当我为我的时间戳进程创建一个新的域类型时,我有一些 SEAndroid 问题,但是与 neverallow 仍然存在一些冲突问题。有人可以给我一个提示或线索吗?请参阅以下说明。
avc 拒绝日志:
[120.810387]类型=1400审计(932699.049:188):avc:拒绝{execute_no_trans}对于pid=3875 comm="system_server" path="/system/bin/sh" dev="mmcblk0p47" ino=791 scontext=u: r:system_server:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1 [120.827670] type=1400 audit(932699.049:188):avc: denied {execute_no_trans} for pid=3875 comm="system_server" path= "/system/bin/sh" dev="mmcblk0p47" ino=791 scontext=u:r:system_server:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1 [120.827684] type=1400 audit(932699.069: 189): avc: 拒绝 { getattr } for pid=3877 comm="sh" path="/system/bin/timestamp" dev="mmcblk0p47" ino=832 scontext=u:r:system_server:s0 tcontext=u:object_r :system_file:s0 tclass=文件许可=1 [120。828287] 类型=1400 审计(932699.069:189):avc:拒绝 { getattr } for pid=3877 comm="sh" path="/system/bin/timestamp" dev="mmcblk0p47" ino=832 scontext=u:r :system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1 [120.828300] type=1400 audit(932699.069:190):avc: denied {execute} for pid=3877 comm="sh" name="时间戳"dev="mmcblk0p47" ino=832 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1 [120.828593] type=1400 audit(932699.069:190):avc: denied { 执行 } for pid=3877 comm="sh" name="timestamp" dev="mmcblk0p47" ino=832 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1 [ 120.828607] 类型=1400 审核(932699.069:191):avc:拒绝 { 读取打开 } for pid=3877 comm="sh" path="/system/bin/timestamp" dev="mmcblk0p47" ino=832 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1 [120.828981] type=1400 audit(932699.069:191):avc: denied { read open } for pid=3877 comm="sh" path="/system/bin/timestamp" dev="mmcblk0p47" ino=832 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1 [120.828996] type=1400 audit(932699.069:192):avc: denied {execute_no_trans} for pid=3877 comm="sh" path="/system/bin/timestamp" dev="mmcblk0p47" ino=832 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1 [120.845574]类型=1400 审核(932699.069:192):avc:对于 pid=3877 comm="sh" path="/system/bin/timestamp" dev="mmcblk0p47" ino=832 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass 被拒绝 { execute_no_trans } =file permissive=1 [120.845587] type=1400 audit(932699.089:193):avc: denied {execute_no_trans} for pid=3879 comm="sh" path="/system/bin/dumpsys" dev="mmcblk0p47" ino= 570 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=文件许可=1mmcblk0p47" ino=570 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1mmcblk0p47" ino=570 scontext=u:r:system_server:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
我的时间戳.te:
type timestamp, domain;
type timestamp_exec, exec_type, file_type;
init_daemon_domain(timestamp)
我的文件上下文:
/system/bin/timestamp u:object_r:timestamp_exec:s0
我的 system_server.te:
allow system_server timestamp_exec:file { execute_no_trans getattr execute read open };
编译器失败日志:
然后回显 \"==========\" 1>&2; echo \"ERROR: permissive domain not allowed in user builds\" 1>&2; echo \"无效域列表:\" 1>&2; cat out/target/product/msm8996/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains 1>&2; 1号出口;fi ) && (mv out/target/product/msm8996/obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/msm8996/obj/ETC/sepolicy_intermediates/sepolicy )" neverallow 检查在 out/target/product/msm8996 失败/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:12033 来自系统/sepolicy/private/system_server.te: