I am working on developing an Android native executable service which is launched by init(I register it in init.rc) when system boots up. This native executable creates a socket listening on 0.0.0.0:4615 and is supposed to accept connections from outside.
OS is Android K; it runs on a development kit which has Ethernet interface for plugging it onto a Lan.
I have done the test running the same native executable in adb shell as root. It works fine - an external socket client on my Windows machine can connect to the native executable and send/recv message successfully. When I have it launched by init, it listens to 0.0.0.0:4615 successfully, but the external socket client cannot connect to it - connection refused.
The snippet I added in init.rc is:
service msger-daemon /system/bin/msgerd
class main
When "ps" to check the user of msgerd, we found it was root.
Please help, thanks!
Solved by adding a SE policy file under $TOP/external/sepolicy, the content of that file is:
# File types must be defined for file_contexts.
type msgerd, domain;
type msgerd_exec, exec_type, file_type;
init_daemon_domain(msgerd)
permissive msgerd;
# Add msgerd to various domains
net_domain(msgerd)
allow msgerd self:capability { net_admin net_raw };
If anyone would like to review and advice, welcome!