在數據創建文件時，AOSP權限被拒絕

Question

在Android 6.0中，我試圖在/ data分區的sample文件夾中創建一個空文件：/data/sample/emptyfile。

的代碼是從安裝在/external

File file = new File(/data/sample/emptyfile); 

try { 
    file.createNewFile(); 
} catch (IOException e) { 
    e.printStackTrace(); 
} 

庫運行我在/system/core/libcutils/fs_config.csource

分配適當的權限sample文件夾我曾嘗試加入以下代碼變種：

/* Rules for directories. 
** These rules are applied based on "first match", so they 
** should start with the most specific path and work their 
** way up to the root. 
*/ 

static const struct fs_path_config android_dirs[] = { 
{ 00777, AID_ROOT, AID_ROOT,  0, "data/sample" }, 
{ 00770, AID_SYSTEM, AID_CACHE, 0, "cache" }, 
... etc. 

and at：

/* Rules for files. 
** These rules are applied based on "first match", so they 
** should start with the most specific path and work their 
** way up to the root. Prefixes ending in * denotes wildcard 
** and will allow partial matches. 
*/ 
static const char conf_dir[] = "/system/etc/fs_config_dirs"; 
static const char conf_file[] = "/system/etc/fs_config_files"; 

static const struct fs_path_config android_files[] = { 
    { 00777, AID_ROOT,  AID_ROOT,  0, "data/sample/*" }, 
    { 00440, AID_ROOT,  AID_SHELL,  0, "system/etc/init.goldfish.rc" }, 
    ... etc. 

我試圖同時使用AID_ROOT, AID_ROOT和AID_SYSTEM, AID_SYSTEM

文件夾sample成功創建了編譯時和權限是：drw-rw-rw-根據文件瀏覽器（有沒有執行，即使我分配777權限） 。

儘管如此，試圖創建一個文件logcat的打印時：

02-27 17:33:30.097: W/System.err(1939): java.io.IOException: open failed: EACCES (Permission denied) 
02-27 17:33:30.097: W/System.err(1939):  at java.io.File.createNewFile(File.java:939) 
02-27 17:33:30.097: W/System.err(1939):  at com.android.incallui.InCallPresenter (...) 
02-27 17:33:30.097: W/System.err(1939):  at com.android.incallui.CallList.notifyGenericListeners(CallList.java:541) 
02-27 17:33:30.097: W/System.err(1939):  at com.android.incallui.CallList.onUpdate(CallList.java:188) 
02-27 17:33:30.098: W/System.err(1939):  at com.android.incallui.Call.update(Call.java:311) 
02-27 17:33:30.098: W/System.err(1939):  at com.android.incallui.Call.-wrap0(Call.java) 
02-27 17:33:30.098: W/System.err(1939):  at com.android.incallui.Call$1.onDetailsChanged(Call.java:208) 
02-27 17:33:30.098: W/System.err(1939):  at android.telecom.Call$4.run(Call.java:1156) 
02-27 17:33:30.098: W/System.err(1939):  at android.os.Handler.handleCallback(Handler.java:739) 
02-27 17:33:30.098: W/System.err(1939):  at android.os.Handler.dispatchMessage(Handler.java:95) 
02-27 17:33:30.098: W/System.err(1939):  at android.os.Looper.loop(Looper.java:148) 
02-27 17:33:30.098: W/System.err(1939):  at android.app.ActivityThread.main(ActivityThread.java:5417) 
02-27 17:33:30.098: W/System.err(1939):  at java.lang.reflect.Method.invoke(Native Method) 
02-27 17:33:30.098: W/System.err(1939):  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726) 
02-27 17:33:30.098: W/System.err(1939):  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616) 
02-27 17:33:30.098: W/System.err(1939): Caused by: android.system.ErrnoException: open failed: EACCES (Permission denied) 
02-27 17:33:30.098: W/System.err(1939):  at libcore.io.Posix.open(Native Method) 
02-27 17:33:30.098: W/System.err(1939):  at libcore.io.BlockGuardOs.open(BlockGuardOs.java:186) 
02-27 17:33:30.098: W/System.err(1939):  at java.io.File.createNewFile(File.java:932) 
02-27 17:33:30.098: W/System.err(1939):  ... 16 more 

Answer 1

僅僅因爲你有在Android的DAC（RWX）權限，並不意味着你有適當的SELinux的權限。既然你得到了一個EACCES，並且如果你的文件真的是777，那麼我的猜測是你試圖訪問它時會得到一個SELinux拒絕。如果您得到拒絕，Logcat或dmesg應該有avc拒絕。

它有可能在AOSP某處存在警衛，以防止世界可寫或世界可讀的目錄或文件。嘗試放棄您的權限，如00771爲dir和00644爲合理的文件。

無論如何，使文件具有世界可讀性或世界可寫性是一種可怕的，通常不必要的想法。