0

I am working on custom Android build, where prebuilt should be included as a system app. Simply, this app adds VPN profile and open links after it.

I've done the following with no result. I left no stones unturned.

  1. First, I add the APK to packages/apps/<app name>, and include its module name in build/make/target/product/base_system.mk to be include in the /system. It successfully included in /system/priv-apps/. Reference
  2. Following these steps, I re-signed the APK as a system apps & added android:sharedUserId="android.uid.system" to application. Successfully done and checked it with adb shell ps -Z | grep system_app.
  3. Selinux policy denied most of operation used audit2allow and added the allow statements to system/sepolicy/public/init.te.

Result: the app installed but seems the OS blocked some of its services/processes or something and cannot operate properly, I also found this I/system_server: oneway function results will be dropped but finished with status OK and parcel size 4.

AFAIK, System apps gain access to an extremely high level of system. But this is not what is happening.

Why does Sepolicy denies a system_app request? Is there any wrong with these steps? What should I do in order to make the app work properly?

Update.

the app include prebuilt .so files and now the error is that the app cannot run these files.

Cannot run program "/system/priv-app/****/lib/arm64/libovpnexec.so": error=2, No such file or directory
amrro
  • 1,526
  • 17
  • 21
  • "the app installed but seems the OS blocked some of its services/processes or something and cannot operate properly" You shuold add more info as to what permission is not being given, or being blocked if anyone is to help out. As is, there is not enough info. – Rick Sanchez Dec 08 '20 at 22:28
  • There's no permission blocked. I've add whitelist privileged permission already. and checked using `privapp_permissions.py`. I cannot figure out, at the moment, which process is blocked. But why selinux denies `system_app` request? please if there any tools should I use, point them out to me. – amrro Dec 09 '20 at 10:44
  • In SELinux everything is denied unless explicitly allowed. Set SELinux in permissive mode to see if the problem is there or not ( permissive mode just logs, doesnt block ): adb root && adb shell setenforce 0 – Rick Sanchez Dec 09 '20 at 10:48
  • @RickSanchez , I tried that but I get this error: `setenforce: Couldn't set enforcing status to '0': Invalid argument`. – amrro Dec 09 '20 at 11:18
  • hey @RickSanchez , I updated the question. Kindly, take a look again. – amrro Dec 09 '20 at 13:09
  • See this question and my answer to it: https://stackoverflow.com/questions/64735430/adding-pre-built-apk-vpn-in-aosp-crashes – Rick Sanchez Dec 09 '20 at 13:15
  • Thanks, @RickSanchez, you helped a lot. I tried `LOCAL_PREBUILT_JNI_LIBS` but it didn't work, still cannot find the files. I copied the files with the build to its path and `chmod` it due to `error=13 permission denied` and it worked. – amrro Dec 10 '20 at 09:40
  • Would you please tell me where exactly `LOCAL_PREBUILT_JNI_LIBS` copies the `*.so` files? FYI, I am using this `context.getApplicationInfo().nativeLibraryDir` to access it. – amrro Dec 10 '20 at 09:41

0 Answers0