How to enable init.d to function in LineageOS 14.x (and later more?)

[ramast_]

I am using LineageOS 14 on my Galaxy S5 and while I do have the directory /system/etc/init.d , its scripts are not executed on startup as one would expect.
Searching different forums didn't lead to much beyond installing some random person's script with root permission or doing hacks.

I've invested sometime to get init.d work on my phone and wanted to share the how to with you:

Prerequisite:
Root access (shell) [ I am using addonsu-14.1-arm if that make a difference ]
LineageOS 14 (not tested on other versions but should work)

Steps:

1. mount your system partition as read/write

mount -oremount,rw /system

2. go to init directory

 cd /system/etc/init/

3. create file init_d.rc with following content

service init_d /system/bin/sh /system/bin/sysinit
    user root
    group root
    disabled
    oneshot
    seclabel u:r:sudaemon:s0

on property:sys.boot_completed=1 && property:sys.logbootcomplete=1
    start init_d

That's it.

Explanation:

/system/etc/init/ is android's version of linux's init.d but it have very different syntax and restricted set of commands.

the file init_d define a service called init_d which basically execute sysinit script (the script responsible for running /etc/init.d/ scripts).

the service is set to be disabled so it won't run by default. Finally I say that when the system finish booting start the service. the oneshot keyword is important because without the system will keep executing sysinit each time it exit.

the seclabel define SELinux label for this service, this one should give it full access

 

[cphilch]

I tried this on a lineage 15.1 build and followed all steps , it did not work.

 

[Whammamoosha]

Worked like a charm!

I needed it to run swapon once (to free some unused RAM) without modifying any system files, only adding new ones, so system updates wouldn't overwrite the configuration.

Thank you very much!

Running LineageOS 15.1, 2018-11-30 nightly build on griffin (XT1650-3).

I am using LineageOS 14 on my Galaxy S5 and while I do have the directory /system/etc/init.d , its scripts are not executed on startup as one would expect.
Searching different forums didn't lead to much beyond installing some random person's script with root permission or doing hacks.

I've invested sometime to get init.d work on my phone and wanted to share the how to with you:

Prerequisite:
Root access (shell) [ I am using addonsu-14.1-arm if that make a difference ]
LineageOS 14 (not tested on other versions but should work)

Steps:

1. mount your system partition as read/write

mount -oremount,rw /system

2. go to init directory

 cd /system/etc/init/

3. create file init_d.rc with following content

service init_d /system/bin/sh /system/bin/sysinit
    user root
    group root
    disabled
    oneshot
    seclabel u:r:sudaemon:s0

on property:sys.boot_completed=1 && property:sys.logbootcomplete=1
    start init_d

That's it.

Explanation:

/system/etc/init/ is android's version of linux's init.d but it have very different syntax and restricted set of commands.

the file init_d define a service called init_d which basically execute sysinit script (the script responsible for running /etc/init.d/ scripts).

the service is set to be disabled so it won't run by default. Finally I say that when the system finish booting start the service. the oneshot keyword is important because without the system will keep executing sysinit each time it exit.

the seclabel define SELinux label for this service, this one should give it full access

 

[Lordlight]

Thank you so much !

I am using LineageOS 14 on my Galaxy S5 and while I do have the directory /system/etc/init.d , its scripts are not executed on startup as one would expect.
Searching different forums didn't lead to much beyond installing some random person's script with root permission or doing hacks.

I've invested sometime to get init.d work on my phone and wanted to share the how to with you:

Prerequisite:
Root access (shell) [ I am using addonsu-14.1-arm if that make a difference ]
LineageOS 14 (not tested on other versions but should work)

Steps:

1. mount your system partition as read/write

mount -oremount,rw /system

2. go to init directory

 cd /system/etc/init/

3. create file init_d.rc with following content

service init_d /system/bin/sh /system/bin/sysinit
    user root
    group root
    disabled
    oneshot
    seclabel u:r:sudaemon:s0

on property:sys.boot_completed=1 && property:sys.logbootcomplete=1
    start init_d

That's it.

Explanation:

/system/etc/init/ is android's version of linux's init.d but it have very different syntax and restricted set of commands.

the file init_d define a service called init_d which basically execute sysinit script (the script responsible for running /etc/init.d/ scripts).

the service is set to be disabled so it won't run by default. Finally I say that when the system finish booting start the service. the oneshot keyword is important because without the system will keep executing sysinit each time it exit.

the seclabel define SELinux label for this service, this one should give it full access

You are great bro !
I try it on lineage os 14.1 on moto G and it works !
I tried many ways to do this but all of them are not effective, thanks

 

[ramast_]

You are great bro !
I try it on lineage os 14.1 on moto G and it works !
I tried many ways to do this but all of them are not effective, thanks

I am glad you found it useful.

 

[edit_check]

I am glad you found it useful.

Hi, i have a prblem with this:

The script run BEFORE the bootanimation finished, i need run AFTER the fully animation is finished. What need i do ?

 

[ramast_]

There is a process responsible for showing bootanimation, I don't remember exact process name but should contain word "animation" in it.

Once you figured out its name, you can make your script check every second - in a while loop - if that process is running or not. Once the process stopped, you can assume that bootanimation has stopped.

There might be a better way but I honestly don't know.

 

[slwn]

the seclabel define SELinux label for this service, this one should give it full access

Hey,

I tried your solution on the following LineageOS version:

Android 7.1.2
14.1-20190207-NIGHTLY-falcon
Linux version 3.4.113-g22bc4ed ([email protected]) (gcc version 4.9 20150123 (prerelease) (GCC) ) #1 SMP PREEMPT Thu Feb 7 14:09:49 UTC 2019

Scripts in /etc/init.d are being executed, fine, but all them are running with insufficient privileges - under the selinux context of u:r:sysinit:s0

As a result I couldn't start sshd using that script:

12-27 12:10:58.848  2559  2559 I sysinit : Running /system/etc/init.d/99ssh
12-27 12:10:58.950  2562  2562 W start-ssh: type=1400 audit(0.0:9): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_dsa_key" dev="mmcblk0p36" ino=198109 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.100  2564  2564 W ssh-keygen: type=1400 audit(0.0:10): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_dsa_key" dev="mmcblk0p36" ino=198109 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.103  2564  2564 W ssh-keygen: type=1400 audit(0.0:11): avc: denied { write } for uid=0 name="ssh_host_dsa_key" dev="mmcblk0p36" ino=198109 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.143  2743  2743 W chmod   : type=1400 audit(0.0:12): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_dsa_key" dev="mmcblk0p36" ino=198109 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.186  2746  2746 W chmod   : type=1400 audit(0.0:13): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_dsa_key.pub" dev="mmcblk0p36" ino=197164 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.190  2562  2562 W start-ssh: type=1400 audit(0.0:14): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_rsa_key" dev="mmcblk0p36" ino=203831 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:10.896  2749  2749 W ssh-keygen: type=1400 audit(0.0:15): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_rsa_key" dev="mmcblk0p36" ino=203831 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:10.896  2749  2749 W ssh-keygen: type=1400 audit(0.0:16): avc: denied { write } for uid=0 name="ssh_host_rsa_key" dev="mmcblk0p36" ino=203831 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:10.950  2969  2969 W chmod   : type=1400 audit(0.0:17): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_rsa_key" dev="mmcblk0p36" ino=203831 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:11.003  2972  2972 W chmod   : type=1400 audit(0.0:18): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_rsa_key.pub" dev="mmcblk0p36" ino=203640 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:11.103  2979  2979 W sshd    : type=1400 audit(0.0:19): avc: denied { setgid } for uid=0 capability=6 scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=capability permissive=0
12-27 12:11:11.116  2979  2979 W sshd    : type=1400 audit(0.0:20): avc: denied { create } for uid=0 scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0
12-27 12:11:11.116  2979  2979 W sshd    : type=1400 audit(0.0:21): avc: denied { create } for uid=0 scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0
12-27 12:11:11.120  2977  2977 I sshd    : bad addr or host: <NULL> (No address associated with hostname)
12-27 12:11:11.121  2977  2977 I sshd    : sshd terminated by exit(255)

Anyone has an idea, how to force init.d scripts to run as u:r:su:s0 ?

Thanks

 

[slwn]

Answering my own question, in case someone else would encounter this

It turned out, my LineageOS 14.1 already had init.d scripts working. However, it still was executed under a restricted selinux context u:r:sysinit:s0. To overcome that I had to recompile LineageOS from sources, where I could explicitly modify vendor/cm/prebuilt/common/etc/init.local.rc file and put there only one additional line seclabel u:r:sudaemon:s0 so it finaly looks like this:

..
.
# sysinit (/system/etc/init.d)
service sysinit /system/bin/sysinit
    user root
    group root
    disabled
    oneshot
    seclabel u:r:sudaemon:s0
..
.

Now I can run commands in userinit.sh with the highest privileges
Thanks!