全部博文(478)
分类: Android平台
2015-08-11 10:28:18
[QUESTION] 怎样关闭selinux [ANSWER] arch/arm/configs/sp7731gea-dt_defconfig CONFIG_SECURITY_SELINUX_DEVELOP=y 改成 #CONFIG_SECURITY_SELINUX_DEVELOP is not set 同时 kernel/security/selinux/include/avc.h文件中 #define selinux_enforcing 1 改成 #define selinux_enforcing 0
备注:
在A1000项目中defconfig文件存放在:
alps/kernel/product/common/目录下
alps/external/sepolicy/init.te文件是用于控制init进程权限的;
Selinux 权限检查log分析:
[ 18.127929] c1 type=1400 audit(1327977685.164:4): avc: denied { create } for pid=1 comm="init" name="proc_stat.log" scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
[ 18.145538] c1 type=1400 audit(1327977685.174:5): avc: denied { create } for pid=1 comm="init" name="proc_ps.log" scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
[ 18.162963] c1 type=1400 audit(1327977685.194:6): avc: denied { create } for pid=1 comm="init" name="proc_diskstats.log" scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
[ 18.180969] c1 type=1400 audit(1327977685.214:7): avc: denied { create } for pid=1 comm="init" name="kernel_pacct" scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
[ 18.198638] c1 type=1400 audit(1327977685.234:8): avc: denied { create } for pid=1 comm="init" name="header" scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
avc是Selinux对权限检查的一个标识,看到avc就应当知道是selinux在做权限检查