chcon可实现对文件的SEAndroid安全标签的修改
chcon可实现对文件的SEAndroid安全标签的修改
参考使用如下:
chcon -u u system/app/
chcon -r object_r system/app/
chcon -t system_file system/app/
chcon -u u system/priv-app/
chcon -r object_r system/priv-app/
chcon -t system_file system/priv-app/
chcon -u u system b/.so
chcon -r object_r system b/.so
chcon -t system_library_file system b/*.so
chcon -u u xxx
chcon -r object_r xxx
chcon -t system_file xxx
chcon--reference=RFILE dest
详情请查询 man chcon
chcon的使用需要系统支持selinux,否则命令可能执行失败。
安装selinux
首先应用安装一下
sudo apt-get install selinux
修改配置文件
修改/etc/selinux/config 文件
有效将SELINUX=enforcing
无效SELINUX=disabled
SELINUX=permissive 表示如果不符合selinux规则,仍然可以执行,只是会发出警告
重启机器生效
我的安装日志
apt-get install selinux
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen
selinux-policy-ubuntu selinux-utils
Suggested packages:
selinux-policy-dev
Recommended packages:
selinux-policy-default
The following packages will be REMOVED:
apparmor
The following NEW packages will be installed:
checkpolicy gawk libaudit0 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libustr-1.0-1 policycoreutils python-selinux python-semanage python-sepolgen selinux
selinux-policy-ubuntu selinux-utils
0 upgraded, 15 newly installed, 1 to remove and 21 not upgraded.
Need to get 4793 kB of archives.
After this operation, 43.3 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://mirrors.163.com/ubuntu/ precise/main libsigsegv2 amd64 2.9-4ubuntu2 [14.6 kB]
Get:2 http://mirrors.163.com/ubuntu/ precise/main gawk amd64 1:3.1.8+dfsg-0.1ubuntu1 [465 kB]
Get:3 http://mirrors.163.com/ubuntu/ precise/main libsepol1 amd64 2.1.0-1.2 [121 kB]
Get:4 http://mirrors.163.com/ubuntu/ precise/universe libaudit0 amd64 1.7.18-1ubuntu1 [67.5 kB]
Get:5 http://mirrors.163.com/ubuntu/ precise/universe libustr-1.0-1 amd64 1.0.4-2 [77.1 kB]
Get:6 http://mirrors.163.com/ubuntu/ precise/universe libsemanage-common all 2.1.0-2 [6608 B]
Get:7 http://mirrors.163.com/ubuntu/ precise/universe libsemanage1 amd64 2.1.0-2 [86.2 kB]
Get:8 http://mirrors.163.com/ubuntu/ precise/universe python-semanage amd64 2.1.0-2 [60.8 kB]
Get:9 http://mirrors.163.com/ubuntu/ precise/universe python-selinux amd64 2.1.0-4.1ubuntu1 [171 kB]
Get:10 http://mirrors.163.com/ubuntu/ precise/universe python-sepolgen all 1.1.0-1 [75.8 kB]
Get:11 http://mirrors.163.com/ubuntu/ precise-updates/universe policycoreutils amd64 2.1.0-3ubuntu1.1 [520 kB]
Get:12 http://mirrors.163.com/ubuntu/ precise/universe selinux-utils amd64 2.1.0-4.1ubuntu1 [38.3 kB]
Get:13 http://mirrors.163.com/ubuntu/ precise/universe selinux all 1:0.11 [11.2 kB]
Get:14 http://mirrors.163.com/ubuntu/ precise/universe checkpolicy amd64 2.1.0-1.1 [275 kB]
Get:15 http://mirrors.163.com/ubuntu/ precise/universe selinux-policy-ubuntu all 0.2.20091117-0ubuntu2 [2804 kB]
Fetched 4793 kB in 9s (500 kB/s)
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "zh_CN:zh",
LC_ALL = (unset),
LC_TIME = "zh_CN",
LC_MONETARY = "zh_CN",
LC_ADDRESS = "zh_CN",
LC_TELEPHONE = "zh_CN",
LC_NAME = "zh_CN",
LC_MEASUREMENT = "zh_CN",
LC_IDENTIFICATION = "zh_CN",
LC_NUMERIC = "zh_CN",
LC_PAPER = "zh_CN",
LANG = "zh_CN.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Preconfiguring packages ...
/usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_MESSAGES to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_ALL to default locale: No such file or directory
(Reading database ... 84607 files and directories currently installed.)
Removing apparmor ...
* Clearing AppArmor profiles cache [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.
To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Selecting previously unselected package libsigsegv2.
(Reading database ... 84589 files and directories currently installed.)
Unpacking libsigsegv2 (from .../libsigsegv2_2.9-4ubuntu2_amd64.deb) ...
Setting up libsigsegv2 (2.9-4ubuntu2) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Selecting previously unselected package gawk.
(Reading database ... 84597 files and directories currently installed.)
Unpacking gawk (from .../gawk_1%3a3.1.8+dfsg-0.1ubuntu1_amd64.deb) ...
Selecting previously unselected package libsepol1.
Unpacking libsepol1 (from .../libsepol1_2.1.0-1.2_amd64.deb) ...
Selecting previously unselected package libaudit0.
Unpacking libaudit0 (from .../libaudit0_1.7.18-1ubuntu1_amd64.deb) ...
Selecting previously unselected package libustr-1.0-1.
Unpacking libustr-1.0-1 (from .../libustr-1.0-1_1.0.4-2_amd64.deb) ...
Selecting previously unselected package libsemanage-common.
Unpacking libsemanage-common (from .../libsemanage-common_2.1.0-2_all.deb) ...
Selecting previously unselected package libsemanage1.
Unpacking libsemanage1 (from .../libsemanage1_2.1.0-2_amd64.deb) ...
Selecting previously unselected package python-semanage.
Unpacking python-semanage (from .../python-semanage_2.1.0-2_amd64.deb) ...
Selecting previously unselected package python-selinux.
Unpacking python-selinux (from .../python-selinux_2.1.0-4.1ubuntu1_amd64.deb) ...
Selecting previously unselected package python-sepolgen.
Unpacking python-sepolgen (from .../python-sepolgen_1.1.0-1_all.deb) ...
Selecting previously unselected package policycoreutils.
Unpacking policycoreutils (from .../policycoreutils_2.1.0-3ubuntu1.1_amd64.deb) ...
Selecting previously unselected package selinux-utils.
Unpacking selinux-utils (from .../selinux-utils_2.1.0-4.1ubuntu1_amd64.deb) ...
Selecting previously unselected package selinux.
Unpacking selinux (from .../selinux_1%3a0.11_all.deb) ...
Selecting previously unselected package checkpolicy.
Unpacking checkpolicy (from .../checkpolicy_2.1.0-1.1_amd64.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up libaudit0 (1.7.18-1ubuntu1) ...
Setting up libsepol1 (2.1.0-1.2) ...
Setting up libustr-1.0-1 (1.0.4-2) ...
Setting up libsemanage-common (2.1.0-2) ...
Setting up libsemanage1 (2.1.0-2) ...
Setting up python-semanage (2.1.0-2) ...
Setting up python-selinux (2.1.0-4.1ubuntu1) ...
Setting up python-sepolgen (1.1.0-1) ...
Setting up policycoreutils (2.1.0-3ubuntu1.1) ...
update-rc.d: warning: policycoreutils start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
update-rc.d: warning: mcstrans start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
update-rc.d: warning: sandbox start runlevel arguments (S 2 3 4 5) do not match LSB Default-Start values (2 3 4 5)
Setting up selinux-utils (2.1.0-4.1ubuntu1) ...
Setting up selinux (1:0.11) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Generating grub.cfg ...
Found linux image: /boot/vmlinuz-3.8.0-44-generic
Found initrd image: /boot/initrd.img-3.8.0-44-generic
Found linux image: /boot/vmlinuz-3.8.0-29-generic
Found initrd image: /boot/initrd.img-3.8.0-29-generic
Found memtest86+ image: /boot/memtest86+.bin
done
* Starting SELinux autorelabel [ OK ]
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for python-support ...
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-3.8.0-44-generic
Selecting previously unselected package selinux-policy-ubuntu.
(Reading database ... 85025 files and directories currently installed.)
Unpacking selinux-policy-ubuntu (from .../selinux-policy-ubuntu_0.2.20091117-0ubuntu2_all.deb) ...
Setting up gawk (1:3.1.8+dfsg-0.1ubuntu1) ...
Setting up checkpolicy (2.1.0-1.1) ...
Setting up selinux-policy-ubuntu (0.2.20091117-0ubuntu2) ...
Updating /etc/selinux/config.
Processing triggers for selinux ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
semodule deferred processing now taking place
/usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed.
* File relabel will occur upon next shutdown/reboot.
* Starting SELinux autorelabel * A relabel has already been requested. Please reboot to finish relabeling your system.
分类: android安全
chcon可实现对文件的SEAndroid安全标签的修改的更多相关文章
- .net 大文件上传注意,修改 IIS 配置
原因 Web 服务器上的请求筛选被配置为拒绝该请求,因为内容长度超过配置的值. 可尝试的操作:确认 applicationhost.config 或 web.config 文件中的 configura ...
- NetBeans文件被锁,无法修改
今天用NetBeans写有关Dojo的一个样例时,出现文件被锁,无法修改的情况.找了半天,但是就是不知道是什么原因,我就写在博客上记录下来
- 在windows+eclipse+git遇到的未修改文件被标记为已修改的问题
最近遇到2个具体的问题: 1.我们有个工程里面有几个外部jar包,这几个jar包经常会更新,更新的时候如果是在eclipse中执行的,由于windows文件机制,所以会报错无法覆盖这几个jar包.虽然 ...
- 定时删除文件夹"$1"下最后修改时间大于当前时间"$2"天的文件
shell 脚本: #!/bin/bash now=`date "+%Y-%m-%d_%H:%M:%S"` #获取当前时间 echo "当前时间: " ...
- Dream------Java--ant zip 对压缩文件进行指定位置的修改
ant zip 对压缩文件进行指定位置的修改 实现功能: 对2中文件进行修改: 需求: 在XX文件中,从二进制流的200字节位置开始,往后的30位字节数量.插入一个值 由于涉及到公司内部,不方便写太多 ...
- 错误:38-Corel VideoStudio文件已损坏或被修改。请重新安装原始来源解决方法。
打开 Corel VideoStudio Pro X5(绘声绘影)弹出一下警告. 错误:38-Corel VideoStudio文件已损坏或被修改.请重新安装原始来源解决方法. [第一方法]:控制面板 ...
- 个人永久性免费-Excel催化剂功能第22波-Excel文件类型、密码批量修改,补齐PowerQuery短板
Excel的多工作薄.多工作表批量合并功能,Excel用户很多这方面的使用场景,也促使了各大Excel各大插件们都在此功能上有所开发,体验程度不一,但总体能够满足大多数的应用场景,本人之前也开发个单独 ...
- python 修改文件的创建时间、修改时间、访问时间
目录 python 修改文件创建.修改.访问时间 方案一 方案二(无法修改文件创建时间) python 修改文件创建.修改.访问时间 突如其来想知道一下 python 如何修改文件的属性(创建.修改. ...
- 在Linux中,没有文件创建时间的概念。只有文件的访问时间、修改时间、状态改变时间
在Linux中,没有文件创建时间的概念.只有文件的访问时间.修改时间.状态改变时间.也就是说不能知道文件的创建时间.但如果文件创建后就没有修改过,修改时间=创建时间:如果文件创建后,状态就没有改变过, ...
随机推荐
- Codeforces Educational Codeforces Round 3 A. USB Flash Drives 水题
A. USB Flash Drives 题目连接: http://www.codeforces.com/contest/609/problem/A Description Sean is trying ...
- Codeforces Round #308 (Div. 2) C. Vanya and Scales dfs
C. Vanya and Scales Time Limit: 20 Sec Memory Limit: 256 MB 题目连接 http://codeforces.com/contest/552/p ...
- 如何在C#中使用全局鼠标、键盘Hook
今天,有个同事问我,怎样在C#中使用全局钩子?以前写的全局钩子都是用unmanaged C或C++写个DLL来实现,可大家都知道,C#是基于.Net Framework的,是managed,怎么实现全 ...
- android IPC及原理简介
什么是Android操作系统,所谓的Android:是基于Linux内核的软件平台和操作系统,早期由Google开发,后由开放手机联盟Open Handset Alliance)开发. Linux ...
- HTML之一字符集
ASCII字符集 ISO字符集 GBK等等. 1>首先,说一说为什么要设置html文件的字符集 如果不指定的话,浏览器会使用本地操作系统的字符集,那么,如果你的应用需要支持多国语言的话,就会有问 ...
- Quartz表达式
“*”字符代表所有可能的值 因此,“*”在子表达式(月)里表示每个月的含义,“*”在子表达式(天(星期))表示星期的每一天 “/”字符用来指定数值的增量 例如:在子表达式(分钟)里的“0/15”表示从 ...
- 为VS2010默认模板添加版权信息 .
通过以下方式可以自定义CS类文件代码模板(以下为VS2010,VS2008类似): 1,打开VS的安装目录,例如 D:\Program Files\Microsoft Visual Studio 10 ...
- 从实验室搬到宿舍后可以上QQ但打不开网页
如果你是属于如标题这种情况:也就是从实验室换到宿舍或者从宿舍换到实验室,在之前的地方可以上网,但换了地方后就出现只能上QQ而不能打开网页的情况.此时,首先考虑DNS配置,很有可能是因为你搬到了宿舍,但 ...
- 给大家普及一下CPU和SOC的基本知识,好让大家在盲目喝彩做出基本的判断
转载:http://bbs.tianya.cn/post-worldlook-544367-1.shtml 目前,华为推出了自己的四核手机,用自己的SOC,所以很多不明就里的人开始嚷嚷国产处理器的骄傲 ...
- C#中的预处理器指令详解
这篇文章主要介绍了C#中的预处理器指令详解,本文讲解了#define 和 #undef.#if.#elif.#else和#endif.#warning和#error.#region和#endregio ...