CTS Fail项目解决方法集锦



android.permission.cts.FileSystemPermissionTest

--testAllCharacterDevicesAreSecure fail junit.framework.AssertionFailedError: Foundinsecure character devices: [/dev/ttyHSL2]

-- testAllFilesInSysAreNotWritable fail unit.framework.AssertionFailedError:Found writable: [/sys/devices/soc.0/f9928000.i2c/i2c-6/6-0028/nfc_debug,/sys/devices/soc.0/f9928000.i2c/i2c-6/6-0028/nfc_enable,/sys/devices/soc.0/fe12f000.slim/earSmart-codec-gen0/pm_enable,/sys/devices/soc.0/f98a4900.sdhci/simulating] at junit.framework.Assert.fa

 

这两项CTS是对文件系统权限的检测,第一项测试的目的是检测所有字符设备权限设置是否妥当,它要求/dev/目录下及其子目录(除/dev/pts目录和google规定的可以作为例外的字符设备外)中不能有不安全字符设备,所谓不安全是指测试apk能对该设备进行读或写或执行中的任一权限, testAllCharacterDevicesAreSecure()函数会将所有不符合google策略的字符设备全部打印出来, 这个fail项就是存在一个/dev/ttyHSL2,于是在源码工程中搜索ttyHSL2,位于/device/qcom/common/rootdir/etc/init.qcom.rc

       chmod 0666 dev/ttyHSL2

       chown system system dev/ttyHSL2

这个地方是sensor模组人员添加的,红外用的是这个串口，因此改法也很简单,只要将mode 0666改为 0660就OK了.

      第二项CTS测试的目的是检测sys文件系统,它要求/sys/目录下不允许有可写的文件节点. Nfc_debug, nfc_enable节点属于NFC模块,应该是NFC驱动debug使用的, /earSmart-codec-gen0/pm_enable这个节点是音频模块创建的属性节点,猜测是debug用的, /f98a4900.sdhci/simulating这个节点是SD卡驱动模块的.解决这项fail的方法很简单,如果这些节点只是debug使用的话,只需要在kernel驱动中删除掉这些节点即可.

 

android.security.cts.KernelSettingsTest

-- testNoConfigGzfail junit.framework.AssertionFailedError: /proc/config.gz is readable. Pleaserecompile your kernel with CONFIG_IKCONFIG_PROC disabled atjunit.framework.Assert.fail(Assert.java:50)

-- testSELinuxEnforcingfail junit.framework.ComparisonFailure: expected:<[1]> butwas:<[0]> at junit.framework.Assert.assertEquals(Assert.java:85)

 

这两项检测的是kernel设置.

      第一项Fail的原因/proc/config.gz可读,修改的方法也很简单,根据提示修改msm8994-defconfig中的CONFIG_IKCONFIG_PROC如下

#CONFIG_IKCONFIG_PROC is not set

      第二项是对SELinux的设置要求，Android从4.2开始使用Selinux，但是从4.4开始强制要求SeLinux启用enforcing模式，Enforce模式会对所有无权限的访问完全拒绝，4.2的时候可以使用permissive模式，这种模式, SELinux会对违反权限规则的只会做记录，不回拒绝访问。这边检测到的结果是enforce模式没有启动。控制selinux模式的代码位于/system/core/init/init.c selinux_initialize()函数中，你需要保证执行这句代码的时候security_setenforce(is_enforcing)，is_enforcing返回值为true.这时候你也许需要检查Android.mk中是否打开了ALLOW_DISABLE_SELINUX和ro.boot.selinux属性的设置。

 

android.app.cts.SystemFeaturesTest

--testSensorFeatures FAIL junit.framework.AssertionFailedError:PackageManager#hasSystemFeature(android.hardware.sensor.barometer) returns truebut SensorManager#getSensorList(6) shows sensors [] expected:<true> butwas:<false> at junit.framework.Assert.fail(Assert.java:50)

 

SensorFeaturesTest的另一个log

07-28 06:40:28 I/7060b41e:android.app.cts.SystemFeaturesTest#testSensorFeatures FAIL

junit.framework.AssertionFailedError:PackageManager#hasSystemFeature(android.hardware.sensor.heartrate.ecg) returnsfalse but SensorManager#getSensorList(21) shows sensors [epl6889 HRnUV]expected:<false> but was:<true>

      从错误提示其实可以看出这项测试的目的，它的目的就是检测系统特性中sensor特性是否与sensorManager中的配置一致，大家有空可以研究下testSensorFeatures()这个函数。这个错误的原因是，PackageManger中返回android.hardware.sensor.barometer这个特性为true,但是sensorManager中却返回false不支持barometer，也就是说我们在系统特性中声称有barometer这个特性，但是从SensorManager的返回结果来看是不支持的，因此我们需要从系统特性中去掉气压计特性；另一方面我们系统中添加了心率器件，但是我们在系统特性中没有宣称这项功能，这同样会导致这项测试不能通过。

      修改的方法很简单，修改/device/qcom/msm8994/msm8994.mk中如下标红部分

# MSM IRQ Balancerconfiguration file

PRODUCT_COPY_FILES+= \

   device/qcom/msm8994/msm_irqbalance.conf:system/vendor/etc/msm_irqbalance.conf\

   frameworks/native/data/etc/android.hardware.sensor.accelerometer.xml:system/etc/permissions/android.hardware.sensor.accelerometer.xml\

   frameworks/native/data/etc/android.hardware.sensor.compass.xml:system/etc/permissions/android.hardware.sensor.compass.xml\

   frameworks/native/data/etc/android.hardware.sensor.gyroscope.xml:system/etc/permissions/android.hardware.sensor.gyroscope.xml\

   frameworks/native/data/etc/android.hardware.sensor.light.xml:system/etc/permissions/android.hardware.sensor.light.xml\

   frameworks/native/data/etc/android.hardware.sensor.proximity.xml:system/etc/permissions/android.hardware.sensor.proximity.xml\

   

#气压计是没有的，所以需要删掉这部分

frameworks/native/data/etc/android.hardware.sensor.barometer.xml:system/etc/permissions/android.hardware.sensor.barometer.xml\

#添加部分，这个地方是原来Qualcomm公版没有的心率，公司增加的Sensor，需要自己添加到这儿

frameworks/native/data/etc/android.hardware.sensor.heartrate.ecg.xml:system/etc/permissions/android.hardware.sensor.heartrate.ecg.xml\

   frameworks/native/data/etc/android.hardware.sensor.stepcounter.xml:system/etc/permissions/android.hardware.sensor.stepcounter.xml\

   frameworks/native/data/etc/android.hardware.sensor.stepdetector.xml:system/etc/permissions/android.hardware.sensor.stepdetector.xml

 

      如果对为什么这样修改，需要弄明白PackageManager类hasSystemFeature()接口的实现，可以参考链接http://blog.csdn.net/a281629221/article/details/47109837

 

com.android.cts.appsecurity.AppSecurityTests

-- testExternalStorageNoneFail junit.framework.AssertionFailedError: Failed external storage with nopermissions at junit.framework.Assert.fail(Assert.java:50)

 

--testExternalStorageRead fail junit.framework.AssertionFailedError: Failedexternal storage with read permissions atjunit.framework.Assert.fail(Assert.java:50)

 

--testExternalStorageWrite fail junit.framework.AssertionFailedError: Failedexternal storage with write permissions atjunit.framework.Assert.fail(Assert.java:50)

 

      老实说这几项我没有搞懂，也许搞忘了，有空可以请教下。改法如下，删掉xml文件中标红部分。这几项也是他加的，将其去掉后，测试马上能通过。需要注意的是测试这几项时，必须保证手机上有SD卡。

/frameworks/base/data/etc/platform.xml

   <permission name="android.permission.WRITE_EXTERNAL_STORAGE">

       <group gid="sdcard_r"/>

       <group gid="sdcard_rw"/>

        <groupgid="media_rw" />

   </permission>

 

   <permissionname="android.permission.ACCESS_ALL_EXTERNAL_STORAGE" >

       <group gid="sdcard_r"/>

       <group gid="sdcard_rw"/>

       <group gid="media_rw" />

       <group gid="sdcard_all"/>

   </permission>

 

android.permission.cts.DebuggableTest

--testNoDebuggable junit.framework.AssertionFailedError: Packages markeddebuggable: [com.uei.sample.weifuitwo, com.qualcomm.location.qvtester,com.sensor.factorytest, com.qualcomm.msapu, com.android.MultiplePdpTest,com.qualcomm.criteria.quipsmaptest,com.dzsoft.smartrobot.uiauto.daemon.service, com.eminent.heart] atjunit.framework.Assert.fail(Assert.java:50)

 

      Google要其新发布手机中的apk不能有标识为debug。因此改法也很简单，通知相应APK负责人员将apk中AndroidManifest.xml中的 android.debuggable要置为false,或者去掉那些android.debuggable置为true的apk.

 

android.view.cts.DisplayRefreshRateTest

-- testRefreshRatefail junit.framework.AssertionFailedError at junit.framework.Assert.fail(Assert.java:48)

 

      这项测试屏的刷新率，一般的屏声称的刷新率为60fps,测试的时候，测试代码会不停地向屏刷新图像，如果在8s内测到的刷新率低于 58fps就会Fail,不过这项测试第一次不过，会再测一遍，直到测试通过或者测试次数为3。

      5.0的时候，老是测不过，或者随机不过，提了个Case给高通，Qualcomm给出的解决方案如下

please applid theattached patch (msm-3.10.git-e3943405067052780f2d3564cce570202eaaacad.patch)

and then add thebelow flag on LCD panel dtsi file to test.

qcom,mdss-mdp-transfer-time-us= <12500>;

or

qcom,mdss-mdp-transfer-time-us= <12000>;

 

From e3943405067052780f2d3564cce570202eaaacad Mon Sep 17 00:00:00 2001From: Ingrid Gallardo <ingridg@codeaurora.org>Date: Tue, 7 Apr 2015 20:09:21 -0700Subject: [PATCH] msm: mdss: add support to set the minimum mdp transfer timeFor command mode panels current code calculations adjust the mdpclock rate based in the minimum dsi pixel clock rate. This iswrong and can lead to power issues since this rate considersthe blanking times which are not required for the mdp clockcalculations.This change optimize the calculations by only considering the worstwidth that could be processed by the mdp without blanking periodsand consider the time expected for the transfer by adjustingthe mdp clock in order to meet the performance requested; thistime can be tuned through the panel configuration.Change-Id: Ib25df0e8f749d3ffc1d9059d5d7eac27e0f0b81eSigned-off-by: Ingrid Gallardo <ingridg@codeaurora.org>--- Documentation/devicetree/bindings/fb/mdss-dsi-panel.txt | 15 +++++++++++++++ drivers/video/msm/mdss/mdss_dsi_panel.c                 |  3 +++ drivers/video/msm/mdss/mdss_mdp_ctl.c                   | 12 ++++++------ drivers/video/msm/mdss/mdss_panel.h                     |  1 + 4 files changed, 25 insertions(+), 6 deletions(-)diff --git a/Documentation/devicetree/bindings/fb/mdss-dsi-panel.txt b/Documentation/devicetree/bindings/fb/mdss-dsi-panel.txtindex f4ead42..fbc0c72 100644--- a/Documentation/devicetree/bindings/fb/mdss-dsi-panel.txt+++ b/Documentation/devicetree/bindings/fb/mdss-dsi-panel.txt@@ -261,6 +261,20 @@ Optional properties: 60 = 60 frames per second (default) - qcom,mdss-dsi-panel-clockrate:Specifies the panel clock speed in Hz. 0 = default value.+- qcom,mdss-mdp-transfer-time-us:Specifies the dsi transfer time for command mode+panels in microseconds. Driver uses this number to adjust+the clock rate according to the expected transfer time.+Increasing this value would slow down the mdp processing+and can result in slower performance.+Decreasing this value can speed up the mdp processing,+but this can also impact power consumption.+As a rule this time should not be higher than the time+that would be expected with the processing at the+dsi link rate since anyways this would be the maximum+transfer time that could be achieved.+If ping pong split enabled, this time should not be higher+than two times the dsi link rate time.+14000 = default value. - qcom,mdss-dsi-on-command-state:String that specifies the ctrl state for sending ON commands. "dsi_lp_mode" = DSI low power mode (default) "dsi_hs_mode" = DSI high speed mode@@ -476,6 +490,7 @@ Example: qcom,mdss-dsi-dma-trigger = <0>; qcom,mdss-dsi-panel-framerate = <60>; qcom,mdss-dsi-panel-clockrate = <424000000>;+qcom,mdss-mdp-transfer-time-us = <12500>; qcom,mdss-dsi-panel-timings = [7d 25 1d 00 37 33 22 27 1e 03 04 00]; qcom,mdss-dsi-on-command = [32 01 00 00 00 00 02 00 00diff --git a/drivers/video/msm/mdss/mdss_dsi_panel.c b/drivers/video/msm/mdss/mdss_dsi_panel.cindex ce121fb..5de8131 100644--- a/drivers/video/msm/mdss/mdss_dsi_panel.c+++ b/drivers/video/msm/mdss/mdss_dsi_panel.c@@ -26,6 +26,7 @@  #define DT_CMD_HDR 6 #define MIN_REFRESH_RATE 30+#define DEFAULT_MDP_TRANSFER_TIME 14000  DEFINE_LED_TRIGGER(bl_led_trigger); @@ -1731,6 +1732,8 @@ static int mdss_panel_parse_dt(struct device_node *np, pinfo->mipi.frame_rate = (!rc ? tmp : 60); rc = of_property_read_u32(np, "qcom,mdss-dsi-panel-clockrate", &tmp); pinfo->clk_rate = (!rc ? tmp : 0);+rc = of_property_read_u32(np, "qcom,mdss-mdp-transfer-time-us", &tmp);+pinfo->mdp_transfer_time_us = (!rc ? tmp : DEFAULT_MDP_TRANSFER_TIME); data = of_get_property(np, "qcom,mdss-dsi-panel-timings", &len); if ((!data) || (len != 12)) { pr_err("%s:%d, Unable to read Phy timing settings",diff --git a/drivers/video/msm/mdss/mdss_mdp_ctl.c b/drivers/video/msm/mdss/mdss_mdp_ctl.cindex 1f6c6eb..8a948ca4 100644--- a/drivers/video/msm/mdss/mdss_mdp_ctl.c+++ b/drivers/video/msm/mdss/mdss_mdp_ctl.c@@ -732,15 +732,15 @@ static void mdss_mdp_perf_calc_mixer(struct mdss_mdp_mixer *mixer, if (!pinfo) {/* perf for bus writeback */ perf->bw_overlap = fps * mixer->width * mixer->height * 3;-/* for command mode, run as fast as the link allows us */ } else if (pinfo->type == MIPI_CMD_PANEL) {-u32 dsi_pclk_rate = pinfo->mipi.dsi_pclk_rate;+u32 dsi_transfer_rate = mixer->width * v_total; -if (is_pingpong_split(mixer->ctl->mfd))-dsi_pclk_rate *= 2;+/* adjust transfer time from micro seconds */+dsi_transfer_rate = mult_frac(dsi_transfer_rate,+1000000, pinfo->mdp_transfer_time_us); -if (dsi_pclk_rate > perf->mdp_clk_rate)-perf->mdp_clk_rate = dsi_pclk_rate;+if (dsi_transfer_rate > perf->mdp_clk_rate)+perf->mdp_clk_rate = dsi_transfer_rate; } } diff --git a/drivers/video/msm/mdss/mdss_panel.h b/drivers/video/msm/mdss/mdss_panel.hindex 531bd91..1307366 100644--- a/drivers/video/msm/mdss/mdss_panel.h+++ b/drivers/video/msm/mdss/mdss_panel.h@@ -393,6 +393,7 @@ struct mdss_panel_info { u32 clk_rate; u32 clk_min; u32 clk_max;+u32 mdp_transfer_time_us; u32 frame_count; u32 is_3d_panel; u32 out_format;-- 

      5.1的代码能直接通过。

 

android.security.cts.SELinuxDomainTest

-- testInitDomainfail

junit.framework.AssertionFailedError:Expected 1 process in SELinux domain "u:r:init:s0" Found "[pid:"1" proctitle: "/init" label: "u:r:init:s0"vsize: 4014080, pid: "408" proctitle:"/system/bin/ml_daemon" label: "u:r:init:s0" vsize:6094848, pid: "417" proctitle: "/system/bin/ml_daemon"label: "u:r:init:s0" vsize: 8200192, pid: "533" proctitle:"/system/bin/seald" label: "u:r:init:s0" vsize: 7114752,pid: "689" proctitle: "/system/bin/pfm" label:"u:r:init:s0" vsize: 6541312, pid: "690" proctitle:"/system/bin/nqs" label: "u:r:init:s0" vsize: 6598656, pid:"1109" proctitle: "/system/bin/logcat" label: "u:r:init:s0"vsize: 5910528, pid: "1110" proctitle: "/system/bin/logcat"label: "u:r:init:s0" vsize: 4861952, pid: "1111" proctitle:"/system/xbin/fdump" label: "u:r:init:s0" vsize: 5971968,pid: "1112" proctitle: "/system/xbin/fdump" label:"u:r:init:s0" vsize: 5971968]" expected:<1> butwas:<10> at junit.framework.Assert.fail(Assert.java:50)

      这项测试的意思就是SEAndroid规定只有init进程才能使用Android domain init, 但是Qualcomm默认有很多进程使用到了这个domain，导致这项不能通过。要Pass这项主要要做到如下几点，也是通过提case解决的，case号为02044965。

（1）disable Enterprise Security feature, referto Qualcomm solution 00029375

    解决掉ml_daemon, seald, pfm, nqs,进程的域问题，就是不启动这几个进程还能节省开机时间，具体办法详见如下文件。

1. Please refer to solution 00029375: How to disable Enterprise Security feature I pasted as follows for your convenience, pls find corresponding chipset path for your chipset. tqs, nqs, security_boot_check, security-bridge.jar, and qsb-port.jar are used for enterprise security feature. You can remove these files if you do not use enterprise security feature. To remove the files completely, please follow steps below: 1. Remove tqs image (/firmware) I can find tqs in the /firmware/image on our phonetqs.b00tqs.b01tqs.b02tqs.b03tqs.mdtbut I don't know where the source it comes from, I think it should be in vendor\qcomI found nothing relate to tqs not like nqs.2. Remove NQS daemon (/system/bin/nqs) nqs was launched by Seald Daemon, so I can remove it from init.target.rcvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/system/bin/nqsvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/system/vendor/lib64/lib_nqs.sovendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/system/vendor/lib/lib_nqs.sovendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_MODULE        := nqsvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_SRC_FILES     := ../../.././target/product/msm8994/system/bin/nqsvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_MODULE        := lib_nqsvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_SRC_FILES     := ../../.././target/product/msm8994/system/vendor/lib64/lib_nqs.sovendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_MODULE        := lib_nqsvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_SRC_FILES     := ../../.././target/product/msm8994/system/vendor/lib/lib_nqs.sovendor/qcom/proprietary/common/config/device-vendor.mk:ENTERPRISE_SECURITY += lib_nqsvendor/qcom/proprietary/common/config/device-vendor.mk:ENTERPRISE_SECURITY += nqs3. Remove nqs daemon launch from init.target.rc nqs was launched by Seald Daemon, so can I just remove seald daemon from init.target.rc4. Remove security_boot_check (/root/sbin) 二进制文件 vendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/root/sbin/security_boot_check编译部分vendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_MODULE        := security_boot_checkvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_SRC_FILES     := ../../.././target/product/msm8994/root/sbin/security_boot_checkvendor/qcom/proprietary/common/config/device-vendor.mk:ENTERPRISE_SECURITY += security_boot_check5. Remove security_boot_check launch from init.target.rc (x2) can find it in init.target.rc(device/qcom/msm8994/init.target.rc)6. Remove security-bridge.jar (/system/framework) vendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/system/framework/security-bridge.jarvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_MODULE               := security-bridgevendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_SRC_FILES            := ../../.././target/common/obj/JAVA_LIBRARIES/security-bridge_intermediates/javalib.jarvendor/qcom/proprietary/common/config/device-vendor.mk:ENTERPRISE_SECURITY += security-bridge7. Remove qsb-port.jar (/system/framework) vendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/system/framework/qsb-port.jarvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_MODULE               := qsb-portvendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk:LOCAL_SRC_FILES            := ../../.././target/common/obj/JAVA_LIBRARIES/qsb-port_intermediates/javalib.jarvendor/qcom/proprietary/common/config/device-vendor.mk:ENTERPRISE_SECURITY += qsb-port8. Remove "security-bridge" and "qsb-port" from device/qcom/msm8994/msm8994.mk device/qcom/msm8994/msm8994.mk 9. Remove ENTERPRISE_SECURITY section from vendor/qcom/proprietary/common/config/device-vendor.mk # ENTERPRISE_SECURITYENTERPRISE_SECURITY := libescommonmiscENTERPRISE_SECURITY += lib_nqsENTERPRISE_SECURITY += lib_pfeENTERPRISE_SECURITY += libpfecommonENTERPRISE_SECURITY += ml_daemonENTERPRISE_SECURITY += nqsENTERPRISE_SECURITY += pfmENTERPRISE_SECURITY += sealdENTERPRISE_SECURITY += libsealcommENTERPRISE_SECURITY += libsealdsvcENTERPRISE_SECURITY += libsealaccessENTERPRISE_SECURITY += libsealjniENTERPRISE_SECURITY += libprotobuf-cpp-2.3.0-qti-liteENTERPRISE_SECURITY += qsb-portENTERPRISE_SECURITY += security_boot_checkENTERPRISE_SECURITY += security-bridge# 10. Remove security-bridge from vendor/qcom/proprietary/prebuilt_HY11/target/product/msm8994/Android.mk 在init.target.rc中有如下 service可以注释掉service ml_daemon /system/bin/ml_daemon    class core    user root    group rootservice seald /system/bin/seald    class late_start    user root    group system

 (2)处理好日志守护进程问题，要求在编译出的版本是CTS版本时，默认关闭日志进程。

 Vendor/gigaset/build/core/properties.mk

 

ifneq ($(filtercts release,$(GIGASET_BUILD_TYPE)),)

   REMOVE_PROPERTIES := ro.debuggable=1

   ADDITIONAL_DEFAULT_PROPERTIES :=$(filter-out $(REMOVE_PROPERTIES) ,$(ADDITIONAL_DEFAULT_PROPERTIES))

   ADDITIONAL_DEFAULT_PROPERTIES += \

       ro.debuggable=0    \

#添加这行后cts和 release版本默认会将离线日志进程关闭

       persist.sys.bugbox.enable=false

else

   REMOVE_PROPERTIES := ro.debuggable=0

   ADDITIONAL_DEFAULT_PROPERTIES :=$(filter-out $(REMOVE_PROPERTIES) ,$(ADDITIONAL_DEFAULT_PROPERTIES))

   ADDITIONAL_DEFAULT_PROPERTIES += \

       ro.debuggable=1    \

       persist.sys.bugbox.enable=false

endif

 

 (3)蓝牙开启的时候也会产生一些进程使用Init域，这个问题的解决也费了高通很多时间，高通提供了一些Patch来解决这个问题,这个问题的代码是蓝牙模块负责的。

蓝牙patch

另外也在这儿提供一个方法如何为init启动的守护进程进行Domain切换。

下面是一个简单的demo.

情景:定义一个init启动的service, demo_service,对应的执行档是/system/bin/demo.

(1).创建一个demo.te在/device/qcom/sepolicy/common目录下,然后在/device/qcom/sepolicy/msm8994/BoardConfig.mk的BOARD_SEPOLICY_UNION宏中新增 demo.te

BOARD_SEPOLICY_UNION += demo.te

(2).定义demo类型，init启动service时类型转换, demo.te中

type demo, domain;

type demo_exec, exec_type, file_type;

domain_auto_trans(init, demo_exec, demo);

domain_auto_trans(adbd, demo_exec, demo);

domain_auto_trans(shell, demo_exec, demo);

#init_daemon_domain(demo)

(3).绑定执行档file_context(/device/qcom/sepolicy/file_contexts)类型

/system/bin/demo u:object_r:demo_exec:s0

(4).根据demo需要访问的文件以及设备,定义其它的权限在demo.te中.

 

android.security.cts.VoldExploitTest

--testTryToCrashVold fail Test failed to run to completion. Reason:'Instrumentation run failed due to 'Process crashed.''. Check device logcat fordetails

      这项测试好像是Google对缓冲区溢出漏洞的尝试进行攻击，如果Vold进程死掉了，这项测试就会Fail，有对漏洞测试感兴趣地可以参考下这篇文章http://wp.mlab.tw/?p=1966，这篇文章应该是台湾同胞写的，还是繁体字。解决的方法很简单，因为Android 5.0以后的代码都不需要 vold.fstab了。所以可以直接删掉手机中这两个文件，即可通过。

/etc/vold.fstab

/system/etc/vold.fstab

从代码中删除的方法为

删掉device/qcom/msm8994/中的vold.fstab文件

york@swdp002:/public/york.zhang/CTS_source/device/qcom/comm on$ git diff

diff --gita/base.mk b/base.mk

index836df47..3a31707 100755

--- a/base.mk

+++ b/base.mk

@@ -228,7 +228,8@@ INIT += init.qcom.sh

 INIT += init.qcom.class_core.sh

 INIT += init.class_main.sh

 INIT += init.qcom.wifi.sh

-INIT +=vold.fstab

+#york.zhangdeleted for Pass CTS test

+# INIT +=vold.fstab

 INIT += init.qcom.ril.path.sh

 INIT += init.qcom.usb.rc

 INIT += init.qcom.usb.sh

 

 

CTS_source/device/qcom/msm8994$

 

 

git diffbde3889833cebc0c704e76345ae5399acfd90e06

 

diff --gita/AndroidBoard.mk b/AndroidBoard.mk

old mode 100644

new mode 100755

indexe64d99d..24f9574

---a/AndroidBoard.mk

+++b/AndroidBoard.mk

@@ -30,12 +30,12@@ $(INSTALLED_KERNEL_TARGET): $(TARGET_PREBUILT_KERNEL) | $(ACP)

 #----------------------------------------------------------------------

 # Copy additional target-specific files

 #----------------------------------------------------------------------

-include$(CLEAR_VARS)

-LOCAL_MODULE      := vold.fstab

-LOCAL_MODULE_TAGS := optional

-LOCAL_MODULE_CLASS:= ETC

-LOCAL_SRC_FILES   := $(LOCAL_MODULE)

-include$(BUILD_PREBUILT)

+#include$(CLEAR_VARS)

+#LOCAL_MODULE      := vold.fstab

+#LOCAL_MODULE_TAGS := optional

+#LOCAL_MODULE_CLASS:= ETC

+#LOCAL_SRC_FILES   := $(LOCAL_MODULE)

+#include$(BUILD_PREBUILT)

 

 

android.security.cts.BannedFilesTest

-- testNoDevDiagfail junit.framework.AssertionFailedError: File "/dev/diag" exists atjunit.framework.Assert.fail(Assert.java:50)

 

      这项可以豁免，Google 5.1不测这项