按需求建了一个开机启动的脚本
1.建立myshell.sh脚本 ,放在device/rockchip/rk3399内
#!/system/bin/sh
//启动之后一直循环
while true;do
//对应操作
sleep 1
done
2.建立对应的myshell.te文件,放在device/rockchip/common/sepolicy内
device/rockchip/common/sepolicy/myshell.te
type myshell, domain;
type myshell_exec, exec_type, file_type;
init_daemon_domain(myshell)
//添加对应功能的授权
allow myshell init_tmpfs:file create_file_perms;
allow myshell self:capability { dac_override net_admin net_raw setgid setuid };
allow myshell device:dir { open read };
allow myshell shell:lnk_file { read };
allow myshell rootfs:lnk_file { getattr };
allow myshell socket_device:sock_file { write };
allow myshell shell_exec:file { getattr read};
allow myshell fuse:dir { search write add_name getattr};
allow myshell fuse:file { create write open getattr};
allow myshell system_file:file { execute_no_trans};
avc权限添加 可参考:https://blog.csdn.net/tq501501/article/details/103556837
3. 添加到 system/core/rootdir/init.rc
service myshell /system/bin/myshell.sh
user root
group root
disabled
#在init.rc中启动该服务
on property:sys.boot_completed=1
start myshell
chown root shell /system/bin/myshell.sh
chmod 0550 /system/bin/myshell.sh
4.修改device/rockchip/common/sepolicy/file_contexts
#add for glgps
/system/bin/glgps u:object_r:gpsd_exec:s0
+/system/bin/myshell.sh u:object_r:myshell_exec:s0
5.修改device/rockchip/rk3399/rk3399.mk //添加脚本到板子的system/bin内
PRODUCT_COPY_FILES += vendor/rockchip/common/phone/etc/apns-full-conf.xml:system/etc/apns-conf.xml
PRODUCT_COPY_FILES += vendor/rockchip/common/phone/etc/spn-conf.xml:system/etc/spn-conf.xml
+PRODUCT_COPY_FILES += device/rockchip/rk3399/myshell.sh:system/bin/myshell.sh
6. 修改system/sepolicy/file_contexts
添加以下(注意此处不要加.sh)
/system/bin/myshell u:object_r:myshell_exec:s0