Android 中怎样查找SELinux导致的权限受限有关问题

Android 中怎样查找SELinux导致的权限受限问题

以adb remount为例

首先运行命令：

adb remount

然后

adb shell dmesg -C | grep avc

<36>[  113.241627]<0> (0)[281:logd.auditd]type=1400 audit(1438851627.212:214): avc: denied { ioctl } for pid=5684 comm="adbd" path="/dev/block/mmcblk0p20" dev="tmpfs" ino=317 scontext=u:r:adbd:s0 tcontext=u:object_r:platformblk_device:s0 tclass=blk_file permissive=0

<36>[  113.242282]<0> (0)[281:logd.auditd]type=1400 audit(1438851627.212:215): avc: denied { remount } for pid=5684 comm="adbd" scontext=u:r:adbd:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0

<36>[  113.242551]<0> (0)[281:logd.auditd]type=1400 audit(1438851627.212:216): avc: denied { sys_admin } for pid=5684 comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0

从日志中，我们发现类型为labeledfs， 缺少权限remount

所以要在策略中配置

allow adbd labeledfs:filesystem remount;

其他两条类似