在AOSP引导时运行shell脚本 [英] Run shell script at boot in AOSP
问题描述
我正在为我的项目使用iMX 8 Mini EVK.我为此板从AOSP构建Android 9.0. 现在,我想在启动时运行脚本. 我做了以下文件更改,但仍然遇到问题.
I am using iMX 8 Mini EVK for my Project. I build Android 9.0 from AOSP for this board. Now I want to run a script at boot. I did following changes in files but still, I am facing an issue.
文件:Android_AOSP_build/device/fsl/imx8m/evk_8mm/init.rc
service gea3appservice /vendor/bin/sh /vendor/bin/run.sh
class late_start
user root system
group root system
oneshot
文件:Android_AOSP_build/device/fsl/imx8m/evk_8mm/sepolicy/gea3appservice.te
type gea3appservice, domain;
type gea3appservice_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(gea3appservice)
domain_auto_trans(init, vendor_shell_exec, gea3appservice)
文件:Android_AOSP_build/device/fsl/imx8m/evk_8mm/sepolicy/file_contexts
/vendor/bin/run.sh u:object_r:gea3appservice_exec:s0
当我手动运行服务时,出现以下错误:
When I manually run service I get following error :
[134.010656]类型= 1400审核(1564667688.236:3740):AVC:拒绝了{dac_read_search}的pid = 1 comm ="init"功能= 2 scontext = u:r:init:s0 tcontext = u:r:init :s0 tclass = capability permissive = 1
[ 134.010656] type=1400 audit(1564667688.236:3740): avc: denied { dac_read_search } for pid=1 comm="init" capability=2 scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=capability permissive=1
有人知道这个问题吗?
我尝试了Android开发者网站建议的方法
I tried with the approach suggested by the Android developer site
https://source.android.com/security/selinux/device-policy
但是我收到以下错误
libsepol.report_failure:allowallow gea3appservice gea3appservice_exec:file {execute entrypoint};违反了system/sepolicy/public/domain.te的第1002行(或policy.conf的第11242行)
libsepol.report_failure: neverallow on line 1002 of system/sepolicy/public/domain.te (or line 11242 of policy.conf) violated by allow gea3appservice gea3appservice_exec:file { execute entrypoint };
推荐答案
这对我有用
在我拥有的init.mydevice.rc中
in init.mydevice.rc i have
on property:sys.boot_completed=1
start init-myservice-sh
service init-myservice-sh /vendor/bin/init.myscript.sh
class main
user root
group root system
disabled
oneshot
这是init.myscript.sh
and this is init.myscript.sh
#!/system/bin/sh
echo '################# It works ##################'
cd /system/app
ls -hal
在device/myvendor/mydevice/sepolicy文件夹中,我有file_contexts
in device/myvendor/mydevice/sepolicy folder i have file_contexts with
/vendor/bin/init\.myscript\.sh u:object_r:init-myservice_exec:s0
和init-myservice.te
and init-myservice.te
type init-myservice, domain;
type init-myservice_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(init-myservice)
allow init-myservice vendor_shell_exec:file rx_file_perms;
allow init-myservice vendor_toolbox_exec:file rx_file_perms;
当然,您必须将脚本复制到bin目录中
of course you have to copy your script to the bin dir
PRODUCT_COPY_FILES += \
$(LOCAL_PATH)/init.myscript.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.myscript.sh
和在BoardConfig.mk中
and in BoardConfig.mk
BOARD_SEPOLICY_DIRS := device/myvendor/mydevice/sepolicy
在我的控制台中,我可以看到
in my console i can see this
console:/ $ dmesg | grep myservice
[ 21.098013] init: starting service 'init-myservice-sh'...
[ 21.148562] init: Command 'start init-myservice-sh' action=sys.boot_completed=1 (/vendor/etc/init/hw/init.mydevice.rc:66) took 51ms and succeeded
然后尝试
console:/ $ init.myscript.sh
################# It works ##################
有关详细信息,请参见本文 https://source.android.com/security/selinux/device-policy#label_new_services_and_address_denials
for moor details see this article https://source.android.com/security/selinux/device-policy#label_new_services_and_address_denials
这篇关于在AOSP引导时运行shell脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!