由於android5.1 user版本的SELinux安全機制的限制,導致pppd_gprs服務起不來,4G信號出現歎號上不了網。
出現:
init: sys_prop: Unable to start service ctl [pppd_gprs] uid:1001 gid:1001 pid:187
原因:這是因爲android5.1在SELINUX的基礎上增加了對property的權限的限制
解決1:我們就需要在rild.te的文件中增加
allow rild ctl_default_prop:property_service set;
allow rild net_radio_prop:property_service set;
就可以了。
出現:
出現:
init: Warning! Service pppd_gprs needs a SELinux domain defined; please fix!
原因:對於沒有定義SELinux的權限規則的service,系統只是給出一條警告,還是會繼續啓動這個進程。如果我們的服務沒有觸及到未允許的權限操作,那麼這個服務一樣會正常啓動的,我們可以直接無視這個警告。但是如果觸及到未允許的權限操作,那麼這個服務可能就不能正常啓動。
解決2:步驟1:在external/sepolicy/file_contexts文件增加代碼
/system/etc/init.gprs-pppd u:object_r:pppd_gprs_exec:s0
原服務init.rc內容爲:
service pppd_gprs /system/etc/init.gprs-pppd
user root
group radio cache inet misc
disabled
oneshot
步驟2:在external/sepolicy/目錄下增加一個文件pppd_gprs.te,增加內容
type pppd_gprs, domain;
type pppd_gprs_exec, exec_type, file_type;
init_daemon_domain(pppd_gprs)
調試過程中會出現一堆權限問題,如下
1、avc: denied { execute_no_trans } for pid=1314 comm="init.gprs-pppd" path="/system/bin/pppd" dev="mmcblk0p10" ino=355 scontext=u:r:init:s0 tcontext=u:object_r:ppp_exec:s0 tclass=file permissive=0
2、avc: denied { read } for pid=1375 comm="init.gprs-pppd" path="/system/bin/sh" dev="mmcblk0p10" ino=395 scontext=u:r:pppd_gprs:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=0
解決第1點:在external/sepolicy/init.te增加
allow init ppp_exec:file {execute_no_trans};
解決第2點:在pppd_gprs.te在上面已增加內容下增加
allow pppd_gprs shell_exec:file {read};
allow pppd_gprs toolbox_exec:file {getattr};
allow pppd_gprs toolbox_exec:file {execute};
allow pppd_gprs toolbox_exec:file {read open};
allow pppd_gprs toolbox_exec:file {execute_no_trans};
allow pppd_gprs ppp_exec:file {getattr};
allow pppd_gprs property_socket:sock_file {write};
allow pppd_gprs init:unix_stream_socket {connectto};
allow pppd_gprs ppp_exec:file {execute};
allow pppd_gprs ppp_exec:file {read open};
allow pppd_gprs net_radio_prop:property_service {set};
allow pppd_gprs ppp_exec:file {execute_no_trans};
allow pppd_gprs tty_device:chr_file {getattr};
allow pppd_gprs pppd_gprs:capability {dac_override};
allow pppd_gprs ppp_device:chr_file {read write};
allow pppd_gprs ppp_device:chr_file {open};
allow pppd_gprs pppd_gprs:capability {net_admin};
allow pppd_gprs pppd_gprs:udp_socket {create};
allow pppd_gprs tty_device:chr_file {read write};
allow pppd_gprs tty_device:chr_file {open};
allow pppd_gprs tty_device:chr_file {ioctl};
allow pppd_gprs pppd_gprs:capability {setgid};
allow pppd_gprs pppd_gprs:capability {setuid};
allow pppd_gprs shell_exec:file {execute};
allow pppd_gprs shell_exec:file {read open};
allow pppd_gprs shell_exec:file {execute_no_trans};
allow pppd_gprs shell_exec:file {getattr};
allow pppd_gprs system_file:file {execute_no_trans};
allow pppd_gprs ppp_device:chr_file {ioctl};
allow pppd_gprs system_data_file:dir {write};
allow pppd_gprs pppd_gprs:udp_socket {ioctl};
allow pppd_gprs system_data_file:dir {add_name};
allow pppd_gprs system_data_file:file {create};
allow pppd_gprs system_data_file:file {write open};
allow後面的格式說明:
參考之前的報錯信息
avc: denied ...scontext=u:r:pppd_gprs:s0 tcontext=u:object_r:shell_exec:s0 tclass=file
[1]對應scontext=u:r:之後內容,爲pppd_gprs就在pppd_gprs.pe中改,爲init就在init.te中改
[2]對應tcontext=u:object_r:之後內容
[3]對應tclass=之後內容
到此,android user版本的4G模塊就可以上網了