From 1ea19eb44d58759ed65dc7aa8da8215e5f976858 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 25 Aug 2017 12:08:57 -0700
Subject: [PATCH] Clarify SELinux service error message

1) Attempt to make the error message associated with a missing service
better.
2) Provide a link to more in-depth documentation.

Bug: 65023716
Test: code compiles.
Change-Id: Ie0f1896fb41d5afd11501f046cb51d4c8afe0a62
---
 init/service.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/init/service.cpp b/init/service.cpp
index d3c9f9236..dee0c3d23 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -82,7 +82,11 @@ static Result<std::string> ComputeContextFromExecutable(std::string& service_nam
         free(new_con);
     }
     if (rc == 0 && computed_context == mycon.get()) {
-        return Error() << "Service does not have an SELinux domain defined";
+        return Error() << "File " << service_path << "(labeled \"" << filecon.get()
+                       << "\") has incorrect label or no domain transition from " << mycon.get()
+                       << " to another SELinux domain defined. Have you configured your "
+                          "service correctly? https://source.android.com/security/selinux/"
+                          "device-policy#label_new_services_and_address_denials";
     }
     if (rc < 0) {
         return Error() << "Could not get process context";