SELinux permission Denied new framework service in android

Question

SELinux permission Denied new framework service in android

I added a new System Service to Android Framework in early releases (4.4) following this tutorial from Texas Instruments

But when I try to do a similar thing in Android Lollipop the SELinux policy prevents me from doing this. This is the output from logcat.

05-11 15:49:51.362   248   248 I SystemServer: Test Service Starting
05-11 15:49:51.364   248   248 I TestManagerService: Started Test Manager Service
05-11 15:49:51.370    54    54 E SELinux : avc:  denied  { add } for service=TestManagerService scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager
05-11 15:49:51.371    54    54 E ServiceManager: add_service('TestManagerService',28) uid=1000 - PERMISSION DENIED
05-11 15:49:51.378   248   248 E SystemServer: Failure starting TestManagerService
05-11 15:49:51.378   248   248 E SystemServer: java.lang.SecurityException
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.BinderProxy.transactNative(Native Method)
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.BinderProxy.transact(Binder.java:496)
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.ServiceManagerProxy.addService(ServiceManagerNative.java:150)
05-11 15:49:51.378   248   248 E SystemServer:  at android.os.ServiceManager.addService(ServiceManager.java:72)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.server.SystemServer.startOtherServices(SystemServer.java:551)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.server.SystemServer.run(SystemServer.java:257)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.server.SystemServer.main(SystemServer.java:171)
05-11 15:49:51.378   248   248 E SystemServer:  at java.lang.reflect.Method.invoke(Native Method)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:723)
05-11 15:49:51.378   248   248 E SystemServer:  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:613)

I don't want to disable SELinux policy. I just want the policy to authorize my new service. What should I do?

+3

android selinux

Jamsheed kamarudeen May 11 '15 at 10:55

source to share

5 answers

To file:

Android-dev \ external \ sepolicy \ service.te

Add to

enter mytest_service, system_api_service, system_server_service, service_manager_type;

To file:

Android-dev \ external \ sepolicy \ service_contexts

Add to

mytestservice u: object_r: mytest_service: s0

where is mytestservice

your naming service

This will help me

+4

Artem 24 Mar 16 at 10:46

source to share

In Android 7.1.1 the service_contexts file has moved to system / sepolicy

add service "foo" to policy add to file service_contexts

foo u: object_r: foo_service: s0

And in service.te add:

enter foo_service, app_api_service, system_server_service, service_manager_type;

A device-specific policy can be created by adding the service_contexts and service.te file in the devices sepolicy directory: device / myDevice / versionName / sepolicy

+1

Aaron thompson 08 Sep 17 at 15:29

source to share

Any idea how to add above seploicy changes to Android P

0

Pause 05 dec. At 10:22

source to share

add to your sepolicy file

allow system_server default_android_service: service_manager add

-2

gladman 02 jul. 15 at 15:15

source to share

Asad Ali · Accepted Answer · 2015-05-24T22:13:15+0000

Check this link: http://androidosp.blogspot.com.tr/2014/11/selinux-seandroid-exceptions-for-system.html

You can just go to: / external / sepolicy / service_contexts

and add a new service. This is it!

SELinux permission Denied new framework service in android

More articles: