AOSP Nougat - "does not have a SELinux domain defined"
https://talk.sonymobile.com/t5/General-Discussion/Error-during-Nougat-build/td-p/1193374
Hi
I am trying to build AOSP Nougat based on instructions at
http://developer.sonymobile.com/open-devices/aosp-build-instructions/how-to-build-aosp-nougat-for-unlocked-xperia-devices/
Using following URL for repo. Note it is r24.
repo init -u https://android.googlesource.com/platform/manifest -b android-7.0.0_r24
WHile building, I get an error as follows.
1 warning generated.
[ 28% 10839/37403] build out/target/product/leo/obj/ETC/sepolicy_intermediates/sepolicy
FAILED: /bin/bash -c "(out/host/linux-x86/bin/checkpolicy -M -c 30 -o out/target/product/leo/obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/leo/obj/ETC/sepolicy_intermediates/policy.conf ) && (out/host/linux-x86/bin/checkpolicy -M -c 30 -o out/target/product/leo/obj/ETC/sepolicy_intermediates//sepolicy.dontaudit out/target/product/leo/obj/ETC/sepolicy_intermediates/policy.conf.dontaudit ) && (out/host/linux-x86/bin/sepolicy-analyze out/target/product/leo/obj/ETC/sepolicy_intermediates/sepolicy.tmp permissive > out/target/product/leo/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ) && (if [ \"userdebug\" = \"user\" -a -s out/target/product/leo/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ]; then echo \"==========\" 1>&2; echo \"ERROR: permissive domains not allowed in user builds\" 1>&2; echo \"List of invalid domains:\" 1>&2; cat out/target/product/leo/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains 1>&2; exit 1; fi ) && (mv out/target/product/leo/obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/leo/obj/ETC/sepolicy_intermediates/sepolicy )"
libsepol.report_failure: neverallow on line 195 of system/sepolicy/untrusted_app.te (or line 19084 of policy.conf) violated by allow untrusted_app vfat:file { create };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/leo/obj/ETC/sepolicy_intermediates/policy.conf
[ 28% 10839/37403] target thumb C++: libinit <= system/core/init/action.cpp
ninja: build stopped: subcommand failed.
make: *** [ninja_wrapper] Error 1
=========================================================
To fix this, edit untrusted_app.te file in following folder and commnet both the lines.
device/sony/sepolicy$vi untructed_app.te
#allow untrusted_app vfat:dir rw_dir_perms;
#allow untrusted_app vfat:file create;
Please let me know if this is the right way to fix the error? Or is there any other workaround?
Further I want to change init.rc to start a service.
e.g.
service test /system/bin/test_init.sh
class core
oneshot
When I flash modifies image to phone, I do not see service test started. Instead I see following message in dmesg.
init: Service test does not have a SELinux domain defined.
We have ported same code to Android M by integrating it in Sony AOSP. And we have seen service test started successfully.
What is changed in Android N and what change do we need to do in order for our service to start in Android N phone?
Thanks in advance.
******************************************
In case you're still having the first problem: I had the same issue and reported it as
https://github.com/sonyxperiadev/device-sony-sepolicy/issues/142. alviteri did something that fixed it immediately, and I've been building r27 successfully since then.