Android Selinux 应用读写设备节点

Android 设备节点
Android基于Linux内核。设备节点文件是设备驱动的逻辑文件，可以通过设备节点来访问设备驱动。很多设备信息都可存储在节点中。apk可以访问节点，获取设备信息或状态。

通用的配置设备节点权限：

 // android/device/qcom/***/init.target.rc 
 // 该目录下添加对应设备节点的配置
 # Add /dev/sys
 chmod  0660  /dev/sys
 

 // android/device/qcom/common/rootdir/etc/uevented.qcon.rc
 // 该目录下添加对应设备节点的配置
 # Add /dev/sys
 /dev/sys  0666  system  system
 

 // android/device/qcom/sepolicy/private/platform_app.te 
 // 该目录下添加对应设备节点的配置
 # Add /dev/sys
 allow platform_app device:chr_file { open read write ioctl };
 

 // android/system/sepolicy/private/system_server.te
 // android/system/sepolicy/prebuilts/api/28.0/private/system_server.te
 // 该目录下添加对应设备节点的配置,两个目录需保持一致
 #Add /dev/sys
 allow system_server device:chr_file {open read write getattr };
 

 // android/system/sepolicy/public/domain.te
 // android/system/sepolicy/prebuilts/api/28.0/public/domain.te
 // 该目录下添加对应设备节点的配置,两个目录需保持一致
 # Don't allow raw read/write/open access to generic device.
 # Rather force a relabel to a more specific type.
 # 注释掉
 # neverallow domain device:chr_file { open read write };

  

针对单独的设备节点添加权限：

 // android/device/qcom/***/init.target.rc 
 // 该目录下添加对应设备节点的配置
  # Add /dev/sys
  chmod  0660  /dev/sys
 

 // android/device/qcom/common/rootdir/etc/uevented.qcom.rc
 // 该目录下添加对应设备节点的配置
  # Add /dev/sys
  /dev/sys  0666  system  system


// system/sepolicy/private/file_contexts
// system/sepolicy/prebuilts/api/26.0/private/file_contexts
// system/sepolicy/prebuilts/api/27.0/private/file_contexts
// system/sepolicy/prebuilts/api/28.0/private/file_contexts
// 该设备节点三个目录都需配置，否则会编译不过
######################
 # Add /dev/sys
 /dev/sys     u:object_r:dev_sys_device:s0



//  system/sepolicy/pubilc/deivce.te
//  system/sepolicy/prebuilts/api/26.0/public/device.te
//  system/sepolicy/prebuilts/api/27.0/public/device.te
//  system/sepolicy/prebuilts/api/28.0/public/device.te
//  该设备节点三个目录都需配置，否则会编译不过
 # Add /dev/sys
 type  dev_sys_device, dev_type;


 // android/system/sepolicy/private/system_server.te
 // android/system/sepolicy/prebuilts/api/28.0/private/system_server.te
 // 该目录下添加对应设备节点的配置,两个目录需保持一致
 #Add /dev/sys
 allow system_server dev_sys_device:chr_file {open read write getattr };
 

写入设备节点：

    final String FILE_PATH = "/sys/dev";

    private void writeSysFile(){
        final File file = new File(FILE_PATH) ;
        String cmd = "1";
        FileOutputStream fos = null;
        try{
            fos = new FileOutputStream(file);
            fos.write(cmd.getBytes()); 
            fos.flush();
            fos.close();
        } catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } finally {
           if (fos != null){
               try {
                   fos.close();
               }catch (IOException e){
                    e.printStackTrace();
               }
           }
        }
    }

读取设备节点：

    final String FILE_PATH = "/sys/dev";
    public List<UserData> readSysFile(){
        ArrayList result = new ArrayList<UserData>();
        File mFile = new File(FILE_PATH);

        FileInputStream fileInputStream = null;
        InputStreamReader inputStreamReader = null;
        BufferedReader bufferedReader = null;
        try {
            fileInputStream = new FileInputStream(mFile);
            byte[] data = new byte[128*1024];
            fileInputStream.read(data);
            ByteArrayInputStream bais = new ByteArrayInputStream(data);
            inputStreamReader = new InputStreamReader(bais);
            bufferedReader = new BufferedReader(inputStreamReader);

            String text = null;
            while ((text = bufferedReader.readLine()) != null){
                Log.d(TAG,text);
                String[] infos = text.split("\\s+");

                UserData userData = new UserData();
                ...

                result.add(userData);
            }


        } catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }finally {
            if (fileInputStream != null){
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            if (inputStreamReader != null){
                try {
                    inputStreamReader.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }

            if (bufferedReader != null){
                try {
                    bufferedReader.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    }