SEAndroid 添加 mytest

http://blog.csdn.net/kongbaidepao/article/details/63254666 解决案例
http://blog.csdn.net/kongbaidepao/article/details/68491932 命令 概念

输出文件qcom
out/target/produce/版本/obj/etc/sepolicy_intermediates/ policy.conf

1.编写脚本放入qcom 或者 mtk 平台下 （可以依附在 system_app 或 system_server）

#mytest
type mytest, domain, mlstrustedsubject;
type mytest_exec, exec_type, file_type;


# Make transition from init to backup service domain
init_daemon_domain(backup_service)
unix_socket_connect(backup_service, property, init)
..
..

2.mk

# Board specific SELinux policy variable definitions
ifeq ($(call is-vendor-board-platform,QCOM),true)
LOCAL_PATH:= $(call my-dir)
BOARD_SEPOLICY_DIRS := \
       $(BOARD_SEPOLICY_DIRS) \
       $(LOCAL_PATH) \
       $(LOCAL_PATH)/common \
       $(LOCAL_PATH)/test \
       $(LOCAL_PATH)/$(TARGET_BOARD_PLATFORM)

endif

BOARD_SEPOLICY_UNION := \
       mytest.te \

3.system/core/rootdir/init.rc

service mytestservice    /system/bin/sh /system/vendor/bin/aaa.sh
    seclabel u:r:mytest:s0  
    disabled
    oneshot

4.domain.te neverallow 规则

   neverallow {
        domain
        -test   
        -appdomain
        -installd
        -uncrypt  
   } app_data_file:lnk_file read;

5.脚本
aaa.sh

6.编译

在对应模块加入编译文件

include $(CLEAR_VARS)
LOCAL_MODULE := aaa.sh
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_CLASS := EXECUTABLES
LOCAL_SRC_FILES := assets/aaa.sh
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR_EXECUTABLES)
include $(BUILD_PREBUILT)

include $(CLEAR_VARS)
LOCAL_MODULE := tartool
LOCAL_MODULE_STEM := busybox
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_CLASS := EXECUTABLES
LOCAL_SRC_FILES := assets/busybox
LOCAL_MODULE_PATH := $(TARGET_OUT_EXECUTABLES)
include $(BUILD_PREBUILT)


# other ok
#PRODUCT_COPY_FILES += $(LOCAL_PATH)/aaa.sh:system/bin/aaa.sh  

PRODUCT.mk
PRODUCT_PACKAGES += \
    aaa.sh \
    tartool \

7.
SystemService.start(“mytestservice”);

8.配置读写 (mytest 添加权限)

property.te

type backup_prop, property_type;

property_contexts.te

persist.sys.shflag       ubject_r:mytest:s0



sh   setprop "persist.sys.shflag" 0

java SystemProperties.set("persist.sys.shflag", "0");
      SystemProperties.get("persist.sys.shflag", "0");

9.系统 file.te

# Compatibility with type names used in vanilla Android 4.3 and 4.4.
typealias audio_data_file alias audio_firmware_file;
# /data/data subdirectories - app sandboxes
type app_data_file, file_type, data_file_type;
type autoplay_data_file, file_type, data_file_type;
# /data/data subdirectory for system UID apps.
type system_app_data_file, file_type, data_file_type, mlstrustedobject;
# Compatibility with type name used in Android 4.3 and 4.4.
typealias app_data_file alias platform_app_data_file;
typealias app_data_file alias download_file;
...
...

1. 问题未解决，

   按照 9 添加自己的file type

   qcom 6.0 在 file.te 中添加自己的自定义type ( type my_data , file_type , data_file_type )，烧入boot后， 就会开不开机

   7.0 后面再试