[MTK] Selinux : 如何配置 /proc , /sys 目录下的selinux label ,file context

[DESCRIPTION]

 如何配置 /proc /sys 目录下的selinux label ,file context

[SOLUTION]

 /proc  /sys  等虚拟文件系统

与一般文件系统配置file_contexts不同 ， 如

/device/mediatek/sepolicy/.../.../file_contexts
/dev/ttyC5 u:object_r:nwkopt_device:s0

..

等方法不适用

需要在 genfs_contexts底下配置

如:

/device/mediatek/sepolicy/.../.../genfs_contexts

genfscon proc /cpu_loading/onoff u:object_r:proc_cpu_loading:s0
genfscon proc /cpu_loading/uevent_enable u:object_r:proc_cpu_loading:s0
...
genfscon sysfs /devices/platform/CONNAC/net/wlan0/mtu u:object_r:sysfs_net:s0
genfscon sysfs /devices/platform/CONNAC/net/wlan1/mtu u:object_r:sysfs_net:s0

...

注意 sys/class/..下有些节点为link , 需要找到对应实体节点配置

ex:

kxx_bsp:/ # ls -Zl /sys/class/leds
total 0
lrwxrwxrwx 1 root root u:object_r:sysfs:s0 0 2020-04-06 07:42 lcd-backlight -> .
./../devices/platform/leds-mt65xx/leds/lcd-backlight

添加genfscon sysfs /devices/platform/leds-mt65xx/leds u:object_r:sysfs_leds:s0

lrwxrwxrwx 1 root root u:object_r:sysfs:s0 0 2020-04-06 07:42 vibrator -> ../../
devices/platform/odm/odm:vibrator@0/leds/vibrator

添加genfscon sysfs /devices/platform/odm/odm:vibrator@0/leds/vibrator u:object_r:sysfs_vibrator:s0