-
现象:
远程屏幕录制正常,但使用鼠标点击屏幕无响应,无法对设备进行控制. -
查看异常log
01-24 14:35:46.978954 2956 2956 I SunloginClient: [ipc][AndroidServer] client connected.
01-24 14:35:46.979059 2956 2956 I SunloginClient: [inputagent][AgentServer] CInputAgentServer::on_connected()
01-24 14:35:46.979078 2897 3145 I LocalSocketSunlogin: Encoder created video format: {color-format=2130708361, i-frame-interval=1, level=64, mime=video/avc, profile=1, width=720, bitrate-mode=2, bitrate=2000000, frame-rate=30, height=1280, repeat-previous-frame-after=10000000}
01-24 14:35:46.979164 2956 2956 I SunloginClient: [inputagent] CVirtualInput::Init
01-24 14:35:46.979248 2956 2956 I SunloginClient: [inputagent] manufacturer: alps
01-24 14:35:46.979293 2956 2956 I SunloginClient: [inputagent] initialize uinput @ 69
01-24 14:35:46.979556 2956 2956 E SunloginClient: [inputagent] open uinput device failed @ 77
01-24 14:35:46.980021 2956 2956 E SunloginClient: [inputagent] scan dir failed for /dev/input:
01-24 14:35:46.980101 2956 2956 I SunloginClient: [inputagent] CVirtualInput::Init(0), abs_x(0 – 0), abs_y(0 – 0)
01-24 14:35:46.980235 2956 2956 I SunloginClient: [inputagent][VirtualInput] SetDisplayOrientation 0
01-24 14:35:46.980273 2956 2956 I SunloginClient: [inputagent][AgentServer] input start -
log分析
从log中看到是没有权限打开uinput 和input节点,尝试把uinput和input权限修改为777后,还是报权限问题。
— a/mt8765/system/core/rootdir/ueventd.rc
+++ b/mt8765/system/core/rootdir/ueventd.rc
@@ -70,13 +70,13 @@ subsystem sound
-/dev/uinput 0660 system
+/dev/uinput 0777 system
-/dev/input/* 0660 root input
+/dev/input/* 0777 root input这样修改后都不起作用,怀疑是sepolicy没有配置好导致的,于是在Userdebug版本上,开机之后执行命令adb shell setenforce 0 (关闭selinux)。手动安装签名后的远程协助apk,进行远程协助是可以控制的。
-
配置sepolicy
android KK 4.4 版本后,Google 默认启用了SELinux, 并会把SELinux 审查异常打印在kernel log 或者 android log(L 版本)中,对应的关键字是: “avc: denied” 或者"avc: denied"
异常的kernel log:
<36>[ 422.298785] .(1)[306:logd.auditd]type=1400 audit(1548311746.974:594): avc: denied { write } for pid=2956 comm=“liborayinput_ag” name=“uinput” dev=“tmpfs” ino=9221 scontext=u:r:system_app:s0 tcontext=u:object_r:uhid_device:s0 tclass=chr_file permissive=0
<36>[ 422.303527] .(1)[306:logd.auditd]type=1400 audit(1548311746.974:594): avc: denied { write } for pid=2956 comm=“liborayinput_ag” name=“uinput” dev=“tmpfs” ino=9221 scontext=u:r:system_app:s0 tcontext=u:object_r:uhid_device:s0 tclass=chr_file permissive=0
<36>[ 422.306444] .(1)[306:logd.auditd]type=1400 audit(1548311746.974:595): avc: denied { read } for pid=2956 comm=“liborayinput_ag” name=“input” dev=“tmpfs” ino=1140 scontext=u:r:system_app:s0 tcontext=u:object_r:input_device:s0 tclass=dir permissive=0
从kernel log中可以看到uhid_device需要write权限,而input_device需要read权限。但当给了相应的write和read权限后,还不能控制,于是再查看kernel log 又重新提示缺少open,search,ioctl权限。于是缺什么权限就加什么权限,最终sepolicy的配置修改如下:
device/mediatek/sepolicy/bsp/non_plat/system_app.te
+allow system_app input_device:dir {read open search};
+allow system_app uhid_device:chr_file {write open ioctl};
这样修改后,安装第三方远程协助APP 已可以成功控制屏幕了。