type=1400 audit(0.0:4257):avc: denied { read write } for name="spidev2"dev="tmpfs"ino=1309scontext=u:r:untrusted_app:s0:c105,c256,c512,c768tcontext=u:object_r:spi_device2:s0tclass=chr_filepermissive=1app=em.digit.metahub
device/mediatek/sepolicy/basic/non_plat
1、修改 file_contexts
/dev/spidev1(/.*)? u:object_r:spi_device1:s0/dev/spidev2(/.*)? u:object_r:spi_device2:s0/dev/spidev3(/.*)? u:object_r:spi_device3:s0
2、修改进程(system_app、platform_app、untrusted_app、factory等 .te 文件)
allow system_app spi_device1:chr_file { read write ioctl open };allow system_app spi_device2:chr_file { read write ioctl open };allow system_app spi_device3:chr_file { read write ioctl open };
其中,第二部分需要替换为具体的进程名(即对应的文件名)
彻底关闭SELinux
/// system/core/init/selinux.cppbool IsEnforcing() {return false; // 新增,直接返回false,下方代码注释会编译报错if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromCmdline() == SELINUX_ENFORCING;}return true;}
### vendor/mediatek/proprietary/bootable/bootloader/lk/platform/mt6761/rules.mk# choose one of following value -> 1: disabled/ 2: permissive /3: enforcingSELINUX_STATUS := 1 # 这里3改1
若有收获,就点个赞吧
0 人点赞
