本文介绍了Android Nougat中的文件系统更改的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ 自从第一次发布Android N开发人员预览版本以来，在尝试列出根目录或其他系统目录时，出现权限被拒绝的错误。这些目录的权限似乎没有改变（据我所知）。 问题： Android N中的哪些更改导致了这些权限被拒绝的错误？ $ b strong>如何复制： 在ADB shell中，运行以下命令： run-as com.debuggable.packagename ls / 这给了Android N上的权限被拒绝的错误。 为什么列出系统目录： 我注意到了Android N上有几个文件管理器的行为。他们不能再列出根目录或其他系统文件。这也限制了在shell中运行 ps 的输出。这些更改也导致这个库停止在Android N上工作。解决方案有两组变更减少了对/ proc的访问。 procfs文件系统现在使用hidepid = 2进行挂载，到其他用户的/ proc / PID目录。这一变化是在CopperheadOS中实施的，然后在此基础上采用了上游。有一个小组作为例外，但不作为许可暴露。它仅用于为基本系统中的某些进程制定例外。它可能被暴露为一个危险的许可，而这正是我期望Google最终会做的事情，但是他们认定用户不了解它的含义。 a href =https://android-review.googlesource.com/#/c/181345/> https://android-review.googlesource.com/#/c/181345/ SELinux策略也变得更加严格。对于应用程序，根本不存在对/ proc的基本访问权限，尽管这只适用于/ proc / PID目录以外的文件。仍然可以访问一些标签不属于一般proc政策的文件，但大部分都没有了。这是渐进的，有很多相关的提交。其中一个重要的： https：// android-review.googlesource.com/#/c/105337/ 这不仅消除了很多明显的信息，而且还关闭了更多的公然涉及侧通道的安全漏洞允许像记录键盘输入这样的事情： https://www.lightbluetouchpaper.org/2016/07/29/yet-another-android-side-channel/ https://staff.ie .cuhk.edu.hk /〜khzhang / my-papers / 2016-oakland-interrupt.pdf SELinux政策随着时间的推移总体来说也变得越来越严格。您可以在 platform / system / sepolicy 存储库中查看其余部分。请注意，这是很长一段时间在平台/外部/ sepolicy ，但它最近被移动。 Ever since the first release of the Android N developer preview, I get "permission denied" errors when attempting to list the root directory or other system directories. The permissions on these directories didn't seem to change (as far as I can tell).Question:What change(s) in Android N caused these permission denied errors?How to replicate:In ADB shell, run the following commands:run-as com.debuggable.packagenamels /This gives permission denied errors on Android N.Why list system directories:I noticed this behavior on Android N with several file managers. They could no longer list the root directory or other system files. This also is limiting the output of running ps in a shell. The changes also caused this library to stop working on Android N. 解决方案 There were two groups of changes reducing access to /proc.The procfs filesystem is now mounted with hidepid=2, eliminating access to the /proc/PID directories of other users. This change was implemented in CopperheadOS and was then adopted upstream based on it. There's a group for making exceptions but it's not exposed as a permission. It's only used to make exceptions for some processes in the base system. It could be exposed as a 'dangerous' permission and it's what I expected Google would end up doing but they decided that users wouldn't understand the implications of it.https://android-review.googlesource.com/#/c/181345/SELinux policies also became much stricter. For apps, there's no baseline access to /proc at all anymore, although that only applies to files other than the /proc/PID directories. There's still access to a few files with labels not falling under the general proc policy, but it's mostly gone. This has been gradual and there are many relevant commits. One of the big ones:https://android-review.googlesource.com/#/c/105337/This not only removes a lot of obvious information, but it also closes some more blatant security holes involving side channels allowing things like logging keyboard input:https://www.lightbluetouchpaper.org/2016/07/29/yet-another-android-side-channel/https://staff.ie.cuhk.edu.hk/~khzhang/my-papers/2016-oakland-interrupt.pdfSELinux policies have also become a lot stricter in general over time. You can see the rest of that in the platform/system/sepolicy repository. Note that it was at platform/external/sepolicy for a long time but it was recently moved. 这篇关于Android Nougat中的文件系统更改的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！