chcon可实现对文件的SEAndroid安全标签的修改
chcon可实现对文件的SEAndroid安全标签的修改
参考使用如下:
chcon -u u system/app/
chcon -r object_r system/app/
chcon -t system_file system/app/
chcon -u u system/priv-app/
chcon -r object_r system/priv-app/
chcon -t system_file system/priv-app/
chcon -u u system b/.so
chcon -r object_r system b/.so
chcon -t system_library_file system b/*.so
chcon -u u xxx
chcon -r object_r xxx
chcon -t system_file xxx
chcon--reference=RFILE dest
详情请查询 man chcon
chcon的使用需要系统支持selinux,否则命令可能执行失败。
安装selinux
首先应用安装一下
sudo apt-get install selinux
修改配置文件
修改/etc/selinux/config 文件
有效将SELINUX=enforcing
无效SELINUX=disabled
SELINUX=permissive 表示如果不符合selinux规则,仍然可以执行,只是会发出警告
重启机器生效
我的安装日志
apt-get install selinux
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen
selinux-policy-ubuntu selinux-utils
Suggested packages:
selinux-policy-dev
Recommended packages:
selinux-policy-default
The following packages will be REMOVED:
apparmor
The following NEW packages will be installed:
checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen selinux
selinux-policy-ubuntu selinux-utils
0 upgraded, 15 newly installed, 1 to remove and 21 not upgraded.
Need to get 4793 kB of archives.
After this operation, 43.3 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://mirrors.163.com/ubuntu/ precise/main libsigsegv2 amd64 2.9-4ubuntu2 [14.6 kB]
Get:2 http://mirrors.163.com/ubuntu/ precise/main gawk amd64 1:3.1.8+dfsg-0.1ubuntu1 [465 kB]
Get:3 http://mirrors.163.com/ubuntu/ precise/main libsepol1 amd64 2.1.0-1.2 [121 kB]
Get:4 http://mirrors.163.com/ubuntu/ precise/universe libaudit0 amd64 1.7.18-1ubuntu1 [67.5 kB]
Get:5 http://mirrors.163.com/ubuntu/ precise/universe libustr-1.0-1 amd64 1.0.4-2 [77.1 kB]
Get:6 http://mirrors.163.com/ubuntu/ precise/universe libsemanage-common all 2.1.0-2 [6608 B]
Get:7 http://mirrors.163.com/ubuntu/ precise/universe libsemanage1 amd64 2.1.0-2 [86.2 kB]
Get:8 http://mirrors.163.com/ubuntu/ precise/universe python-semanage amd64 2.1.0-2 [60.8 kB]
Get:9 http://mirrors.163.com/ubuntu/ precise/universe python-selinux amd64 2.1.0-4.1ubuntu1 [171 kB]
Get:10 http://mirrors.163.com/ubuntu/ precise/universe python-sepolgen all 1.1.0-1 [75.8 kB]
Get:11 http://mirrors.163.com/ubuntu/ precise-updates/universe policycoreutils amd64 2.1.0-3ubuntu1.1 [520 kB]
Get:12 http://mirrors.163.com/ubuntu/ precise/universe selinux-utils amd64 2.1.0-4.1ubuntu1 [38.3 kB]
Get:13 http://mirrors.163.com/ubuntu/ precise/universe selinux all 1:0.11 [11.2 kB]
Get:14 http://mirrors.163.com/ubuntu/ precise/universe checkpolicy amd64 2.1.0-1.1 [275 kB]
Get:15 http://mirrors.163.com/ubuntu/ precise/universe selinux-policy-ubuntu all 0.2.20091117-0ubuntu2 [2804 kB]
Fetched 4793 kB in 9s (500 kB/s)
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "zh_CN:zh",
LC_ALL = (unset),
LC_TIME = "zh_CN",
LC_MONETARY = "zh_CN",
LC_ADDRESS = "zh_CN",
LC_TELEPHONE = "zh_CN",
LC_NAME = "zh_CN",
LC_MEASUREMENT = "zh_CN",
LC_IDENTIFICATION = "zh_CN",
LC_NUMERIC = "zh_CN",
LC_PAPER = "zh_CN",
LANG = "zh_CN.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Preconfiguring packages ...
/usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_MESSAGES to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_ALL to default locale: No such file or directory
(Reading database ... 84607 files and directories currently installed.)
Removing apparmor ...
* Clearing AppArmor profiles cache [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.
To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Selecting previously unselected package libsigsegv2.
(Reading database ... 84589 files and directories currently installed.)
Unpacking libsigsegv2 (from .../libsigsegv2_2.9-4ubuntu2_amd64.deb) ...
Setting up libsigsegv2 (2.9-4ubuntu2) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Selecting previously unselected package gawk.
(Reading database ... 84597 files and directories currently installed.)
Unpacking gawk (from .../gawk_1%3a3.1.8+dfsg-0.1ubuntu1_amd64.deb) ...
Selecting previously unselected package libsepol1.
Unpacking libsepol1 (from .../libsepol1_2.1.0-1.2_amd64.deb) ...
Selecting previously unselected package libaudit0.
Unpacking libaudit0 (from .../libaudit0_1.7.18-1ubuntu1_amd64.deb) ...
Selecting previously unselected package libustr-1.0-1.
Unpacking libustr-1.0-1 (from .../libustr-1.0-1_1.0.4-2_amd64.deb) ...
Selecting previously unselected package libsemanage-common.
Unpacking libsemanage-common (from .../libsemanage-common_2.1.0-2_all.deb) ...
Selecting previously unselected package libsemanage1.
Unpacking libsemanage1 (from .../libsemanage1_2.1.0-2_amd64.deb) ...
Selecting previously unselected package python-semanage.
Unpacking python-semanage (from .../python-semanage_2.1.0-2_amd64.deb) ...
Selecting previously unselected package python-selinux.
Unpacking python-selinux (from .../python-selinux_2.1.0-4.1ubuntu1_amd64.deb) ...
Selecting previously unselected package python-sepolgen.
Unpacking python-sepolgen (from .../python-sepolgen_1.1.0-1_all.deb) ...
Selecting previously unselected package policycoreutils.
Unpacking policycoreutils (from .../policycoreutils_2.1.0-3ubuntu1.1_amd64.deb) ...
Selecting previously unselected package selinux-utils.
Unpacking selinux-utils (from .../selinux-utils_2.1.0-4.1ubuntu1_amd64.deb) ...
Selecting previously unselected package selinux.
Unpacking selinux (from .../selinux_1%3a0.11_all.deb) ...
Selecting previously unselected package checkpolicy.
Unpacking checkpolicy (from .../checkpolicy_2.1.0-1.1_amd64.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up libaudit0 (1.7.18-1ubuntu1) ...
Setting up libsepol1 (2.1.0-1.2) ...
Setting up libustr-1.0-1 (1.0.4-2) ...
Setting up libsemanage-common (2.1.0-2) ...
Setting up libsemanage1 (2.1.0-2) ...
Setting up python-semanage (2.1.0-2) ...
Setting up python-selinux (2.1.0-4.1ubuntu1) ...
Setting up python-sepolgen (1.1.0-1) ...
Setting up policycoreutils (2.1.0-3ubuntu1.1) ...
update-rc.d: warning: policycoreutils start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
update-rc.d: warning: mcstrans start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
update-rc.d: warning: sandbox start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
Setting up selinux-utils (2.1.0-4.1ubuntu1) ...
Setting up selinux (1:0.11) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Generating grub.cfg ...
Found linux image: /boot/vmlinuz-3.8.0-44-generic
Found initrd image: /boot/initrd.img-3.8.0-44-generic
Found linux image: /boot/vmlinuz-3.8.0-29-generic
Found initrd image: /boot/initrd.img-3.8.0-29-generic
Found memtest86+ image: /boot/memtest86+.bin
done
* Starting SELinux autorelabel [ OK ]
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for python-support ...
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-3.8.0-44-generic
Selecting previously unselected package selinux-policy-ubuntu.
(Reading database ... 85025 files and directories currently installed.)
Unpacking selinux-policy-ubuntu (from .../selinux-policy-ubuntu_0.2.20091117-0ubuntu2_all.deb) ...
Setting up gawk (1:3.1.8+dfsg-0.1ubuntu1) ...
Setting up checkpolicy (2.1.0-1.1) ...
Setting up selinux-policy-ubuntu (0.2.20091117-0ubuntu2) ...
Updating /etc/selinux/config.
Processing triggers for selinux ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
semodule deferred processing now taking place
/usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed.
* File relabel will occur upon next shutdown/reboot.
* Starting SELinux autorelabel * A relabel has already been requested. Please reboot to finish relabeling your system.
分类: android安全
chcon可实现对文件的SEAndroid安全标签的修改的更多相关文章
- .net 大文件上传注意,修改 IIS 配置
原因 Web 服务器上的请求筛选被配置为拒绝该请求,因为内容长度超过配置的值. 可尝试的操作:确认 applicationhost.config 或 web.config 文件中的 configura ...
- NetBeans文件被锁,无法修改
今天用NetBeans写有关Dojo的一个样例时,出现文件被锁,无法修改的情况.找了半天,但是就是不知道是什么原因,我就写在博客上记录下来
- 在windows+eclipse+git遇到的未修改文件被标记为已修改的问题
最近遇到2个具体的问题: 1.我们有个工程里面有几个外部jar包,这几个jar包经常会更新,更新的时候如果是在eclipse中执行的,由于windows文件机制,所以会报错无法覆盖这几个jar包.虽然 ...
- 定时删除文件夹"$1"下最后修改时间大于当前时间"$2"天的文件
shell 脚本: #!/bin/bash now=`date "+%Y-%m-%d_%H:%M:%S"` #获取当前时间 echo "当前时间: " ...
- Dream------Java--ant zip 对压缩文件进行指定位置的修改
ant zip 对压缩文件进行指定位置的修改 实现功能: 对2中文件进行修改: 需求: 在XX文件中,从二进制流的200字节位置开始,往后的30位字节数量.插入一个值 由于涉及到公司内部,不方便写太多 ...
- 错误:38-Corel VideoStudio文件已损坏或被修改。请重新安装原始来源解决方法。
打开 Corel VideoStudio Pro X5(绘声绘影)弹出一下警告. 错误:38-Corel VideoStudio文件已损坏或被修改.请重新安装原始来源解决方法. [第一方法]:控制面板 ...
- 个人永久性免费-Excel催化剂功能第22波-Excel文件类型、密码批量修改,补齐PowerQuery短板
Excel的多工作薄.多工作表批量合并功能,Excel用户很多这方面的使用场景,也促使了各大Excel各大插件们都在此功能上有所开发,体验程度不一,但总体能够满足大多数的应用场景,本人之前也开发个单独 ...
- python 修改文件的创建时间、修改时间、访问时间
目录 python 修改文件创建.修改.访问时间 方案一 方案二(无法修改文件创建时间) python 修改文件创建.修改.访问时间 突如其来想知道一下 python 如何修改文件的属性(创建.修改. ...
- 在Linux中,没有文件创建时间的概念。只有文件的访问时间、修改时间、状态改变时间
在Linux中,没有文件创建时间的概念.只有文件的访问时间.修改时间.状态改变时间.也就是说不能知道文件的创建时间.但如果文件创建后就没有修改过,修改时间=创建时间:如果文件创建后,状态就没有改变过, ...
随机推荐
- Task could not find "AxImp.exe" using the SdkToolsPath "C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\"
本机v7.0A目录里没有AxImp.exe,无奈只能去官网下了个V7.1的. 安装完V7.1后,去“开始-所有程序-Microsoft Windows SDK v7.1”里找到Windows SDK ...
- HDU 5584 LCM Walk 数学
LCM Walk Time Limit: 20 Sec Memory Limit: 256 MB 题目连接 http://acm.hdu.edu.cn/showproblem.php?pid=5584 ...
- Redis缓存服务搭建及实现数据读写
发现博客园中好多大牛在介绍自己的开源项目是很少用到缓存,比如Memcached.Redis.mongodb等,今天得空抽时间把Redis缓存研究了一下,写下来总结一下,跟大家一起分享 一下.由于小弟水 ...
- IOS试题收集1
IOS试题收集1 1.Objective C中有多继承吗?没有的话用什么代替? Protocol 2.Objective C中有私有方法吗?私有变量呢? OC类里面只有静态方法和实例方法这两种,@pr ...
- Golang学习 - 学习资源列表
Golang 学习资源: <Go 语言圣经(中文版)> - 书籍 http://shinley.com/index.html <学习 Go 语言> - 书籍 http://w ...
- 关于 Android项目“error: Apostrophe not preceded by \ (”的解决方法
用Eclipse环境开发Android项目,如果编译时控制台报出“error: Apostrophe not preceded by \ (”这种错误,那么多半是因为项目中的一个strings.xml ...
- alljoyn连接时-fno-rtti选项测试结果
以AllJoyn自带的chat示例在pc上测试结果如下: libAllJoyn.a编译选项 Chat编译选项 测试结果 -Wall -Werror=non-virtual-dtor -pipe -st ...
- jQuery ajax - ajax() 方法
1.jsp页面 function onSaveClick(btn) {//保存 $.ajax({ url : "" , type : "POST", data ...
- NSURLConnection 网络超时的那些事(转别人整理的)
NSURLConnection 网络超时的那些事(转别人整理的) 在ios平台上做网络开发最常用的两个类: NSMutableURLRequest *urlRequest = [[NSMutableU ...
- ArcEngine实现捕捉节点
来自:http://blog.sina.com.cn/s/blog_4d0b75870100o960.html //获取最近的结点,然后在 OnMouseMove中显示 //pnt:鼠标移动点 // ...