Android系统10 RK3399 init进程启动(四十四) 实战Android开机自启动脚本_android execute_no_trans

 配套系列教学视频链接：

      安卓系列教程之ROM系统开发-百问100ask

说明

系统：Android10.0

设备： FireFly RK3399 （ROC-RK3399-PC-PLUS）

前言

init.rc中的命令实际是有限的， 如果需要执行常见shell的脚本， init.rc是没法满足需求的， 所以在实际开发中经常需要开机启动shell脚本的事情。上个章节介绍了如何开机启动可执行程序(代码类)，本章节重点介绍如何开机启动一个shell脚本。

---

一，需求

1. 开机需要通过mkfifo创建一个FIFO文件，可用于进程间通信。
2. 开机设置永久不锁屏，就是设置一个锁屏超时事件。
3. 等待开机完成之后， 获取某个进程(如installd)的pid， 并设置pid到某个属性。

二，脚本内容

vim device/rockchip/qh100_rk3399/test_se/scripts/myboot.sh 

#!/vendor/bin/sh
 
#for fifo
/system/bin/mkfifo     /dev/testfifo
/system/bin/chmod  777 /dev/testfifo
 
#for screen timemout
log -t QHDebug "QH ready to settings screen_off_timeout"
/system/bin/cmd settings put system screen_off_timeout 2147483647
 
while [ true ]
do
        bootComplete=$(getprop dev.bootcomplete)
        if [ $bootComplete = 1 ] ; then
                processid=$(/system/bin/ps -elf | grep installd | grep -v grep |  /system/bin/awk '{print $2}')
                log -t QHDebug "get installd process id = ${processid}"
                setprop vendor.test.installd.pid ${processid}
                break;
        else
                sleep 3
        fi
done

vim device/rockchip/qh100_rk3399/test_se/scripts/myboot.rc

service mybootscript /vendor/bin/myboot.sh
    class main
    user root
    group root system
    oneshot

vim device/rockchip/qh100_rk3399/test_se/scripts/Android.bp

cc_prebuilt_binary {

    name: "mybootscript",

    srcs: ["myboot.sh"],

    init_rc: ["myboot.rc"],

    strip: {

        none: true,

    },

    proprietary: true,

}

 三，脚本selinux权限配置

device/rockchip/qh100_rk3399/test_se/sepolicy$ vim myboot_script.te

# subject context in proccess status

type  mybootscript_dt, domain;

# object context as a file

type mybootscript_dt_exec, exec_type, vendor_file_type, file_type;

#grant perm as domain

init_daemon_domain(mybootscript_dt)

device/rockchip/qh100_rk3399/test_se/sepolicy$ vim file_contexts

/dev/myse_dev    u:object_r:myse_testdev_t:s0

/vendor/bin/myse_test                   u:object_r:myse_test_dt_exec:s0

/vendor/bin/prop_test                   u:object_r:myprop_test_dt_exec:s0

/vendor/bin/myservice                   u:object_r:myservice_dt_exec:s0

/vendor/bin/myboot.sh                   u:object_r:mybootscript_dt_exec:s0

编译：

make selinux_policy -j2

更新开发板：

adb -s QUMJHIRADP  push .\src\myboot.rc  /vendor/etc/init

.\src\myboot.rc: 1 file pushed, 0 skipped. 0.0 MB/s (94 bytes in 0.015s)

adb -s QUMJHIRADP  push .\src\myboot.sh  /vendor/bin/

.\src\myboot.sh: 1 file pushed, 0 skipped. 2.2 MB/s (676 bytes in 0.000s)

adb -s QUMJHIRADP  push  .\binary\selinux\vendor\selinux\  /vendor/etc/

.\binary\selinux\vendor\selinux\: 13 files pushed, 0 skipped. 15.1 MB/s (1508225 bytes in 0.095s)

adb -s QUMJHIRADP   push .\binary\selinux\odm\selinux\  /odm/etc/

.\binary\selinux\odm\selinux\: 3 files pushed, 0 skipped. 14.1 MB/s (482632 bytes in 0.033s)

adb -s QUMJHIRADP shell restorecon  /vendor/bin/myboot.sh

adb -s QUMJHIRADP reboot

重启之后检验：

qh100_rk3399:/ $ getprop | grep myboot

[init.svc.mybootscript]: [stopped]

[ro.boottime.mybootscript]: [4269393251]

qh100_rk3399:/ $ getenforce

Permissive

qh100_rk3399:/ $ logcat -s QHDebug

--------- beginning of system

--------- beginning of main

03-08 13:24:57.824   363   363 I QHDebug : QH ready to settings screen_off_timeout

03-08 13:25:07.236  1213  1213 I QHDebug : get installd process id = 324

^C

130|qh100_rk3399:/ $ ps -elf | grep installd

root           324     1 1 13:24:56 ?     00:00:00 installd

shell         1730  1484 1 13:25:47 pts/0 00:00:00 grep installd

qh100_rk3399:/ $ getprop vendor.test.installd.pid

324

以上结果说明，脚本也基本执行正常，并且也是只执行了一次。

另外通过搜索avc关键词，查看该脚本其实还缺很多权限：

#============= mybootscript_dt ==============

allow mybootscript_dt binder_device:chr_file { ioctl map open read write };

allow mybootscript_dt device:dir { add_name write };

allow mybootscript_dt device:fifo_file { create getattr setattr };

allow mybootscript_dt exported3_system_prop:file { getattr map open read };

allow mybootscript_dt init:unix_stream_socket connectto;

allow mybootscript_dt property_socket:sock_file write;

allow mybootscript_dt servicemanager:binder call;

allow mybootscript_dt system_file:file { execute execute_no_trans getattr map open read };

allow mybootscript_dt toolbox_exec:file { execute execute_no_trans getattr map open read };

allow mybootscript_dt vendor_toolbox_exec:file execute_no_trans;

但是以上权限如果加入到te文件中，你会发现基本编译不过，主要原因是android的treble计划中，vendor访问的权限被严格限制，很多规则不能通过neverallow的规则。如果想要编译通过，并且能保证enforcing模式也能运行，建议将脚本编译到system分区，大家感兴趣的可以将我以上的红色部分，改成system。

编译报错日志：

libsepol.report_failure: neverallow on line 1033 of system/sepolicy/public/domain.te (or line 12581 of policy.conf) violated by allow mybootscript_dt toolbox_exec:file { read getattr map execute execute_no_trans open };

libsepol.report_failure: neverallow on line 1033 of system/sepolicy/public/domain.te (or line 12581 of policy.conf) violated by allow mybootscript_dt system_file:file { read getattr map execute execute_no_trans open };

libsepol.report_failure: neverallow on line 956 of system/sepolicy/public/domain.te (or line 12413 of policy.conf) violated by allow mybootscript_dt toolbox_exec:file { execute execute_no_trans };

libsepol.report_failure: neverallow on line 956 of system/sepolicy/public/domain.te (or line 12413 of policy.conf) violated by allow mybootscript_dt system_file:file { execute execute_no_trans };

libsepol.report_failure: neverallow on line 679 of system/sepolicy/public/domain.te (or line 11818 of policy.conf) violated by allow mybootscript_dt servicemanager:binder { call };

libsepol.report_failure: neverallow on line 633 of system/sepolicy/public/domain.te (or line 11734 of policy.conf) violated by allow mybootscript_dt binder_device:chr_file { ioctl read write map open };

libsepol.check_assertions: 6 neverallow failures occurred