SEPolicy for multiple services using AIDL in Android Native

Question

I want to add multiple services with:

MyService sv1 = MyService::getInstance(mode::mode1);
defaultServiceManager()->addService(String16("Service1"), sv1);
MyService sv2 = MyService::getInstance(mode::mode2);
defaultServiceManager()->addService(String16("Service2"), sv2);

And here are my sepolicy files:

myservice.te:

type myservice, domain, coredomain;

service.te

type my_service, system_api_service, service_manager_type;

I want to register 2 services with different name, so I added these in service_contexts

Service1 u:object_r:my_service:s0
Service2 u:object_r:my_service:s0

But when I run, the logcat return avc error:

E SELinux : avc:  denied  { add } for pid=431 uid=1000 name=Service1 scontext=u:r:myservice:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1

I think Service1 and Service2 did not registered to servicemanager, so avd shows default_android_service in tcontext.

How can I register my own services in sepolicy?

Thank you.

score 0 · Answer 1 · answered Jul 18 '22 at 11:33

0

I do not have a reference service to check, but maybe you only forgot to use binder_use and add_service.

type myservice, domain, coredomain;
type my_service, system_api_service, service_manager_type;

# Allow myservice to use binder
binder_use(myservice)

# Allow myservice to add the service "my_service"
add_service(myservice, my_service)

answered Jul 18 '22 at 11:33

Simpl

1,938
1
10
21

Thanks for your answer. I have added binder_use and add_service, I want 2 services: Service1 and Service2 can be add by defaultServiceManager()->addService but SEPolicy was denied. My question is how can I use 2 different service's names in one type? – user3215865 Jul 19 '22 at 01:18
Do you still get the same ne – Simpl Jul 19 '22 at 05:33
Do you still get the same message from avc? – Simpl Jul 19 '22 at 05:34
Yes, it stills denied add name=Service1 and name=Service2 – user3215865 Jul 19 '22 at 07:20

SEPolicy for multiple services using AIDL in Android Native

1 Answers1