问题描述
我想在启动时执行一个可执行文件在带有 Android 5.1 的目标板上,所以我在 init.rc 中添加:
I want to excute an executable on boot On a target board with Android 5.1 so I add this in init.rc:
on boot
start myservice
service myservice /system/bin/myservice
#class main
user root
group root
#oneshot
我完成了拆包和重新打包工作.
但是,当进行更改时,屏幕会继续打印:
I did the unpack and repack job.
When changes are made, however, the screen keeps printing:
init warning: Service myservice needs a SELinux domain defined. Please fix.
type=1400 ... avc:denied ... scontext ... tcontext ... #some annoying warning messages like this
SELinux 对我来说似乎是一个巨大的项目.我只是想避免这种情况.我尝试了两种方法:
SELinux seems a huge project for me. I just want to avoid that. I tried two approaches:
1. setenv kernelargs 'console=ttyS0,115200n8 rootdelay=1 selinux=0' and saveenv
2. set enforce 0
对于方法 1,printenv
给出结果:
For method 1, printenv
gives the result:
kernelargs=console=ttyS0,115200n8 rootdelay=1 selinux=0
所以你看,已经做出了改变.但是重新启动后警告消息会继续打印.
对于方法 2,它说:
So you see, changes have been made. But the warning messages keeps printing after rebooting.
For method 2, it says:
Could not set enforce status. Permission denied.
所以现在我陷入了两难境地,不知道该去哪里.我的问题:
So now I'm trapped in the dilema have no idea where to go. My questions:
- 有人知道如何在 android 中禁用或设置许可模式吗?
- 如果我想为新服务定义域,我应该修改哪些文件?
此外,ls -Z/system/bin/myservice
给出了这个:
u:object_r:system_file:s0
推荐答案
你需要 su 来设置许可模式.或者您需要源代码来禁用SELinux,例如在内核配置中禁用SELinux,或在device/vendor_name/product_name/BoardConfig.mk 中的BOARD_KERNEL_CMDLINE 中禁用SELinux.
you need su to set permissive mode. Or you need source code to disable SELinux, such as disable SELinux in kernel config, or disable SELinux in BOARD_KERNEL_CMDLINE in device/vendor_name/product_name/BoardConfig.mk.
如果您有源代码,您可以根据需要定义新域.
if you have the source code, you can define the new domain as you wish.
请参考Android官方文档:https://source.android.com/security/selinux/device-policy
Please refer to the Android official documents: https://source.android.com/security/selinux/device-policy
部分:标记新服务和地址拒绝
section: Label new services and address denials
这篇关于init 警告:服务 myservice 需要定义一个 SELinux 域.请修复的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!