由于android5.1 user版本的SELinux安全机制的限制,导致pppd_gprs服务起不来,4G信号出现叹号上不了网。
出现:
init: sys_prop: Unable to start service ctl [pppd_gprs] uid:1001 gid:1001 pid:187
原因:这是因为android5.1在SELINUX的基础上增加了对property的权限的限制
解决1:我们就需要在rild.te的文件中增加
allow rild ctl_default_prop:property_service set;
allow rild net_radio_prop:property_service set;
就可以了。
出现:
出现:
init: Warning! Service pppd_gprs needs a SELinux domain defined; please fix!
原因:对于没有定义SELinux的权限规则的service,系统只是给出一条警告,还是会继续启动这个进程。如果我们的服务没有触及到未允许的权限操作,那么这个服务一样会正常启动的,我们可以直接无视这个警告。但是如果触及到未允许的权限操作,那么这个服务可能就不能正常启动。
解决2:步骤1:在external/sepolicy/file_contexts文件增加代码
/system/etc/init.gprs-pppd u:object_r:pppd_gprs_exec:s0
原服务init.rc内容为:
service pppd_gprs /system/etc/init.gprs-pppd
user root
group radio cache inet misc
disabled
oneshot
步骤2:在external/sepolicy/目录下增加一个文件pppd_gprs.te,增加内容
type pppd_gprs, domain;
type pppd_gprs_exec, exec_type, file_type;
init_daemon_domain(pppd_gprs)
调试过程中会出现一堆权限问题,如下
1、avc: denied { execute_no_trans } for pid=1314 comm="init.gprs-pppd" path="/system/bin/pppd" dev="mmcblk0p10" ino=355 scontext=u:r:init:s0 tcontext=u:object_r:ppp_exec:s0 tclass=file permissive=0
2、avc: denied { read } for pid=1375 comm="init.gprs-pppd" path="/system/bin/sh" dev="mmcblk0p10" ino=395 scontext=u:r:pppd_gprs:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=0
allow init ppp_exec:file {execute_no_trans};
解决第2点:在
pppd_gprs.te在上面已增加内容下增加
allow pppd_gprs shell_exec:file {read};
allow pppd_gprs toolbox_exec:file {getattr};
allow pppd_gprs toolbox_exec:file {execute};
allow pppd_gprs toolbox_exec:file {read open};
allow pppd_gprs toolbox_exec:file {execute_no_trans};
allow pppd_gprs ppp_exec:file {getattr};
allow pppd_gprs property_socket:sock_file {write};
allow pppd_gprs init:unix_stream_socket {connectto};
allow pppd_gprs ppp_exec:file {execute};
allow pppd_gprs ppp_exec:file {read open};
allow pppd_gprs net_radio_prop:property_service {set};
allow pppd_gprs ppp_exec:file {execute_no_trans};
allow pppd_gprs tty_device:chr_file {getattr};
allow pppd_gprs pppd_gprs:capability {dac_override};
allow pppd_gprs ppp_device:chr_file {read write};
allow pppd_gprs ppp_device:chr_file {open};
allow pppd_gprs pppd_gprs:capability {net_admin};
allow pppd_gprs pppd_gprs:udp_socket {create};
allow pppd_gprs tty_device:chr_file {read write};
allow pppd_gprs tty_device:chr_file {open};
allow pppd_gprs tty_device:chr_file {ioctl};
allow pppd_gprs pppd_gprs:capability {setgid};
allow pppd_gprs pppd_gprs:capability {setuid};
allow pppd_gprs shell_exec:file {execute};
allow pppd_gprs shell_exec:file {read open};
allow pppd_gprs shell_exec:file {execute_no_trans};
allow pppd_gprs shell_exec:file {getattr};
allow pppd_gprs system_file:file {execute_no_trans};
allow pppd_gprs ppp_device:chr_file {ioctl};
allow pppd_gprs system_data_file:dir {write};
allow pppd_gprs pppd_gprs:udp_socket {ioctl};
allow pppd_gprs system_data_file:dir {add_name};
allow pppd_gprs system_data_file:file {create};
allow pppd_gprs system_data_file:file {write open};
参考之前的报错信息
avc: denied ...scontext=u:r:pppd_gprs:s0 tcontext=u:object_r:shell_exec:s0 tclass=file
[1]对应scontext=u:r:之后内容,为pppd_gprs就在pppd_gprs.pe中改,为init就在init.te中改
[2]对应tcontext=u:object_r:之后内容
[3]对应tclass=之后内容
到此,android user版本的4G模块就可以上网了