Is Android M not allowing hard links?

[亡魂溺海] 提交于 2020-02-01 04:36:24

问题


I have an Android app with some C code that uses the link(2) system call to create a hard link to an existing file. When I execute the app on Android 5.0.2, this part of the app works. When I execute the exact same app on an Android-M device the link() system call returns -1 "permission denied".

I notice in my log getting messages like this:

09-02 17:10:34.222  5291  5291 W ona.crackerjack: type=1400 audit(0.0:59): avc: denied { link } for name="fixed28" dev="mmcblk0p28" ino=82829 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=lnk_file permissive=0

This message appears nearby my app's log message that link() returned -1 "permission denied", sometimes earlier, sometimes later.

Is creating a hard link considered unsecure? I notice the "scontext=u:r:untrusted_app". Is there a way to make the app trusted and if so, would that let the link() system call work?


回答1:


Apparently there are new SELinux rules, which forbid making hard links (or maybe accessing the folder or file).

Normal users cannot alter SELinux rules and even with root permissions this is not straightforward.

More on SELinux: https://source.android.com/devices/tech/security/selinux/




回答2:


It looks like this is "by design".

At https://code.google.com/p/android-developer-preview/issues/detail?id=3150 , a member of the project explains that:

Hard linking files is blocked and an attempt to call link() on a file will return EACCES.



来源:https://stackoverflow.com/questions/32365690/is-android-m-not-allowing-hard-links

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!