This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 11-04 14:40:39.271 312 312 I SystemServer: Foo Service | |
| 11-04 14:40:39.273 312 312 I FooService: Spawned worker thread | |
| 11-04 14:40:39.275 51 51 E SELinux : avc: denied { add } for service=foo scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager | |
| 11-04 14:40:39.276 51 51 E ServiceManager: add_service('foo',48) uid=1000 - PERMISSION DENIED | |
| 11-04 14:40:39.278 312 312 E SystemServer: Failure starting FooService Service | |
| 11-04 14:40:39.278 312 312 E SystemServer: java.lang.SecurityException | |
| 11-04 14:40:39.278 312 312 E SystemServer: at android.os.BinderProxy.transact(Native Method) | |
| 11-04 14:40:39.278 312 312 E SystemServer: at android.os.ServiceManagerProxy.addService(ServiceManagerNative.java:150) | |
| 11-04 14:40:39.278 312 312 E SystemServer: at android.os.ServiceManager.addService(ServiceManager.java:72) | |
| 11-04 14:40:39.278 312 312 E SystemServer: at com.android.server.ServerThread.initAndLoop(SystemServer.java:834) | |
| 11-04 14:40:39.278 312 312 E SystemServer: at com.android.server.SystemServer.main(SystemServer.java:1217) | |
| 11-04 14:40:39.278 312 312 E SystemServer: at java.lang.reflect.Method.invoke(Native Method) | |
| 11-04 14:40:39.278 312 312 E SystemServer: at java.lang.reflect.Method.invoke(Method.java:372) | |
| 11-04 14:40:39.278 312 312 E SystemServer: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:772) | |
| 11-04 14:40:39.278 312 312 E SystemServer: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:585) |
1. Add exceptions entries the the SELinux service list (recommended)
Android's SELinux service list is stored in file:
'foo' can be added to the list as a system service as shown in the snippet below.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * | |
| */ | |
| drm.drmManager u:object_r:drmserver_service:s0 | |
| dropbox u:object_r:system_server_service:s0 | |
| entropy u:object_r:system_server_service:s0 | |
| ethernet u:object_r:system_server_service:s0 | |
| foo u:object_r:system_server_service:s0 | |
| gfxinfo u:object_r:system_server_service:s0 | |
| hardware u:object_r:system_server_service:s0 | |
| hdmi_control u:object_r:system_server_service:s0 | |
| inputflinger u:object_r:inputflinger_service:s0 | |
| input_method u:object_r:system_server_service:s0 | |
| /* | |
| * | |
| */ |
2. Disable the SELinux Mechanism
The SELinux mechanism can be disabled altogether by altering Linux's initialization process. The init.rc found in
must be modified to include setenforce 0. Alternatively, setenforce 1 or removing the command would re-enable SElinux. The command has been included in init.rc under on init in the snippet below.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # early init commands | |
| # | |
| on init | |
| # disable Security Enhanced Linux | |
| setenforce 0 | |
| sysclktz 0 | |
| loglevel 3 | |
| # | |
| # other on init commands | |
| # |
5 comments:
Thank you~ It's very useful for me~ ^^
Hi,
How would I know if disabling has helped me? i.e., I have added setenforce 0 in my code and rebuilt, but the error SecurityException persists... What do I do???
Any help plzzzzzzzzzz...
Hi Asad ali,
You can check the setenforce status by using
adb shell getenforce
Make sure the output is Permissive and not enforcing.
For me it is showing as "Enforcing", How to change to "Permissive"?
Post a Comment