AndroidQ(10.0) system app 增加访问 sys/class/ 权限

发布时间：2024-12-19 08:33

如何设置网络访问权限 #生活技巧# #数码产品使用技巧# #网络设备设置教程#

问题由来

System app 需要读取网卡地址，而网卡地址存储在 sys/class/net/eth0/address

所以通过 cat sys/class/net/eth0/address 就能获取设备网卡地址

但是安全等级越来越高，

1|HTC5K:/ $ cat sys/class/net/eth0/address

cat: sys/class/net/eth0/address: Permission denied

HTC5K:/ $ ifconfig

ifconfig: ioctl 8927: Permission denied

avc: denied { search } for name=“net” dev=“sysfs” ino=12684 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_net:s0 tclass=dir permissive=0

avc: denied { read } for name=“address” dev=“sysfs” ino=25277 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

avc: denied { open } for path="/sys/devices/platform/1100a000.spi/spi_master/spi32766/spi32766.0/net/eth0/address" dev=“sysfs” ino=25277 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

增加权限

device/mediatek/sepolicy/basic/non_plat/system_app.te

allow system_app self:netlink_kobject_uevent_socket {read bind create setopt }; # system_app need to read from sysfs /sys/class/switch/hdmi/state r_dir_file(system_app, sysfs_switch); +allow system_app sysfs_net:dir { search read }; +allow system_app sysfs:file { open read }; 123456

编译报错

libsepol.report_failure: neverallow on line 91 of system/sepolicy/private/coredomain.te (or line 32781 of policy.conf) violated by allow system_app sysfs:file { read open };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy

修改忽略规则

system/sepolicy/private/coredomain.te
system/sepolicy/prebuilts/api/29.0/private/coredomain.te

@@ -102,6 +102,7 @@ full_treble_only(` -init -ueventd -vold + -system_app } sysfs:file no_rw_file_perms; # /dev 12345678

网址：AndroidQ(10.0) system app 增加访问 sys/class/ 权限 https://www.yuejiaxmz.com/news/view/516403

⬅️上一篇：【微信小程序】自定义导航栏（n

➡️下一篇：STM32+ESP01S（WIF

AndroidQ(10.0) system app 增加访问 sys/class/ 权限

问题由来

增加权限

相关内容

随便看看

最新动态分享

热点动态分享

专题

推荐动态分享