chcon可实现对文件的SEAndroid安全标签的修改
chcon可实现对文件的SEAndroid安全标签的修改
参考使用如下:
chcon -u u system/app/
chcon -r object_r system/app/
chcon -t system_file system/app/
chcon -u u system/priv-app/
chcon -r object_r system/priv-app/
chcon -t system_file system/priv-app/
chcon -u u system b/.so
chcon -r object_r system b/.so
chcon -t system_library_file system b/*.so
chcon -u u xxx
chcon -r object_r xxx
chcon -t system_file xxx
chcon--reference=RFILE dest
详情请查询 man chcon
chcon的使用需要系统支持selinux,否则命令可能执行失败。
安装selinux
首先应用安装一下
sudo apt-get install selinux
修改配置文件
修改/etc/selinux/config 文件
有效将SELINUX=enforcing
无效SELINUX=disabled
SELINUX=permissive 表示如果不符合selinux规则,仍然可以执行,只是会发出警告
重启机器生效
我的安装日志
apt-get install selinux
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen
selinux-policy-ubuntu selinux-utils
Suggested packages:
selinux-policy-dev
Recommended packages:
selinux-policy-default
The following packages will be REMOVED:
apparmor
The following NEW packages will be installed:
checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen selinux
selinux-policy-ubuntu selinux-utils
0 upgraded, 15 newly installed, 1 to remove and 21 not upgraded.
Need to get 4793 kB of archives.
After this operation, 43.3 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://mirrors.163.com/ubuntu/ precise/main libsigsegv2 amd64 2.9-4ubuntu2 [14.6 kB]
Get:2 http://mirrors.163.com/ubuntu/ precise/main gawk amd64 1:3.1.8+dfsg-0.1ubuntu1 [465 kB]
Get:3 http://mirrors.163.com/ubuntu/ precise/main libsepol1 amd64 2.1.0-1.2 [121 kB]
Get:4 http://mirrors.163.com/ubuntu/ precise/universe libaudit0 amd64 1.7.18-1ubuntu1 [67.5 kB]
Get:5 http://mirrors.163.com/ubuntu/ precise/universe libustr-1.0-1 amd64 1.0.4-2 [77.1 kB]
Get:6 http://mirrors.163.com/ubuntu/ precise/universe libsemanage-common all 2.1.0-2 [6608 B]
Get:7 http://mirrors.163.com/ubuntu/ precise/universe libsemanage1 amd64 2.1.0-2 [86.2 kB]
Get:8 http://mirrors.163.com/ubuntu/ precise/universe python-semanage amd64 2.1.0-2 [60.8 kB]
Get:9 http://mirrors.163.com/ubuntu/ precise/universe python-selinux amd64 2.1.0-4.1ubuntu1 [171 kB]
Get:10 http://mirrors.163.com/ubuntu/ precise/universe python-sepolgen all 1.1.0-1 [75.8 kB]
Get:11 http://mirrors.163.com/ubuntu/ precise-updates/universe policycoreutils amd64 2.1.0-3ubuntu1.1 [520 kB]
Get:12 http://mirrors.163.com/ubuntu/ precise/universe selinux-utils amd64 2.1.0-4.1ubuntu1 [38.3 kB]
Get:13 http://mirrors.163.com/ubuntu/ precise/universe selinux all 1:0.11 [11.2 kB]
Get:14 http://mirrors.163.com/ubuntu/ precise/universe checkpolicy amd64 2.1.0-1.1 [275 kB]
Get:15 http://mirrors.163.com/ubuntu/ precise/universe selinux-policy-ubuntu all 0.2.20091117-0ubuntu2 [2804 kB]
Fetched 4793 kB in 9s (500 kB/s)
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "zh_CN:zh",
LC_ALL = (unset),
LC_TIME = "zh_CN",
LC_MONETARY = "zh_CN",
LC_ADDRESS = "zh_CN",
LC_TELEPHONE = "zh_CN",
LC_NAME = "zh_CN",
LC_MEASUREMENT = "zh_CN",
LC_IDENTIFICATION = "zh_CN",
LC_NUMERIC = "zh_CN",
LC_PAPER = "zh_CN",
LANG = "zh_CN.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Preconfiguring packages ...
/usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_MESSAGES to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_ALL to default locale: No such file or directory
(Reading database ... 84607 files and directories currently installed.)
Removing apparmor ...
* Clearing AppArmor profiles cache [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.
To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Selecting previously unselected package libsigsegv2.
(Reading database ... 84589 files and directories currently installed.)
Unpacking libsigsegv2 (from .../libsigsegv2_2.9-4ubuntu2_amd64.deb) ...
Setting up libsigsegv2 (2.9-4ubuntu2) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Selecting previously unselected package gawk.
(Reading database ... 84597 files and directories currently installed.)
Unpacking gawk (from .../gawk_1%3a3.1.8+dfsg-0.1ubuntu1_amd64.deb) ...
Selecting previously unselected package libsepol1.
Unpacking libsepol1 (from .../libsepol1_2.1.0-1.2_amd64.deb) ...
Selecting previously unselected package libaudit0.
Unpacking libaudit0 (from .../libaudit0_1.7.18-1ubuntu1_amd64.deb) ...
Selecting previously unselected package libustr-1.0-1.
Unpacking libustr-1.0-1 (from .../libustr-1.0-1_1.0.4-2_amd64.deb) ...
Selecting previously unselected package libsemanage-common.
Unpacking libsemanage-common (from .../libsemanage-common_2.1.0-2_all.deb) ...
Selecting previously unselected package libsemanage1.
Unpacking libsemanage1 (from .../libsemanage1_2.1.0-2_amd64.deb) ...
Selecting previously unselected package python-semanage.
Unpacking python-semanage (from .../python-semanage_2.1.0-2_amd64.deb) ...
Selecting previously unselected package python-selinux.
Unpacking python-selinux (from .../python-selinux_2.1.0-4.1ubuntu1_amd64.deb) ...
Selecting previously unselected package python-sepolgen.
Unpacking python-sepolgen (from .../python-sepolgen_1.1.0-1_all.deb) ...
Selecting previously unselected package policycoreutils.
Unpacking policycoreutils (from .../policycoreutils_2.1.0-3ubuntu1.1_amd64.deb) ...
Selecting previously unselected package selinux-utils.
Unpacking selinux-utils (from .../selinux-utils_2.1.0-4.1ubuntu1_amd64.deb) ...
Selecting previously unselected package selinux.
Unpacking selinux (from .../selinux_1%3a0.11_all.deb) ...
Selecting previously unselected package checkpolicy.
Unpacking checkpolicy (from .../checkpolicy_2.1.0-1.1_amd64.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up libaudit0 (1.7.18-1ubuntu1) ...
Setting up libsepol1 (2.1.0-1.2) ...
Setting up libustr-1.0-1 (1.0.4-2) ...
Setting up libsemanage-common (2.1.0-2) ...
Setting up libsemanage1 (2.1.0-2) ...
Setting up python-semanage (2.1.0-2) ...
Setting up python-selinux (2.1.0-4.1ubuntu1) ...
Setting up python-sepolgen (1.1.0-1) ...
Setting up policycoreutils (2.1.0-3ubuntu1.1) ...
update-rc.d: warning: policycoreutils start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
update-rc.d: warning: mcstrans start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
update-rc.d: warning: sandbox start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
Setting up selinux-utils (2.1.0-4.1ubuntu1) ...
Setting up selinux (1:0.11) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Generating grub.cfg ...
Found linux image: /boot/vmlinuz-3.8.0-44-generic
Found initrd image: /boot/initrd.img-3.8.0-44-generic
Found linux image: /boot/vmlinuz-3.8.0-29-generic
Found initrd image: /boot/initrd.img-3.8.0-29-generic
Found memtest86+ image: /boot/memtest86+.bin
done
* Starting SELinux autorelabel [ OK ]
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for python-support ...
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-3.8.0-44-generic
Selecting previously unselected package selinux-policy-ubuntu.
(Reading database ... 85025 files and directories currently installed.)
Unpacking selinux-policy-ubuntu (from .../selinux-policy-ubuntu_0.2.20091117-0ubuntu2_all.deb) ...
Setting up gawk (1:3.1.8+dfsg-0.1ubuntu1) ...
Setting up checkpolicy (2.1.0-1.1) ...
Setting up selinux-policy-ubuntu (0.2.20091117-0ubuntu2) ...
Updating /etc/selinux/config.
Processing triggers for selinux ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
semodule deferred processing now taking place
/usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed.
* File relabel will occur upon next shutdown/reboot.
* Starting SELinux autorelabel * A relabel has already been requested. Please reboot to finish relabeling your system.
分类: android安全
chcon可实现对文件的SEAndroid安全标签的修改的更多相关文章
- .net 大文件上传注意,修改 IIS 配置
原因 Web 服务器上的请求筛选被配置为拒绝该请求,因为内容长度超过配置的值. 可尝试的操作:确认 applicationhost.config 或 web.config 文件中的 configura ...
- NetBeans文件被锁,无法修改
今天用NetBeans写有关Dojo的一个样例时,出现文件被锁,无法修改的情况.找了半天,但是就是不知道是什么原因,我就写在博客上记录下来
- 在windows+eclipse+git遇到的未修改文件被标记为已修改的问题
最近遇到2个具体的问题: 1.我们有个工程里面有几个外部jar包,这几个jar包经常会更新,更新的时候如果是在eclipse中执行的,由于windows文件机制,所以会报错无法覆盖这几个jar包.虽然 ...
- 定时删除文件夹"$1"下最后修改时间大于当前时间"$2"天的文件
shell 脚本: #!/bin/bash now=`date "+%Y-%m-%d_%H:%M:%S"` #获取当前时间 echo "当前时间: " ...
- Dream------Java--ant zip 对压缩文件进行指定位置的修改
ant zip 对压缩文件进行指定位置的修改 实现功能: 对2中文件进行修改: 需求: 在XX文件中,从二进制流的200字节位置开始,往后的30位字节数量.插入一个值 由于涉及到公司内部,不方便写太多 ...
- 错误:38-Corel VideoStudio文件已损坏或被修改。请重新安装原始来源解决方法。
打开 Corel VideoStudio Pro X5(绘声绘影)弹出一下警告. 错误:38-Corel VideoStudio文件已损坏或被修改.请重新安装原始来源解决方法. [第一方法]:控制面板 ...
- 个人永久性免费-Excel催化剂功能第22波-Excel文件类型、密码批量修改,补齐PowerQuery短板
Excel的多工作薄.多工作表批量合并功能,Excel用户很多这方面的使用场景,也促使了各大Excel各大插件们都在此功能上有所开发,体验程度不一,但总体能够满足大多数的应用场景,本人之前也开发个单独 ...
- python 修改文件的创建时间、修改时间、访问时间
目录 python 修改文件创建.修改.访问时间 方案一 方案二(无法修改文件创建时间) python 修改文件创建.修改.访问时间 突如其来想知道一下 python 如何修改文件的属性(创建.修改. ...
- 在Linux中,没有文件创建时间的概念。只有文件的访问时间、修改时间、状态改变时间
在Linux中,没有文件创建时间的概念.只有文件的访问时间.修改时间.状态改变时间.也就是说不能知道文件的创建时间.但如果文件创建后就没有修改过,修改时间=创建时间:如果文件创建后,状态就没有改变过, ...
随机推荐
- HDU 5584 LCM Walk 数学
LCM Walk Time Limit: 20 Sec Memory Limit: 256 MB 题目连接 http://acm.hdu.edu.cn/showproblem.php?pid=5584 ...
- Codeforces Round #307 (Div. 2) A. GukiZ and Contest 水题
A. GukiZ and Contest Time Limit: 20 Sec Memory Limit: 256 MB 题目连接 http://codeforces.com/contest/551/ ...
- BBOSS框架使用jquery方式传參到后台的时候,要注意的事项
BBOSS框架.从前台传到后台的时候,參数要以这样的方式: public String initAddOrModExtendUser(HttpServletRequest request, ...
- oracle 有用站点
使用oradebug修改数据库scn – 提供专业ORACLE技术咨询和支持@Phone13429648788 - 惜分飞 Solaris上使用DTrace进行动态跟踪 老熊的三分地-Oracle及数 ...
- [原创]SSIS-WMI 数据读取器任务:监控物理磁盘空间
背景: 随着时间的推移,我们的DW会越来越大,也就意味着磁盘空间会越来越小,那如果哪一天留意不当,就会造成磁盘空间的不足而导致ETL失败,最终影响我们的系统的数据正确性和使用,更严重的有可 ...
- iPhone重绘机制drawRect
如何使用iPhone进行绘图.重绘操作iPhone的绘图操作是在UIView类的drawRect方法中完成的,所以如果我们要想在一个UIView中绘图,需要写一个扩展UIView 的类,并重写draw ...
- mysql管理员操作
mysql查帮助手册的技巧:help 你的命令:比如 help create; >>显示mysql中用户:select host,user from mysql.user; >> ...
- chrpath工具使用
转载:http://www.cnblogs.com/kungfupanda/p/3708799.html chrpath是用来改变程序的depends lib 的搜索路径的,比如我们一般使用$ldd ...
- LeetCode57 Insert Interval
题目: Given a set of non-overlapping intervals, insert a new interval into the intervals (merge if nec ...
- LeetCode31 Next Permutation
题目: Implement next permutation, which rearranges numbers into the lexicographically next greater per ...