前言
在上一篇中,我們已經搭建好了服務端的代碼結構,並且保證編譯通過;
但是由於各種坑的存在,我們無法直接讓服務端跑起來,因此本篇不是寫客戶端調用,而是一篇和編譯規則定義、selinux規則添加等相關的踩坑總集,如果你已經保證服務端已經跑起來了,那麼本篇可以跳過,等下一篇吧;
添加編譯規則
在device/<$vendor>/<$product>/device.mk或等效的位置添加:
PRODUCT_PACKAGES += \
[email protected] \
[email protected]
然後全編譯userdebug版本,刷機;
添加SELinux規則
開機以後會發現service並未啓動,且報瞭如下權限拒絕:
01-29 19:27:59.819 0 0 E init : File /vendor/bin/hw/[email protected](labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined. Have you configured your service correctly? https://source.android.com/security/selinux/device-policy#label_new_services_and_address_denials
01-29 19:27:59.819 0 0 I init : starting service 'example-hal-1-0'...
02-26 10:45:58.440 2978 2978 I auditd : type=1400 audit(0.0:127): avc: denied { execute } for comm="init" name="[email protected]" dev="mmcblk0p48" ino=515 scontext=u:r:init:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0
01-29 19:27:59.822 0 0 E init : cannot execve('/vendor/bin/hw/[email protected]'): Permission denied
02-26 10:45:58.440 2978 2978 W init : type=1400 audit(0.0:127): avc: denied { execute } for name="[email protected]" dev="mmcblk0p48" ino=515 scontext=u:r:init:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0
01-29 19:27:59.828 0 0 I init : Service 'example-hal-1-0' (pid 2978) exited with status 127
01-29 19:27:59.828 0 0 I init : Sending signal 9 to service 'example-hal-1-0' (pid 2978) process group...
顯而易見的selinux權限問題,這裏就直接提供全套了:
file_contexts:
/(system\/vendor|vendor)/bin/hw/vendor\.zsui\.hardware\.example@1\.0-service u:object_r:zsui_hal_exec:s0
hwservice_contexts:
vendor.zsui.hardware.example::IExample u:object_r:zsui_hal_hwservice:s0
hwservice.te
type zsui_hal_hwservice, hwservice_manager_type;
zsui_hal.te
type zsui_hal, domain;
type zsui_hal_exec, exec_type, file_type, vendor_file_type;
add_hwservice(zsui_hal, zsui_hal_hwservice)
init_daemon_domain(zsui_hal)
hwbinder_use(zsui_hal);
allow zsui_hal hwservicemanager_prop:file { read open getattr };
注:名字對應關係請自行修改;
編譯刷機後如果不想回復出廠設置,但是始終無法識別新增的上下文標籤,可以嘗試使用強制刷新label:(需要remount)
adb shell restorecon -R /vendor/bin/hw/[email protected]
重啓手機,然後通過ps指令查看,進程已經跑起來了:
$ adb shell ps -A | grep example
root 513 1 12596 2384 binder_thread_read 0 S [email protected]
坑踩得差不多了,這篇就到這裏了。
下一篇會着重講解JAVA側調用的問題;
文筆有限,若有謬誤,還請指出;
感謝!