Hikey970 compilation failed for AOSP 8.1

Hi All,
We are facing issue while compiling the AOSP source code for Hikey970 Board with the below error:

build/make/core/Makefile:28: error: overriding commands for target `out/target/product/hikey970/system/vendor/lib/libc_secshared.so’, previously defined at build/make/core/base_rules.mk:418
08:46:12 ckati failed with: exit status 1

Please let us know if anybody has succeeded in overcoming this issue while compiling the source code.

Thanks
Uthra

Hi All,
After I did a ‘repo sync’ again, the source started compiling and I am getting a new compilation error as below:


2 warnings generated.
[ 34% 29644/86415] build out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/reqd_policy_mask.cil
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/reqd_policy_mask.conf
out/host/linux-x86/bin/checkpolicy: policy configuration loaded
out/host/linux-x86/bin/checkpolicy: writing CIL to out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/reqd_policy_mask.cil
[ 34% 29647/86415] build out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows
FAILED: out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows
/bin/bash -c “(rm -f out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows ) && (ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -c 30 -o out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/policy.conf )”
device/linaro/hikey/sepolicy/hostapd.te:4:ERROR ‘unknown type hostapd’ at token ‘;’ on line 45529:

hostapd no longer directly accesses /data outside /data/vendor.

typeattribute hostapd data_between_core_and_vendor_violators;
checkpolicy: error(s) encountered while parsing configuration
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/policy.conf
[ 34% 29649/86415] build out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/plat_pub_policy.cil
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/plat_pub_policy.conf
out/host/linux-x86/bin/checkpolicy: policy configuration loaded
out/host/linux-x86/bin/checkpolicy: writing CIL to out/target/product/hikey970/obj/ETC/sepolicy_neverallows_intermediates/plat_pub_policy.cil.tmp
06:35:47 ninja failed with: exit status 1

failed to build some targets (42:06 (mm:ss))

If anyone has resolved this issue and able to boot up the Hikey 970 board with compiled image, please post the solution applied.

Thanks in advance
Uthra

Hi,
I see the same error when compiling,:
device/linaro/hikey/sepolicy/hostapd.te:4:ERROR ‘unknown type hostapd’ at token ‘;’ on line 49024:
Have you solved this problem?

Hi,

Does any body solve this problem?

Thanks

Hi ehsan,
Please refer to this link:

Hi :slight_smile:
I saw it and compile by commenting hostapd.te, but in this way wifi does not work and I require wifi. Also it is slow I think in side of gpu, should I added driver or something for gpu, wifi, … before or afyer building AOSP ?

Thanks,
Ehsan

Start by setting selinux to permissive, then work out the required policy changes, and then re-enable selinux.

Use the kernel parameter androidboot.selinux=permissive

Thanks for your reply.

Would you please explain about that.

You mean it is not required to comment hostapd.te and instaed set selinux to permissive. If yes how we can add androidboot.selinux=permissive
Because I don’t know what is this.

Thanks,
Ehsan

You still need to comment hostapd.te, or it will not compile. You set the kernel parameter in the kernel commandline (look in your android device tree… /device/linaro/hikey/{something}/BoardConfig.mk).

Setting selinux to permissive means that it will NOTIFY you (via dmesg/logcat) when selinux policy is violated, but it WILL NOT BLOCK THE ACTION as it does when it is enforcing.

By default, selinux blocks EVERYTHING. Your selinux policy is a complex set of rules about what is allowed. Think of it as a whitelist. The whitelist has to be compiled into a binary form that selinux can deal with. In the compilation process, other rules are also considered in deciding whether a whitelist is valid – a “blacklist”, written as “neverallow” rules. These rules aren’t actually added to the policy, they’re just used to VALIDATE it.

So when you see in that error log that a neverallow rule was violated, what that means is that some rule is in the whitelist that is now considered inappropriate and has been denied. It therefore will refuse to compile.

So now instead of actually fixing the policy, the policy is being deleted (as you say, “commented”). But the policy was originally added for some reason – it was NEEDED in order to get the device to work as intended. So while the compiler warning is silenced, the action being requested is now being denied by selinux since it is not on the whitelist of allowed actions. That is why selinux needs to be (temporarily) set to permissive, because it MUST do something that selinux WILL DENY.

But you also have to be aware that having selinux set to permissive is not a correct way to run anything – all the protection that it is there to provide you with, will be turned off. It is a development option that allows you to see what WILL be denied when the policy is set to enforce, so that you can write policy (whitelist) that will allow your operations to complete.

1 Like