完善资料让更多小伙伴认识你,还能领取20积分哦, 立即完善>
3天内不再提示
|
有两个步骤
1、脚本添加 device/rockchip/common/init.rockchip.rc中添加: service my_start_service /system/bin/sh /system/bin/my_start_service.sh user root disabled oneshot on property:sys.boot_completed=1 Start my_start_service device/rockchip/rk3399下创建my_start_service.sh device/rockchip/rk3399/rk3399.mk中添加脚本拷贝: PRODUCT_COPY_FILES += device/rockchip/rk3399/my_start_service.sh:system/bin/my_start_service.sh 2、Selinux域添加domain 只有第一步会报错: Init: service my_start_service does not have a SELinux domain defined 添加并定义my_start_service的te文件: device/rockchip/common/sepolicy下添加my_start_service.te: type my_start_service,domain,mlstrustedsubject; type my_start_service_exec,exec_type,file_type; init_demon_domain(my_start_service) device/rockchip/common/sepolicy/file_contexts中定义start.sh的安全上下文: /system/bin/start.sh u:object_r:my_start_service_exec:s0 3、仍然报错SELinux domain defined 以上操作后还是报错: Init: service my_start_service does not have a SELinux domain defined 根据查阅发现,在service后面还需加上seclabel: service my_start_service /system/bin/sh /system/bin/my_start_service.sh user root disabled onshot seclabel u:r:my_start_service:s0 在启动Service前将seclabel设置为seclabel. 主要用于在rootfs上启动的service,比如ueventd, adbd。在系统分区上运行的service使其有自己的SELinux安全策略,如果不设置,默认使用init的安全策略。 4、添加my_start_service.te文件 devicerockchipcommonsepolicymy_start_service.te type my_start_service,domain,mlstrustedsubject; type my_start_service_exec,exec_type,file_type; init_daemon_domain(my_start_service) allow my_start_service shell_exec:file { getattr read }; allow my_start_service system_file:file { execute_no_trans}; allow my_start_service toolbox_exec:file { getattr execute read open execute_no_trans }; allow my_start_service rootfs:lnk_file { getattr }; allow my_start_service net_data_file:file { read open getattr }; allow my_start_service my_start_service:netlink_route_socket { create setopt bind getattr write nlmsg_write read }; allow my_start_service my_start_service:rawip_socket { create getopt setopt }; allow my_start_service my_start_service:capability { net_admin net_raw }; allow my_start_service my_start_service:udp_socket { create ioctl }; allow my_start_service proc:file { read open getattr }; allow my_start_service netd_socket:sock_file { write }; allow my_start_service netd:unix_stream_socket { connectto }; allow my_start_service proc_net:file { write open }; allow my_start_service shell_exec:file { entrypoint }; allow my_start_service property_socket:sock_file { write }; allow my_start_service net_radio_prop:property_service{ set }; allow my_start_service init:unix_stream_socket { connectto }; allow my_start_service net_data_file:dir { search}; allow rild net_radio_prop:property_service { set }; allow rild pppoe_data_file:dir { search write add_name }; allow rild pppoe_data_file:file { write open getattr create }; allow rild toolbox_exec:file { execute read open execute_no_trans getattr}; allow rild system_prop:property_service { set }; allow rild net_radio_prop:property_service { set }; #添加规则 如 allow my_start_service net_data_file:dir { search}; 权限:search 服务:my_start_service 源文件:net_data_file 目标文件:dir my_start_service.sh #!/system/bin/sh setprop net.ppp0.dns1 8.8.8.8 setprop net.ppp0.dns2 8.8.4.4 ip rule add from all lookup main pref 9999 ifconfig eth0 down ifconfig eth0 up busybox ifconfig eth0 192.168.43.1 ndc netd 5003 tether start 192.168.43.2 192.168.43.254 ndc netd 7 nat enable eth0 ppp0 2 10.6.194.114/24 echo 1 >/proc/sys/net/ipv4/ip_forward iptables -t nat -I PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to-destination 8.8.8.8 service my_start_service /system/bin/sh /system/bin/my_start_service.sh user root disabled oneshot on property:sys.boot_completed=1 Start my_start_service |
|
|
|
|
你正在撰写答案
如果你是对答案或其他答案精选点评或询问,请使用“评论”功能。
基于米尔瑞芯微RK3576核心板/开发板的人脸疲劳检测应用方案
569 浏览 0 评论
839 浏览 1 评论
737 浏览 1 评论
1957 浏览 1 评论
3204 浏览 1 评论
/6 
关注我们的微信
下载发烧友APP
电子发烧友观察
版权所有 © 湖南华秋数字科技有限公司
电子发烧友 (电路图) 湘公网安备 43011202000918 号 电信与信息服务业务经营许可证:合字B2-20210191
工商网监
湘ICP备2023018690号
1230
评论
淘帖
1566
