hi:

    目前移植usb蓝牙驱动,移植完后,提示打开失败失败,打开配置文件失败。然后设置setenforce 0之后能正常打开。avc报错如下:

[   12.127579] audit: type=1400 audit(1706836563.090:7): avc:  denied  { relabelto } for  pid=217 comm="ueventd" name="rtkbt_dev" dev="tmpfs" ino=208 scontext=u:r:ueventd:s0 tcontext=u:object_r:rtk_bt_device:s0 tclass=chr_file permissive=0

[  152.736607] audit: type=1400 audit(1706836703.700:780): avc:  denied  { map } for  pid=627 comm="foundation" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=59 scontext=u:r:foundation:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0
[  152.830771] audit: type=1400 audit(1706836703.793:781): avc:  denied  { mounton } for  pid=1751 comm="appspawn" path="/mnt/sandbox/com.ohos.settings/data/storage/el1/bundle/misc" dev="mmcblk0p11" ino=77 scontext=u:r:appspawn:s0 tcontext=u:object_r:data_misc:s0 tclass=dir permissive=0
[  153.159816] [SCHED_RTG] parse_create_rtg_grp rtgid=2, type=0, prio=97, threadnum=5, rtnum=4
[  158.061116] audit: type=1400 audit(1706836709.023:782): avc:  denied  { read } for  pid=350 comm="BleAdapter" name="u:object_r:musl_param:s0" dev="tmpfs" ino=59 scontext=u:r:bluetooth_service:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0
[  158.076570] audit: type=1400 audit(1706836709.040:783): avc:  denied  { read } for  pid=532 comm="IPC_1_597" name="u:object_r:musl_param:s0" dev="tmpfs" ino=59 scontext=u:r:blue_host:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0
[  158.081106] audit: type=1400 audit(1706836709.043:784): avc:  denied  { search } for  pid=532 comm="IPC_1_597" name="firmware" dev="mmcblk0p7" ino=95 scontext=u:r:blue_host:s0 tcontext=u:object_r:bluetooth_vendor_data_file:s0 tclass=dir permissive=0
[  158.081184] audit: type=1400 audit(1706836709.043:785): avc:  denied  { search } for  pid=532 comm="IPC_1_597" name="firmware" dev="mmcblk0p7" ino=95 scontext=u:r:blue_host:s0 tcontext=u:object_r:bluetooth_vendor_data_file:s0 tclass=dir permissive=0
[  158.084172] audit: type=1400 audit(1706836709.046:786): avc:  denied  { read } for  pid=532 comm="IPC_1_597" name="u:object_r:musl_param:s0" dev="tmpfs" ino=59 scontext=u:r:blue_host:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0
[  158.085870] audit: type=1400 audit(1706836709.050:787): avc:  denied  { create } for  pid=532 comm="IPC_1_597" scontext=u:r:blue_host:s0 tcontext=u:r:blue_host:s0 tclass=udp_socket permissive=0
[  158.086621] audit: type=1400 audit(1706836709.050:788): avc:  denied  { read write } for  pid=532 comm="IPC_1_597" name="rtkbt_dev" dev="tmpfs" ino=208 scontext=u:r:blue_host:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0
[  158.087013] audit: type=1400 audit(1706836709.050:789): avc:  denied  { read write } for  pid=532 comm="IPC_1_597" name="rtkbt_dev" dev="tmpfs" ino=208 scontext=u:r:blue_host:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0
[  158.087054] audit: type=1400 audit(1706836709.050:790): avc:  denied  { read write } for  pid=532 comm="IPC_1_597" name="rtkbt_dev" dev="tmpfs" ino=208 scontext=u:r:blue_host:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0
[  158.087067] audit: type=1400 audit(1706836709.050:791): avc:  denied  { read write } for  pid=532 comm="IPC_1_597" name="rtkbt_dev" dev="tmpfs" ino=208 scontext=u:r:blue_host:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0

根据OpenHarmony中SELinux配置指导:
https://gitee.com/dapaodexiaoyu2/binary_keep/blob/master/OH_Selinux%E9%85%8D%E7%BD%AE%E8%AF%B4%E6%98%8E.docx
用里面的步骤,新建了bluetooth.se

第三步:
使用trans_avc_rule.py将avc告警日志转化为selinux规则。
规则生成在out/te目录,将新生成的selinux规则,添加到//base/security/selinux/sepolicy/ohos_policy/test/system目录(该目录需要自行建立)

新建的bluetooth.te的内容是

allow ueventd rtk_bt_device:chr_file { relabelto };
allow foundation musl_param:file { map };
allow appspawn data_misc:dir { mounton };
allow bluetooth_service musl_param:file { read };
allow blue_host musl_param:file { read };
allow blue_host bluetooth_vendor_data_file:dir { search };
allow blue_host bluetooth_vendor_data_file:dir { search };
allow blue_host musl_param:file { read };
allow blue_host blue_host:udp_socket { create };
allow blue_host dev_file:chr_file { read write };
allow blue_host dev_file:chr_file { read write };
allow blue_host dev_file:chr_file { read write };
allow blue_host dev_file:chr_file { read write };

保存后,编译hb build -T selinux

编译出现错误如下,请大家帮忙分析一下原因

[OHOS INFO] [1/20] ACTION //base/security/selinux:build_policy(//build/toolchain/ohos:ohos_clang_arm)
[OHOS ERROR] [1/20] ACTION //base/security/selinux:build_policy(//build/toolchain/ohos:ohos_clang_arm)
[OHOS ERROR] FAILED: obj/base/security/selinux/policy.31 
[OHOS ERROR] /usr/bin/env ../../base/security/selinux/scripts/build_policy.py --dst-file /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/policy.31 --tool-path /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/clang_x64/security/selinux/ --source-root-dir /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/ --policy_dir_list default --debug-version enable --updater-version disable
[OHOS ERROR] neverallow check failed at /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/ohos.cil:2486 from /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/base/security/selinux/sepolicy/base/public/domain.te:196
[OHOS ERROR]   (neverallow base_typeattr_26 dev_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
[OHOS ERROR]     <root>
[OHOS ERROR]     allow at /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/ohos.cil:2200
[OHOS ERROR]       (allow blue_host dev_file (chr_file (read write)))
[OHOS ERROR]     <root>
[OHOS ERROR]     allow at /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/ohos.cil:2201
[OHOS ERROR]       (allow blue_host dev_file (chr_file (read write)))
[OHOS ERROR]     <root>
[OHOS ERROR]     allow at /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/ohos.cil:2202
[OHOS ERROR]       (allow blue_host dev_file (chr_file (read write)))
[OHOS ERROR]     <root>
[OHOS ERROR]     allow at /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/ohos.cil:2203
[OHOS ERROR]       (allow blue_host dev_file (chr_file (read write)))
[OHOS ERROR]     <root>
[OHOS ERROR]     allow at /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/ohos.cil:10419
[OHOS ERROR]       (allow blue_host dev_file (chr_file (read write)))
[OHOS ERROR]     <root>
[OHOS ERROR]     allow at /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/ohos.cil:10420
[OHOS ERROR]       (allow blue_host dev_file (chr_file (read write)))
[OHOS ERROR]     <root>
[OHOS ERROR]     allow at /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/ohos.cil:10421
[OHOS ERROR]       (allow blue_host dev_file (chr_file (read write)))
[OHOS ERROR]     <root>
[OHOS ERROR]     allow at /home/grst-hu/Documents/DevEco/Projects/OpenHarmony-v3.2-Release/out/rk3568/obj/base/security/selinux/ohos.cil:10422
[OHOS ERROR]       (allow blue_host dev_file (chr_file (read write)))
[OHOS ERROR] 
[OHOS ERROR] Failed to generate binary
[OHOS ERROR] Failed to build policydb
[OHOS ERROR] Traceback (most recent call last):
[OHOS ERROR]   File "../../base/security/selinux/scripts/build_policy.py", line 175, in <module>
[OHOS ERROR]     main(input_args)
[OHOS ERROR]   File "../../base/security/selinux/scripts/build_policy.py", line 170, in main
[OHOS ERROR]     build_policy(args, args.dst_file, ohos_cil_path)
[OHOS ERROR]   File "../../base/security/selinux/scripts/build_policy.py", line 120, in build_policy
[OHOS ERROR]     run_command(build_policy_cmd)
[OHOS ERROR]   File "../../base/security/selinux/scripts/build_policy.py", line 92, in run_command
[OHOS ERROR]     raise Exception(ret)
[OHOS ERROR] Exception: 255

 

Logo
欢迎加入Laval社区

社区规范:仅讨论OpenHarmony相关问题。

更多推荐

OpenHarmony Watch Dial Studio表盘设计工具使用指导

OpenHarmony Watch Dial Studio 是一款专为OpenHarmony手表打造的表盘设计工具软件,旨在让每一位用户都能轻松设计出独一无二的个性化表盘。 表盘设计工具的使用请参考以下视频:

avatar Laval社区
cover

OpenHarmony适配TTS\ASR遇到的问题(如何编译神经网络运行时)

avatar Laval社区

OpenHarmony 5.0 MP4封装的H265视频播放失败的解决方案

问题现象 OpenHarmony 5.0版本使用AVPlayer播放MP4封装格式的H.265(HEVC)编码格式的视频时解码失败导致播放失败 问题原因 OpenHarmony 5.0版本AVPlayer播放器使用histreamer引擎,因为 libav_codec_hevc_parser.z.so 动态库未开源导致从MP4封装中分离的HVCC格式的H265数据不能转换成AnnexB(有起始码)

avatar Laval社区