本文纯Android技术操作,不涉及软件功能设计。
创建开机自启daemon,在init进程启动的时候启动随着class main启动时候自启。
android/sprd/sl8541e/device/sprd/sharkle/common / rootdir/root/init.common.rc
service spi0daemon /system/bin/spitest
class main
user root
group root
seclabel u:r:spitest:s0
oneshot
加入之后开机打印logcat,提示无selinux domain,所以创建一个domain,然后一步一步根据log增加所需selinux的权限。
创建spitest.te增加权限,我增加的daemon主要使用到了/de/spidev接口和socket进程通信接口:
android/sprd/sl8541e/device/sprd/sharkle/common / sepolicy/spitest.te
type spitest, domain;
type spitest_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(spitest)
typeattribute spitest coredomain;
allow spitest spitest_exec:file { read getattr map execute entrypoint open };
allow spitest spi_device:chr_file { read write open ioctl };
allow spitest spitest:tcp_socket {ioctl create setopt bind read write getopt connect name_bind listen name_connect getattr accept};
allow spitest spitest:capability {chown sys_admin dac_override net_raw sys_nice setuid setgid sys_nice fsetid};
allow spitest port:tcp_socket {name_connect name_bind};
allow spitest node:tcp_socket {node_bind};
allow spitest fwmarkd_socket:sock_file { write read open create};
allow spitest netd:unix_stream_socket { connectto };
android/sprd/sl8541e/device/sprd/sharkle/common / sepolicy/device.te
type spi_device, dev_type;
android/sprd/sl8541e/device/sprd/sharkle/common / sepolicy/file_contexts
/system/bin/spitest u:object_r:spitest_exec:s0
/dev/spidev0.0 u:object_r:spi_device:s0
android/sprd/sl8541e/device/sprd/sharkle/common / sepolicy/netd.te
allow netd spitest:fd { use };
allow netd spitest:tcp_socket {ioctl create setopt bind read write getopt connect name_bind listen name_connect getattr accept};
这个权限主要是socket通信,netd需要和spitest daemon交互数据。
