init: cannot execve('/system/bin/custom.sh'): Permission denied

Question

I have a rooted system-as-root Samsung Device and I am trying to run an init service which runs custom.sh script using u:r:su:s0 SELinux context. 



# define service, use executable here if script not needed

service custom /system/bin/custom.sh




 # don't start unless explicitly asked to


 disabled




 # Use `seclabel u:r:magisk:s0` to run with unrestricted SELinux context to avoid avc denials


 # can also use "u:r:su:s0" on userdebug / eng builds if no Magisk.


 # It's required if SELinux is enforcing and service needs access


 # to some system resources not allowed by default sepolicy


 seclabel u:r:su:s0



# start the service when boot is completed

on property:sys.boot_completed=1


 # Use it to start the service


 start custom


As per my understanding, the rules for transition from init context to su context is not defined so, I should get avc: denial error.



But, I am getting permission denied error as following:




init: cannot execve('/system/bin/custom.sh'): Permission denied




I have checked the permission of custom.sh file and it is as following:




-r-xr-xr-- 1 root root 153 2019-11-04 13:25 /system/custom.sh




Please suggest what is happening here and how can I fix it?


Vatish Sharma | Sources

Answer

As evident from init source code:



...

static bool ExpandArgsAndExecv(const std::vector<std::string>& args) {



 ...


 return execv(c_strings[0], c_strings.data()) == 0;


}


...


  if (!ExpandArgsAndExecv(args_)) {



PLOG(ERROR) << "cannot execve('" << args_[0] << "')";


  
}


For whatever reason if init fails to execute the script custom.sh (i.e. syscall execve returns non-zero exit code), you will get cannot execve error. Permission denied (EACCES) is returned by execve in multiple situations e.g. unable to read file path, no +x permission on binary or filesystem mounted with noexec. Inability to read|open|execute script or make context transition is returned as EACCES.



Also cannot execve is logged by init but avc: denied is logged by SELinux subsystem through audit subsystem or kernel logging. You should get both errors in dmesg or logcat -b events or logcat -b kernel. If you don't, may be there is a dontaudit rule defined for source or target or both contexts.




Please suggest what is happening here and how can I fix it?




As explained in my answer to your previous question: How to run an Android init service with superuser SELinux context? define SELinux rules to allow init read / execute custom.sh script and make transition to u:r:su:s0.


Irfan Latif | Sources

Q & A

What smartphone and/or app support voice dialing on speakerphone like Moto X 2nd Gen?
What system app handles the screenshots in Lollipop?
“There's been a change to your Google account” message and password prompt?
My Nexus 6P just entered bootloop mode
How to use tablet-only apps on normal 5 inch phone?
Google Now cards not loading
Home shortcut on Apple bluetooth keyboard
How to Emulate hardware menu button
Broken device after uninstalling King Root
Can't check 'Phone Audio' setting for a Bluetooth headset
How to set a blank property
Is the Android default calendar open source?
My yu Yureka is bricked now I tried installing nougat with cm-14 but there is a error being displayed while installing cm 14 (comparing tz version)?
Unable to sideload a file to One Plus One. What are my alternatives?
How do I set up Slack to send notifications to my Android phone?
Restore Whatsapp
How to restrict some tracks from playing in 'Shuffle tracks'
How to turn off Wi-Fi 15min after it had been turned on?
Lock screen notifications rearrange themselves for seemingly no reason
Device does not boot to system after flashing boot image

Topics

2D Engines   3D Engines   9-Patch   Action Bars   Activities   ADB   Advertisements   Analytics   Animations   ANR   AOP   API   APK   APT   Architecture   Audio   Autocomplete   Background Processing   Backward Compatibility   Badges   Bar Codes   Benchmarking   Bitmaps   Bluetooth   Blur Effects   Bread Crumbs   BRMS   Browser Extensions   Build Systems   Bundles   Buttons   Caching   Camera   Canvas   Cards   Carousels   Changelog   Checkboxes   Cloud Storages   Color Analysis   Color Pickers   Colors   Comet/Push   Compass Sensors   Conferences   Content Providers   Continuous Integration   Crash Reports   Credit Cards   Credits   CSV   Curl/Flip   Data Binding   Data Generators   Data Structures   Database   Database Browsers   Date &   Debugging   Decompilers   Deep Links   Dependency Injections   Design   Design Patterns   Dex   Dialogs   Distributed Computing   Distribution Platforms   Download Managers   Drawables   Emoji   Emulators   EPUB   Equalizers &   Event Buses   Exception Handling   Face Recognition   Feedback &   File System   File/Directory   Fingerprint   Floating Action   Fonts   Forms   Fragments   FRP   FSM   Functional Programming   Gamepads   Games   Geocaching   Gestures   GIF   Glow Pad   Gradle Plugins   Graphics   Grid Views   Highlighting   HTML   HTTP Mocking   Icons   IDE   IDE Plugins   Image Croppers   Image Loaders   Image Pickers   Image Processing   Image Views   Instrumentation   Intents   Job Schedulers   JSON   Keyboard   Kotlin   Layouts   Library Demos   List View   List Views   Localization   Location   Lock Patterns   Logcat   Logging   Mails   Maps   Markdown   Mathematics   Maven Plugins   MBaaS   Media   Menus   Messaging   MIME   Mobile Web   Native Image   Navigation   NDK   Networking   NFC   NoSQL   Number Pickers   OAuth   Object Mocking   OCR Engines   OpenGL   ORM   Other Pickers   Parallax List   Parcelables   Particle Systems   Password Inputs   PDF   Permissions   Physics Engines   Platforms   Plugin Frameworks   Preferences   Progress Indicators   ProGuard   Properties   Protocol Buffer   Pull To   Purchases   Push/Pull   QR Codes   Quick Return   Radio Buttons   Range Bars   Ratings   Recycler Views   Resources   REST   Ripple Effects   RSS   Screenshots   Scripting   Scroll Views   SDK   Search Inputs   Security   Sensors   Services   Showcase Views   Signatures   Sliding Panels   Snackbars   SOAP   Social Networks   Spannable   Spinners   Splash Screens   SSH   Static Analysis   Status Bars   Styling   SVG   System   Tags   Task Managers   TDD &   Template Engines   Testing   Testing Tools   Text Formatting   Text Views   Text Watchers   Text-to   Toasts   Toolkits For   Tools   Tooltips   Trainings   TV   Twitter   Updaters   USB   User Stories   Utils   Validation   Video   View Adapters   View Pagers   Views   Watch Face   Wearable Data   Wearables   Weather   Web Tools   Web Views   WebRTC   WebSockets   Wheel Widgets   Wi-Fi   Widgets   Windows   Wizards   XML   XMPP   YAML   ZIP Codes