折腾:
【未解决】安卓项目rcsjta的core运行报错:type 1400 audit avc denied read for name object_r vendor_displayfeature_prop s0 dev tmpfs scontext tcontext tclass file permissive 0
期间:
xxx@xx ~/dev/xx/RCS/rcsjta/for_debug/XiaoMi9 adb logcat -b all -d | audit2allow -p policy zsh: command not found: audit2allow
回头看
还是先去解决:audit2allow找不到的问题。
mac command not found: audit2allow
或许brew直接安装?
“NAME
audit2allow – generate SELinux policy allow/dontaudit rules from logs of denied operations
audit2why – translates SELinux audit messages into a description of why the access was denied (audit2allow -w)”
SYNOPSIS audit2allow [options] OPTIONS -a | --all Read input from audit and message log, conflicts with -i -b | --boot Read input from audit messages since last boot conflicts with -i -d | --dmesg Read input from output of /bin/dmesg. Note that all audit messages are not available via dmesg when auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead. -D | --dontaudit Generate dontaudit rules (Default: allow) -h | --help Print a short usage message -i <inputfile> | --input <inputfile> read input from <inputfile> -l | --lastreload read input only after last policy reload -m <modulename> | --module <modulename> Generate module/require output <modulename> -M <modulename> Generate loadable module package, conflicts with -o -p <policyfile> | --policy <policyfile> Policy file to use for analysis -o <outputfile> | --output <outputfile> append output to <outputfile> -r | --requires Generate require output syntax for loadable modules. -N | --noreference Do not generate reference policy, traditional style allow rules. This is the default behavior. -R | --reference Generate reference policy using installed macros. This attempts to match denials against interfaces and may be inaccurate. -x | --xperms Generate extended permission access vector rules -w | --why Translates SELinux audit messages into a description of why the access was denied -v | --verbose Turn on verbose output
mac audit2allow
audit2allow
最后,请谨慎使用 audit2allow 这个命令。这个命令的作用非常简单粗暴,就是强制允许所遇到的错误然后封装成一个 SELinux 模块,接着让 SELinux 加载这个模块来达到消除错误的目的。不是万不得已建议不要随便使用 audit2allow。
brew install audit2allow Updating Homebrew… ... Error: No available formula with the name "audit2allow" ==> Searching for a previously deleted formula (in the last month)... Warning: homebrew/core is shallow clone. To get complete history run: git -C "$(brew --repo homebrew/core)" fetch --unshallow Error: No previously deleted formula found. ==> Searching for similarly named formulae... Error: No similarly named formulae found. ==> Searching taps... ==> Searching taps on GitHub... Warning: Error searching on GitHub: curl failed! % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to api.github.com port 443: Connection refused Error: No formulae found in taps.
GitHub的api访问被拒绝了
audit2allow
audit2allow
通常来说,我们会通过手写 fc(file context)、te(type enforcement)定义来生成 SELinux 规则模块,但在某些特殊场景,可能只需要通过 audit 日志临时生成 SELinux 规则模块即可。
需要注意的是,audit2allow 包含在 policycoreutils-python rpm 包中,在 CentOS minimal 版本中,该 rpm 包默认是没有安装的。
mac policycoreutils-python
只有
针对CentOS的:
yum install -y policycoreutils-python
没有Mac的。
那或许去:从源码安装?
policycoreutils-python
问题转换为:
【部分解决】Mac中如何安装rpm包policycoreutils-python
暂时无法解决,主要是找不到适合直接能在Mac中安装的policycoreutils-python.rpm包文件。
目前只能放弃。
转载请注明:在路上 » 【未解决】Mac中找不到audit2allow:zsh command not found audit2allow