【发布时间】:2022-01-11 06:09:51
【问题描述】:
在构建 AOSP S(12) 时,我遇到了一个奇怪的问题,但可能只在某些时候/某些机器上。 error.log如下
neverallow check failed at out/target/product/msmnile_au/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:22861 from system/sepolicy/private/property.te:46
(neverallow domain base_typeattr_745 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
<root>
allow at out/target/product/msmnile_au/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:8901
(allow dumpstate property_type (file (read getattr map open)))
<root>
allow at out/target/product/msmnile_au/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:11533
(allow init property_type (file (read write create getattr setattr relabelto append map unlink rename open)))
<root>
allow at out/target/product/msmnile_au/obj/ETC/plat_pub_versioned.cil_intermediates/plat_pub_versioned.cil:6370
(allow dumpstate_31_0 property_type (file (read getattr map open)))
<root>
allow at out/target/product/msmnile_au/obj/ETC/plat_pub_versioned.cil_intermediates/plat_pub_versioned.cil:8170
(allow init_31_0 property_type (file (read write create getattr setattr relabelto append map unlink rename open)))
Failed to generate binary
Failed to build policydb
然后我检查规则。 system/sepolicy/private/property.te:46 说:
enforce_sysprop_owner(`
neverallow domain {
property_type
-system_property_type
-product_property_type
-vendor_property_type
}:file no_rw_file_perms;
')
和 system/sepolicy/public/dumpstate.te:278 说:
# Read any system properties
get_prop(dumpstate, property_type)
我的问题是,这是否违反了从不允许规则并导致此错误? 如果是,为什么有时不会弹出此错误。 如果不是,我的错误是什么原因?
提前致谢。
【问题讨论】:
标签: compiler-errors android-source selinux seandroid