1.系统中增加的脚本,发现有权限问题但是实际之前在 /vendor/etc/selinux/vendor_file_contexts中配置了selinux权限,可能因为中间在系统中修改导致现在没有执行权限,报错如下:
init : Command ‘start share’ action=xxx=true (/vendor/etc/init/init.common.rc:93) took 0ms and failed: Could not start service: File /vendor/bin/start.sh(labeled “u:object_r:vendor_file:s0”) has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined. Have you configured your service correctly? https://source.android.com/security/selinux/device-policy#label_new_services_and_address_denials. Note: this error shows up even in permissive mode in order to make auditing denials possible.
现在不先全编译系统重新刷机先在当前系统修改,验证可行方案1如下:
我的系统中已经配置了
/vendor/etc/selinux/vendor_file_contexts selinux权限,未知原因还报selinux权限问题,手动修改方案如下:
restorecon -v /vendor/bin/start.sh
chcon u:object_r:vendor_init_exec:s0 /vendor/bin/start.sh
验证后面不在报上面selinux 权限问题
方案2 没有验证,如下:
修改 .rc 文件(/vendor/etc/init/init.common.rc 第73行附近):
service share /vendor/bin/start.sh
class main
seclabel u:r:vendor_share_script:s0 # 定义自定义域
确保 start.sh 允许 init 执行:
chmod 755 /vendor/bin/start.sh
chown root:shell /vendor/bin/start.sh