我在init.rc文件中添加了一个服务,在init.usb.configfs.rc中,在对应驱动加载的位置创建一个脚本/dev/cmd/run.sh,我通过服务运行这个脚本以及使用exec - root root -- /system/bin/sh /dev/cmd/run.sh运行,在启动日志中提示service does not have a SELinux domain defined以及(/system/bin/sh) does not have a SELinux domain defined。
我按照Android官网上的selinux policy的说明进行设置,发现还是输出 does not have a SELinux domain defined。
The service is launched in our device’s init.<target>.rc file as:
service foo /system/bin/foo
class core
Create a new domain "foo"
Create the file device/<oem>/<target>/sepolicy/foo.te
with the following contents:# foo servicetype foo, domain;type foo_exec, exec_type, file_type;init_daemon_domain(foo)
This is the initial template for the foo SELinux domain, to which you
can add rules based on the specific operations performed by that executable.Label /system/bin/foo
Add the following to device/<oem>/<target>/sepolicy/
file_contexts:/system/bin/foo u:object_r:foo_exec:s0
This makes sure the executable is properly labeled so SELinux runs the
service in the proper domain.Build and flash the boot and system images.
