如何在init(Android 8.1)中运行服务
我想通过Init运行服务。(安卓8.1,sepolicy=permissive) 服务执行脚本文件,脚本文件如下所示如何在init(Android 8.1)中运行服务,android,service,init,selinux,android-8.1-oreo,Android,Service,Init,Selinux,Android 8.1 Oreo,我想通过Init运行服务。(安卓8.1,sepolicy=permissive) 服务执行脚本文件,脚本文件如下所示 tcc898x:/ # cat /system/bin/tcc_dxb_service #!/system/bin/sh echo ---------------- echo RICHGOLD. echo ---------------- tcc898x:/ # cat init.tcc898x.rc (...) on boot (...) start tcc_
tcc898x:/ # cat /system/bin/tcc_dxb_service
#!/system/bin/sh
echo ----------------
echo RICHGOLD.
echo ----------------
tcc898x:/ # cat init.tcc898x.rc
(...)
on boot
(...)
start tcc_dxb_service
(...)
service tcc_dxb_service /system/bin/tcc_dxb_service
class main
user root
u:object_r:tcc_dxb_service_exec:s0
init中的服务执行过程如下
tcc898x:/ # cat /system/bin/tcc_dxb_service
#!/system/bin/sh
echo ----------------
echo RICHGOLD.
echo ----------------
tcc898x:/ # cat init.tcc898x.rc
(...)
on boot
(...)
start tcc_dxb_service
(...)
service tcc_dxb_service /system/bin/tcc_dxb_service
class main
user root
u:object_r:tcc_dxb_service_exec:s0
要添加域,请添加sepolicy文件,如下所示
# cat (Android 8.1 SDK)/device/(vendor)/(product)/sepolicy/tcc_dxb_service.te
type tcc_dxb_service, domain;
type tcc_dxb_service_exec, exec_type, system_file_type, file_type;
init_daemon_domain(tcc_dxb_service)
执行tcc_dxb_维修时,显示以下输出
tcc898x:/ # start tcc_dxb_service
init: could not get context while starting 'tcc_dxb_service'
请告诉我如何在Sepolicy中注册域以运行该服务。
谢谢 你必须
- 将
前置到服务定义的seclabelseclabel
- 将
更改为object\u r
,以及r
- 使用
类型,而不是tcc\u dxb\u服务
tcc\u dxb\u服务执行
FAILED: out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy
/bin/bash -c "(out/host/linux-x86/bin/secilc -M true -G -c 30 out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/tcc898x/obj/ETC/27.0.cil_intermediates/27.0.cil out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil -o out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp -f /dev/null ) && (out/host/linux-x86/bin/sepolicy-analyze out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp permissive > out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ) && (if [ \"eng\" = \"user\" -a -s out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ]; then echo \"==========\" 1>&2; echo \"ERROR: permissive domains not allowed in user builds\" 1>&2; echo \"List of invalid domains:\" 1>&2; cat out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains 1>&2; exit 1; fi ) && (mv out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy )"
neverallow check failed at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:2715
(neverallow base_typeattr_56_27_0 base_typeattr_57_27_0 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
(allow foo foo_exec (file (read getattr map execute entrypoint open)))
neverallow check failed at out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4641 from system/sepolicy/public/domain.te:668
(neverallow base_typeattr_56 base_typeattr_57 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
(allow foo foo_exec (file (read getattr map execute entrypoint open)))
Failed to generate binary
Failed to build policydb
[ 2% 110/5135] build out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
FAILED: out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
/bin/bash -c "out/host/linux-x86/bin/secilc -M true -G -c 30 out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/tcc898x/obj/ETC/27.0.cil_intermediates/27.0.cil out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil -o out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy -f /dev/null"
neverallow check failed at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:2715
(neverallow base_typeattr_56_27_0 base_typeattr_57_27_0 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
(allow foo foo_exec (file (read getattr map execute entrypoint open)))
neverallow check failed at out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4641 from system/sepolicy/public/domain.te:668
(neverallow base_typeattr_56 base_typeattr_57 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
(allow foo foo_exec (file (read getattr map execute entrypoint open)))
Failed to generate binary
Failed to build policydb
ninja: build stopped: subcommand failed.
17:24:01 ninja failed with: exit status 1
#### failed to build some targets (43 seconds) ####
正常生成后将显示以下日志。
执行服务时
# start foo
init: service foo does not have a SELinux domain defined
如何添加域?
请给我一些关于Neveralow的建议
谢谢 试试这个foo.te类型foo,domain;输入foo\u exec、exec\u type、file\u type;(在原始消息中,这里有一个类型exec,而不是exec_type))file_contexts/system/bin/foo u:object_r:foo_exec:s0
echo "-----"
echo "RICHGOLD"
echo "-----"
FAILED: out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy
/bin/bash -c "(out/host/linux-x86/bin/secilc -M true -G -c 30 out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/tcc898x/obj/ETC/27.0.cil_intermediates/27.0.cil out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil -o out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp -f /dev/null ) && (out/host/linux-x86/bin/sepolicy-analyze out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp permissive > out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ) && (if [ \"eng\" = \"user\" -a -s out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ]; then echo \"==========\" 1>&2; echo \"ERROR: permissive domains not allowed in user builds\" 1>&2; echo \"List of invalid domains:\" 1>&2; cat out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains 1>&2; exit 1; fi ) && (mv out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/tcc898x/obj/ETC/sepolicy_intermediates/sepolicy )"
neverallow check failed at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:2715
(neverallow base_typeattr_56_27_0 base_typeattr_57_27_0 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
(allow foo foo_exec (file (read getattr map execute entrypoint open)))
neverallow check failed at out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4641 from system/sepolicy/public/domain.te:668
(neverallow base_typeattr_56 base_typeattr_57 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
(allow foo foo_exec (file (read getattr map execute entrypoint open)))
Failed to generate binary
Failed to build policydb
[ 2% 110/5135] build out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
FAILED: out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy
/bin/bash -c "out/host/linux-x86/bin/secilc -M true -G -c 30 out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/tcc898x/obj/ETC/27.0.cil_intermediates/27.0.cil out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil -o out/target/product/tcc898x/obj/ETC/precompiled_sepolicy_intermediates/precompiled_sepolicy -f /dev/null"
neverallow check failed at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:2715
(neverallow base_typeattr_56_27_0 base_typeattr_57_27_0 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
(allow foo foo_exec (file (read getattr map execute entrypoint open)))
neverallow check failed at out/target/product/tcc898x/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4641 from system/sepolicy/public/domain.te:668
(neverallow base_typeattr_56 base_typeattr_57 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/tcc898x/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6207
(allow foo foo_exec (file (read getattr map execute entrypoint open)))
Failed to generate binary
Failed to build policydb
ninja: build stopped: subcommand failed.
17:24:01 ninja failed with: exit status 1
#### failed to build some targets (43 seconds) ####
# foo sercie
# Integrated foo process
type foo, domain;
type foo_exec, exec,type, file_type;
# started by init
# init_daemon_domain(foo)
# start foo
init: service foo does not have a SELinux domain defined