获得读写sys/class/的权限

System.err: java.io.FileNotFoundException: /sys/class/i2c-dev/i2c-3/device/3-0038/glove_mode (Permission denied)
01-23 09:36:01.633 18238 18238 W System.err:     at java.io.FileOutputStream.open0(Native Method)
01-23 09:36:01.633 18238 18238 W System.err:     at java.io.FileOutputStream.open(FileOutputStream.java:287)

adb shell dmesg

[21646.053069] lovdream_enable_spk_ext_pa: Enable external speaker PA
[21647.340394] ft5x06 +++glove mode = 0x0
[21648.693471] type=1400 audit(1516710267.889:160): avc: denied { search } for pid=23090 comm="Worker-1" name="zram0" dev="sysfs" ino=27690 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0
[21648.693541] type=1400 audit(1516710980.399:161): avc: denied { write } for pid=23059 comm="ndroid.settings" name="glove_mode" dev="sysfs" ino=28788 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0


没有写权限需要驱动改


diff --git a/system/sepolicy/private/app.te b/system/sepolicy/private/app.te
index 6f2b820..5e4ba51 100755
--- a/system/sepolicy/private/app.te
+++ b/system/sepolicy/private/app.te
@@ -473,9 +473,8 @@ neverallow { appdomain -shell } efs_file:dir_file_class_set read;
 # Write to various pseudo file systems.
 neverallow { appdomain -bluetooth -nfc }
     sysfs:dir_file_class_set write;
-neverallow appdomain
-    proc:dir_file_class_set write;
 
+neverallow { appdomain -system_app} proc:dir_file_class_set write;
 # Access to syslog(2) or /proc/kmsg.
 neverallow appdomain kernel:system { syslog_read syslog_mod syslog_console };
 
diff --git a/system/sepolicy/private/system_app.te b/system/sepolicy/private/system_app.te
index 7950044..cc72962 100644
--- a/system/sepolicy/private/system_app.te
+++ b/system/sepolicy/private/system_app.te
@@ -77,7 +77,7 @@ allow system_app keystore:keystore_key {
     clear_uid
     user_changed
 };
-
+allow system_app proc:file write;
 # /sys access
 r_dir_file(system_app, sysfs_type)


你可能感兴趣的:(android)