Wednesday, 5 November 2014

SELinux / SEAndroid Exceptions for System Services

Posted by Karun at 02:29 Labels: , , , , , 5 comments
When attempting to add System Services for Android 4.4.4, permission may be denied due to the Security Enhanced (SE) Linux Mechanism. Below is a console log output from Android 4.4.4's boot process whilst trying to add a user defined service named 'foo'. Line 3 shows permission denied by SELinux for an 'add' operation.

For security, SELinux operates on a whitelist policy where services must be forward declared in an exceptions list in order to be granted permission to run. The intention is to prohibit any unwanted services granted themselves potentially dangerous permissions hence 'enhancing' the overall security and integrity of the operating system. Read more about SELinux here.

There are 2 methods to allow user defined system services

1. Add exceptions entries the the SELinux service list (recommended)

Android's SELinux service list is stored in file:

/external/sepolicy/service_contexts

'foo' can be added to the list as a system service as shown in the snippet below.


2. Disable the SELinux Mechanism

The SELinux mechanism can be disabled altogether by altering Linux's initialization process. The init.rc found in

/system/core/rootdir/init.rc

must be modified to include setenforce 0. Alternatively, setenforce 1 or removing the command would re-enable SElinux. The command has been included in init.rc under on init in the snippet below.

Monday, 4 August 2014

Python Script for Location Updates

Posted by Karun at 05:57 Labels: , , , , , , 0 comments
Below is a simple python script to automate location updates to the emulator.


Saturday, 2 August 2014

Location Updates within a Service

Posted by Karun at 17:49 0 comments
Requesting location updates within a remote service may cause the following exception:

runException Can't create handler inside thread that has not called Looper.prepare()

The requestLocationUpdates() function requires access to a Looper to deal with messages in a queue. When calling this method in a background service, the method may not implicitly have access to the threads Looper. Defining the thread's Looper explicitly by adding an additional argument 'Looper.getMainLooper()' deals with the issue.


Friday, 1 August 2014

Dealing with System Service Dependencies

Posted by Karun at 08:36 Labels: , , , , 1 comments
As an example of a case where a system service depends on another, below is the constructor for a 'test' service which when constructed, initializes a location manager.


The 'test' service requires that the 'LocationManagerService' is running before 'test' is created so that it can successfully initialize  a location manager.

When Android is started, 'init' is a component of the bootloader sequence which initializes a number of daemons which run continuously whilst the operating system is running.

One of those daemons 'Zygote' is the process responsible for starting system services. It does this by executing the initAndLoop() function of the SystemServer Class.

SystemServer located in frameworks/base/services/java/com/android/server/SystemServer.java

In order to ensure 'LocationManagerService' is running before 'test' service, place the 'test' service's addService code anywhere below that of the 'LocationManagerService'.



Saturday, 26 July 2014

GPS Location updates in AOSP Emulator

Posted by Karun at 07:55 Labels: , , 0 comments
Mock GPS location values can be set once the emulator is running by connecting to the virtual device via telnet on port 5554 and using the 'geo fix' command to set longitude and latitude values.

More info at http://developer.android.com/tools/help/emulator.html

Wednesday, 23 July 2014

Using Google Cloud Messaging with AOSP

Posted by Karun at 04:48 Labels: , , , 2 comments
Google Cloud Messaging for Android (GCM) may have once an open source library within AOSP but the service has since been superseded by GCM within Google Play Services.

Google Play Services being proprietary software is not included in AOSP hence using GCM with open code requires use of the now deprecated GCM library.

The GCM repository is available from 
https://code.google.com/p/gcm/source/checkout 


As I am using GCM on the client side, the folder of interest to me is gcm/gcm-client-deprecated


If using GCM within the android's services, the library must be included to be built with the Android framework by copying it to the framework directory.



After rebuilding Android, GCM would be included in the framework and can be imported by apps/services eg. if using the GCM Registrar, import as follows.


Subscribe to: Posts (Atom)