggested packages: selinux-policy-dev Recommended packages: selinux-policy-default The following packages will be REMOVED: apparmor The following NEW packages will be installed: checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen selinux selinux-policy-ubuntu selinux-utils 0 upgraded, 15 newly installed, 1 to remove and 21 not upgraded. Need to get 4793 kB of archives. After this operation, 43.3 MB of additional disk space will be used. Do you want to continue [Y/n]? y Get:1 http://mirrors.163.com/ubuntu/ precise/main libsigsegv2 amd64 2.9-4ubuntu2 [14.6 kB] Get:2 http://mirrors.163.com/ubuntu/ precise/main gawk amd64 1:3.1.8+dfsg-0.1ubuntu1 [465 kB] Get:3 http://mirrors.163.com/ubuntu/ precise/main libsepol1 amd64 2.1.0-1.2 [121 kB] Get:4 http://mirrors.163.com/ubuntu/ precise/universe libaudit0 amd64 1.7.18-1ubuntu1 [67.5 kB] Get:5 http://mirrors.163.com/ubuntu/ precise/universe libustr-1.0-1 amd64 1.0.4-2 [77.1 kB] Get:6 http://mirrors.163.com/ubuntu/ precise/universe libsemanage-common all 2.1.0-2 [6608 B] Get:7 http://mirrors.163.com/ubuntu/ precise/universe libsemanage1 amd64 2.1.0-2 [86.2 kB] Get:8 http://mirrors.163.com/ubuntu/ precise/universe python-semanage amd64 2.1.0-2 [60.8 kB] Get:9 http://mirrors.163.com/ubuntu/ precise/universe python-selinux amd64 2.1.0-4.1ubuntu1 [171 kB] Get:10 http://mirrors.163.com/ubuntu/ precise/universe python-sepolgen all 1.1.0-1 [75.8 kB] Get:11 http://mirrors.163.com/ubuntu/ precise-updates/universe policycoreutils amd64 2.1.0-3ubuntu1.1 [520 kB] Get:12 http://mirrors.163.com/ubuntu/ precise/universe selinux-utils amd64 2.1.0-4.1ubuntu1 [38.3 kB] Get:13 http://mirrors.163.com/ubuntu/ precise/universe selinux all 1:0.11 [11.2 kB] Get:14 http://mirrors.163.com/ubuntu/ precise/universe checkpolicy amd64 2.1.0-1.1 [275 kB] Get:15 http://mirrors.163.com/ubuntu/ precise/universe selinux-policy-ubuntu all 0.2.20091117-0ubuntu2 [2804 kB] Fetched 4793 kB in 9s (500 kB/s) perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = "zh_CN:zh", LC_ALL = (unset), LC_TIME = "zh_CN", LC_MONETARY = "zh_CN", LC_ADDRESS = "zh_CN", LC_TELEPHONE = "zh_CN", LC_NAME = "zh_CN", LC_MEASUREMENT = "zh_CN", LC_IDENTIFICATION = "zh_CN", LC_NUMERIC = "zh_CN", LC_PAPER = "zh_CN", LANG = "zh_CN.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). locale: Cannot set LC_CTYPE to default locale: No such file or directory locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory Preconfiguring packages ... /usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory /usr/bin/locale: Cannot set LC_MESSAGES to default locale: No such file or directory /usr/bin/locale: Cannot set LC_ALL to default locale: No such file or directory (Reading database ... 84607 files and directories currently installed.) Removing apparmor ... * Clearing AppArmor profiles cache [ OK ] All profile caches have been cleared, but no profiles have been unloaded. Unloading profiles will leave already running processes permanently unconfined, which can lead to unexpected situations. To set a process to complain mode, use the command line tool 'aa-complain'. To really tear down all profiles, run the init script with the 'teardown' option." Processing triggers for man-db ... Processing triggers for ureadahead ... Selecting previously unselected package libsigsegv2. (Reading database ... 84589 files and directories currently installed.) Unpacking libsigsegv2 (from .../libsigsegv2_2.9-4ubuntu2_amd64.deb) ... Setting up libsigsegv2 (2.9-4ubuntu2) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place Selecting previously unselected package gawk. (Reading database ... 84597 files and directories currently installed.) Unpacking gawk (from .../gawk_1%3a3.1.8+dfsg-0.1ubuntu1_amd64.deb) ... Selecting previously unselected package libsepol1. Unpacking libsepol1 (from .../libsepol1_2.1.0-1.2_amd64.deb) ... Selecting previously unselected package libaudit0. Unpacking libaudit0 (from .../libaudit0_1.7.18-1ubuntu1_amd64.deb) ... Selecting previously unselected package libustr-1.0-1. Unpacking libustr-1.0-1 (from .../libustr-1.0-1_1.0.4-2_amd64.deb) ... Selecting previously unselected package libsemanage-common. Unpacking libsemanage-common (from .../libsemanage-common_2.1.0-2_all.deb) ... Selecting previously unselected package libsemanage1. Unpacking libsemanage1 (from .../libsemanage1_2.1.0-2_amd64.deb) ... Selecting previously unselected package python-semanage. Unpacking python-semanage (from .../python-semanage_2.1.0-2_amd64.deb) ... Selecting previously unselected package python-selinux. Unpacking python-selinux (from .../python-selinux_2.1.0-4.1ubuntu1_amd64.deb) ... Selecting previously unselected package python-sepolgen. Unpacking python-sepolgen (from .../python-sepolgen_1.1.0-1_all.deb) ... Selecting previously unselected package policycoreutils. Unpacking policycoreutils (from .../policycoreutils_2.1.0-3ubuntu1.1_amd64.deb) ... Selecting previously unselected package selinux-utils. Unpacking selinux-utils (from .../selinux-utils_2.1.0-4.1ubuntu1_amd64.deb) ... Selecting previously unselected package selinux. Unpacking selinux (from .../selinux_1%3a0.11_all.deb) ... Selecting previously unselected package checkpolicy. Unpacking checkpolicy (from .../checkpolicy_2.1.0-1.1_amd64.deb) ... Processing triggers for man-db ... Processing triggers for ureadahead ... Setting up libaudit0 (1.7.18-1ubuntu1) ... Setting up libsepol1 (2.1.0-1.2) ... Setting up libustr-1.0-1 (1.0.4-2) ... Setting up libsemanage-common (2.1.0-2) ... Setting up libsemanage1 (2.1.0-2) ... Setting up python-semanage (2.1.0-2) ... Setting up python-selinux (2.1.0-4.1ubuntu1) ... Setting up python-sepolgen (1.1.0-1) ... Setting up policycoreutils (2.1.0-3ubuntu1.1) ... update-rc.d: warning: policycoreutils start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5) update-rc.d: warning: mcstrans start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5) update-rc.d: warning: sandbox start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5) Setting up selinux-utils (2.1.0-4.1ubuntu1) ... Setting up selinux (1:0.11) ... locale: Cannot set LC_CTYPE to default locale: No such file or directory locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory Generating grub.cfg ... Found linux image: /boot/vmlinuz-3.8.0-44-generic Found initrd image: /boot/initrd.img-3.8.0-44-generic Found linux image: /boot/vmlinuz-3.8.0-29-generic Found initrd image: /boot/initrd.img-3.8.0-29-generic Found memtest86+ image: /boot/memtest86+.bin done * Starting SELinux autorelabel [ OK ] Processing triggers for libc-bin ... ldconfig deferred processing now taking place Processing triggers for python-support ... Processing triggers for initramfs-tools ... update-initramfs: Generating /boot/initrd.img-3.8.0-44-generic Selecting previously unselected package selinux-policy-ubuntu. (Reading database ... 85025 files and directories currently installed.) Unpacking selinux-policy-ubuntu (from .../selinux-policy-ubuntu_0.2.20091117-0ubuntu2_all.deb) ... Setting up gawk (1:3.1.8+dfsg-0.1ubuntu1) ... Setting up checkpolicy (2.1.0-1.1) ... Setting up selinux-policy-ubuntu (0.2.20091117-0ubuntu2) ... Updating /etc/selinux/config. Processing triggers for selinux ... locale: Cannot set LC_CTYPE to default locale: No such file or directory locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory semodule deferred processing now taking place /usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed. * File relabel will occur upon next shutdown/reboot. * Starting SELinux autorelabel * A relabel has already been requested. Please reboot to finish relabeling your system.
分类: android安全
相关文章推荐
- Android LayoutInflater详解
- Android四大组件应用系列——使用BroadcastReceiver和Service实现倒计时
- android 5.0 悬浮窗使用 之“有权查看应用使用情况”
- Android studio使用GitHub托管代码
- Android 开源项目分类汇总
- Android 升级下载 它们的定义Updates 兼容版本
- Android自定义控件之联动视图 .
- Android常用五种布局
- Android&iOS崩溃堆栈上报
- Android 开发添加控件事件的三种方式
- android listview 中点击按钮实现跳转和删除
- Android 实现由下至上弹出并位于屏幕底部的提示框
- android popwindow 锁屏后 乱跳
- Android setBackgroundResource()/setBackgroundDrawable() 之后padding失效
- android 联系人源码分析 新字段的添加流程
- android wifi
- Android,XML解析
- Android 解决程序启动时的黑屏问题
- Android 平台下使用netty
- 【Android学习总结】之Activity:深入理解、体验Activity的生命周期