Hi,
I am using iMX 8 Mini EVK for my Project. I build Android 9.0 from AOSP for this board.
Now I want to run a script at boot.
I did following changes in files but still I am facing an issue.
File : Android_AOSP_build/device/fsl/imx8m/evk_8mm/init.rc
service gea3appservice /vendor/bin/sh /vendor/bin/run.sh
class late_start
user root system
group root system
oneshot
File : Android_AOSP_build/device/fsl/imx8m/evk_8mm/sepolicy/gea3appservice.te
# gea3app service
type gea3appservice, domain;
type gea3appservice_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(gea3appservice)
domain_auto_trans(init, vendor_shell_exec, gea3appservice)
File : Android_AOSP_build/device/fsl/imx8m/evk_8mm/sepolicy/file_contexts
/vendor/bin/run.sh u:object_r:gea3appservice_exec:s0
When I manually run service I get following error :
[ 134.010656] type=1400 audit(1564667688.236:3740): avc: denied { dac_read_search } for pid=1 comm="init" capability=2 scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=capability permissive=1
Do anyone know this issue?
I tried with the approach suggested by Android developer site
Writing SELinux Policy | Android Open Source Project
But I get following error
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow gea3appservice gea3appservice_exec:file { execute entrypoint };
I got the same error in AOSP12, can plese you tell me the solution for this
First I was trying to run a script from from vendor/bin.
Now I am trying to run from system/bin. But still facing same issue.
Following are the changes in AOSP:
File : Android_AOSP_build/device/fsl/imx8m/evk_8mm/init.rc
(Added one service named gea3appservicefromsystem in init.rc)
File : Android_AOSP_build/device/fsl/imx8m/evk_8mm/sepolicy/gea3appservicefromsystem.te
(Created new SELinux domain for service )
File : Android_AOSP_build/device/fsl/imx8m/evk_8mm/sepolicy/file_contexts
(To ensure executable properly labeled so SELinux runs the service in the proper domain)
/system/bin/run u:object_r:gea3appservicefromsystem_exec:s0
File : Android_AOSP_build/out/target/product/evk_8mm/system/bin/run
(This is the script which will run at startup)
File : /home/bruvitiadmin/Android_AOSP_build/device/fsl/imx8m/evk_8mm/BoardConfig.mk
(Changed mode of SELinux from enforcing mode to permissive mode)
BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive
File : Android_AOSP_build/device/fsl/imx8m/sepolicy/init.te
(Allow transition for a service to execute)
allow init gea3appservicefromsystem_exec:process {transition};
We build AOSP and flash image. We found that script runs at bootup but application failed to start.
Following are the logs:
When we start service manually in superuser, script run but application fails to start. we get following logs :
Hello,
Have you remounted Android to have permission to modify the system path?
You can make it through adb.
Best regards,
Diego
No. We didn't remount Android.
But now we change the way to run script.
We refer below link:
shell - SELinux prevents my init.rc exec command to execute - Android Enthusiasts Stack Exchange
Hello,
Did you solve the problem? Or are you willing to disable SELinux?
Best regards,
Diego.
Yes I solved the issue
Hi ,
I got same error. can you tell me the solution for this.
Best regards,
N.Suresh.