selinux android max_permissions.xml seapp_contexts 关系。 - xiayu的专栏
- 博客频道 - CSDN.NET
1178人阅读
external/sepolicy/mac_permissions.xml 是原始的文件，通过insertkeys.py &external/sepolicy/keys.conf& &&得到最终的mac_permissions.xml 。
out/host/linux-x86/bin/insertkeys.py -t eng -c /home/public/workspace/seandroid-4.2.1_r1/seandroid-4.2 out/target/product/generic/obj/ETC/mac_permissions.xml_intermediates/keys.tmp -o out/target/product/generic/obj/ETC/mac_permissions.xml_intermediates/mac_permissions.xml
& &external/sepolicy/mac_permissions.xml
在mac_permissions.xml 中，signer signature=&@PLATFORM&，是证书。不通的apk可以拥有相同的证书。拥有相同证书的apk，就拥有了相同的权限和seinfo.
apk不含有，任何selinux的安全信息，所以xml中的seinfo就相当于给apk打上标签，apk从mac_permission.xml得到自己seinfo只是一个标识，真正的安全信息在
external/sepolicy/seapp_contexts,通过seinfo和包名可以索引到这个apk的domain 和type。
seapp_contexts 如果有自己的apk，可以在seapp_contexts添加自己内容。
* 以上用户言论只代表其个人观点，不代表CSDN网站的观点或立场
访问：150750次
积分：2931
积分：2931
排名：第5544名
原创：129篇
转载：91篇
评论：14条
(3)(6)(8)(2)(2)(1)(6)(2)(1)(1)(1)(4)(2)(10)(8)(4)(7)(8)(9)(10)(21)(11)(10)(8)(13)(8)(2)(9)(13)(2)(8)(1)(6)(1)(3)(3)(3)(8)在Ubuntu下解决 adb devices :???????????? no permissions 方法 - peirenlei - ITeye技术网站
博客分类：
以前在模拟器上跑程序，这一次小组好不容易整了个G3，为了证明自己的Android没有白浪费时间自学，写了个“hello,walfred”,编译生成apk，可是通过usb连接上电脑却出现问题。
使用adb devices 出现如下：
List of devices attached
???????????? no permissions
同时在DDMS中显示设备名也显示????????????，也无法显示进程名，无法查看log。
解决方法：
1、设置usb权限
因为ubuntu这样的系统都是默认以非root身份在运行的，要使用usb调试，需要sudo支持。
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 003: ID 413c:2106 Dell Computer Corp.
Bus 002 Device 002: ID
Primax Electronics, Ltd
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 010: ID 0bb4:0c87 High Tech Computer Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
列表中，Bus 001 Device 010: ID 0bb4:0c87 High Tech Computer Corp. 这一行为htc手机的usb使用端口，记录一下，id为0bb4（基于上所有的htc都是这个ID）据网上的资料说，由于后来的使用Android系统的手机越来越多，每款手机都分配了idVendor，但解决方法都一样。
$sudo vim /etc/udev/rules.d/70-android.rules
加入以下内容：
SUBSYSTEM=="usb", ATTRS{idVendor}=="0bb4", ATTRS{idProduct}=="0c87",MODE="0666"
其中的idvendor idProduct指的是USB的ID可以使用lsusb查询得到。
比如我的是：在你没有连接其他外设之前只要找到最后不是root hub的这一行留意下就行。
Bus 001 Device 010: ID 0bb4:0c87 High Tech Computer Corp
ID 0bb4 就是idVendor ，0c87就是 idProduct
运行命令，重启udev：
$sudo chmod a+rx /etc/udev/rules.d/70-android.rules
$sudo service udev restart
2、不需要重启计算机，重新启动adb server下就ok
(很重要)拔掉usb重新连上再执行：
sudo ./adb kill-server
./adb devices
./adb root (这一步很重要 )
浏览 24526
浏览: 414871 次
来自: 武汉
ImageListener要自己实现吗？
你好，ImageListener can not be res ...
怎么不提供源码呢？
thanks，总结的很好
受益了。不过ImageResponseDecoder: 服务器 ...Android 在目录system et/permissions/platforms.xml 想在platform.xml 中加入一个权限如何添加？_百度知道
Android 在目录system et/permissions/platforms.xml 想在platform.xml 中加入一个权限如何添加？
我导出后更改了下，然后往里添加就显示 permission
我有更好的答案
编译以后新生成的platforms.core/base&#47.xml会包含自定义的权限;res/AndroidManifest，在这里面添加自定义权限修改 frameworks&#47
您好，我按照你的意思找了下，我用的是真机测试，在framework下全是一些jar包和文件，没有你所说的目录。我用的是在window下的eclipse在fileExplorer里浏览手机的framework文件夹，由于主要做应用可能对底层的和framework不了解见谅。我已经获取root权限，但是在dos界面输入# su #adb remount 提示adb not found
但是$ adb remount
permisson denied !
说明adb是可以的。这是什么原因？谢谢！！！！
我是说源码。
其他类似问题
android的相关知识
等待您来回答
为您推荐：
下载知道APP
随时随地咨询
出门在外也不愁Android App Permissions and Security: What You Need to Know - InfoSec Institute
Android App Permissions and Security: What You Need to Know
on February 5, 2014
Wireless Security Training
Come check out our hands-on wireless training!
As of this article, Android has the greatest OS market share on both smartphones and tablets. If you don’t own an Android device, chances are that your friends, family or co-workers do.
The security implications of Android affect many millions of people worldwide who use their devices for personal reasons. But also, more and more corporations and governments are either offering their employees corporately administrated Android devices, allowing Android devices into their networks via BYOD (bring your own device), or some combination of both. So, using Android insecurely can also devastate corporations and governments- costing them millions or even billions.
Ethical Hacking and Mobile Pen-Testing Training
I wrote an introductory article on Android security which covers the basics regarding malware, privacy, password security, and physical security. This article expands on an Android security matter which deserves a separate piece of its own: Android app permission security. Whether you use Android devices for personal or professional reasons, it’d benefit you to heed my advice.
Technically speaking, Android is a Linux distribution, because it’s built on the Linux kernel. All Linux-based OSes are designed to be able to have multiple user accounts, which can each have their own sets of permissions, with root having master admin.
In most Linux distros, which are typically run on PCs and servers, such as Ubuntu, Red Hat, SUSE, Arch and Linux Mint, the user accounts typically represent people who use the same OS install directly on a PC client, or remotely off of a LAN connected server. For instance, on the Linux installs we have running off of our PC hard disks and off of our Linux servers in our server room, my fiance and I both have root/admin accounts. So, we both have access to read, write, install, uninstall, reconfigure and delete anything. When we run Linux bash commands which require root, we can simply type “sudo” at the beginning of the command, enter our passwords when prompted, and we can do whatever we’d like on our Linux machines.
But, we also set a number of user accounts for our friends and people we work with. We set limited permissions on their accounts. They can download files from the Internet to their own folders only. They can read, write and delete files from their own folders only. They may not install any applications without our “sudo” authorization. They may not uninstall any applications without our root passwords. They may only view their own files in their own folders. And finally, they may not change any OS settings or configurations.
The odd thing about Android is, instead of actual people having user accounts with associated permissions, the applications themselves each have their own sets of “user permissions.” The person using an Android device may install or uninstall applications, save or delete files, and change OS settings. But to be able to reconfigure their device beyond what the Settings app allows, and for further “admin” functions, they would need to “root” their Android device. When an Android device is rooted, the user has full root permissions, in the same manner as having root in other Linux distros. Rooting an Android device involves overcoming its bootloader, and proper rooting procedures vary according to your Android device manufacturer and model. If you’re curious about how to root your Android device, Google its model name with the word “root.” XDA Developers is a particularly good resource for information about how to root nearly every Android device out there.
So, as I’ve said, in Android, instead of people having user accounts and permissions, apps have user accounts and permissions. Each app, including Android OS components, has its own unique user account.
Regardless of which version of Android you’re using, each and every time you install an Android app (an APK file), the Google Play Store will show you which permissions the app asks for. Usually, you cannot pick and choose which permissions you grant to an app. You usually can only decide whether or not to install an app, based on the permissions it asks for.
I installed a new game on my phone a couple of days ago, Kaizin Rumble: World Domination. These are some of the permissions the app asked for before I agreed to install it.
I decided that I’m okay with the permissions that app thinks it requires. So, I tapped on “Accept.” “Modify or delete the contents of your USB storage” makes sense, because the game probably stores game save files and some downloadable content. “Retrieve running apps” makes sense if the game uses Facebook, Twitter or Google+ OAuth for authentication, as many Android games do. That permission might also make it easier for me to switch from the game, to another app I’m using, and back to the game again, without losing any game progress. “Full network access” is needed for games which require online connectivity, which is most of them. “Read phone status and identity” is necessary for if I receive a phone call while playing the game. “Read call log, read your contacts” concerns me a little bit, and I’ll turn that permission off via procedures I’ll describe later in this article. “Add or remove accounts, use accounts on the device” is probably related to using social network OAuth to link with my in-game account authentication.
Ethical Hacking Training – Resources
For the purposes of this article, especially since I’m including all kinds of screenshots, it’s worth noting that I have a Nexus 4, which is running the latest version of Android as of this writing, 4.4.2 KitKat.
Malicious apps will probably misuse the permissions you grant it by installing it. Their permissions may make malicious apps able to make expensive long distance phone calls or text messages, engage in spyware activities like uploading your private data, contacts and GPS location, stop your other apps from running properly, or stop you from being able to change your device settings.
Do keep in mind that even apps that aren’t really malware, which are popular with millions of Android users, may use the permissions you grant to track your GPS location, read your text messages and contacts, or make device setting changes you won’t like. Examples of those include the Facebook app, Yelp, or even some “App Launchers.”
You may want to install and use those applications anyway. I do. But I don’t have the Facebook app on my phone. I only use Facebook in my web browser, because I really don’t trust Zuckerberg and company very much.
When apps update, if the permissions they demand change, Google Play will prompt you with a list of the new permissions, and let you decide accordingly whether or not to update that app.
So, I’ve chosen to install many apps on my phone which may engage in some spyware functions or do other things to my Nexus 4 that I don’t like. But I’ve got the upper hand, because I know how to disable some permissions from my apps. I’ll show you how.
All versions of Android are designed so you can’t change the permissions granted to the apps you’ve installed without doing some degree of hacking. In Android 4.3 Jellybean, a hidden function was added called App Ops. That function allows users to manually enable or disable app permissions. The only easy way to access App Ops in Android 4.3 is to do one of the following. If you have a third party OS UI, otherwise known as a “Launcher,” it’ll exist on your device as any another app. Trigger your “Launcher” app to open an “activity,” and if you scroll all the way down the list of available “activities,” you’ll find App Ops. You can open the hidden function from there. Then, you can navigate to each of your application permission settings, app by app, and pick and choose which permissions to enable or disable. Keep in mind that disabling some app permissions may make your apps unable to function properly.
The other way to open App Ops in Android 4.3 is to install a third party app which is designed to launch the hidden function, such as AppOps Launcher, at . AppOps Launcher also works in Android KitKat, 4.4+.
The Electronic Frontier Foundation was very happy when App Ops appeared in 4.3, even though it’s hidden. But even though third party permission control apps can work in other versions of Android, App Ops was removed in KitKat 4.4.2. That disappointed the EFF, and with good reason. Android device owners shouldn’t have app controls taken away from them, because that would violate their user rights.
“The fact that Android users cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people’s data is being sucked through,” said the EFF’s Peter Eckersley.
Nevertheless, as I’ve mentioned previously, there are ways to get that control back. You should, because even legitimate apps can spy on you or create other security vulnerabilities.
Permission Manager is another app you can try, at . Despite what it says in Google Play, I’ve found that it works in 4.4.2 KitKat, in addition to 4.3 Jellybean. It won’t work if you have a version of Android that’s previous to 4.3.
Interestingly, Permission Manager doesn’t ask for any permissions.
Here’s what Permission Manager looks like.
So, if you install the free version of Permission Manager, as I did, you can see the top five apps on your device which have the greatest number of permissions. But if you buy the paid “Pro” version, you’ll see a list of all of your apps and their permissions, listed from the most permissions to the least.
So, here’s what I see in my free version.
All of those “apps” are native Android components that mustn’t be removed, except perhaps for Google+. I’ve decided to let those Google apps have all their default permissions for two reasons. The first is that I’m pretty sure disabling any of their permissions will really cripple the functioning of my device, particularly since all of those apps, except for Google+, are vital OS components. The second is that, since I have a Google Android device that uses Google’s complete service “ecosystem,” if I can’t trust Google with a wide assortment of functions, I shouldn’t own a Google Android device in the first place. Google’s data mining is all a part of the game if you choose to use any Google program or service, from Android to Gmail to Drive to Maps to even Google Search. That applies to any Google services you use anywhere, even outside of Android. That includes using Google Maps on your iPhone and using Google Search in any web browser from Microsoft Windows, and so on and so forth.
Here’s what you can see in Permission Manager if you launch the settings of a particular app.
Yeah, disabling any Android System UI permissions would really mess up my phone, perhaps even irreversibly.
Since Permission Manager only works in Android 4.3 and 4.4, you’ll need to install another app if you want to manage app permissions in an older version of Android. Or, even if you use 4.3+, you might want to have easy access to the permissions of all of your apps, without having to pay for Permission Manager’s “Pro” version. A possible option is SnoopWall, which can be installed for free from .
One of the nice things about SnoopWall is that it works in all versions of Android from 2.3.3 Gingerbread and up. It’ll also allow you to manage the permissions of all of your apps, free of charge. What I’m not crazy about, but what you might enjoy and benefit from, is that the app is designed to do a lot more than just manage app permissions. It runs an antivirus shield and firewall that’s not supposed to conflict with any antivirus shield or firewall you already have. It checks for, and blocks eavesdropping and spying. It stops your camera, GPS, WiFi, microphone and NFC from being used without your authorization. It even has a special security mode designed to be used if you’re doing any online banking on your phone or tablet.
Unlike Permission Manager, SnoopWall asked for a number of different permissions upon installation.
The following are screens you’ll see when launching SnoopWall (“Antivirus Privacy Firewall”) for the first time.
After launching SnoopWall for the first time and it tells you “You are not secure,” you can choose a security mode.
“Phone Mode,” “Internet Mode,” and “Apps Mode” disable a lot of functionality, which can be very annoying. For instance, apps are blocked in “Phone Mode,” and Internet access is blocked in “Apps Mode.” (What about most apps, which require network connectivity?) “Bank Mode” is only useful if you’re doing online banking, either via your Web browser or a native online banking app. So, I chose “Autopilot Mode.”
When you choose a “mode,” you’ll see this screen.
Here’s what SnoopWall’s main control screen looks like.
Tap “Control Apps” (at the bottom) to manage the permissions of each and every one of your apps. I happen to have about 250 apps in total.
Handy green icons in your app list will give you a quick overview about what kind of permissions each app has. Tap on the blue circle next to the app name to customize the permissions you give that particular app.
I’ve decided to leave Chrome’s permissions alone, based on the “if I can’t trust Google, I’m screwed by having an Android device” principle.
Her are the permission settings for another one of my apps, Barcode Scanner+.
Tapping on “Block App” doesn’t necessarily bloc instead it gives you the option to selectively enable or disable its permissions.
As Barcode Scanner+ uses my phone’s camera to scan QR codes and UPC codes, disabling the Camera permission would defeat the purpose of the app. Here’s what I chose to enable and disable.
I cannot see why Barcode Scanner+ should be able to activate or use WiFi, but it obviously needs my camera, and its NFC (near field communication) and mobile data (3G or 4G) functions could be useful, so those are risks I’m willing to take.
I went through each and every one of my apps via SnoopWall, and I set their permissions to my liking, being mindful to not disable permissions that could impair app functions I’d like to have, or would prevent my device from working properly. As I have over 250 apps, it was a long and tedious process, but well worth it.
One thing I don’t like about SnoopWall is that running the app forces Bluetooth to be turned on. Leaving Bluetooth on when you’re not using Bluetooth peripherals with your phone or tablet can be an unnecessary drain on your battery. Bluetooth can also be used for a third party to obtain malicious access to your device, so for security reasons, Bluetooth should only be turned on while you’re using it.
So, after I set my app permissions with SnoopWall, I went into my system app settings (in the OS, not in SnoopWall) and disabled SnoopWall from running. Then, I was able to turn Bluetooth off again. Based on what I know about how Android apps work, I assume the app permission changes I made via SnoopWall are still set.
There are other third party apps that you can install on your Android device to manage your app permissions. You may give them a try, but keep in mind that I haven’t yet installed and tried them on my phone.
Advanced Permission Manager () is supposed to work on Android Froyo 2.2 and every later version of Android.
F-Secure App Permissions () is supposed to work on Android 2.3.3 Gingerbread and up.
Fix Permissions () is supposed to work on versions of Android as old as 1.6 Donut. But regardless of the version of Android you install it in, your device must be rooted.
You’ll find many other permission control apps in the Google Play store, as well. Be conscientious about which app you choose, and how you operate it. Most importantly, look at the user ratings of the app, and the user reviews. I wouldn’t install any app that has less than four stars.
I hope in the future that Google’s Android development team decides to reverse the decision they made for KitKat 4.4.2. I hope future versions of Android allow app permission customization without being hidden (as in 4.3) and without requiring root. They could always design the program so that users are warned to customize permissions at their own risk.
Your Android device should be fully in your control, and you should be able to customize functionality with security in mind, so that Android app developers can’t take control or security away from you.
References
How App Permissions Work & Why You Should Care
Android 101: What some of those scary application permissions mean
System Permissions | Android Developers
App to manage Android app permissions
KitKat update removes app permission toggle
App Ops: Android 4.3’s Hidden App Permission Manager, Control Permissions for Individual Apps!
Permission Manager | Google Play
AppOps Launcher | Google Play
SnoopWall Antivirus Privacy Firewall | Google Play
Advanced Permission Manager | Google Play
Fix Permissions | Google Play
Related Boot Camps
More Posts by Author
File download
First Name
Work Phone Number
Work Email Address
Does your employer pay for training?
InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.
What is Skillset?
Practice tests & assessments.
Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:
1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam