赞
踩
Property_contexts:用于声明属性的安全上下文,plat前缀的文件用于声明system属性,nonplat前缀的文件用于
声明vendor属性。
Android 8.0 开始 property_contexts被拆分为两部分 : plat_property_contexts 和 nonplat_property_contexts两部分
Android platform property_context that has no device-specific labels.
意思是说Android平台的属性一般没有去定义设备特定的标签,但是注意他们应该是有标签的
Must reside in system partition at
/system/etc/selinux/plat_property_contexts and be loaded by init at the start along with the non-platform property_contexts .这些属性属于system properties,位于system 分区,在手机的system/etc/selinux/目录下的plat_property_contexts中,这些属性与非平台属性也就是非system properties一起在init进程中被加载
Device-specific property_context built by combining property_contexts
found in the directories pointed to by BOARD_SEPOLICY_DIRS in device’s
Boardconfig.mk files.
例如:BOARD_SEPOLICY_DIRS += device/oppa/X600/sepolicy/non_plat
那么在android\device\oppa\X600\sepolicy\non_plat目录下找到property_contexts,其中定义了非system properties
Must reside in vendor partition at
/vendor/etc/selinux/nonplat_property_contexts and be loaded by init
at the start along with the platform property_context
非system properties位于vendor分区,也可以称为vendor properties
vendor-init-settable
○ Property files and init rc files in non-system partitions can only override the whitelisted-settable-init-props
and vendor (or odm) properties.
vendor-init-readable
○ Init rc files in non-system partitions can only read those system properties and vendor (or odm)
properties.
vendor-init-actionable
○ Init rc files in non-system partitions can only use those system properties and vendor (or odm) properties
as a trigger
public-readable
○ Binaries in non-system partitions can only read those RO properties and vendor (or odm) properties.
○ Binaries in non-system partitions can only write vendor (or odm) properties. They cannot write platform
properties.
Processes running in the system shouldn’t read vendor (or odm)properties, but it’s not enforced in P (might
be enforced in the future).
Processes running in the system cannot write vendor (or odm) properties (see the neverallow)
System processes can only read and write to system properties that are used only within the system
partition. This includes AOSP-defined system properties as well as partner-defined system properties. Both
are never accessible outside of the system partition.
SEAndroid是一种基于安全策略的MAC安全机制。SEAndroid安全机制中的安全策略就是在安全上下文的基础上进行描述的,也就是说,它通过主体和客体的安全上下文,定义主体是否有权限访问客体。
我之前的sepolicy相关的总结中有提到:
基于 Android 4.3(宽容模式)和 Android 4.4(部分强制模式)的 Android 5.0 版本,开始全面强制执行 SELinux。
通过此项变更,Android 已从对有限的一组关键域(installd、netd、vold 和 zygote)强制执行 SELinux 转为对所有
域(超过 60 个域)强制执行 SELinux。具体而言:
在 Android 5.x 及更高版本中,所有域均处于强制模式。init 以外的任何进程都不应在 init 域中运行。
也就是从Android 5.0 (L)开始Property Set Permission开始基于SELinuxpolicy,而不再基于UID/GID
我们可以看到Android K中system/core/init/property_service.c中定义了一个array property_perms[],用于check property set的权限是否合法
/* White list of permissions for setting property services. */ 60struct { 61 const char *prefix; 62 unsigned int uid; 63 unsigned int gid; 64} property_perms[] = { 65 { "net.rmnet0.", AID_RADIO, 0 }, 66 { "net.gprs.", AID_RADIO, 0 }, 67 { "net.ppp", AID_RADIO, 0 }, 68 { "net.qmi", AID_RADIO, 0 }, 69 { "net.lte", AID_RADIO, 0 }, 70 { "net.cdma", AID_RADIO, 0 }, 71 { "ril.", AID_RADIO, 0 }, 72 { "gsm.", AID_RADIO, 0 }, 73 { "persist.radio", AID_RADIO, 0 }, 74 { "net.dns", AID_RADIO, 0 }, 75 { "sys.usb.config", AID_RADIO, 0 }, 76 { "net.", AID_SYSTEM, 0 }, 77 { "dev.", AID_SYSTEM, 0 }, 78 { "runtime.", AID_SYSTEM, 0 }, 79 { "hw.", AID_SYSTEM, 0 }, 80 { "sys.", AID_SYSTEM, 0 }, 81 { "sys.powerctl", AID_SHELL, 0 }, 82 { "service.", AID_SYSTEM, 0 }, 83 { "wlan.", AID_SYSTEM, 0 }, 84 { "bluetooth.", AID_BLUETOOTH, 0 }, 85 { "dhcp.", AID_SYSTEM, 0 }, 86 { "dhcp.", AID_DHCP, 0 }, 87 { "debug.", AID_SYSTEM, 0 }, 88 { "debug.", AID_SHELL, 0 }, 89 { "log.", AID_SHELL, 0 }, 90 { "service.adb.root", AID_SHELL, 0 }, 91 { "service.adb.tcp.port", AID_SHELL, 0 }, 92 { "persist.sys.", AID_SYSTEM, 0 }, 93 { "persist.service.", AID_SYSTEM, 0 }, 94 { "persist.security.", AID_SYSTEM, 0 }, 95 { "persist.service.bdroid.", AID_BLUETOOTH, 0 }, 96 { "selinux." , AID_SYSTEM, 0 }, 97 { NULL, 0, 0 } 98};
Android L开始所有properties的read write的权限都必须符合SEAndroid的规则,这在Android O以后变得尤其严格。
而且可以预想Android Q可能会更加严格,以达到Google的 管控目的
更好的具有可扩展性的解决方案是:
Implement one service, provide the AIDL and share with SYS UID, and the AIDL API can be setSysProperty.
Define the permission to control the AIDL API, and the permission protection type must be system or privileged.
All clients must bind to service to invoke related API to set the property.
For future requirements, new service APKs can be implemented and ensure it is run in the expected domain.
The client can be as least privileged, and the AIDL be protected with permission, so that the client can bind to different services for setting different properties
java应用里设置属性
import android.os.SystemProperties;
......
SystemProperties.set("ro.debuggable", "1");
在java里取得属性:
long longFrameTime_ms = Integer.parseInt(SystemProperties.get("debug.longframe_ms", "16"));
也可以用SystemProperties.getBoolean,getInt等
SystemProperties.getBoolean("debug.crash_sysui", false)
native C中设置属性
#include <cutils/properties.h>
property_set("debug.sf.hwc_service_name", "mock");
在C中取得属性:
char encrypted_state[32];
property_get("ro.crypto.state", encrypted_state, "");
最后一个参数是默认值。
property在 Init rc files中的使用
Set a property
/vendor/etc/init/hw/init.taimen.rc
setprop vold.post_fs_data_done 1
setprop wifi.interface wlan0
Read a property
/vendor/etc/init/init.taimen.diag.rc
setprop sys.usb.state ${sys.usb.config}
write /config/usb_gadget/g1/UDC ${sys.usb.controller}
Action Triggers
/vendor/etc/init/hw/init.taimen.rc
on property:sys.user.0.ce_available=true
on property:sys.boot_completed=1
系统启动时以下面的次序加载预先设定属性:
/system/etc/prop.default
/product/build.prop
/odm/default.prop
/vendor/default.prop
…
/system/build.prop
/system/default.prop
/data/local.prop
/data/property/*
后加载的如果有重名的则覆盖前面的。
有两种属性值需要注意:
persist.* : 以persist开始的属性会在/data/property存一个副本。也就是说,如果程序调property_set设了一个以persist为前缀的属性,系统会在/data/property/*里加一个文件记录这个属性,重启以后这个属性还有。如果property_set其它属性,因为属性是在内存里存,所以重启后这个属性就没有了。
ro.* :以ro为前缀的属性不能修改。
属性初始化的入口点是property_init
system/core/init/init.cpp
int main(int argc, char** argv) { ...... bool is_first_stage = (getenv("INIT_SECOND_STAGE") == nullptr); if (is_first_stage) { boot_clock::time_point start_time = boot_clock::now(); ...... // /mnt/vendor is used to mount vendor-specific partitions that can not be // part of the vendor partition, e.g. because they are mounted read-write. mkdir("/mnt/vendor", 0755); InitKernelLogging(argv); ...... // Set up SELinux, loading the SELinux policy. SelinuxSetupKernelLogging(); SelinuxInitialize(); ...... } ...... property_init(); //属性初始化 ...... // Now set up SELinux for second stage. SelinuxSetupKernelLogging(); SelabelInitialize(); SelinuxRestoreContext(); ...... epoll_fd = epoll_create1(EPOLL_CLOEXEC); if (epoll_fd == -1) { PLOG(FATAL) << "epoll_create1 failed"; } ...... //property_init初始化完property以后,加载prop的属性 property_load_boot_defaults(); export_oem_lock_status(); //启动property service start_property_service(); ...... }
system/core/init/property_service.cpp中定义
void property_init() { 104 mkdir("/dev/__properties__", S_IRWXU | S_IXGRP | S_IXOTH); 105 CreateSerializedPropertyInfo(); 106 if (__system_property_area_init()) { 107 LOG(FATAL) << "Failed to initialize property area"; 108 } 109 if (!property_info_area.LoadDefaultPath()) { 110 LOG(FATAL) << "Failed to load serialized property info file"; 111 } 112} //property_init初始化完property以后,加载prop的属性 680void property_load_boot_defaults() { 681 if (!load_properties_from_file("/system/etc/prop.default", NULL)) { 682 // Try recovery path 683 if (!load_properties_from_file("/prop.default", NULL)) { 684 // Try legacy path 685 load_properties_from_file("/default.prop", NULL); 686 } 687 } 688 load_properties_from_file("/product/build.prop", NULL); 689 load_properties_from_file("/odm/default.prop", NULL); 690 load_properties_from_file("/vendor/default.prop", NULL); 691 692 update_sys_usb_config(); 693}
先看下CreateSerializedPropertyInfo
void CreateSerializedPropertyInfo() { 800 auto property_infos = std::vector<PropertyInfoEntry>(); 801 if (access("/system/etc/selinux/plat_property_contexts", R_OK) != -1) { 802 if (!LoadPropertyInfoFromFile("/system/etc/selinux/plat_property_contexts", 803 &property_infos)) { 804 return; 805 } 806 // Don't check for failure here, so we always have a sane list of properties. 807 // E.g. In case of recovery, the vendor partition will not have mounted and we 808 // still need the system / platform properties to function. 809 if (!LoadPropertyInfoFromFile("/vendor/etc/selinux/vendor_property_contexts", 810 &property_infos)) { 811 // Fallback to nonplat_* if vendor_* doesn't exist. 812 LoadPropertyInfoFromFile("/vendor/etc/selinux/nonplat_property_contexts", 813 &property_infos); 814 } 815 } else { 816 if (!LoadPropertyInfoFromFile("/plat_property_contexts", &property_infos)) { 817 return; 818 } 819 if (!LoadPropertyInfoFromFile("/vendor_property_contexts", &property_infos)) { 820 // Fallback to nonplat_* if vendor_* doesn't exist. 821 LoadPropertyInfoFromFile("/nonplat_property_contexts", &property_infos); 822 } 823 } ......
property_init初始化property,包括plat_property_contexts和nonplat_property_contexts中properties的定义以后,加载prop的属性值,在property_load_boot_defaults() 中可以看到这些属性的加载先后顺序
其它的系统属性(build.prop, local.prop,…)在start_property_service中加载
接着启动property service
system/core/init/property_service.cpp
840void start_property_service() { 841 selinux_callback cb; 842 cb.func_audit = SelinuxAuditCallback; 843 selinux_set_callback(SELINUX_CB_AUDIT, cb); 844 845 property_set("ro.property_service.version", "2"); 846 847 property_set_fd = CreateSocket(PROP_SERVICE_NAME, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 848 false, 0666, 0, 0, nullptr); 849 if (property_set_fd == -1) { 850 PLOG(FATAL) << "start_property_service socket creation failed"; 851 } 852 853 listen(property_set_fd, 8); 854 855 register_epoll_handler(property_set_fd, handle_property_set_fd); 856} 857
init进程调用property_init函数在共享内存区域中创建并初始化属性域。而后通过执行进程所提供的API访问属性域中的设置值。但更改属性域时,要预先向init进程提交值变更申请,然后init进程处理该申请,并修改属性值(用propert_set()和property_get()来处理),为此init进程生成“/dev/socket/property_service”套接字,以接收其它进程提交的申请
init.cpp的main函数通过epoll_create1用来创建轮询监听子进程终止和属性变更请求的文件描述符,监听子进程终止套接字fd和属性变更请求套接字fd通过epoll_ctl注册到epoll_fd中,然后通过epoll_wait监听轮询这两个fd
/system/core/init/init.cpp
133 void register_epoll_handler(int fd, void (*fn)()) {
134 epoll_event ev;
135 ev.events = EPOLLIN;
136 ev.data.ptr = reinterpret_cast<void*>(fn);
137 if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fd, &ev) == -1) {
138 PLOG(ERROR) << "epoll_ctl failed";
139 }
140}
init启动属性服务时创建一个socket的文件描述符和其他进程通信(设置或读取属性),通过轮询机制如果有请求到来,则调用handle_property_set_fd来处理这个请求,在这个函数里,首先检查请求者的uid/gid看看是否有权限,如果有权限则调property_service.cpp中的property_set函数。
register_epoll_handler函数主要的作用是注册属性socket文件描述符到轮询描述符epoll_fd,当property_set_fd可读时,会调用上面register_epoll_handler函数的第二个参数(处理函数handle_property_set_fd())
在Propertyset函数中,它先查找就没有这个属性,如果找到,更改属性。如果找不到,则添加新属性。更改时还会判断是不是“ro”属性,如果是,则不能更改。如果是persist的话还会写到/data/property/中。
//system/core/init/property_service.cpp static uint32_t PropertySet(const std::string& name, const std::string& value, std::string* error) { 133 if (!IsLegalPropertyName(name)) { 134 *error = "Illegal property name"; 135 return PROP_ERROR_INVALID_NAME; 136 } 137 138 if (valuelen >= PROP_VALUE_MAX && !StartsWith(name, "ro.")) { 139 *error = "Property value too long"; 140 return PROP_ERROR_INVALID_VALUE; 141 } 142 143 if (mbstowcs(nullptr, value.data(), 0) == static_cast<std::size_t>(-1)) { 144 *error = "Value is not a UTF8 encoded string"; 145 return PROP_ERROR_INVALID_VALUE; 146 } 147 148 prop_info* pi = (prop_info*) __system_property_find(name.c_str()); 149 if (pi != nullptr) { 150 // ro.* properties are actually "write-once". 151 if (StartsWith(name, "ro.")) { 152 *error = "Read-only property was already set"; 153 return PROP_ERROR_READ_ONLY_PROPERTY; 154 } 155 156 __system_property_update(pi, value.c_str(), valuelen); 157 } else { 158 int rc = __system_property_add(name.c_str(), name.size(), value.c_str(), valuelen); 159 if (rc < 0) { 160 *error = "__system_property_add failed"; 161 return PROP_ERROR_SET_FAILED; 162 } 163 } 164 165 // Don't write properties to disk until after we have read all default 166 // properties to prevent them from being overwritten by default values. 167 if (persistent_properties_loaded && StartsWith(name, "persist.")) { 168 WritePersistentProperty(name, value); 169 } 170 property_changed(name, value); 171 return PROP_SUCCESS; 172} }
最后它会调property_changed,把事件挂到队列里,如果有人注册这个属性的话(比如init.rc中on property:ro.kernel.qemu=1),最终会调它的会调函数。
system/core/init/init.cpp
void property_changed(const std::string& name, const std::string& value) { if (name == "sys.powerctl") { 173 // Despite the above comment, we can't call HandlePowerctlMessage() in this function, 174 // because it modifies the contents of the action queue, which can cause the action queue 175 // to get into a bad state if this function is called from a command being executed by the 176 // action queue. Instead we set this flag and ensure that shutdown happens before the next 177 // command is run in the main init loop. 178 // TODO: once property service is removed from init, this will never happen from a builtin, 179 // but rather from a callback from the property service socket, in which case this hack can 180 // go away. 181 shutdown_command = value; 182 do_shutdown = true; 183 } 184 185 if (property_triggers_enabled) ActionManager::GetInstance().QueuePropertyChange(name, value); 186 187 if (waiting_for_prop) { 188 if (wait_prop_name == name && wait_prop_value == value) { 189 LOG(INFO) << "Wait for property took " << *waiting_for_prop; 190 ResetWaitForProp(); 191 } 192 } }
最近遇到运营商项目中关于Property Permission章节的文档填写,要求:disclosed the change of property_perms[], a array defined in system/core/init/Property_service.c,查看了一下是没有的,有点不理解,还以为是要列出所有改动的properties,查看到android 4.4的源码才搜到property_perms[],原来是要列出我们添加或改变的property permission部分,是否有改动property_perms[],因为4,4对property的权限是基于UID/GID
这样一来肯定是运营商给的文档中此项描述还未及时更新,那或者需要我们提供property 权限的添加或更改部分,又或者此要求的部分过于陈旧,直接remove掉
Guys,oppo内推啦,欢迎发简历给我
https://blog.csdn.net/ch853199769/article/details/114842209
赞
踩
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。