android11 Framework Selinux 添加设备节点问题修改及具体实现
file_contexts文件修改时,最后一行必须要有一个空行,否则会编译不过。========================================================file_contexts 最后一行修改不是空行,怎么都编不过,搞了半天,气死了~~FAILED: out/target/product/ums9620/obj/ETC/file_contexts.bin_i
·
file_contexts文件修改时,最后一行必须要有一个空行,否则会编译不过。
========================================================
file_contexts 最后一行修改不是空行,怎么都编不过,搞了半天,气死了~~
FAILED: out/target/product/ums****/obj/ETC/file_contexts.bin_intermediates/file_contexts.bin
**
Error: could not load context file from out/target/product/ums*/obj/ETC/file_contexts.bin_intermediates/file_contexts.concat.tmp
========================================================
- 具体修改
project system/
diff --git a/core/rootdir/init.rc b/core/rootdir/init.rc
index ceb223f3..5c615823 100644
--- a/core/rootdir/init.rc
+++ b/core/rootdir/init.rc
@@ -142,6 +142,7 @@ on init
chmod 0664 /dev/stune/background/tasks
chmod 0664 /dev/stune/top-app/tasks
chmod 0664 /dev/stune/rt/tasks
+ chmod 0666 /dev/scaner
# Create an stune group for NNAPI HAL processes
mkdir /dev/stune/nnapi-hal
diff --git a/core/rootdir/ueventd.rc b/core/rootdir/ueventd.rc
index 9c2cdf27..3466f87b 100644
--- a/core/rootdir/ueventd.rc
+++ b/core/rootdir/ueventd.rc
@@ -38,6 +38,8 @@ subsystem sound
/dev/hwbinder 0666 root root
/dev/vndbinder 0666 root root
+/dev/scaner 0666 root root
+ /dev/pmsg0 0222 root log
# kms driver for drm based gpu
- 修改是android R,api 30 的修改必须跟默认完全一致。
api 26,27,28,29 需同步修改。
diff --git a/sepolicy/prebuilts/api/30.0/private/file_contexts b/sepolicy/prebuilts/api/30.0/private/file_contexts
index 9620b751..3cc51fe6 100644
--- a/sepolicy/prebuilts/api/30.0/private/file_contexts
+++ b/sepolicy/prebuilts/api/30.0/private/file_contexts
@@ -736,3 +736,6 @@
#############################
# mount point for read-write product partitions
/mnt/product(/.*)? u:object_r:mnt_product_file:s0
+
+# add /dev/scaner
+/dev/scaner u:object_r:scaner_device:s0
diff --git a/sepolicy/prebuilts/api/30.0/private/system_server.te b/sepolicy/prebuilts/api/30.0/private/system_server.te
index d4b4f169..329dea83 100644
--- a/sepolicy/prebuilts/api/30.0/private/system_server.te
+++ b/sepolicy/prebuilts/api/30.0/private/system_server.te
@@ -1171,3 +1171,6 @@ neverallow system_server self:perf_event ~{ open write cpu kernel };
# Do not allow any domain other than init or system server to set the property
neverallow { domain -init -system_server } socket_hook_prop:property_service set;
+
+# /dev/scaner
+allow system_server scaner_device:chr_file rw_file_perms;
\ No newline at end of file
diff --git a/sepolicy/prebuilts/api/30.0/public/device.te b/sepolicy/prebuilts/api/30.0/public/device.te
index 32563d67..af2eb877 100644
--- a/sepolicy/prebuilts/api/30.0/public/device.te
+++ b/sepolicy/prebuilts/api/30.0/public/device.te
@@ -112,3 +112,6 @@ type super_block_device, super_block_device_type, dev_type;
# separate device node. gsid, however, accesses the original devide node
# created through uevents, so we use a separate label.
type sdcard_block_device, dev_type;
+
+# /dev/scaner
+type scaner_device, dev_type;
\ No newline at end of file
diff --git a/sepolicy/prebuilts/api/30.0/public/init.te b/sepolicy/prebuilts/api/30.0/public/init.te
index 403b4c5e..1b53be17 100644
--- a/sepolicy/prebuilts/api/30.0/public/init.te
+++ b/sepolicy/prebuilts/api/30.0/public/init.te
@@ -71,6 +71,9 @@ allow init tmpfs:chr_file write;
# Access /dev/console.
allow init console_device:chr_file rw_file_perms;
+# Access /dev/scaner.
+allow init scaner_device:chr_file rw_file_perms;
+
# Access /dev/tty0.
allow init tty_device:chr_file rw_file_perms;
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index 9620b751..3cc51fe6 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -736,3 +736,6 @@
#############################
# mount point for read-write product partitions
/mnt/product(/.*)? u:object_r:mnt_product_file:s0
+
+# add /dev/scaner
+/dev/scaner u:object_r:scaner_device:s0
diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te
index d4b4f169..329dea83 100644
--- a/sepolicy/private/system_server.te
+++ b/sepolicy/private/system_server.te
@@ -1171,3 +1171,6 @@ neverallow system_server self:perf_event ~{ open write cpu kernel };
# Do not allow any domain other than init or system server to set the property
neverallow { domain -init -system_server } socket_hook_prop:property_service set;
+
+# /dev/scaner
+allow system_server scaner_device:chr_file rw_file_perms;
\ No newline at end of file
diff --git a/sepolicy/public/device.te b/sepolicy/public/device.te
index 32563d67..af2eb877 100644
--- a/sepolicy/public/device.te
+++ b/sepolicy/public/device.te
@@ -112,3 +112,6 @@ type super_block_device, super_block_device_type, dev_type;
# separate device node. gsid, however, accesses the original devide node
# created through uevents, so we use a separate label.
type sdcard_block_device, dev_type;
+
+# /dev/scaner
+type scaner_device, dev_type;
\ No newline at end of file
diff --git a/sepolicy/public/init.te b/sepolicy/public/init.te
index 403b4c5e..1b53be17 100644
--- a/sepolicy/public/init.te
+++ b/sepolicy/public/init.te
@@ -71,6 +71,9 @@ allow init tmpfs:chr_file write;
# Access /dev/console.
allow init console_device:chr_file rw_file_perms;
+# Access /dev/scaner.
+allow init scaner_device:chr_file rw_file_perms;
+
# Access /dev/tty0.
allow init tty_device:chr_file rw_file_perms;
参考文档:
https://blog.csdn.net/Sqq_yj/article/details/122623193?spm=1001.2014.3001.5502
https://blog.csdn.net/solo_the_word/article/details/107624480
更多推荐
5
0- 0
已为社区贡献3条内容
所有评论(0)