<h4 style="border-top-width:0px; padding-right:0px; padding-left:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-right:0px; margin-bottom:0px; margin-left:0px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; font-family:Arial,宋体; font-size:14px; line-height:30px; background-color:rgb(245,248,253)"> 二 SE<a class="keylink" href="http://www.it165.net/pro/ydad/" rel="noopener noreferrer" style="color:rgb(51,51,51); text-decoration:none; border-bottom-width:1px; border-bottom-color:rgb(51,51,51); border-bottom-style:dotted" target="_blank">Android</a>源码分析</h4>
<p style="border-top-width:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-bottom:8px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; text-indent:2em; font-family:Arial,宋体; font-size:14px; line-height:30px; background-color:rgb(245,248,253)"> 有了上文的SELinux的基础知识,本节再来看看Google是如何在<a class="keylink" href="http://www.it165.net/pro/ydad/" rel="noopener noreferrer" style="color:rgb(51,51,51); text-decoration:none; border-bottom-width:1px; border-bottom-color:rgb(51,51,51); border-bottom-style:dotted" target="_blank">Android</a>平台定制SE<a class="keylink" href="http://www.it165.net/os/oslin/" rel="noopener noreferrer" style="color:rgb(51,51,51); text-decoration:none; border-bottom-width:1px; border-bottom-color:rgb(51,51,51); border-bottom-style:dotted" target="_blank">Linux</a>的。如前文所示,Android平台中的SE<a class="keylink" href="http://www.it165.net/os/oslin/" rel="noopener noreferrer" style="color:rgb(51,51,51); text-decoration:none; border-bottom-width:1px; border-bottom-color:rgb(51,51,51); border-bottom-style:dotted" target="_blank">Linux</a>叫SEAndroid。</p>
<p style="border-top-width:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-bottom:8px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; text-indent:2em; font-family:Arial,宋体; font-size:14px; line-height:30px; background-color:rgb(245,248,253)"> 先来看SEAndroid安全策略文件的编译。</p>
<p style="border-top-width:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-bottom:8px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; text-indent:2em; font-family:Arial,宋体; font-size:14px; line-height:30px; background-color:rgb(245,248,253)"> </p>
<h3 style="border-top-width:0px; padding-right:0px; padding-left:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-right:0px; margin-bottom:0px; margin-left:0px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; font-family:Arial,宋体; line-height:30px; background-color:rgb(245,248,253)"> 1. 编译sepolicy</h3>
<p style="border-top-width:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-bottom:8px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; text-indent:2em; font-family:Arial,宋体; font-size:14px; line-height:30px; background-color:rgb(245,248,253)"> Android平台中:</p>
<span style="font-family:Arial,宋体; font-size:14px; line-height:30px; background-color:rgb(245,248,253)">external/sepolicy:提供了Android平台中的安全策略源文件。同时,该目录下的tools还提供了诸如m4,checkpolicy等编译安全策略文件的工具。注意,这些工具运行于主机(即不是提供给Android系统使用的)external/libselinux:提供了Android平台中的libselinux,供Android系统使用。external/libsepol:提供了供安全策略文件编译时使用的一个工具checkcon。</span>
<p style="border-top-width:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-bottom:8px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; text-indent:2em; font-family:Arial,宋体; font-size:14px; line-height:30px; background-color:rgb(245,248,253)"> 对我们而言,最重要的还是external/sepolicy。所以先来看它。</p>
<p style="border-top-width:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-bottom:8px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; text-indent:2em; font-family:Arial,宋体; font-size:14px; line-height:30px; background-color:rgb(245,248,253)"> 读者还记得上文提到的如何查看make命令的执行情况吗?通过:</p>
<p style="border-top-width:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-bottom:8px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; text-indent:2em; font-family:Arial,宋体; font-size:14px; line-height:30px; background-color:rgb(245,248,253)"> mmm external/sepolicy --just-print</p>
<p style="border-top-width:0px; border-left-width:0px; border-bottom-width:0px; padding-bottom:0px; margin-top:0px; margin-bottom:8px; padding-top:0px; border-right-width:0px; list-style-type:none; list-style-position:initial; text-indent:2em; font-family:Arial,宋体; font-size:14px; line-heigh |
|
转播
