How to add service in android 9

[Humayun Ajmal]

HI All.

I am trying to add a service which is added by system_server to services list. But I am getting following exception.

01-01 21:32:02.299  1391  1391 E SystemServer: java.lang.SecurityException

01-01 21:32:02.299  1391  1391 E SystemServer: at android.os.BinderProxy.transactNative(Native Method)

01-01 21:32:02.299  1391  1391 E SystemServer: at android.os.BinderProxy.transact(Binder.java:1127)

01-01 21:32:02.299  1391  1391 E SystemServer: at android.os.ServiceManagerProxy.addService(ServiceManagerNative.java:153)

01-01 21:32:02.299  1391  1391 E SystemServer: at android.os.ServiceManager.addService(ServiceManager.java:184)

01-01 21:32:02.299  1391  1391 E SystemServer: at android.os.ServiceManager.addService(ServiceManager.java:155)

01-01 21:32:02.299  1391  1391 E SystemServer: at com.android.server.SystemServer.startOtherServices(SystemServer.java:837)

01-01 21:32:02.299  1391  1391 E SystemServer: at com.android.server.SystemServer.run(SystemServer.java:437)

01-01 21:32:02.299  1391  1391 E SystemServer: at com.android.server.SystemServer.main(SystemServer.java:300)

01-01 21:32:02.299  1391  1391 E SystemServer: at java.lang.reflect.Method.invoke(Native Method)

01-01 21:32:02.299  1391  1391 E SystemServer: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)

01-01 21:32:02.299  1391  1391 E SystemServer: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:838)

01-01 21:32:02.299  1391  1391 I SystemServer: StartContentService

01-01 21:32:02.299  1391  1391 I SystemServiceManager: Starting com.android.server.content.ContentService$Lifecycle

01-01 21:32:02.299  1391  1391 I SystemServer: InstallSystemProviders

I have added following permission in device/<vendor>/sepolicy files

./sepolicy/private/service.te 

      type ueventtest_service,          app_api_service, system_server_service, system_api_service, service_manager_type;

./sepolicy/private/system_server.te 

    allow system_server ueventtest_service:service_manager add;

./sepolicy/private/service_contexts 

         <AIDL package>                       u:object_r:ueventtest_service:s0

[JamLab]

is there any "avc:denied " log?

[phantom]

I have run into the same issue.  Did not have time to figure out all the security policy and not to stop my development, so I did the next best thing.  I disable the permission checking.

In the file frameworks/native/cmds/servicemanager/service_manager.c, always returns true for function check_mac_perms().

 64 static bool check_mac_perms(pid_t spid, uid_t uid, const char *tctx, const char *perm, const char *name)

 65 {

 66     (void)spid;

 67     (void)uid;

 68     (void)tctx;

 69     (void)perm;

 70     (void)name;

 71     return true;

 72 }

Cheers,

Tom

[Steven Moreland]

Try audit2allow to find the necessary permissions or setenforce 0 (on the device, `BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive`). Please don't ever disable checks in the code like this or suggest anyone to do it. It is extremely easy to forget about a restriction removing change, and in this case, it compromises the device.

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/3979a1d5-b57f-432f-ad36-c3261ed7c364%40googlegroups.com.

[Steven Moreland]

Also, the original issue. Perhaps it shouldn't be "<AIDL package>" but the service name in the context files. Looking at "avc: denied" logs (or, when you're getting started, at audit2allow output) is the best thing to do here. There isn't enough information in the original email to understand the problem definitively.