问题描述
Getting avc: denied 错误(从 sdcard 目录复制到缓存/SH_DIR 时的 SEpolicy。
错误:
type=1400 audit(1623259119.150:7): avc: denied { search } for pid=2780 comm="xyz" name="default" dev="tmpfs" ino=7420 scontext=u:r:aaa_bbb:s0
代码逻辑:
FILE *sourceFile;
FILE *destFile;
char sourcePath[100]= "/storage/emulated/0/test.txt";
char destPath[100]="/cache/SH_DIR/";
char ch;
printf("Enter source file path: %s",sourcePath);
printf("Enter destination file path:%s ",destPath);
sourceFile = fopen(sourcePath,"r");
destFile = fopen(destPath,"w");
if (sourceFile == NULL || destFile == NULL)
{
printf("\nUnable to open file.\n");
printf("Please check if file exists and you have read/write privilege.\n");
exit(EXIT_FAILURE);
}
ch = fgetc(sourceFile);
while (ch != EOF)
{
/* Write to destination file */
fputc(ch,destFile);
/* Read next character from source file */
ch = fgetc(sourceFile);
}
printf("\nFiles copied successfully.\n");
/* Finally close files to release resources */
fclose(sourceFile);
fclose(destFile);
AOSP/vendor/.../sepolicy/file_contexts :
/cache/SH_DIR(/.*)? u:object_r:ccc_downloaded_sw_file:s0
文件名.te:
allow filename ccc_downloaded_sw_file:dir { open search read write getattr add_name remove_name };
allow filename ccc_downloaded_sw_file:file { open read create write unlink append getattr setattr };
你能帮我吗,为什么我无法将文件从源复制到目标。
解决方法
如果/cache分区挂载为tmpfs,则需要添加:
allow filename tmpfs_t:dir { open search read write getattr add_name remove_name };
allow filename tmpfs_t:file { open read create write unlink append getattr setattr }