本文探讨了在Android环境中,非AID_ROOT、AID_SYSTEM用户进程中调用ctl.start和ctl.stop时遇到权限问题的原因,并提供了解决方案。通过在控制权限列表control_perms中添加所需的用户权限,可以允许特定用户应用启动指定的服务。例如,通过添加{ service_xx
通过property_set("ctl.start", service_xx);
来启动init.rc中的service是一个很方便方法来调用某个可执行程序或某个脚本程序
service service_xx /system/bin/xx
disabled
oneshot
但在非AID_ROOT、AID_SYSTEM 用户的进程中调用ctl.start ctl.stop会碰到权限问题:
system/core/init/property_service.c
- * White list of UID that are allowed to start/stop services.
- * Currently there are no user apps that require.
- */
- struct {
- const char *service;
- unsigned int uid;
- unsigned int gid;
- } control_perms[] = {
- { "dumpstate",AID_SHELL, AID_LOG },
- {NULL, 0, 0 }
- };
- /*
- * Checks permissions for starting/stoping system services.
- * AID_SYSTEM and AID_ROOT are always allowed.
- *
- * Returns 1 if uid allowed, 0 otherwise.
- */
- static int check_control_perms(const char *name, int uid, int gid) {
- int i;
- if (uid == AID_SYSTEM || uid == AID_ROOT)
- return 1;
- /* Search the ACL */
- for (i = 0; control_perms[i].service; i++) {
- if (strcmp(control_perms[i].service, name) == 0) {
- if ((uid && control_perms[i].uid == uid) ||
- (gid && control_perms[i].gid == gid)) {
- return 1;
- }
- }
- }
- return 0;
- }
只有uid == AID_SYSTEM || uid == AID_ROOT
或符合 control_perms[] = {
{ "dumpstate",AID_SHELL, AID_LOG },
{NULL, 0, 0 }
}; 的uid进程才有权限star/stop services
因此,如果我们碰到了权限问题,根据log提示,在/system/core/include/private/android_filesystem_config.h
中查到进程定义,添加到control_perms[]列表
比如,uid ==AID_WIFI的某个程序需要权限启动service_xx
control_perms[] = {
{ "dumpstate",AID_SHELL, AID_LOG },
{ "service_xx ",AID_WIFI, AID_WIFI},
{NULL, 0, 0 }
};
扫一扫
4959
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
