android N 版本问题

代码编译报错:

Jack server

从搜索到的信息得知,可以在设备的BoardConfig.mk中加入“ANDROID_COMPILE_WITH_JACK := false”切换到openjdk编译。

权限问题:

APK获得系统权限,但是还是不能访问system/bin下面文件,关闭android安全检查:给系统加一条属性: ro.boot.selinux=disable

selinux权限问题


kernel side:

a) make sure the CONFIG_SECURITY_SELINUX_BOOTPARAM is open, two options:
   
 i) config the CONFIG_SECUIRTY_SELINUX_BOOTPARAM_VALUE to 0
 ii) append selinux=0 in kernel command line.
iii) if the CONFIG_SECURITY_SELINUX_BOOTPARAM not open, change the selinux_enabled variable to 0 is kernel/security/seclinux/hooks.c
Above will disable SELinux, but some dependency issue possible still take effect. A clear solution is to revert following git:
https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=88f23ae69a376686d81cd17ed06a7b2860fc51f9

b) change the SELinux mode.

  i) running mode, you can use adb shell setenforce 0/1 to change it as permissive/enforcing mode.
ii)  when build, open the CONFIG_SECURITY_SELINUX_DEVELOP, add then append the "enforcing=0" in commandline.
    or in device/qcom/msmxxxx/system.prop, add 
       ro.boot.selinux=disable

高通关闭SELinux mode:自己验证过,OK,添加 androidboot.selinux=permissive

device/qcom/msm8937_64/BoardConfig.mk
BOARD_KERNEL_CMDLINE := console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=qcom msm_rtb.filter=0x237 ehci-hcd.park=3 lpm_levels.sleep_disabled=1 androidboot.bootdevice=7824900.sdhci earlycon=msm_hsl_uart,0x78B0000 androidboot.selinux=permissive
快速编译fastboot烧手机
mk r aboot;mk r k;mk update_common_info;mk custom_release;


假如关闭了还报,请手动添加文件执行权限:
下面是别人的文章:

二、解决方法

1.在devices/qcom/sepolicy/common/目录下新增ro_isn.te文件,内容如下:

type ro_isn, domain; 

type ro_isn_exec, exec_type, file_type; 

 

2.在devices/qcom/sepolicy/Android.mk中添加ro_isn.te文件,内容如下:

BOARD_SEPOLICY_UNION := 

... 

        hostapd.te 

        ro_isn.te

 

3.在devices/qcom/sepolicy/common/file_contexts中增加如下内容:

###################################

# System files

#

...

/system/vendor/bin/slim_ap_daemon               u:object_r:location_exec:s0

/system/bin/isn.sh                       u:object_r:ro_isn_exec:s0

 

4.在init.rc中service ro_isn下添加secure context by seclabel 

service ro_isn /system/bin/isn.sh 

class late_start 

user root 

oneshot 

seclabel u:r:ro_isn:s0 

 

5.编译并烧录bootimage

6.如果编译不成功,失败原因如下:

Error while expanding policy

libsepol.check_assertion_helper: neverallow on line 233 of external/sepolicy/domain.te (or line 5194 of policy.conf) violated by allow ro_isn system_file:file { entrypoint };

make: *** [out/target/product/msm8226/obj/ETC/sepolicy_intermediates/sepolicy] 错误 1

这是因为系统在domain.te中定义了全局的neverallow策略,与ro_isn.te中allow的策略有冲突:

allow ro_isn system_file:file { entrypoint };

neverallow domain { file_type -exec_type }:file entrypoint;

 

请确定自己的service有必要需要这个权限。如无必要,请在自己的code中删除掉相关操作;如必要,可以在external/sepolicy/domain.te中冲突的neverallow语句中添加自己为例外:

neverallow {

    domain

    -ro_isn

} { file_type -exec_type }:file entrypoint;


7.在service ro_isn运行时,搜索关于“ro_isn”的avc: denied log

<6>[ 13.547188](CPU:0-pid:320:logd.auditd) type=1400 audit(17468992.410:7): avc: denied { entrypoint } for pid=272 comm="init" path="/system/bin/isn.sh" dev="mmcblk0p38" ino=631 scontext=u:r:ro_isn:s0 tcontext=u:object_r:system_file:s0 tclass=file 

 

8.按照如下规则在ro_isn.te添加权限

SELinux规则语句一般如下:
allow  A  B:C  D;
可以从log中分别获取ABCD四个参数。

比如这行warning log:

avc: denied { entrypoint } for pid=272 comm="init" path="/system/bin/isn.sh" dev="mmcblk0p38" ino=631 scontext=u:r:ro_isn:s0 tcontext=u:object_r:system_file:s0 tclass=file 

那么我们就得出最后的规则是:

allow qcomsysd  block_device:dir { search };


allow ro_isn system_file:file { entrypoint }; 

 

9.重复步骤5-8,直到没有关于“ro_isn”的avc: denied log


下面是N版本开机启动服务(服务是一个放入system/bin下面的文件,给这个文件单独添加越过seliunx权限,可以让其它访问)
[bug]cktnvtool 开机启动无法运行,增加te权限     
---
 .../device/qcom/common/rootdir/etc/init.qcom.rc    |    7 +++++++
 .../LINUX/android/device/qcom/sepolicy/Android.mk  |    1 +
 .../device/qcom/sepolicy/common/cktnvtool.te       |   15 +++++++++++++++
 .../device/qcom/sepolicy/common/file_contexts      |    1 +
 .../device/qcom/sepolicy/common/init_shell.te      |    1 +
 .../device/qcom/sepolicy/common/property.te        |    1 +
 .../device/qcom/sepolicy/common/property_contexts  |    5 +++++
 .../LINUX/android/system/core/rootdir/init.rc      |    4 ----
 .../android/vendor/goldsand/cktnvtool/nvtool.c     |    8 ++++++++
 9 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100755 LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/cktnvtool.te


diff --git a/LA.UM.5.6/LINUX/android/device/qcom/common/rootdir/etc/init.qcom.rc b/LA.UM.5.6/LINUX/android/device/qcom/common/rootdir/etc/init.qcom.rc
index 72c6b75..2b5baf2 100755
--- a/LA.UM.5.6/LINUX/android/device/qcom/common/rootdir/etc/init.qcom.rc
+++ b/LA.UM.5.6/LINUX/android/device/qcom/common/rootdir/etc/init.qcom.rc
@@ -63,6 +63,7 @@ on early-boot
 on boot
     #add by liutao for diag test
     #start test_diag
+    start nvtools
 
     chown bluetooth bluetooth /sys/module/bluetooth_power/parameters/power
     chown bluetooth net_bt /sys/class/rfkill/rfkill0/type
@@ -531,6 +532,12 @@ service config_bt_addr /system/bin/btnvtool -O
     group bluetooth radio
     oneshot
 
+service nvtools /system/bin/cktnvtool
+    class main
+    user root
+    group root
+    oneshot
+
 service config_bluetooth /system/bin/sh /system/etc/init.qcom.bt.sh "onboot"
     class core
     user root
diff --git a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/Android.mk b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/Android.mk
index b9700a9..963fe53 100644
--- a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/Android.mk
+++ b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/Android.mk
@@ -7,5 +7,6 @@ BOARD_SEPOLICY_DIRS := \
        $(LOCAL_PATH)/common \
        $(LOCAL_PATH)/test \
        $(LOCAL_PATH)/$(TARGET_BOARD_PLATFORM)
+BOARD_SEPOLICY_UNION += cktnvtool.te
 
 endif
diff --git a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/cktnvtool.te b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/cktnvtool.te
new file mode 100755
index 0000000..54d542f
--- /dev/null
+++ b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/cktnvtool.te
@@ -0,0 +1,15 @@
+#integrated process
+type cktnvtool_exec, exec_type, file_type;
+type cktnvtool ,domain;
+
+domain_auto_trans(init, cktnvtool_exec, cktnvtool); 
+
+allow cktnvtool cktnvtool:capability { dac_override dac_read_search };
+allow cktnvtool qmuxd_socket:dir { create read write open search getattr add_name };
+allow cktnvtool qmuxd_socket:sock_file { create write };
+allow cktnvtool qmuxd:unix_stream_socket { connectto };
+allow cktnvtool property_socket:sock_file { write };
+allow cktnvtool init:unix_stream_socket { connectto };
+allow cktnvtool sysfs:file { read open };
+allow cktnvtool cktnvtool:socket { read create ioctl };
+allow cktnvtool cktnvtool_prop:property_service set;
diff --git a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/file_contexts b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/file_contexts
index 1ab0adb..e3b8e87 100644
--- a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/file_contexts
+++ b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/file_contexts
@@ -217,6 +217,7 @@
 /system/bin/seempd                              u:object_r:seempd_exec:s0
 /system/bin/sapd                                u:object_r:sapd_exec:s0
 /system/bin/btnvtool                            u:object_r:btnvtool_exec:s0
+/system/bin/cktnvtool                           u:object_r:cktnvtool_exec:s0
 /system/bin/btsnoop                             u:object_r:btsnoop_exec:s0
 /system/bin/dun-server                          u:object_r:dun-server_exec:s0
 /system/bin/wfdservice                          u:object_r:wfdservice_exec:s0
diff --git a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/init_shell.te b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/init_shell.te
index 77d31e6..8274b54 100644
--- a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/init_shell.te
+++ b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/init_shell.te
@@ -94,6 +94,7 @@ allow qti_init_shell {
     #Needed for setting hwui properties in post_boot
     hwui_prop
     ckt_product_prop
+    cktnvtool_prop
 }:property_service set;
 
 allow qti_init_shell efs_boot_dev:blk_file r_file_perms;
diff --git a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/property.te b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/property.te
index fa03727..82397e4 100644
--- a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/property.te
+++ b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/property.te
@@ -47,6 +47,7 @@ type mdm_helper_prop, property_type;
 type mpdecision_prop, property_type;
 type gamed_prop, property_type;
 type ckt_product_prop, property_type;
+type cktnvtool_prop, property_type;
 
 #Needed for  ubwc support
 type debug_gralloc_prop, property_type, core_property_type;
diff --git a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/property_contexts b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/property_contexts
index 565f143..5cd22d5 100644
--- a/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/property_contexts
+++ b/LA.UM.5.6/LINUX/android/device/qcom/sepolicy/common/property_contexts
@@ -88,3 +88,8 @@ ro.alarm_handled           u:object_r:alarm_handled_prop:s0
 ro.alarm_instance          u:object_r:alarm_instance_prop:s0
 #HWUI Property
 ro.hwui.texture_cache_size u:object_r:hwui_prop:s0
+
+nv.factory_data_I       u:object_r:cktnvtool_prop:s0
+nv.factory_data_II      u:object_r:cktnvtool_prop:s0
+nv.factory_data_III     u:object_r:cktnvtool_prop:s0
+
diff --git a/LA.UM.5.6/LINUX/android/system/core/rootdir/init.rc b/LA.UM.5.6/LINUX/android/system/core/rootdir/init.rc
index 5328051..9e0b81a 100755
--- a/LA.UM.5.6/LINUX/android/system/core/rootdir/init.rc
+++ b/LA.UM.5.6/LINUX/android/system/core/rootdir/init.rc
@@ -640,7 +640,3 @@ service flash_recovery /system/bin/install-recovery.sh
     class main
     oneshot
 
-service nvtools /system/bin/cktnvtool
-    class late_start
-    disable
-    oneshot
diff --git a/LA.UM.5.6/LINUX/android/vendor/goldsand/cktnvtool/nvtool.c b/LA.UM.5.6/LINUX/android/vendor/goldsand/cktnvtool/nvtool.c
index e057d02..34cd754 100755
--- a/LA.UM.5.6/LINUX/android/vendor/goldsand/cktnvtool/nvtool.c
+++ b/LA.UM.5.6/LINUX/android/vendor/goldsand/cktnvtool/nvtool.c
@@ -47,25 +47,31 @@ All Rights Reserved. Qualcomm Technologies Proprietary and Confidential.
 #define SERIALNO_03 "ro.nv.factory_data_III"
 #define RFFE_STATUS  "persist.rffe.scan_status"
 
+#define LOGE ALOGE
 int main(void)
 {
  unsigned char sn[128];
  unsigned char rffe_status = 0xFF;
+
+ LOGE("cktnvtool bin: begin.\n");
 
  if (nv_qmi_dms_init() == FALSE){
  fprintf (stderr, " No remote access to NV items on modem.\n");
  return 1;
  }
+ LOGE("cktnvtool bin: 11111.\n");
  if((TRUE == qmi_dms_get_factory01(sn)))
  {
  property_set(SERIALNO_01, (const char*)sn);
  memset(sn, 0, sizeof(sn));
  }
+ LOGE("cktnvtool bin: 22222.\n");
  if((TRUE == qmi_dms_get_factory02(sn)))
  {
  property_set(SERIALNO_02, (const char*)sn);
  memset(sn, 0, sizeof(sn));
  }
+ LOGE("cktnvtool bin: 33333.\n");
  if((TRUE == qmi_dms_get_factory03(sn)))
  {
  /*
@@ -78,6 +84,7 @@ int main(void)
  property_set(SERIALNO_03, (const char*)sn);
  memset(sn, 0, sizeof(sn));
  }
+ LOGE("cktnvtool bin: 44444.\n");
  qmi_dms_set_factory04();
         qmi_dms_set_tp_ver();
 {
@@ -110,6 +117,7 @@ int main(void)
  {
  property_set(RFFE_STATUS,"Unknown");
  }
+ LOGE("cktnvtool bin: end.\n");
 
  cleanup_qmi_dms();
  return 0;
-- 
1.7.9.5


JNI动态加载.C库:

参照实例:
Android.mk:
LOCAL_PATH := $(call my-dir)


include $(CLEAR_VARS)
LOCAL_MODULE    :=hello-world
LOCAL_SRC_FILES :=hello-world.c
LOCAL_SHARED_LIBRARIES := hello-jni
LOCAL_LDLIBS += -llog
include $(BUILD_SHARED_LIBRARY)

相对应的c代码:
#include "string.h"
#include "jni.h"
#include  "dlfcn.h"
#include 

void * filehandle = NULL;
jint (*getResult)(JNIEnv *, jobject, jint, jint) =NULL;

jint JNICALL Java_com_example_hellojni_HelloAct_getInt(JNIEnv * env,
jobject thiz) {
jint result = 0;
filehandle = dlopen("libhello-jni.so", RTLD_LAZY);
if (filehandle) {
getResult = (jint (*)(JNIEnv *, jobject, jint, jint)) dlsym(filehandle,
"Java_com_example_hellojni_HelloJni_add");
if (getResult)
result = getResult(env, thiz, 3, 10);
dlclose(filehandle);
filehandle = NULL;
}
return result + 1;
}

你可能感兴趣的:(Android)