This article is reproduced from huangrongrui :
http://192.168.30.26:200/index.php?doc-view-43682
1. Permission problems The
following permissions problems are encountered. The TAG in the log is avc, as follows:
avc: denied {append} for pid = 8317 comm = ”RenderThread” name = ”glsl_shader_log.txt” dev = ”mmcblk0p35” ino = 4077 scontext = u: r: system_app: s0 tcontext = u: object_r: system_data_file: s0 tclass = file permissive = 0
If the above log is found, how can it be basically determined that it is a permission problem, if you want to confirm it further, you can execute it
adb shell setenforce 0 will let go of the permissions. If your problem no longer appears after you let go, it further explains that the permissions caused the changes.
2. Analysis
1. Missing permissions: denied {append}
2. Which lacks permissions (that is, which te file corresponds): scontext = u: r: system_app: s0
3. Who lacks permissions (that is, which file / directory, etc.) Lack of operation authority): tcontext = u: object_r: system_data_file: s0
4. The above is the specific type (file / directory): tclass = file
Third, the solution:
give system_app (system app) to the file (system) type system_data_file append permissions
1. Find the system_app.te file
2. Add content to the file:
allow system_app system_data_file: file {append}
Fourth, add a new directory, how do we define and add permissions, the following is to increase the data / faces directory and add the corresponding permissions as an example:
To save some data in this directory, you need to do some Handling of permissions. Specifically under the device / qcom / sepolicy warehouse, the following four files are involved
1. device / qcom / sepolicy / private / file.te
has type definitions under this file
type face_data_file, file_type, data_file_type, core_data_file_type;
2, device / qcom / sepolicy / private / file_contexts
changed the file to define the face-related fields
/data/faces(/.*)? u: object_r: face_data_file: s0
3, device / qcom / sepolicy / private / platform_app.te
need to be added under this file The following permissions:
allow platform_app face_data_file: file {create write open getattr read};
allow platform_app face_data_file: dir {create read open getattr search write};
4, device / qcom / sepolicy / private / system_app.te
The following permissions need to be added to this file:
allow system_app face_data_file: file {create write open getattr read setattr unlink};
allow system_app face_data_file: dir {create read open getattr search write add_name remove_name setattr unlink};
through the above operations, it can be in this directory Save some data.
Fifth, how to compile and verify
after adding permissions? Android 8.0 and later, execute make selinux_policy in the root directory of android, and it will output to
out / target / product / XXXX / system / etc / selinux and out / target / product / XXXX / vendor / etc / selinux
push all the files in the above two directories to the system / etc / selinux and vendor / etc / selinux directories and restart the phone.
