CODEWITHSUNDEEP
androidandroid-sourceselinux
Edward Falk
Edward Falk

Reputation: 10083

How to create a service in /init.rc?

Following the example given in this post, I added these lines to /init.rc:

on property:dev.bootcomplete=1
    start boot_handler

service boot_handler /system/bin/bc_handler.sh
    class main
    user root
    group root
    disabled
    oneshot

And this /system/bin/bc_handler.sh:

#!/system/bin/sh
echo hi > /data/local/hi.txt

I'm building Android 8.0 for the emulator. When the system starts, I can see that the script didn't run, and this message is seen in the logs:

[  217.280853] init: service boot_handler does not have a SELinux domain defined

I tried changing my service to look like this:

service boot_handler /system/bin/sh /system/bin/bc_handler.sh
    class main
    user root
    group root
    disabled
    oneshot
    seclabel u:r:shell:s0

and now the error is

init: Service 'boot_handler' (pid 1729) killed by signal 1

Is there any documentation on how one adds a new service to Android under SELinux? Or documentation on how to disable SELinux on Android? I've been googling for hours, and all of the information I'm finding seems to be obsolete.

Upvotes: 2

Views: 15618

Answers (1)

cshushu
cshushu

Reputation: 109

You can disable SELinux by setting permissive mode on your running platform

In permissive mode, selinux will only dump warning message

By default, it's in enforcing mode, where any SELinux violation will be denied.

To add a service, you should add file context in file_context, and write a .te file for your service

Here is a basic example and you can dig into more about SELinux

Upvotes: 2

Related Questions