Android10 动态修改开机动画(二)设置分区权限

  • 开发
  • 35

Selinux配置策略

配置init.common.rc文件

device\sprd\sharkle\common\rootdir\root\init.common.rc

+	restorecon_recursive /mnt/anim
+	chmod 0777 /mnt/anim
+	chown root system /mnt/anim

restorecon_recursive /mnt/anim  :如果anim变成u:object_r:unlabeled:s0 ,重新去加载分区的sepolicy

配置file.te文件

system/sepolicy/public/file.te

+type mnt_new_file, file_type;

system/sepolicy/prebuilts/api/29.0/public/file.te

+type mnt_new_file, file_type;

配置file_contexts文件

system/sepolicy/private/file_contexts

+/mnt/anim(/.*)?             u:object_r:mnt_new_file:s0
+/anim(/.*)?           u:object_r:mnt_new_file:s0

system/sepolicy/prebuilts/api/29.0/private/file_contexts

+/mnt/anim(/.*)?             u:object_r:mnt_new_file:s0
+/anim(/.*)?           u:object_r:mnt_new_file:s0

忽略安全策略,配置ignore.cil后缀文件

  • /aosp/system/sepolicy/private/compat/26.0/26.0.ignore.cil
  • /aosp/system/sepolicy/private/compat/27.0/27.0.ignore.cil
  • /aosp/system/sepolicy/private/compat/28.0/28.0.ignore.cil
  • /aosp/system/sepolicy/prebuilts/api/29.0/private/compat/26.0/26.0.ignore.cil
  • /aosp/system/sepolicy/prebuilts/api/29.0/private/compat/27.0/27.0.ignore.cil
  • /aosp/system/sepolicy/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil

需要添加的内容与位置:

     mediaprovider_tmpfs
     metadata_file
     mnt_product_file
+    mnt_new_file
     mnt_vendor_file
     netd_stable_secret_prop
     network_stack

配置init.te文件

system/sepolicy/prebuilts/api/29.0/public/init.te

+allow init mnt_new_file:dir { mounton getattr };

system/sepolicy/public/init.te

+allow init mnt_new_file:dir { mounton getattr };

配置vendor_init.te文件

system/sepolicy/public/vendor_init.te

diff --git a/system/sepolicy/public/vendor_init.te b/system/sepolicy/public/vendor_init.te
old mode 100644
new mode 100755
index 375673c..47a1ef3
--- a/system/sepolicy/public/vendor_init.te
+++ b/system/sepolicy/public/vendor_init.te
@@ -50,6 +50,7 @@ allow vendor_init {
   -exec_type
   -system_file_type
   -mnt_product_file
+  -mnt_new_file
   -password_slot_metadata_file
   -unlabeled
   -vendor_file_type
@@ -106,6 +107,7 @@ allow vendor_init {
   -core_data_file_type
   -exec_type
   -mnt_product_file
+  -mnt_new_file
   -password_slot_metadata_file
   -system_file_type
   -vendor_file_type
@@ -114,6 +116,9 @@ allow vendor_init {
   -apex_metadata_file
 }:dir_file_class_set relabelto;
 
+allow vendor_init mnt_new_file:dir { setattr getattr relabelto read open map search };
+allow vendor_init mnt_new_file:file { relabelto read open };
+
 allow vendor_init dev_type:dir create_dir_perms;
 allow vendor_init dev_type:lnk_file create;

system/sepolicy/prebuilts/api/29.0/public/vendor_init.te

diff --git a/system/sepolicy/prebuilts/api/29.0/public/vendor_init.te b/system/sepolicy/prebuilts/api/29.0/public/vendor_init.te
old mode 100644
new mode 100755
index 375673c..47a1ef3
--- a/system/sepolicy/prebuilts/api/29.0/public/vendor_init.te
+++ b/system/sepolicy/prebuilts/api/29.0/public/vendor_init.te
@@ -50,6 +50,7 @@ allow vendor_init {
   -exec_type
   -system_file_type
   -mnt_product_file
+  -mnt_new_file
   -password_slot_metadata_file
   -unlabeled
   -vendor_file_type
@@ -106,6 +107,7 @@ allow vendor_init {
   -core_data_file_type
   -exec_type
   -mnt_product_file
+  -mnt_new_file
   -password_slot_metadata_file
   -system_file_type
   -vendor_file_type
@@ -114,6 +116,9 @@ allow vendor_init {
   -apex_metadata_file
 }:dir_file_class_set relabelto;
 
+allow vendor_init mnt_new_file:dir { setattr getattr relabelto read open map search };
+allow vendor_init mnt_new_file:file { relabelto read open };
+
 allow vendor_init dev_type:dir create_dir_perms;
 allow vendor_init dev_type:lnk_file create;

配置bootanim.te文件

system/sepolicy/public/bootanim.te

+allow bootanim tmpfs:dir { open read };
+allow bootanim mnt_new_file:dir { open read search };
+allow bootanim mnt_new_file:file { open read map };

system/sepolicy/prebuilts/api/29.0/public/bootanim.te

+allow bootanim tmpfs:dir { open read };
+allow bootanim mnt_new_file:dir { open read search };
+allow bootanim mnt_new_file:file { open read map };

配置system_server.te文件

system/sepolicy/prebuilts/api/29.0/private/system_server.te

+allow system_server tmpfs:dir { open read write add_name };
+allow system_server mnt_new_file:dir { open read search write add_name remove_name };
+allow system_server mnt_new_file:file { open read map write create getattr setattr };

system/sepolicy/private/system_server.te

+allow system_server tmpfs:dir { open read write add_name };
+allow system_server mnt_new_file:dir { open read search write add_name remove_name };
+allow system_server mnt_new_file:file { open read map write create getattr setattr };

编译后烧录,BootAnimation.cpp可以读取mnt/anim目录了,system_server允许对mnt/anim目录读写

阅读全部

相关推荐

  1. Android10 动态修改开机动画设置分区权限

    2024-06-15 03:58:04       36 阅读

  2. Android10 动态修改开机动画(一)新增分区

    2024-06-15 03:58:04       20 阅读

  3. Android10 动态修改开机动画(三)命令说明

    2024-06-15 03:58:04       24 阅读

  9. Android 实现动态申请各项权限

    2024-06-15 03:58:04       63 阅读

最近更新

  3. docker php8.1+nginx base 镜像 dockerfile 配置

    2024-06-15 03:58:04       91 阅读

  4. Could not load dynamic library ‘cudart64_100.dll‘

    2024-06-15 03:58:04       97 阅读

  9. 在Django里面运行非项目文件

    2024-06-15 03:58:04       78 阅读

  19. Python语言-面向对象

    2024-06-15 03:58:04       88 阅读

  20. 如何分清楚常见的 Git 分支管理策略Git Flow、GitHub Flow 和 GitLab Flow

    2024-06-15 03:58:04       81 阅读

热门阅读

  4. 【xilinx】使用vivado编译中methodology的相关介绍

    2024-06-15 03:58:04       32 阅读

  6. 千益畅行,引领旅游新潮流,共享经济下的创新旅游模式

    2024-06-15 03:58:04       35 阅读

  9. Spring IOC 容器的构建流程?

    2024-06-15 03:58:04       28 阅读

  13. (27)ADC接口--->(002)FPGA实现AD7606接口

    2024-06-15 03:58:04       28 阅读

  16. c++_0基础_讲解1 认识c++

    2024-06-15 03:58:04       30 阅读

  22. Excel计算精度只能到小数点后7位,有什么解决方案吗?

    2024-06-15 03:58:04       20 阅读

  23. MPI分布式计算开发和优化【王老师的嵌入式Linux实战课】

    2024-06-15 03:58:04       26 阅读

  29. echarts 销毁实例

    2024-06-15 03:58:04       34 阅读

  30. JVM垃圾回收的普遍步骤

    2024-06-15 03:58:04       38 阅读