Selinux拒绝在Android 8上启动服务

Question

Recently I am working on Android 8 and blocked with selinux issue…

I create a “ppp” service in init.rc to start pppd as below:

service ppp /system/bin/pppd call gprs
user root
group system radio
disabled
oneshot

But it failed when starting this service with command “setprop ctl.start ppp”.

The selinux is already set to permissive mode but still shows as follows, and service is not started:

console:/ # [ 430.567622] init: Could not ctl.start for service ppp: File /system/bin/pppd(labeled "u:object_r:ppp_exec:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined. Have you configured your service correctly? https://source.android.com/security/selinux/device-policy#label_new_services_and_address_denials

The ppp.te and file_contexts is not changed:

ppp.te:

typeattribute ppp coredomain;

domain_auto_trans(mtp, ppp_exec, ppp)

file_contexts:

/system/bin/pppd    u:object_r:ppp_exec:s0

Any information to solve this problem is appreciated, thanks in advance!

Answer 1

When you use “setprop ctl.start ppp”, the service is started from init.

Try with this policy:

domain_auto_trans(init, ppp_exec, ppp)