AndroidP 开机自启动程序
1. code
-
main.c
#include <stdio.h> int main() { int i = 10; while (i--) printf("test_for_customer, this bin is built for running on boot\n"); return 0; }
-
rc文件
service just_test /system/bin/test_for_customer class core oneshot console disabled on property:sys.boot_completed=1 start just_test
上述code比较简单,需要添加一个rc文件编译到/etc/init路径下在开机时使用
2. 编译
-
Android.bp
cc_binary { name: "test_for_customer", srcs: ["main.c"], init_rc: ["test_for_customer.rc"], shared_libs: ["libc"], vendor: false }
-
device.mk
PRODUCT_PACKAGES += test_for_customer
添加在结尾部分即可;
3. selinux权限添加
- 在device/vendor/project/sepolicy/ 目录下三个路径分别添加$(xxx).te
- 在file_contexts中添加对应路径的执行权限
3.1 编译问题
libsepol.report_failure: neverallow on line 1015 of system/sepolicy/public/domain.te(or line 11301 of policy.conf) violated by allow test_for_customer_exec:file{ execute };
上述提示为添加的domain 规则与domain.te中1015行冲突,而对应限制为system无法执行vendor下的可执行程序,所以需要将domain中vendor_file_type去除;
3.2 运行时权限缺少提示
<3>Itype=1400 audit(1608531912.719:50): avc: denied { ioctl } for pid=2582
comm=“test_for_custom” path="/dev/console" dev=“tmpfs” ino=335
ioctlcmd=0x5401 scontext=u:r:test_for_customer:s0
tcontext=u:object_r:console_device:s0 tclass=chr_?le permissive=1
关键信息:
- 缺少的权限:denied { ioctl }
- 哪个缺少的权限(就是对应的哪个 te 文件):
scontext=u:r:test_for_customer:s0 - 对谁缺少权限(就是对哪个文件/目录等缺少操作的权限):
tcontext=u:object_r:console_device:s0 - 具体类型(文件/目录):tclass=chr_?le
则需要添加信息为(test_for_customer.te):
allow test_for_customer console_device:chr_file{read ioctl write getattr};
4. 编译
-
单独编译demo程序
source ./build/envsetup.sh lunch mmm vendor/autochips/propreietary/tests/test_for_cusotmer
-
单独编译sepolicy程序
./prebuilts/build-tools/linux-x86/bin/ninja -f ./out/combined-full_xxx.ninja sepolicy