.te: ERROR 'Duplicate declaration of type' at token ';' on line 60116

Trying run shell script in device boot-up time using init.rc.

I have followed below steps:

1.Created shell script and placed into /system/bin/usbmountd.sh

2.Added usbmountd.sh in inir.rc.

service usbmountd /system/bin/usbmountd.sh
user system
disabled
oneshot

3.Add a new Domain “usbmountd.te” in the location of device/broadcom/XXX/sepolicy/treble/ usbmountd.te

type usbmountd, domain;

type usbmountd_exec, exec_type, file_type;

init_daemon_domain(usbmountd)

domain_auto_trans(init, usbmountd_exec, usbmountd)

4.Add the Label “/system/bin/usbmountd.sh” to device/broadcom/XXX/sepolicy/treble/file_contexts

    /system/bin/usbmountd     u:object_r: _exec:s0

5.Added in device/broadcom/xxx/sepolicy/xxx/file.te

type usbmountd_exec, system_file_type, file_type;

getting below compilation error. Can you please help to handle this error.

[ 81% 747/921] build out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows FAILED: out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows /bin/bash -c “(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -c 30 -o out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/policy.conf ) && (out/host/linux-x86/bin/sepolicy-analyze out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp neverallow -w -f out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/policy_2.conf || ( echo “” 1>&2; echo “sepolicy-analyze failed. This is most likely due to the use” 1>&2; echo “of an expanded attribute in a neverallow assertion. Please fix” 1>&2; echo “the policy.” 1>&2; exit 1 ) ) && (touch out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp ) && (mv out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows )” device/xxx/xxx/sepolicy/treble/usbmountd.te:3:ERROR ‘Duplicate declaration of type’ at token ‘;’ on line 60116: type usbmountd_exec, exec_type, file_type; type usbmountd, domain; checkpolicy: error(s) encountered while parsing configuration

No. You create a new file “usbmountd.rc”, and add it to your service’s Android.bp as init_rc: ["usbmountd.rc"], – which will install your rc file into /vendor/etc/init/usbmountd.rc

Why?
Remove that line. Its probably what is triggering your error.

I presume you mean something more like /system/bin/usbmountd u:object_r:usbmountd_exec:s0 ???

What board are you using? I’m not aware of ANY 96boards device with a broadcom SoC.

@doitright Thanks for you reply. I am new to this and i’m totally blocked.
I just want run script in device boot-up time. For the reason I am including my script in init.rc.
Am I going proper way??

And I have tried like this:
changed from /system/bin/usbmountd u:object_r: _exec:s0 to /vendor/bin/usbmountd u:object_r: _exec:s0

Code is compiled and flashed imaged to board, but i am facing issue like this

init: starting service 'usbmountd '…
[ 1350.212500] init: Service 'usbmountd ’ (pid 6923) received signal 11
[ 1350.212626] init: Sending signal 9 to service 'usbmountd ’ (pid 6923) process group…
[ 1350.213261] libprocessgroup: Successfully killed process cgroup uid 0 pid 6923 in 0ms
[ 1350.213917] init: updatable process 'usbmountd ’ exited 4 times in 4 minutes
[ 1350.221191] init: Init cannot set ‘ro.init.updatable_crashing’ to ‘1’: Read-only property was already set

To add service in sepolicy:
I have followed below steps to create and register service in sepolicy

Steps 1: Create script file
verifyusb.sh
#!/system/bin/sh
echo “Hello USB”
+++some logic ++

step 2 : verifyusb.sh copied into system/bin/
LOCAL_DEVICE_MEDIA := device/xxx/XXX/verifyusb.sh:system/bin/verifyusb.sh

step 3 : added verifyusb.sh into init.rc
device/xxx/xxx/rcs/init.rc

on boot
exec - root root system readproc – /system/bin/verifyusb.sh

step 4 : Created .te file
Path : device/xxx/xxx/sepolicy/xxx/verifyusb.te
type verifyusb, domain;
type verifyusb_exec, exec_type, file_type;
init_daemon_domain(verifyusb)

Step 5 : register file in to device/xxx/xxx/sepolicy/xxx/file_contexts

/system/bin/verifyusb.sh u:object_r:verifyusb_exec:s0

Step 6 : Compiled and got this error:

[ 98% 902/918] build out/target/product/xxx/obj/ETC/sepolicy_tests_intermediates/sepolicy_tests
FAILED: out/target/product/xxx/obj/ETC/sepolicy_tests_intermediates/sepolicy_tests
/bin/bash -c “(out/host/linux-x86/bin/sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/xxx/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/xxx/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -p out/target/product/xxx/obj/ETC/sepolicy_intermediates/sepolicy ) && (touch out/target/product/xxx/obj/ETC/sepolicy_tests_intermediates/sepolicy_tests )”
The following types on /system/ must be associated with the “system_file_type” attribute: verifyusb_exec

Step7 :To resolve above error added “system_file_type” verifyusb.te file.
type verifyusb, domain;
type verifyusb_exec, system_file_type, exec_type, file_type;
init_daemon_domain(verifyusb)

step8 : Complied source code got another error:

        [ 89% 818/918] build out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows

FAILED: out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows
/bin/bash -c “(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -c 30 -o out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/policy.conf ) && (out/host/linux-x86/bin/sepolicy-analyze out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp neverallow -w -f out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/policy_2.conf || ( echo “” 1>&2; echo “sepolicy-analyze failed. This is most likely due to the use” 1>&2; echo “of an expanded attribute in a neverallow assertion. Please fix” 1>&2; echo “the policy.” 1>&2; exit 1 ) ) && (touch out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp ) && (mv out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows.tmp out/target/product/xxx/obj/ETC/sepolicy_neverallows_intermediates/sepolicy_neverallows )”
libsepol.report_failure: neverallow on line 1029 of system/sepolicy/public/domain.te (or line 14463 of policy.conf) violated by allow verifyusb verifyusb_exec:file { read getattr map execute entrypoint open };
libsepol.report_failure: neverallow on line 952 of system/sepolicy/public/domain.te (or line 14295 of policy.conf) violated by allow verifyusb verifyusb_exec:file { execute entrypoint };
libsepol.check_assertions: 2 neverallow failures occurred
Error while expanding policy
14:43:54 ninja failed with: exit status 1
build/make/core/main.mk:21: recipe for target ‘run_soong_ui’ failed
make: *** [run_soong_ui] Error 1