executing static program from android init.rc - android

I want to start a custom program in the init process. I compiled this program statically that run fine from my booted up android stock ROM.
From the android init.rc docs I read that the exec command is what I need.
BTW all I can see in dmesg is that my program exit with code -1 (I can't return that).
init.rc snippet:
on post-fs-data
write /dev/kmsg "launching test"
exec /data/test
All I see in dmesg is this:
<4>[ 6.336816] launching test
<6>[ 6.336902] init: command 'write' r=0
<6>[ 6.337115] init: command 'exec' r=-1
Here you are the executable source code: http://pastebin.com/Hym1APWx
UPDATE
I tried to statically compile and run this program:
int main(){return 0; }
But the result is always command 'exec' r=-1. Maybe user uselen are right, maybe I cannot run executables from /data in the early-boot phase.

As christian said, it looks like exec isn't even implemented. I'm beginning to think that a lot of features documented for init.rc aren't implemented. Here's a way you can get your program to launch however.
Instead of running this as an "exec" command, set this up as a service instead.
In your init.rc, or another file included by it:
service my_service /data/test
class main
oneshot
If it's in class main, and not disabled, it should run after /data is mounted.

I had the same issue today. In my case the solution was simple: The exec function wasn't implemented yet and contained just a return -1. You should take a look at builtin.c and search for do_exec(). This code is executed when init.rc contains an exec statement.

Related

How to solve this valgrind issue?

I'm trying to run valgrind on an android OS but it couldn't start and it shows this errors that i couldn't find how to solve:
valgrind: Startup or configuration error:
Can't create client cmdline file in /tmp/valgrind_proc_87_cmdline_876a7612
valgrind: Unable to start up properly. Giving up.
Thanks in advance !
I tried to change the default path that valgrind use and which is shown on the error log but i couldn't make it
The problem is happening in the code where the Valgrind host is creating a fake /proc/<pid>/cmdline.
This file should be created in the location given by the first valid item in the following list:
The TMPDIR environment variable
The constant VG_TMPDIR that gets baked into the binary via a configure time option. This defaults to /tmp but can be overriden using configure --with-tmpdir=/your/tmp/dir. That would require that you get the Valgrind source and configure and build it. It is possible that you are using a package that was built using this option and is not compatible with your system.
Last resort, "/tmp"
All of the above checks just test that the string is non-null and not empty. They do not test for the existance and accessibility of the directory. That gets determined by the Valgrind version of mkstemp and the error message comes from 'valgrind_main'.
Valgrind needs to create a file TMPDIR/valgrind_proc_PID_cmdline_RAND where TMPDIR is described above, PID is the pid of the Valgrind process and RAND is a random number.
There is at least one other similar files that get created, for auxv.
There are no Valgrind command line options to turn off the creation of these files.

Add native service to aosp

I am trying to add a native service written in C++ to the AOSP build.
The first thing I did was to create a native service and client to the AOSP build.
This worked as expected. I could start the service within an adb shell and call it via binder on a adb shell.
The trouble started when I wanted to start my service with init.
I added a .rc file to my build
service myp /system/bin/myp_service
class main
This did the the trick so that init tried to start it but it failed because of SELinux policies.
So I added a file_contexts to my device tree and added:
/system/bin/myp_service u:object_r:myp_exec:s0
Next I added a myp.te file and added:
type myp, domain;
type myp_exec, exec_type, file_type;
type myp_service, service_manager_type;
init_daemon_domain(myp)
net_domain(myp)
binder_use(myp)
binder_service(myp)
add_service(myp, myp_service)
binder_call(myp, binderservicedomain)
binder_call(myp, appdomain)
allow myp myp_service:service_manager add;
And finally I added a service_contexts file with:
myp u:object_r:myp_service:s0
This finally made my service successfully start at boot time.
Unfortunalty I cannot use binder against this service. When I try to connect to the service with my client the call
defaultServiceManager()->getService(String16("Demo"))
returns a null pointer.
I cannot find any hints in the dmesg.
So I assume I am still missing something for the SElinux but I have no clue what I am missing.
If I shutdown the SELinux with setenforce and restart the service then it works fine.
Can anyone give me a hint what I am missing for SELinux or where I can get more information about which policy blocked something?
You could see the denials like this:
adb logcat | grep "SELinux : avc" > /tmp/logs
Get sepolicy current file. (Can be taken from device this way adb pull sepolicy.
Using audit2allow (located in AOSP source code: external/selinux/prebuilts/bin/audit2allow or in SDK tools. Do this: cat /tmp/logs | .external/selinux/prebuilts/bin/audit2allow -p sepolicy
The audit2allow tool will tell you what permission you are missing for the logcat extracted and the current sepolicy file, watch-out because you could need to do this several times since fixing some permissions will show the next ones required.
If you have a userdebug kind of build you could get setenforce 0, logcat with it and all the denials will be in logcat even if you will be permited to do the operation desired. This will leave the audit2allow iterations required in 1.
For anyone who came across this problem, please make sure your service_contexts file is successfully merged with stock service_contexts file. If you're building your service for Android O or later, please put this file inside a folder and refer to it in your Makefile by BOARD_PLAT_PRIVATE_SEPOLICY_DIR1. And you don't need to add allow myp default_android_service:service_manager add if the build system does pick up your service_contexts.
Also, about the domain.te violation problem, you probably want to attach one of the coredomain or appdomain attribute to your domain 2 with typeattribute <your_domain> <attribute>;.
Finally, please double check the following built files to make sure you don't leave any sepolicy configurations out in the final build:
$(AOSP_ROOT)/out/target/product//obj/ETC/file_contexts.bin_intermediates/file_contexts.*
$(AOSP_ROOT)/out/target/product/potter/obj/ETC/plat_service_contexts_intermediates/service_contexts.*
$(AOSP_ROOT)/out/target/product/potter/obj/ETC/sepolicy_neverallows_intermediates/policy.conf

Check if a file contains a string by "grep -q" in JNI

I am writing a small Android program that can check how many files contains a certain string without reading completely their contents
Therefore, I've found a good way to do it is using grep -q command. Because of executing the command doesn't output but a exit code (0 : match, 1 : not match)
However I have no idea that how to get the exit code after executing the command completed by C language in JNI.

Android insmod kernel object on boot

I am currently trying to insmod a kernel module during the end of the boot process, and so I've created the following entries in init.rc:
on post_late_start
start myscript
on nonencrypted
class_start late_start
trigger post_late_start
on property:void.decrypt=trigger_restart_framework
class_start main
class_start late_start
trigger post_late_start
service myscript /data/my_sh.sh
disabled
oneshot
Then in my /data directory my_sh.sh has the following:
#!/system/bin/sh
log -t mytag -p V "Hello World!"
insmod mymodule.ko mod_parameter=arg
But when I run -- sometimes I do not see the "Hello World" tag when I logcat -s "mytag" and of course, the insmodded module is not installed either.
What is the proper way of late-inserting a kernel module (it needs to go in after network is up and /data is mounted). And further -- how do I get the output of insmod into the log so that I can debug? Any help is appreciated and I can post more details if necessary.
At least since Froyo and still in Lollipop, Android init implements insmod in system/core/init/buildin.c. It is supposed to work directly in an init*.rc file:
on boot
insmod /system/lib/modules/your-module.ko.
However, at least in Lollipop 5.1, it no longer works, as SELinux rules are enforced. init does not have the required sys_module permission. Therefore the underlying init_module system call returns EPERM. This is never reported to anywhere. The only symptom is that insmod commands now fail to load the module, always.
I opened an AOSP issue on this. According to Google, this works as intended. If you want to use kernel modules when SELinux is enforced (which they strongly advice against), you must yourself add the required SELinux permission to init.
I am not sure about your log, but to insmod you need to give the exact path to the module, because I dont think you will be having mymodule.ko residing in the same place as init.rc is there. So try to give the full path of your ko file.
Generally it resides in /lib/modules/youdrivername.ko
so check it here first.

dalvikvm is not showing LOGD messages of JIT Options

I have made some minor changes to /dalvik/vm/interp/Jit.cpp
(wrote some LOGD messages) and built dalvikvm using
$make dalvikvm
and the build was successful and got the executable in /out/
target/product/generic/system/bin/dalvikvm.
Now i started an emulator and pushed dalvikvm into /data and
executed a sample java program (with some 30 loops) using
$/data/dalvikvm -Xbootclasspath:/system/
framework/core.jar -classpath /data/CmdLine.jar TestAppActivity
(created CmdLine.jar from sample program by following
instructions given in http://davanum.wordpress.com/2007/12/04/command-line-java-on-dalvikvm/
)
now when i check the logcat there is no messages which i have
written using LOGD is displayed. Do we need to add any option to
dalvikvm command line to enable JIT? what could be the problem here?
Thanks
Jit is enabled by default if you are using android version above 2.2 i suppose. Your problem is the profiling of JIT has to be enabled in dvm. This can be don by looking into dalvikvm --help .... I think dalvikvm -Xjitprofile -Xjitverbose should do and before that export your environment variable to log the message too.
Try exporting the logs before running the dalvikvm something like this
export ANDROID_LOG_TAGS="ActivityManager:I MyApp:D *:S" the variables D -Debug S: lowest level V - verbose which is the level of log you need the application to be logged.
dalvikvm is just the starter binary. The important stuff lives in libdvm.so so you have to build and replace this rather than dalvikvm.

Categories

Resources