Android 9 Custom Service crashes with clean AOSP build

I am working on Android 9. Custom Service will crash immediately after with clean Android 9 build.

But, In incremental build is working proper,

    init: Service 'usb-update' (pid 1773) exited with status 0

After flashed, board boot stopped with following " init: Service ‘usb-update’ (pid 1712) exited with status 1 "

So… helping you with this is going to need a few more things, like details on this “custom service”, including code and what you’ve done to build it into Android (i.e., rc file, makefile, sepolicy, etc.)

Set Selinux policy to permissive mode,

Path : device/fsl/imx8q/mek_8q/BoardConfig.mk

BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive

Create the service,

Path : device/fsl/imx8q/mek_8q/init_car.rc

start usb-update exec - root root system – /system/bin/usb-update.sh

service usb-update /system/bin/usb-update.sh
class main
user root
oneshot
seclabel u:r:init:s0

For Adding the custom service,

Path : device/fsl/imx8q/mek_8q/mek_8q.mk

PRODUCT_FULL_TREBLE_OVERRIDE := false

For execute the service,
Path : device/fsl/imx8q/sepolicy/file_contexts

/system/bin/usb-update.sh u:object_r:init_exec:s0

That’s a pretty superficial look at what you’re doing. I don’t think you can use the init context like that. You’re going to have to write your own context.

And don’t bank on permissive being of much help. Init does its own sepolicy checking.

How about some logs at least?

[ 24.567040] capability: warning: `main’ uses 32-bit capabilities (legacy support in use)
[ 26.883154] type=1400 audit(1574312331.560:31): avc: denied { map } for pid=1866 comm=“update_engine” path="/dev/event-log-tags" dev=“tmpfs” ino=10312 scontext=u:r:update_engine:s0 tcontext=u:object_r:runtime_event_log_tags_file:s0 tclass=file permissive=1
[ 26.905910] type=1400 audit(1574312336.156:32): avc: denied { dac_read_search } for pid=1846 comm=“Binder:1846_1” capability=2 scontext=u:r:installd:s0 tcontext=u:r:installd:s0 tclass=capability permissive=1
[ 27.043460] healthd: battery l=85 v=3 t=35.0 h=2 st=2 c=400 fc=4000000 cc=32 chg=a
[ 27.104893] healthd: battery l=85 v=3 t=35.0 h=2 st=2 c=400 fc=4000000 cc=32 chg=a
[ 27.116612] healthd: battery l=85 v=3 t=35.0 h=2 st=2 c=400 fc=4000000 cc=32 chg=a
[ 27.292579] init: Received control message ‘interface_start’ for ‘android.hardware.vibrator@1.0::IVibrator/default’ from pid: 1685 (/system/bin/hwservicemanager)
[ 27.307130] init: Could not find service hosting interface android.hardware.vibrator@1.0::IVibrator/default
[ 27.317227] init: Received control message ‘interface_start’ for ‘android.hardware.vibrator@1.0::IVibrator/default’ from pid: 1685 (/system/bin/hwservicemanager)
[ 27.332096] init: Could not find service hosting interface android.hardware.vibrator@1.0::IVibrator/default
[ 27.342317] init: Received control message ‘interface_start’ for ‘android.hardware.vibrator@1.0::IVibrator/default’ from pid: 1685 (/system/bin/hwservicemanager)
[ 27.356932] init: Could not find service hosting interface android.hardware.vibrator@1.0::IVibrator/default
[ 27.367309] init: Received control message ‘interface_start’ for ‘android.hardware.ir@1.0::IConsumerIr/default’ from pid: 1685 (/system/bin/hwservicemanager)
[ 27.381624] init: Could not find service hosting interface android.hardware.ir@1.0::IConsumerIr/default
[ 27.407791] init: processing action (sys.sysctl.extra_free_kbytes=*) from (/init.rc:725)
[ 27.424139] init: Received control message ‘interface_start’ for ‘android.hardware.vr@1.0::IVr/default’ from pid: 1685 (/system/bin/hwservicemanager)
[ 38.968372] type=1400 audit(1574312336.156:32): avc: denied { dac_read_search } for pid=1846 comm=“Binder:1846_1” capability=2 scontext=u:r:installd:s0 tcontext=u:r:installd:s0 tclass=capability permissive=1
[ 38.973122] init: Received control message ‘interface_start’ for ‘android.hardware.oemlock@1.0::IOemLock/default’ from pid: 1685 (/system/bin/hwservicemanager)
[ 38.988474] type=1400 audit(1574312388.664:33): avc: denied { dac_read_search } for pid=1713 comm=“Binder:1713_3” capability=2 scontext=u:r:vold:s0 tcontext=u:r:vold:s0 tclass=capability permissive=1
[ 39.001237] init: Could not find service hosting interface android.hardware.oemlock@1.0::IOemLock/default
[ 61.190476] type=1400 audit(1574312388.664:33): avc: denied { dac_read_search } for pid=1713 comm=“Binder:1713_3” capability=2 scontext=u:r:vold:s0 tcontext=u:r:vold:s0 tclass=capability permissive=1
[ 61.208394] type=1400 audit(1574312410.888:34): avc: denied { read } for pid=1712 comm=“usb-update.sh” name=“media_rw” dev=“tmpfs” ino=8655 scontext=u:r:usb-update:s0 tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=1
[ 61.208567] audit: audit_lost=15 audit_rate_limit=5 audit_backlog_limit=64
[ 61.229117] type=1400 audit(1574312410.888:34): avc: denied { read } for pid=1712 comm=“usb-update.sh” name=“media_rw” dev=“tmpfs” ino=8655 scontext=u:r:usb-update:s0 tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=1
[ 61.235811] audit: rate limit exceeded
[ 61.237875] init: Service ‘usb-update’ (pid 1712) exited with status 1
[ 61.256443] type=1400 audit(1574312410.888:35): avc: denied { open } for pid=1712 comm=“usb-update.sh” path="/mnt/media_rw" dev=“tmpfs” ino=8655 scontext=u:r:usb-update:s0 tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=1
[ 61.287681] type=1400 audit(1574312410.888:35): avc: denied { open } for pid=1712 comm=“usb-update.sh” path="/mnt/media_rw" dev=“tmpfs” ino=8655 scontext=u:r:usb-update:s0 tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=1
[ 61.308656] type=1400 audit(1574312410.888:36): avc: denied { getattr } for pid=2168 comm=“usb-update.sh” path="/system/bin/toybox" dev=“dm-0” ino=1371 scontext=u:r:usb-update:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1
[ 61.329989] type=1400 audit(1574312410.888:36): avc: denied { getattr } for pid=2168 comm=“usb-update.sh” path="/system/bin/toybox" dev=“dm-0” ino=1371 scontext=u:r:usb-update:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1
[ 61.351227] type=1400 audit(1574312410.888:37): avc: denied { execute } for pid=2168 comm=“usb-update.sh” name=“toybox” dev=“dm-0” ino=1371 scontext=u:r:usb-update:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1
[ 61.371493] type=1400 audit(1574312410.888:37): avc: denied { execute } for pid=2168 comm=“usb-update.sh” name=“toybox” dev=“dm-0” ino=1371 scontext=u:r:usb-update:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1
[ 61.391676] type=1400 audit(1574312410.888:38): avc: denied { read open } for pid=2168 comm=“usb-update.sh” path="/system/bin/toybox" dev=“dm-0” ino=1371 scontext=u:r:usb-update:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1
[ 81.762527] healthd: battery l=85 v=3 t=35.0 h=2 st=2 c=400 fc=4000000 cc=32 chg=a
[ 81.896850] healthd: battery l=85 v=3 t=35.0 h=2 st=2 c=400 fc=4000000 cc=32 chg=a

Thanks & Regards,

VinothS,

[ 61.237875] init: Service ‘usb-update’ (pid 1712) exited with status 1

Ok look. I’m through trying to squeeze details out of you. Nobody can help you unless you provide ALL OF THE DETAILS.

Post the code. Without that, NOBODY CAN GUESS what you are doing wrong.

Thank you doitright,

I got this problem in clean build even though success (init: Service ‘usb-update’ (pid 1712) exited with status 0). I am debugging now. I will get back you with some solutions.

Regards,
VinothS,

@VINOTHKUMAR_S ,
I am facing same error in android 10.
May I know, have you solution for this ?

I creates separate service.

Please follow my link,

thanks for your reply.I have followed same link.
Initially i got error while adding “start usb-update” and “exec - root root system – /system/bin/usb-update.sh” in int.rc
Invalid keyword ‘start’
Invalid keyword ‘exec’

I have added like this in init.rc
on init
start verifyusb
exec - root root system – /system/bin/verifyusb.sh
service verifyusb /system/bin/verifyusb.sh
class main
user root
oneshot
seclabel u:r:init:s0

am I doing correctly .

Device is rebooting always and I got below error.

[ 4.640096] audit: type=1400 audit(1586307796.851:5): avc: denied { getattr } for pid=1 comm=“init” path="/system/bin/verifyusb.sh" dev=“dm-0” ino=753 scontext=u:r:init:s0 tcontext=u:object_r:verifyusb_exec:s0 tclass=file permissive=1.

Should not use init. Please create your own label.

seclabel u:r:init:s0
Sorry, please follow this link,

https://community.nxp.com/thread/518570

thanks for your support.
While compiling source code ,getting below error:

ibsepol.report_failure: neverallow on line 1029 of system/sepolicy/public/domain.te (or line 14463 of policy.conf) violated by allow verifyusb verifyusb_exec:file { read getattr map execute entrypoint open };
libsepol.report_failure: neverallow on line 952 of system/sepolicy/public/domain.te (or line 14295 of policy.conf) violated by allow verifyusb verifyusb_exec:file { execute entrypoint };
libsepol.check_assertions: 2 neverallow failures occurred
Error while expanding policy

Did you apply my patches ?

yes,
if I comment , init_daemon_domain(verifyusb) source code compiling ,
ow getting above error.

Will you please provide your patch.

Can you please check this link:

Can please clarify to me ,
you are disabled sepolocy
.BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive

is there any need to Define sepolicy.

That only affects the kernel. init still uses the sepolicy separately.

Can you please guide , how cam overcome from this issue.

I have followed shared link.

getting message in dmesg

[ 264.717149] type=1400 audit(1586487575.017:66): avc: denied { getattr } for comm=“yyyyy” path="/system/bin/blkid" dev=“overlay” ino=20098 scontext=u:r:yyyyy:s0 tcontext=u:object_r:blkid_exec:s0 tclass=file permissive=1
[ 264.717295] type=1400 audit(1586487575.017:67): avc: denied { execute } for comm=“yyyyy” name=“blkid” dev=“dm-0” ino=411 scontext=u:r:yyyyy:s0 tcontext=u:object_r:blkid_exec:s0 tclass=file permissive=1
[ 265.536090] init: Service ‘yyyyy’ (pid 6332) exited with status 0
[ 267.576033] init: Received control message ‘start’ for ‘yyyyy’ from pid: 6335 (start yyyyy)
[ 267.576509] init: starting service ‘yyyyy’…
[ 268.421581] init: Service ‘yyyyy’ (pid 6336) exited with status 0