chcon可实现对文件的SEAndroid安全标签的修改
chcon可实现对文件的SEAndroid安全标签的修改
参考使用如下:
chcon -u u system/app/
chcon -r object_r system/app/
chcon -t system_file system/app/
chcon -u u system/priv-app/
chcon -r object_r system/priv-app/
chcon -t system_file system/priv-app/
chcon -u u system b/.so
chcon -r object_r system b/.so
chcon -t system_library_file system b/*.so
chcon -u u xxx
chcon -r object_r xxx
chcon -t system_file xxx
chcon--reference=RFILE dest
详情请查询 man chcon
chcon的使用需要系统支持selinux,否则命令可能执行失败。
安装selinux
首先应用安装一下
sudo apt-get install selinux
修改配置文件
修改/etc/selinux/config 文件
有效将SELINUX=enforcing
无效SELINUX=disabled
SELINUX=permissive 表示如果不符合selinux规则,仍然可以执行,只是会发出警告
重启机器生效
我的安装日志
apt-get install selinux
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen
selinux-policy-ubuntu selinux-utils
Suggested packages:
selinux-policy-dev
Recommended packages:
selinux-policy-default
The following packages will be REMOVED:
apparmor
The following NEW packages will be installed:
checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen selinux
selinux-policy-ubuntu selinux-utils
0 upgraded, 15 newly installed, 1 to remove and 21 not upgraded.
Need to get 4793 kB of archives.
After this operation, 43.3 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://mirrors.163.com/ubuntu/ precise/main libsigsegv2 amd64 2.9-4ubuntu2 [14.6 kB]
Get:2 http://mirrors.163.com/ubuntu/ precise/main gawk amd64 1:3.1.8+dfsg-0.1ubuntu1 [465 kB]
Get:3 http://mirrors.163.com/ubuntu/ precise/main libsepol1 amd64 2.1.0-1.2 [121 kB]
Get:4 http://mirrors.163.com/ubuntu/ precise/universe libaudit0 amd64 1.7.18-1ubuntu1 [67.5 kB]
Get:5 http://mirrors.163.com/ubuntu/ precise/universe libustr-1.0-1 amd64 1.0.4-2 [77.1 kB]
Get:6 http://mirrors.163.com/ubuntu/ precise/universe libsemanage-common all 2.1.0-2 [6608 B]
Get:7 http://mirrors.163.com/ubuntu/ precise/universe libsemanage1 amd64 2.1.0-2 [86.2 kB]
Get:8 http://mirrors.163.com/ubuntu/ precise/universe python-semanage amd64 2.1.0-2 [60.8 kB]
Get:9 http://mirrors.163.com/ubuntu/ precise/universe python-selinux amd64 2.1.0-4.1ubuntu1 [171 kB]
Get:10 http://mirrors.163.com/ubuntu/ precise/universe python-sepolgen all 1.1.0-1 [75.8 kB]
Get:11 http://mirrors.163.com/ubuntu/ precise-updates/universe policycoreutils amd64 2.1.0-3ubuntu1.1 [520 kB]
Get:12 http://mirrors.163.com/ubuntu/ precise/universe selinux-utils amd64 2.1.0-4.1ubuntu1 [38.3 kB]
Get:13 http://mirrors.163.com/ubuntu/ precise/universe selinux all 1:0.11 [11.2 kB]
Get:14 http://mirrors.163.com/ubuntu/ precise/universe checkpolicy amd64 2.1.0-1.1 [275 kB]
Get:15 http://mirrors.163.com/ubuntu/ precise/universe selinux-policy-ubuntu all 0.2.20091117-0ubuntu2 [2804 kB]
Fetched 4793 kB in 9s (500 kB/s)
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "zh_CN:zh",
LC_ALL = (unset),
LC_TIME = "zh_CN",
LC_MONETARY = "zh_CN",
LC_ADDRESS = "zh_CN",
LC_TELEPHONE = "zh_CN",
LC_NAME = "zh_CN",
LC_MEASUREMENT = "zh_CN",
LC_IDENTIFICATION = "zh_CN",
LC_NUMERIC = "zh_CN",
LC_PAPER = "zh_CN",
LANG = "zh_CN.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Preconfiguring packages ...
/usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_MESSAGES to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_ALL to default locale: No such file or directory
(Reading database ... 84607 files and directories currently installed.)
Removing apparmor ...
* Clearing AppArmor profiles cache [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.
To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Selecting previously unselected package libsigsegv2.
(Reading database ... 84589 files and directories currently installed.)
Unpacking libsigsegv2 (from .../libsigsegv2_2.9-4ubuntu2_amd64.deb) ...
Setting up libsigsegv2 (2.9-4ubuntu2) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Selecting previously unselected package gawk.
(Reading database ... 84597 files and directories currently installed.)
Unpacking gawk (from .../gawk_1%3a3.1.8+dfsg-0.1ubuntu1_amd64.deb) ...
Selecting previously unselected package libsepol1.
Unpacking libsepol1 (from .../libsepol1_2.1.0-1.2_amd64.deb) ...
Selecting previously unselected package libaudit0.
Unpacking libaudit0 (from .../libaudit0_1.7.18-1ubuntu1_amd64.deb) ...
Selecting previously unselected package libustr-1.0-1.
Unpacking libustr-1.0-1 (from .../libustr-1.0-1_1.0.4-2_amd64.deb) ...
Selecting previously unselected package libsemanage-common.
Unpacking libsemanage-common (from .../libsemanage-common_2.1.0-2_all.deb) ...
Selecting previously unselected package libsemanage1.
Unpacking libsemanage1 (from .../libsemanage1_2.1.0-2_amd64.deb) ...
Selecting previously unselected package python-semanage.
Unpacking python-semanage (from .../python-semanage_2.1.0-2_amd64.deb) ...
Selecting previously unselected package python-selinux.
Unpacking python-selinux (from .../python-selinux_2.1.0-4.1ubuntu1_amd64.deb) ...
Selecting previously unselected package python-sepolgen.
Unpacking python-sepolgen (from .../python-sepolgen_1.1.0-1_all.deb) ...
Selecting previously unselected package policycoreutils.
Unpacking policycoreutils (from .../policycoreutils_2.1.0-3ubuntu1.1_amd64.deb) ...
Selecting previously unselected package selinux-utils.
Unpacking selinux-utils (from .../selinux-utils_2.1.0-4.1ubuntu1_amd64.deb) ...
Selecting previously unselected package selinux.
Unpacking selinux (from .../selinux_1%3a0.11_all.deb) ...
Selecting previously unselected package checkpolicy.
Unpacking checkpolicy (from .../checkpolicy_2.1.0-1.1_amd64.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up libaudit0 (1.7.18-1ubuntu1) ...
Setting up libsepol1 (2.1.0-1.2) ...
Setting up libustr-1.0-1 (1.0.4-2) ...
Setting up libsemanage-common (2.1.0-2) ...
Setting up libsemanage1 (2.1.0-2) ...
Setting up python-semanage (2.1.0-2) ...
Setting up python-selinux (2.1.0-4.1ubuntu1) ...
Setting up python-sepolgen (1.1.0-1) ...
Setting up policycoreutils (2.1.0-3ubuntu1.1) ...
update-rc.d: warning: policycoreutils start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
update-rc.d: warning: mcstrans start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
update-rc.d: warning: sandbox start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
Setting up selinux-utils (2.1.0-4.1ubuntu1) ...
Setting up selinux (1:0.11) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Generating grub.cfg ...
Found linux image: /boot/vmlinuz-3.8.0-44-generic
Found initrd image: /boot/initrd.img-3.8.0-44-generic
Found linux image: /boot/vmlinuz-3.8.0-29-generic
Found initrd image: /boot/initrd.img-3.8.0-29-generic
Found memtest86+ image: /boot/memtest86+.bin
done
* Starting SELinux autorelabel [ OK ]
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for python-support ...
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-3.8.0-44-generic
Selecting previously unselected package selinux-policy-ubuntu.
(Reading database ... 85025 files and directories currently installed.)
Unpacking selinux-policy-ubuntu (from .../selinux-policy-ubuntu_0.2.20091117-0ubuntu2_all.deb) ...
Setting up gawk (1:3.1.8+dfsg-0.1ubuntu1) ...
Setting up checkpolicy (2.1.0-1.1) ...
Setting up selinux-policy-ubuntu (0.2.20091117-0ubuntu2) ...
Updating /etc/selinux/config.
Processing triggers for selinux ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
semodule deferred processing now taking place
/usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed.
* File relabel will occur upon next shutdown/reboot.
* Starting SELinux autorelabel * A relabel has already been requested. Please reboot to finish relabeling your system.
分类: android安全
chcon可实现对文件的SEAndroid安全标签的修改的更多相关文章
- .net 大文件上传注意,修改 IIS 配置
原因 Web 服务器上的请求筛选被配置为拒绝该请求,因为内容长度超过配置的值. 可尝试的操作:确认 applicationhost.config 或 web.config 文件中的 configura ...
- NetBeans文件被锁,无法修改
今天用NetBeans写有关Dojo的一个样例时,出现文件被锁,无法修改的情况.找了半天,但是就是不知道是什么原因,我就写在博客上记录下来
- 在windows+eclipse+git遇到的未修改文件被标记为已修改的问题
最近遇到2个具体的问题: 1.我们有个工程里面有几个外部jar包,这几个jar包经常会更新,更新的时候如果是在eclipse中执行的,由于windows文件机制,所以会报错无法覆盖这几个jar包.虽然 ...
- 定时删除文件夹"$1"下最后修改时间大于当前时间"$2"天的文件
shell 脚本: #!/bin/bash now=`date "+%Y-%m-%d_%H:%M:%S"` #获取当前时间 echo "当前时间: " ...
- Dream------Java--ant zip 对压缩文件进行指定位置的修改
ant zip 对压缩文件进行指定位置的修改 实现功能: 对2中文件进行修改: 需求: 在XX文件中,从二进制流的200字节位置开始,往后的30位字节数量.插入一个值 由于涉及到公司内部,不方便写太多 ...
- 错误:38-Corel VideoStudio文件已损坏或被修改。请重新安装原始来源解决方法。
打开 Corel VideoStudio Pro X5(绘声绘影)弹出一下警告. 错误:38-Corel VideoStudio文件已损坏或被修改.请重新安装原始来源解决方法. [第一方法]:控制面板 ...
- 个人永久性免费-Excel催化剂功能第22波-Excel文件类型、密码批量修改,补齐PowerQuery短板
Excel的多工作薄.多工作表批量合并功能,Excel用户很多这方面的使用场景,也促使了各大Excel各大插件们都在此功能上有所开发,体验程度不一,但总体能够满足大多数的应用场景,本人之前也开发个单独 ...
- python 修改文件的创建时间、修改时间、访问时间
目录 python 修改文件创建.修改.访问时间 方案一 方案二(无法修改文件创建时间) python 修改文件创建.修改.访问时间 突如其来想知道一下 python 如何修改文件的属性(创建.修改. ...
- 在Linux中,没有文件创建时间的概念。只有文件的访问时间、修改时间、状态改变时间
在Linux中,没有文件创建时间的概念.只有文件的访问时间.修改时间.状态改变时间.也就是说不能知道文件的创建时间.但如果文件创建后就没有修改过,修改时间=创建时间:如果文件创建后,状态就没有改变过, ...
随机推荐
- 全面认识jQuery.fn,菜鸟总结
今天想做树形导航栏,查找了资料,找到了一个框架,比较小所以研究其中的代码,发现第一句话就把我难住了,主角是——jQuery.fn. 在此,再次停住,只好继续找资料,现在整理下自己所理解到的知识. 一, ...
- Codeforces Round #306 (Div. 2) A. Two Substrings 水题
A. Two Substrings Time Limit: 20 Sec Memory Limit: 256 MB 题目连接 http://codeforces.com/contest/550/pro ...
- C语言排序算法
(1)“冒泡法” 冒泡法大家都较熟悉.其原理为从a[0]开始,依次将其和后面的元素比较,若a[0]>a[i],则交换它们,一直比较到a[n].同理对a[1],a[2],...a[n-1]处理,即 ...
- workflow 工作流
https://documentation.devexpress.com/#Xaf/CustomDocument3356
- defer和async的区别
先来试个一句话解释仨,当浏览器碰到 script 脚本的时候: <script src="script.js"></script> 没有 defer 或 a ...
- QoS 测量 (目标,方法,协议)
本文翻译自ITU-T的Technical Paper:<How to increase QoS/QoE of IP-based platform(s) to regionally agreed ...
- js判断加载大小页面
大页面里的js: <script> function jmp(){ var w = document.body.clientWidth; if( w > window.screen. ...
- Creating a CSRF protection with Spring 3.x--reference
reference from:http://info.michael-simons.eu/2012/01/11/creating-a-csrf-protection-with-spring-3-1/ ...
- Laravel 5.0 之命令及处理程序
本文译自 Matt Stauffer 的 系列文章 . 本文中涉及的新功能都是关于 Commands 的,这些特性在 Laravel 旧版本中已经有了,但是在 Laravel 5.0 中变得更加好用了 ...
- 倒数计数器-CountDownLatch
最近写一个多线程程序,老是MAIN方法执行完了子线程还没执行完(不知道以前怎么玩儿的),得不到最终结果,于是找到了CountDownLatch CountDownLatch是一个同步辅助类,java. ...