在 AOSP 中启动时运行 shell 脚本 [英] Run shell script at boot in AOSP

查看:43
本文介绍了在 AOSP 中启动时运行 shell 脚本的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的项目使用的是 iMX 8 Mini EVK.我从 AOSP 为这块板构建了 Android 9.0.现在我想在启动时运行一个脚本.我确实对文件进行了更改,但仍然遇到问题.

I am using iMX 8 Mini EVK for my Project. I build Android 9.0 from AOSP for this board. Now I want to run a script at boot. I did following changes in files but still, I am facing an issue.

文件:Android_AOSP_build/device/fsl/imx8m/evk_8mm/init.rc

service gea3appservice /vendor/bin/sh /vendor/bin/run.sh 
  class late_start
  user root system
  group root system
  oneshot

文件:Android_AOSP_build/device/fsl/imx8m/evk_8mm/sepolicy/gea3appservice.te

type gea3appservice, domain;
type gea3appservice_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(gea3appservice)

domain_auto_trans(init, vendor_shell_exec, gea3appservice)

文件:Android_AOSP_build/device/fsl/imx8m/evk_8mm/sepolicy/file_contexts

/vendor/bin/run.sh   u:object_r:gea3appservice_exec:s0

当我手动运行服务时出现以下错误:

When I manually run service I get following error :

[134.010656] type=1400 audit(1564667688.236:3740): avc: denied { dac_read_search } for pid=1 comm="init" ability=2 scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=capability permissive=1

[ 134.010656] type=1400 audit(1564667688.236:3740): avc: denied { dac_read_search } for pid=1 comm="init" capability=2 scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=capability permissive=1

有人知道这个问题吗?

我尝试了 Android 开发者网站建议的方法

I tried with the approach suggested by the Android developer site

https://source.android.com/security/selinux/device-policy

但我收到以下错误

libsepol.report_failure:在 system/sepolicy/public/domain.te 的第 1002 行(或 policy.conf 的第 11242 行)上的 neverallow 被允许 gea3appservice gea3appservice_exec:file { execute entrypoint } 违反;

libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow gea3appservice gea3appservice_exec:file { execute entrypoint };

推荐答案

这对我有用

在 init.mydevice.rc 中我有

in init.mydevice.rc i have

on property:sys.boot_completed=1
    start init-myservice-sh

service init-myservice-sh /vendor/bin/init.myscript.sh
    class main
    user root
    group root system
    disabled
    oneshot

这是 init.myscript.sh

and this is init.myscript.sh

#!/system/bin/sh

echo '#################  It works  ##################'
cd /system/app
ls -hal

在 device/myvendor/mydevice/sepolicy 文件夹中,我有 file_contexts

in device/myvendor/mydevice/sepolicy folder i have file_contexts with

/vendor/bin/init\.myscript\.sh      u:object_r:init-myservice_exec:s0

和 init-myservice.te

and init-myservice.te

type init-myservice, domain;
type init-myservice_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(init-myservice)

allow init-myservice vendor_shell_exec:file rx_file_perms;
allow init-myservice vendor_toolbox_exec:file rx_file_perms;

当然你必须把你的脚本复制到bin目录

of course you have to copy your script to the bin dir

PRODUCT_COPY_FILES += \
 $(LOCAL_PATH)/init.myscript.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.myscript.sh

在 BoardConfig.mk 中

and in BoardConfig.mk

BOARD_SEPOLICY_DIRS := device/myvendor/mydevice/sepolicy

在我的控制台中我可以看到这个

in my console i can see this

console:/ $ dmesg | grep myservice                                             
[   21.098013] init: starting service 'init-myservice-sh'...
[   21.148562] init: Command 'start init-myservice-sh' action=sys.boot_completed=1 (/vendor/etc/init/hw/init.mydevice.rc:66) took 51ms and succeeded

试试这个

console:/ $ init.myscript.sh
#################  It works  ##################

有关沼泽的详细信息,请参阅本文 https://source.android.com/security/selinux/device-policy#label_new_services_and_address_denials

for moor details see this article https://source.android.com/security/selinux/device-policy#label_new_services_and_address_denials

这篇关于在 AOSP 中启动时运行 shell 脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆