android 在AOSP中声明服务

h7wcgrx3  于 2022-11-03  发布在  Android
关注(0)|答案(1)|浏览(266)

作为培训课程的一部分,我需要在AOSP中声明一个服务,并在 Boot 时调用它。问题是培训已经过时了,我正在一个物理机器上工作,项目是不同的。
规格:安卓版本:12 Android软件开发工具包:31
总之,我已经用C语言构建了一个名为“exd”的模块,它存储在/system/bin/中,当手动调用它时,它可以正常工作。
我在init.product.rc文件中添加了以下内容:

service exd /system/bin/exd
    oneshot

on boot
    start exd

但是当我构建并下载到设备上时,服务列表并不显示它,而且它在 Boot 时也不启动。
接下来,我将exd.te文件添加到sepolicy文件夹:

type exd, domain;
type exd_exec, domain;
init_daemon_domain(exd)

并将以下行添加到file_contexts中:

/system/bin/exd u:object_r:exd_exec:s0

当我调用build时,它会失败,并显示以下消息:

Error while expanding policy
[ 39% 60/151] //system/sepolicy:sepolicy.recovery Compiling cil files for sepolicy.recovery [common]
FAILED: out/soong/.intermediates/system/sepolicy/sepolicy.recovery/android_common/sepolicy
out/host/linux-x86/bin/secilc -m -M true -G -c 30 out/soong/.intermediates/system/sepolicy/recovery_sepolicy.cil/android_common/recovery_sepolicy.cil -o out/soong/.intermediates/system/sepolicy/sepolicy.recovery/android_common/sepolicy_policy -f /dev/null && cp -f out/soong/.intermediates/system/sepolicy/sepolicy.recovery/android_common/sepolicy_policy out/soong/.intermediates/system/sepolicy/sepolicy.recovery/android_common/sepolicy && rm -f out/soong/.intermediates/system/sepolicy/sepolicy.recovery/android_common/sepolicy_policy # hash of input list: 187605db6ee3f7580bafd9adbd0101d2c2a0d02f423bb7efa74ee537c43d35ce
neverallow check failed at out/soong/.intermediates/system/sepolicy/recovery_sepolicy.cil/android_common/recovery_sepolicy.cil:8770 from system/sepolicy/public/domain.te:1240
  (neverallow base_typeattr_197 domain (file (execute execute_no_trans entrypoint)))
    <root>
    allow at out/soong/.intermediates/system/sepolicy/recovery_sepolicy.cil/android_common/recovery_sepolicy.cil:28846
      (allow init exd_exec (file (read getattr map execute open)))
    <root>
    allow at out/soong/.intermediates/system/sepolicy/recovery_sepolicy.cil/android_common/recovery_sepolicy.cil:28848
      (allow exd exd_exec (file (read getattr map execute open entrypoint)))

Failed to generate binary
Failed to build policydb
10:35:34 ninja failed with: exit status 1

我试了所有我在网上找到的方法都没有用。奇怪的是,还有一个叫“bugreport”的服务,它几乎被明确地声明为我的,但是它被列在“service list”命令之后。
在这一点上,即使是指出一个好的方向将是伟大的我。

7xllpg7q

7xllpg7q1#

您将得到neverallow,这基本上是Android在说您正在尝试执行SEPolicy定义中不允许的操作。您需要为您的服务创建一个包含SEPolicy规则的.te文件。
SEPolicy文件的示例如下:

type myservice_exec, exec_type, file_type, system_file_type;
typeattribute myservice coredomain;

# myservice servicemanager and binder access

allow shell myservice:binder { call transfer };
allow servicemanager myservice:dir search;
allow servicemanager myservice:file { open read };
allow servicemanager myservice:process getattr;
allow myservice servicemanager:binder { call transfer};
allow myservice system_server:binder call;

init_daemon_domain(myservice)

注意第二行。你错过了这一点,这很可能就是为什么你会得到一个neverallow问题。

相关问题