开放 mt6735 android5.1 dev 查看权限

Android5 中,安全机制增强  /dev  目录无法查看，也就不能枚举串口

 

查看 /dev 必须先知道自己的APP运行在哪种进程类型.

想知道自己的 进程（APP）属于什么 *.te 吗？      

用 ps -Z 查看：

root@aaaa:/ # ps -Z

ps -Z

LABEL                          USER     PID   PPID  NAME

.............................................................

u:r:platform_app:s0            u0_a23    4003  758   com.android.browser

u:r:platform_app:s0            u0_a3     4249  758   com.android.defcontainer

u:r:untrusted_app:s0           u0_a61    4329  758   com.svox.pico

u:r:kernel:s0                  root      5236  2     kworker/u9:0

u:r:untrusted_app:s0           u0_a75    5311  760   com.qihoo.daemon

u:r:untrusted_app:s0           u0_a75    5333  760   com.qihoo.appstore

u:r:netdiag:s0                 shell     5731  741   /system/bin/netdiag

u:r:netdiag:s0                 shell     5733  5731  sh

u:r:netdiag:s0                 shell     5734  5733  tcpdump

u:r:kernel:s0                  root      5746  2     kbase_event

u:r:kernel:s0                  root      5782  2     kworker/u8:1

u:r:kernel:s0                  root      5783  2     kworker/u8:6

u:r:kernel:s0                  root      5784  2     kworker/1:0

u:r:kernel:s0                  root      5786  2     fs_suspend_syss

u:r:kernel:s0                  root      5787  2     kworker/u8:7

u:r:kernel:s0                  root      5796  2     kworker/u8:8

u:r:kernel:s0                  root      5805  2     kworker/u8:9

u:r:platform_app:s0            u0_a30    5835  758   com.android.deskclock

u:r:kernel:s0                  root      5858  2     kworker/0:0

u:r:kernel:s0                  root      5894  2     kworker/u9:3

u:r:untrusted_app:s0           u0_a76    5913  760   android_serialport_api.samp

le

u:r:kernel:s0                  root      6014  2     kworker/1:3

u:r:kernel:s0                  root      6052  2     kworker/0:1

u:r:kernel:s0                  root      6056  2     kworker/u9:2

u:r:su:s0                      root      6427  3479  /system/bin/sh

u:r:su:s0                      root      6433  6427  ps

root@aaaaaa:/ #

android_serialport_api.sample 进程安全策由 untrusted_app 这个组配置   需要修改  untrusted_app.te 文件

查找方法find -name "untrusted_app.te" >findlog

MT6735  untrusted_app.te 文件的位置   alps\device\mediatek\common\sepolicy   and   alps\external\sepolicy  目录下都有

查看  alps\external\sepolicy\file_contexts

###########################################

# Root

#

# Nothing required since it is initramfs and implicitly labeled

# by genfscon rootfs in ocontexts.

#

##########################

# Devices

#

/dev(/.*)?        u:object_r:device:s0

/dev/akm8973.*        u:object_r:akm_device:s0

/dev/accelerometer    u:object_r:accelerometer_device:s0

/dev/alarm        u:object_r:alarm_device:s0

.........................

/dev(/.*)?        u:object_r:device:s0     /dev 目录属于 device用户组

打开以下两个文件

alps\device\mediatek\common\sepolicy\untrusted_app.te

alps\external\sepolicy\untrusted_app.te

末尾添加加

# Access /dev/mtp_usb.

allow untrusted_app mtp_device:chr_file rw_file_perms;

allow untrusted_app tty_device:chr_file rw_file_perms;

allow untrusted_app serial_device:chr_file rw_file_perms;

allow untrusted_app device:dir rw_dir_perms;

allow untrusted_app ttyACM_device:chr_file rw_file_perms;

allow untrusted_app ttyMT_device:chr_file rw_file_perms;

allow untrusted_app ttyGS_device:chr_file rw_file_perms;

重新编译就可以访问了

开放串口读写

alps\device\mediatek\common\sepolicy\ untrusted_app.te

末尾添加加

allow untrusted_app ttyACM_device:chr_file rw_file_perms;

allow untrusted_app ttyMT_device:chr_file rw_file_perms;

allow untrusted_app ttyGS_device: chr_file  rw_file_perms ;