什么是&QUOT的含义; AVC:否认{}读的名字......"在logcat中排成一行? [英] What is the meaning of "avc: denied { read } for name..." line in logcat?

问题描述

我想知道关于在我

I am wondering about avc: denied messages in my logcat.

W/RenderThread: type=1400 audit(0.0:631436): avc: denied { read } for name="perf_ioctl" dev="proc" ino=4026533695 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=file permissive=0

这是什么意思?

推荐答案

这取决于SELinux的限制. 你不能做这么多avpoid它.

It's depends of SELinux restrictions. You cannot do so much to avpoid it.

用简单的话来说:这意味着有人试图"{读}"某事，但SELinux停止了它，因为在SELinux的受信任"列表中找不到该应用程序. 通常，系统的一些具体的和危险的位置从安装的应用受到限制，所以SELinux的停止向读/写/从该位置在执行/事物.

In easy words: it means that there is "someone" that has tried to "{read}" something but SELinux stops it because that App wasn't found in the "trusted" list of SELinux. Usually some specific and dangerous locations of the System are restricted from installed Apps, so SELinux stops to read/wrote/execute things in/from that locations.

(1)强制SELinux写入Log AND并拒绝访问. (2)允许SELinux写道Log BUT允许访问. (3)禁用的SELinux不会写入日志并允许访问.

(1) An Enforcing SELinux writes that Log AND denied the access. (2) A Permissive SELinux writes that Log BUT allow the access. (3) A Disabled SELinux do NOT writes the log AND allow the access.

要避免它，你应该重建后约SELinux的改变特定的文件，你必须添加您的应用程序中的信任区域"的ROM.

To avoid it you should rebuild the ROM after changed specific files about SELinux where you have to add your App in the "trusted zone".

您可以使用其他SELinux设置安装其他内核.

You can install a different Kernel with a different SELinux settings.

这篇关于什么是&QUOT的含义; AVC:否认{}读的名字......"在logcat中排成一行?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！