Android系统以install形式预装可卸载第三方应用

高通Android7.1预装apk，可卸载且恢复出厂可还原

1、vendor/qcom/proprietary/qrdplus/Extension/config/copy_apps.sh

#!/system/bin/sh
if [ ! -f /data/app/did ]; then
	path_pre_install=/system/pre_install
	flist=`ls ${path_pre_install}`
	for file in $flist
	do
		echo ${path_pre_install}/$file
		pm install -r ${path_pre_install}/$file
	done
	echo 1 > /data/app/did
fi

2、同目录下的Android.mk实现把脚本复制到system/bin

出现的问题，编译不通过，原因分析：
system/bin这个目录可能还不存在，先创建，然后cp的时候加个/

## add by ben for third app
#################################################
COPY_APPS_SH := copy_apps.sh
$(shell mkdir -p $(TARGET_OUT)/bin/)
$(shell cp -r $(LOCAL_PATH)/$(COPY_APPS_SH)  $(TARGET_OUT)/bin/)
$(shell chmod 755 $(TARGET_OUT)/bin/$(COPY_APPS_SH))

3、在init.target.rc添加以下服务,路径device/qcom/msm8953_64/init.target.rc

service copy_apps /system/bin/sh /system/bin/copy_apps.sh
    class core
    user root
    group root
    disable #创建但先不执行
    oneshot  #运行一次
    seclabel u:r:copy_apps:s0 #这句是为加selinux权限添加的，android5.1以后不加则无法启动该服务
    
	#必须在开机完成后再启动
on property:sys.boot_completed=1
    start copy_apps

4.device/qcom/sepolicy/common/file_contexts 添加如下语句

/system/bin/copy_apps.sh                      u:object_r:copy_apps_exec:s0

5、添加SELinux规则，device/qcom/sepolicy/common/copy_apps.te

#需要为新增的进程增加域、执行权限
type copy_apps, domain;
type copy_apps_exec, exec_type, file_type;

#仅用于调试；本进程所需权限均许可，跨进程的要到其他文件设定
#permissive copy_apps; 

#然后启用这个域
init_daemon_domain(copy_apps)

allow copy_apps rootfs:lnk_file {getattr write open read};
allow copy_apps apk_data_file:dir {search getattr read write setattr add_name open};
allow copy_apps apk_data_file:file {getattr open read write create setattr};
allow copy_apps system_file:dir {read getattr open};
allow copy_apps system_file:file{read getattr open execute_no_trans };
allow copy_apps system_data_file:dir {read getattr open write add_name};
allow copy_apps toolbox_exec:file {getattr execute read open execute_no_trans};
allow copy_apps copy_apps:capability {dac_override dac_read_search fowner fsetid};
allow copy_apps copy_apps:file {getattr write open};
allow copy_apps copy_apps:dir {search};
allow copy_apps copy_apps:process {execmem};
allow copy_apps shell_exec:file {entrypoint getattr read execute open execute_no_trans};
allow copy_apps zygote_exec:file {entrypoint getattr read execute open execute_no_trans};
allow copy_apps zygote_exec:file {entrypoint getattr read execute open execute_no_trans};
allow copy_apps servicemanager:binder {call};
allow copy_apps sysfs:file {read getattr open};
allow copy_apps dalvikcache_data_file:dir {rw_dir_perms};
allow copy_apps dalvikcache_data_file:file {create_file_perms}; 
allow copy_apps dalvikcache_data_file:lnk_file {read getattr};
allow copy_apps proc_net:file {read open getattr};
allow copy_apps ashmem_device:chr_file{execute};
allow copy_apps copy_apps_tmpfs:file{execute};
allow copy_apps system_server:binder{call transfer};
allow copy_apps system_server:fd{use};
allow copy_apps system_server:unix_stream_socket{getopt read write};

修改sepolicy后编译出现‘Error while expanding policy’

在系统中添加某个“*.te”后，可能会出现下面的错误

libsepol.report_failure: neverallow on line 263 of system/sepolicy/domain.te (or line 9133 of policy.conf) violated by allow xx device:chr_file { read write open };
    libsepol.check_assertions: 1 neverallow failures occurred
    Error while expanding policy

这是因为在“system/sepolicy/domain.te” 添加了一些neverallow rules，导致编译检查的时候出现错误

# Do not allow any domain other than init or recovery to create unlabeled files.
    neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;

只需要根据错误的提示，在system/sepolicy/domain.te找到对应的neverallow规则修改即可，我编译出现error的是allow xx device:chr_file { read write open };

只需要在下面的规则中，去掉我们添加的xx.te即可,在neverallow后的第一个‘{}’里 利用“-xx”，排除某个，即不应有此规则

# Don't allow raw read/write/open access to generic devices.
    # Rather force a relabel to a more specific type.
    # init is exempt from this as there are character devices that only it uses.
    # ueventd is exempt from this, as it is managing these devices.
    neverallow { domain -init -ueventd -systool_server -xx } device:chr_file { open read write };

在编译的时候出现3个位置neverallow的错误，在对应的位置上添加 -copy_apps，
下面是其中一个添加位置的地方。

neverallow {
    domain
    -appdomain
    -autoplay_app
    -dumpstate
    -shell
    userdebug_or_eng(`-su')
    -system_server
    -zygote
    -copy_apps  
} { file_type -system_file -exec_type -postinstall_file }:file execute;

以上方法最终没有通过，应该是可以的，把上面的问题改一下应该就可以。

最终使用的方法

这种方法最简单，直接在设备上验证也能通过。主要是设备上没有开启SELinux规则，如果开启，应该也需要上面那种方法的配置。暂时不用。

/system/etc/init/目录里的.rc文件里
bootanim.rc

文件内容如下：

service bootanim /system/bin/bootanimation
    class core
    user graphics
    group graphics audio
    disabled
    oneshot
    writepid /dev/stune/top-app/tasks

service copy_apps /system/bin/sh /system/vendor/hq/etc/copy_apps.sh
    oneshot

on property:service.bootanim.exit=1
   start copy_apps

源码目录在：

frameworks/base/cmds/bootanimation/bootanim.rc