在dmesg里面經常會看到很多的avc denied的打印,如果有很多這種打印,那可以借助于android提供的audit2allow工具幫我們轉換成allow語句。
使用步驟如下:
一、將dmesg中的相關avc denied的打印語句,復制到一個txt文件中,我這里取名為tee-supplicant.txt(因為我正在操作的進程是tee-supplicant)
avc: denied
{ read append
} for comm
="tee-supplicant" name
="kmsg_debug" dev
="tmpfs" ino
=8780 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:kmsg_debug_device:s0 tclass
=chr_file permissive
=1
avc: denied
{ read append
} for comm
="tee-supplicant" name
="kmsg_debug" dev
="tmpfs" ino
=8780 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:kmsg_debug_device:s0 tclass
=chr_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/kmsg_debug" dev
="tmpfs" ino
=8780 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:kmsg_debug_device:s0 tclass
=chr_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/kmsg_debug" dev
="tmpfs" ino
=8780 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:kmsg_debug_device:s0 tclass
=chr_file permissive
=1
avc: denied
{ syslog_read
} for comm
="tee-supplicant" scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:kernel:s0 tclass
=system permissive
=1
avc: denied
{ syslog_read
} for comm
="tee-supplicant" scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:kernel:s0 tclass
=system permissive
=1
avc: denied
{ getattr
} for comm
="tee-supplicant" path
="/dev/kmsg_debug" dev
="tmpfs" ino
=8780 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:kmsg_debug_device:s0 tclass
=chr_file permissive
=1
avc: denied
{ getattr
} for comm
="tee-supplicant" path
="/dev/kmsg_debug" dev
="tmpfs" ino
=8780 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:kmsg_debug_device:s0 tclass
=chr_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/kmsg_debug" dev
="tmpfs" ino
=8780 ioctlcmd
=0x5401 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:kmsg_debug_device:s0 tclass
=chr_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/kmsg_debug" dev
="tmpfs" ino
=8780 ioctlcmd
=0x5401 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:kmsg_debug_device:s0 tclass
=chr_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/sys/devices/platform/0.soc/34458000.sdhci/mmc_host/mmc1/mmc1:0001/cid" dev
="sysfs" ino
=44384 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:sysfs:s0 tclass
=file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/sys/devices/platform/0.soc/34458000.sdhci/mmc_host/mmc1/mmc1:0001/cid" dev
="sysfs" ino
=44384 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:sysfs:s0 tclass
=file permissive
=1
avc: denied
{ search
} for comm
="tee-supplicant" name
="block" dev
="tmpfs" ino
=21511 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=dir permissive
=1
avc: denied
{ search
} for comm
="tee-supplicant" name
="block" dev
="tmpfs" ino
=21511 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=dir permissive
=1
avc: denied
{ read } for comm
="tee-supplicant" name
="mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ read } for comm
="tee-supplicant" name
="mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ read write } for comm
="tee-supplicant" name
="mmcblk1rpmb" dev
="tmpfs" ino
=21735 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ read write } for comm
="tee-supplicant" name
="mmcblk1rpmb" dev
="tmpfs" ino
=21735 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 ioctlcmd
=0xb301 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 ioctlcmd
=0xb301 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ search
} for comm
="tee-supplicant" name
="block" dev
="tmpfs" ino
=21511 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=dir permissive
=1
avc: denied
{ search
} for comm
="tee-supplicant" name
="block" dev
="tmpfs" ino
=21511 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=dir permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/sys/devices/platform/0.soc/34458000.sdhci/mmc_host/mmc1/mmc1:0001/cid" dev
="sysfs" ino
=44384 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:sysfs:s0 tclass
=file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/sys/devices/platform/0.soc/34458000.sdhci/mmc_host/mmc1/mmc1:0001/cid" dev
="sysfs" ino
=44384 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:sysfs:s0 tclass
=file permissive
=1
avc: denied
{ search
} for comm
="tee-supplicant" name
="block" dev
="tmpfs" ino
=21511 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=dir permissive
=1
avc: denied
{ search
} for comm
="tee-supplicant" name
="block" dev
="tmpfs" ino
=21511 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=dir permissive
=1
avc: denied
{ read } for comm
="tee-supplicant" name
="mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ read } for comm
="tee-supplicant" name
="mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
cant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 ioctlcmd
=0xb301 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 ioctlcmd
=0xb301 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 ioctlcmd
=0xb301 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 ioctlcmd
=0xb301 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/sys/devices/platform/0.soc/34458000.sdhci/mmc_host/mmc1/mmc1:0001/cid" dev
="sysfs" ino
=44384 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:sysfs:s0 tclass
=file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/sys/devices/platform/0.soc/34458000.sdhci/mmc_host/mmc1/mmc1:0001/cid" dev
="sysfs" ino
=44384 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:sysfs:s0 tclass
=file permissive
=1
avc: denied
{ search
} for comm
="tee-supplicant" name
="block" dev
="tmpfs" ino
=21511 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=dir permissive
=1
avc: denied
{ search
} for comm
="tee-supplicant" name
="block" dev
="tmpfs" ino
=21511 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=dir permissive
=1
tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/sys/devices/platform/0.soc/34458000.sdhci/mmc_host/mmc1/mmc1:0001/cid" dev
="sysfs" ino
=44384 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:sysfs:s0 tclass
=file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/sys/devices/platform/0.soc/34458000.sdhci/mmc_host/mmc1/mmc1:0001/cid" dev
="sysfs" ino
=44384 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:sysfs:s0 tclass
=file permissive
=1
context
=u:object_r:block_device:s0 tclass
=dir permissive
=1
avc: denied
{ read } for comm
="tee-supplicant" name
="mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ read } for comm
="tee-supplicant" name
="mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ open } for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/block/mmcblk1" dev
="tmpfs" ino
=24601 ioctlcmd
=0xb300 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:block_device:s0 tclass
=blk_file permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ sys_rawio
} for comm
="tee-supplicant" capability
=17 scontext
=u:r:tee-supplicant:s0 tcontext
=u:r:tee-supplicant:s0 tclass
=capability permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 ioctlcmd
=0xb301 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
avc: denied
{ ioctl
} for comm
="tee-supplicant" path
="/dev/mmcblk1rpmb" dev
="tmpfs" ino
=21735 ioctlcmd
=0xb301 scontext
=u:r:tee-supplicant:s0 tcontext
=u:object_r:device:s0 tclass
=chr_file permissive
=1
二、把這個tee-supplicant.txt文件,放到android源碼的路徑android/external/selinux/prebuilts/bin目錄下
android/external/selinux/prebuilts/bin$
ls
audit2allow audit2why avc.te sediff sediff.py seinfo seinfo.py sesearch sesearch.py tee-supplicant.txt
三、執行如下命令
./audit2allow -i tee-supplicant.txt
> avc.te
四、查看avc.te
默認打開發現是空的,有下面這么一句打印,提示需要執行source lunch
ANDROID_HOST_OUT not set. Have you run lunch?
執行一下source build/envsetup.sh lunch xxx后,再執行audit2allow 命令就可以了,自動生成的內容如下:
allow tee-supplicant block_device:blk_file
{ ioctl
open read };
allow tee-supplicant block_device:dir search
;
allow tee-supplicant device:chr_file
{ ioctl
open read write };
allow tee-supplicant kernel:system syslog_read
;
allow tee-supplicant kmsg_debug_device:chr_file
{ append getattr ioctl
open read };
allow tee-supplicant self:capability sys_rawio
;
allow tee-supplicant sysfs:file
open;
總結
以上是生活随笔為你收集整理的android audit2allow工具使用步骤的全部內容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。
