如何在init（Android 8.1）中运行服务_Android_Service_Init_Selinux_Android 8.1 Oreo

如何在init（Android 8.1）中运行服务

android service

如何在init（Android 8.1）中运行服务,android,service,init,selinux,android-8.1-oreo,Android,Service,Init,Selinux,Android 8.1 Oreo,我想通过Init运行服务。（安卓8.1，sepolicy=permissive）服务执行脚本文件，脚本文件如下所示 tcc898x:/ # cat /system/bin/tcc_dxb_service #!/system/bin/sh echo ---------------- echo RICHGOLD. echo ---------------- tcc898x:/ # cat init.tcc898x.rc (...) on boot (...) start tcc_

我想通过Init运行服务。（安卓8.1，sepolicy=permissive）

服务执行脚本文件，脚本文件如下所示

tcc898x:/ # cat /system/bin/tcc_dxb_service
#!/system/bin/sh
echo ----------------
echo RICHGOLD.
echo ----------------

tcc898x:/ # cat init.tcc898x.rc
(...)
on boot
    (...)
    start tcc_dxb_service
(...)
service tcc_dxb_service /system/bin/tcc_dxb_service
    class main
    user root
    u:object_r:tcc_dxb_service_exec:s0

init中的服务执行过程如下

tcc898x:/ # cat /system/bin/tcc_dxb_service
#!/system/bin/sh
echo ----------------
echo RICHGOLD.
echo ----------------

tcc898x:/ # cat init.tcc898x.rc
(...)
on boot
    (...)
    start tcc_dxb_service
(...)
service tcc_dxb_service /system/bin/tcc_dxb_service
    class main
    user root
    u:object_r:tcc_dxb_service_exec:s0

要添加域，请添加sepolicy文件，如下所示

# cat (Android 8.1 SDK)/device/(vendor)/(product)/sepolicy/tcc_dxb_service.te
type tcc_dxb_service, domain;
type tcc_dxb_service_exec, exec_type, system_file_type, file_type;
init_daemon_domain(tcc_dxb_service)

执行tcc_dxb_维修时，显示以下输出

tcc898x:/ # start tcc_dxb_service
init: could not get context while starting 'tcc_dxb_service'

请告诉我如何在Sepolicy中注册域以运行该服务。

谢谢

你必须

将
```
seclabel
```
前置到服务定义的seclabel
将
```
object\u r
```
更改为
```
r
```
，以及

使用

tcc\u dxb\u服务

类型，而不是

tcc\u dxb\u服务执行

谢谢你的回答

我引用了将服务添加到正在开发的项目中

增加了一项服务，（init.{device}.rc）

添加了标签。（（android SDK）/设备/（供应商）/（设备）/sepolicy/file\u上下文）

创建一个新域。（（安卓SDK）/设备/（供应商）/（设备）/sepolicy/foo.te）

（/system/bin/foo）

我是这样设置的。构建时，会发生以下错误

FAILED: out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy 
/bin/bash -c "(out/host/linux-x86/bin/secilc -M true -G -c 30 out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/tcc898x/obj/ETC/27.0.cil_intermediates/27.0.cil out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil -o out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp -f /dev/null ) && (out/host/linux-x86/bin/sepolicy-analyze out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp permissive > out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ) && (if [ \"eng\" = \"user\" -a -s out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ]; then         echo \"==========\" 1>&2;       echo \"ERROR: permissive domains not allowed in user builds\" 1>&2;         echo \"List of invalid domains:\" 1>&2;         cat out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains 1>&2;      exit 1;         fi ) && (mv out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy )"
neverallow check failed at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:2715
  (neverallow base_typeattr_56_27_0 base_typeattr_57_27_0 (file (execute execute_no_trans entrypoint)))
    <root>
    allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
      (allow foo foo_exec (file (read getattr map execute entrypoint open)))

neverallow check failed at out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4641 from system/sepolicy/public/domain.te:668
  (neverallow base_typeattr_56 base_typeattr_57 (file (execute execute_no_trans entrypoint)))
    <root>
    allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
      (allow foo foo_exec (file (read getattr map execute entrypoint open)))

Failed to generate binary
Failed to build policydb
[  2% 110/5135] build out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
FAILED: out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy 
/bin/bash -c "out/host/linux-x86/bin/secilc -M true -G -c 30        out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/tcc898x/obj/ETC/27.0.cil_intermediates/27.0.cil out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil -o out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy -f /dev/null"
neverallow check failed at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:2715
  (neverallow base_typeattr_56_27_0 base_typeattr_57_27_0 (file (execute execute_no_trans entrypoint)))
    <root>
    allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
      (allow foo foo_exec (file (read getattr map execute entrypoint open)))

neverallow check failed at out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4641 from system/sepolicy/public/domain.te:668
  (neverallow base_typeattr_56 base_typeattr_57 (file (execute execute_no_trans entrypoint)))
    <root>
    allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
      (allow foo foo_exec (file (read getattr map execute entrypoint open)))

Failed to generate binary
Failed to build policydb
ninja: build stopped: subcommand failed.
17:24:01 ninja failed with: exit status 1

#### failed to build some targets (43 seconds) ####

正常生成后将显示以下日志。执行服务时

# start foo
init: service foo does not have a SELinux domain defined

如何添加域？请给我一些关于Neveralow的建议

谢谢

试试这个foo.te类型foo，domain；输入foo\u exec、exec\u type、file\u type；（在原始消息中，这里有一个类型exec，而不是exec_type））file_contexts/system/bin/foo u:object_r:foo_exec:s0

echo "-----"
echo "RICHGOLD"
echo "-----"

FAILED: out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy 
/bin/bash -c "(out/host/linux-x86/bin/secilc -M true -G -c 30 out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/tcc898x/obj/ETC/27.0.cil_intermediates/27.0.cil out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil -o out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp -f /dev/null ) && (out/host/linux-x86/bin/sepolicy-analyze out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp permissive > out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ) && (if [ \"eng\" = \"user\" -a -s out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ]; then         echo \"==========\" 1>&2;       echo \"ERROR: permissive domains not allowed in user builds\" 1>&2;         echo \"List of invalid domains:\" 1>&2;         cat out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains 1>&2;      exit 1;         fi ) && (mv out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy )"
neverallow check failed at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:2715
  (neverallow base_typeattr_56_27_0 base_typeattr_57_27_0 (file (execute execute_no_trans entrypoint)))
    <root>
    allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
      (allow foo foo_exec (file (read getattr map execute entrypoint open)))

neverallow check failed at out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4641 from system/sepolicy/public/domain.te:668
  (neverallow base_typeattr_56 base_typeattr_57 (file (execute execute_no_trans entrypoint)))
    <root>
    allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
      (allow foo foo_exec (file (read getattr map execute entrypoint open)))

Failed to generate binary
Failed to build policydb
[  2% 110/5135] build out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
FAILED: out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy 
/bin/bash -c "out/host/linux-x86/bin/secilc -M true -G -c 30        out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/tcc898x/obj/ETC/27.0.cil_intermediates/27.0.cil out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil -o out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy -f /dev/null"
neverallow check failed at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:2715
  (neverallow base_typeattr_56_27_0 base_typeattr_57_27_0 (file (execute execute_no_trans entrypoint)))
    <root>
    allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
      (allow foo foo_exec (file (read getattr map execute entrypoint open)))

neverallow check failed at out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4641 from system/sepolicy/public/domain.te:668
  (neverallow base_typeattr_56 base_typeattr_57 (file (execute execute_no_trans entrypoint)))
    <root>
    allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
      (allow foo foo_exec (file (read getattr map execute entrypoint open)))

Failed to generate binary
Failed to build policydb
ninja: build stopped: subcommand failed.
17:24:01 ninja failed with: exit status 1

#### failed to build some targets (43 seconds) ####

# foo sercie
# Integrated foo process
type foo, domain;
type foo_exec, exec,type, file_type;

# started by init
# init_daemon_domain(foo)

# start foo
init: service foo does not have a SELinux domain defined