Added a custom service, the service name is bean, the service is no problem, manually shutting down selinux can run normally.
Established vendor/jiangc/sepolicy in aosp
vendor
└── jiangc
└── sepolicy
├── private
│ └── service_contexts
└── public
├── service.te
└── system_server.te
The content is as follows:
service_contexts:
bean u:object_r:bean_service:s0
service.te
type bean_service, service_manager_type;
system_server.te
allow system_server bean_service:service_manager add;
Then modify the aosp/device/generic/car/emulator/aosp_car_emulator.mk file
At the end append the following: BOARD_VENDOR_SEPOLICY_DIRS += vendor/jiangc/sepolicy
Then compile: source build/envsetup.sh lunch sdk_car_x86-userdebug Start the emulator emulator
Still error: auditd : avc: denied { add } for pid=831 uid=1000 name=bean scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0
I try make clean, recompile, it still doesn't work Tried modifying to
BOARD_PLAT_PUBLIC_SEPOLICY_DIR += vendor/jiangc/sepolicy/public
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += vendor/jiangc/sepolicy/private
BOARD_VENDOR_SEPOLICY_DIRS += vendor/jiangc/sepolicy
it still doesn't work
My problem seems to be solved, the first is that I accidentally changed the file name of service_contexts, and the second is that besides adding
BOARD_VENDOR_SEPOLICY_DIRS += vendor/jiangc/sepolicy
In addition to the mk file, you need to add the following code to the relevant mk
BOARD_PLAT_PUBLIC_SEPOLICY_DIR += vendor/jiangc/sepolicy/public
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += vendor/jiangc/sepolicy/private
finally:
BOARD_PLAT_PUBLIC_SEPOLICY_DIR += vendor/jiangc/sepolicy/public
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += vendor/jiangc/sepolicy/private
BOARD_VENDOR_SEPOLICY_DIRS += vendor/jiangc/sepolicy