AOSP system service getting avc denied error while trying to add service from SystemServer

Question

Hi I am adding my koushikservice in aospCodebase/frameworks/base/services/java/com/android/server/SystemServer.java like this

KoushikService koushikservice = null;
            try{
                traceBeginAndSlog("KOUSHIK_SERVICE adding trace");
                koushikservice = new KoushikService(mSystemContext);
                ServiceManager.addService(Context.KOUSHIK_SERVICE,koushikservice);
            }catch(Throwable e){
                Slog.e(TAG, "Starting KOUSHIK_SERVICE failed!!! ", e);
            }
            traceEnd();

I am getting "KOUSHIK_SERVICE adding trace" log but then getting avc denied. Please let me know if you need further info.

score 2 · Answer 1 · answered Jan 06 '21 at 18:33

You need to add SELinux rules to allow that service. By default SELinux is deny unless explicitly allowed.

Your easiest way forward to do this would be to compare to an existing service and rules for that.

Otherise based on what I added for a service on my case, and assuming that value of Context.KOUSHIK_SERVICE = "koushik" here's roughly what should be added :

File: koushik.te

type koushik, domain;

In file service_contexts, add:

koushik                    u:object_r:koushik_service:s0

In file service.te add:

type koushik_service,  service_manager_type;

In file system_server.te, add:

add_service(system_server,koushik_service)

Lastly, if you want to allow a domain to find and use your service, for example from platform_app, you add in platform_app.te:

allow platform_app koushik_service:service_manager find;

Glad to hear that problem got solved . Don't forget to accept the answer — Rick Sanchez, Jan 11 '21 at 20:47

AOSP system service getting avc denied error while trying to add service from SystemServer

1 Answers1

Linked