a64-产品化

一。 init.rc某一个service完全获得root权限不受限制

1. adb 能网络方式连接上设备

setenv ethaddr B1:11:22:33:44:55，ping不通。
mac地址可能第二位是偶数。还是不行， 后来插拔一下网卡好了， 这样要注意网卡驱动有问题。
但是5555连接不上，做如下操作，好了
setprop service.adb.tcp.port 5555
stop adbd
start adbd

2. 准备好的一个脚本放到system bin下面

cat /system/bin/init.shine.sh                               #!/system/bin/sh#/system/bin/shine_exec.sh &/data/shine_exec.sh &sleep 4000

3. init.rc 里面加一个sh脚本的服务

service shinescript /system/bin/sh /system/bin/init.shine.sh    class core    user root    group root    oneshot

4. 提示shinescript没有对应的权限，里面什么东西都干不了，建立shinescript.te

# File types must be defined for file_contexts.type shinescript_exec, exec_type, file_type;  # Domain used for su processes, as well as for adbd and adb shell  # after performing an adb root command.  The domain definition is  # wrapped to ensure that it does not exist at all on -user builds.  type shinescript, domain;#  init_daemon_domain(shinescript)  domain_auto_trans(shell, shinescript_exec, shinescript)  # Allow dumpstate to call su on userdebug / eng builds to collect  # additional information.  domain_auto_trans(dumpstate, shinescript_exec, shinescript)  # su is also permissive to permit setenforce.  permissive shinescript;

5. 提示里面执行/data/shine_exec.sh没有权限

[ 21.927480] type=1400 audit(1262578508.700:3): avc: denied { execute } for pid=1557 comm=”sh” name=”shine_exec.sh” dev=”mmcblk0p1” ino=21 scontext=u:r:init_shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
[ 21.944503] input: sunxi-keyboard as /devices/virtual/input/input3
还有一个日志
[ 22.114371] type=1400 audit(1262579811.900:3): avc: denied { execute_no_trans } for pid=1561 comm=”sh” path=”/system/bin/shine_exec.sh” dev=”mmcblk0p7” ino=299 scontext=u:r:init_shell:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
[ 22.115803] input: sunxi-keyboard as /devices/virtual/input/input3
[ 21.992116] type=1400 audit(1262579962.720:3): avc: denied { execute } for pid=1562 comm=”sh” name=”shine_exec.sh” dev=”mmcblk0p1” ino=21 scontext=u:r:init_shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=1
[ 21.992305] type=1400 audit(1262579962.720:4): avc: denied { execute_no_trans } for pid=1562 comm=”sh” path=”/data/shine_exec.sh” dev=”mmcblk0p1” ino=21 scontext=u:r:init_shell:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=1
[ 21.992388] type=1400 audit(1262579962.750:5): avc: denied { execute_no_trans } for pid=1571 comm=”shine_exec.sh” path=”/system/bin/toolbox” dev=”mmcblk0p7” ino=311 scontext=u:r:init_shell:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
[ 21.993336] type=1400 audit(1262579962.760:6): avc: denied { read } for pid=1571 comm=”mount” name=”mmcblk0p7” dev=”tmpfs” ino=4158 scontext=u:r:init_shell:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=1
[ 21.993558] type=1400 audit(1262579962.760:7): avc: denied { open } for pid=1571 comm=”mount” path=”/dev/block/mmcblk0p7” dev=”tmpfs” ino=4158 scontext=u:r:init_shell:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=1
[ 21.999927] type=1400 audit(1262579962.770:8): avc: denied { ioctl } for pid=1571 comm=”mount” path=”/dev/block/mmcblk0p7” dev=”tmpfs” ino=4158 scontext=u:r:init_shell:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=1
[ 22.000087] type=1400 audit(1262579962.770:9): avc: denied { remount } for pid=1571 comm=”mount” scontext=u:r:init_shell:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=1
[ 22.000764] type=1400 audit(1262579962.770:10): avc: denied { setsched } for pid=1571 comm=”mount” scontext=u:r:init_shell:s0 tcontext=u:r:kernel:s0 tclass=process permissive=1
[ 22.004772] EXT4-fs (mmcblk0p7): re-mounted. Opts: (null)
[ 22.006211] type=1400 audit(1262579962.770:11): avc: denied { write } for pid=1562 comm=”shine_exec.sh” name=”/” dev=”mmcblk0p7” ino=2 scontext=u:r:init_shell:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1
[ 22.006348] type=1400 audit(1262579962.770:12): avc: denied { add_name } for pid=1562 comm=”shine_exec.sh” name=”234” scontext=u:r:init_shell:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1
[ 22.006427] type=1400 audit(1262579962.770:13): avc: denied { create } for pid=1562 comm=”shine_exec.sh” name=”234” scontext=u:r:init_shell:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
[ 22.006778] type=1400 audit(1262579962.770:14): avc: denied { write } for pid=1562 comm=”shine_exec.sh” path=”/system/234” dev=”mmcblk0p7” ino=1966 scontext=u:r:init_shell:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
23.006467] type=1400 audit(1262579963.790:15): avc: denied { setattr } for pid=1 comm=”init” name=”bluetooth” dev=”mmcblk0p7” ino=339 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
[ 28.052317] type=1400 audit(1262579968.920:16): avc: denied { execute_no_trans } for pid=2367 comm=”shine_exec.sh” path=”/sbin/busybox” dev=”rootfs” ino=3975 scontext=u:r:init_shell:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
[ 28.076184] type=1400 audit(1262579968.920:17): avc: denied { create } for pid=2367 comm=”busybox” scontext=u:r:init_shell:s0 tcontext=u:r:init_shell:s0 tclass=udp_socket permissive=1
[ 28.094738] type=1400 audit(1262579968.920:18): avc: denied { ioctl } for pid=2367 comm=”busybox” path=”socket:[4678]” dev=”sockfs” ino=4678 scontext=u:r:init_shell:s0 tcontext=u:r:init_shell:s0 tclass=udp_socket permissive=1
代码如下：

type init_shell, domain;domain_auto_trans(init, shell_exec, init_shell)permissive_or_unconfined(init_shell)#20161107 byhpermissive init_shell;

另外，selinux有两种工作模式：
“permissive”：所有操作都被允许（即没有MAC），但是如果有违反权限的话，会记录日志
“enforcing”：所有操作都会进行权限检查

所以，虽然打印，但是不用管他，因为permissive。

6. 测试结果

init.shine.sh里面任何命令都好用了，
init.shine.sh如果执行data下面的脚本，这个脚本里面再执行脚本或者一般的命令都能正常执行了。

二。 uboot可以修改lcd0的参数，来调试各种屏

目前修改的只能是freq好使，其他分辨率什么的即使读对了，可是也不好用。
11
22
33

Tables Are Cool col 3 is right-aligned $1600 col 2 is centered $12 zebra stripes are neat $1