Termux 如何绕过 运行 程序的 SELinux 限制?
How does Termux get around the SELinux restriction on running programs?
我看到 Termux 在 /data/data/com.termux/files/usr 中有它的可执行文件。 SELinux 策略必须禁止从此位置执行。
它是如何工作的?
谢谢。
实际上任何 Android 应用程序都可以 run executable files natively, using the Android's Os class。它为应用程序提供 low-level 功能,其中还包括 运行ning 可执行文件。所以,基本上,Termux 只是 API 和用户之间的桥梁。
但是,Android 在 Android 10 之后更新了它的 policy,并且应用程序不能 运行 本机可执行文件。
Untrusted apps that target Android 10 cannot invoke exec() on files within the app's home directory.
来自官方Termux website
Applications built with target SDK level 29 (means compatibility with Android 10) will no longer be able to execute data files. All executables must be packaged within the APK file. That's a reasonable restriction. Application must not be able to modify itself. Updates and new features must come within the APK of newer version. However there is a problem: Termux is technically a bridge between Android application and Linux environments.
Fortunately, we chose to force use compatibility with Android 9 APIs (SDK 28) at the cost of ability to publish updates on Google Play. That is until we will workaround the issue. For now do not worry - it works perfectly.
这也是 Termux 更新未在 Play 商店推出的原因,您需要下载 updates from F-Droid。
我看到 Termux 在 /data/data/com.termux/files/usr 中有它的可执行文件。 SELinux 策略必须禁止从此位置执行。 它是如何工作的?
谢谢。
实际上任何 Android 应用程序都可以 run executable files natively, using the Android's Os class。它为应用程序提供 low-level 功能,其中还包括 运行ning 可执行文件。所以,基本上,Termux 只是 API 和用户之间的桥梁。
但是,Android 在 Android 10 之后更新了它的 policy,并且应用程序不能 运行 本机可执行文件。
Untrusted apps that target Android 10 cannot invoke exec() on files within the app's home directory.
来自官方Termux website
Applications built with target SDK level 29 (means compatibility with Android 10) will no longer be able to execute data files. All executables must be packaged within the APK file. That's a reasonable restriction. Application must not be able to modify itself. Updates and new features must come within the APK of newer version. However there is a problem: Termux is technically a bridge between Android application and Linux environments.
Fortunately, we chose to force use compatibility with Android 9 APIs (SDK 28) at the cost of ability to publish updates on Google Play. That is until we will workaround the issue. For now do not worry - it works perfectly.
这也是 Termux 更新未在 Play 商店推出的原因,您需要下载 updates from F-Droid。