From ecc7e8cacb6277f1a98c6af87d255e9aa6651cad Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Fri, 7 Sep 2018 15:05:33 -0700 Subject: [PATCH] Move /sbin/charger to /system/bin/charger. With the CLs in the same topic, it's being built as a dynamically linked executable. And this applies to normal boot (including charger mode) and recovery mode both. /system/bin/charger under normal boot will be labeled as charger_exec, which has the attribute of system_file_type. The file in recovery image will still be labeled as rootfs. So we keep the domain_trans rule for rootfs file, but allowing for recovery mode only. Bug: 73660730 Test: Boot into charger mode on taimen. Check that charger UI works. Test: Boot into recovery mode. Check that charger process works. Change-Id: I062d81c346578cdfce1cc2dce18c829387a1fdbc --- private/compat/26.0/26.0.ignore.cil | 1 + private/compat/27.0/27.0.ignore.cil | 1 + private/compat/28.0/28.0.ignore.cil | 1 + private/file_contexts | 5 +++-- private/init.te | 4 +++- public/charger.te | 3 +-- 6 files changed, 10 insertions(+), 5 deletions(-) diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil index d8c6e0af9..94f3a9d8d 100644 --- a/private/compat/26.0/26.0.ignore.cil +++ b/private/compat/26.0/26.0.ignore.cil @@ -31,6 +31,7 @@ bpfloader_exec broadcastradio_service cgroup_bpf + charger_exec color_display_service content_capture_service crossprofileapps_service diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index fbd26a101..5c04fcdb5 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -29,6 +29,7 @@ bpfloader bpfloader_exec cgroup_bpf + charger_exec color_display_service content_capture_service crossprofileapps_service diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil index 1b76c38f7..d9e575516 100644 --- a/private/compat/28.0/28.0.ignore.cil +++ b/private/compat/28.0/28.0.ignore.cil @@ -28,6 +28,7 @@ bugreport_service cgroup_desc_file cgroup_rc_file + charger_exec content_capture_service content_suggestions_service cpu_variant_prop diff --git a/private/file_contexts b/private/file_contexts index 3f5c3a0a2..91d4484ee 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -14,9 +14,7 @@ /verity_key u:object_r:rootfs:s0 # Executables -/charger u:object_r:rootfs:s0 /init u:object_r:init_exec:s0 -/system/bin/init u:object_r:init_exec:s0 /sbin(/.*)? u:object_r:rootfs:s0 # For kernel modules @@ -36,6 +34,7 @@ # Symlinks /bin u:object_r:rootfs:s0 /bugreports u:object_r:rootfs:s0 +/charger u:object_r:rootfs:s0 /d u:object_r:rootfs:s0 /etc u:object_r:rootfs:s0 /sdcard u:object_r:rootfs:s0 @@ -189,11 +188,13 @@ /system/bin/ashmemd u:object_r:ashmemd_exec:s0 /system/bin/bcc u:object_r:rs_exec:s0 /system/bin/blank_screen u:object_r:blank_screen_exec:s0 +/system/bin/charger u:object_r:charger_exec:s0 /system/bin/e2fsdroid u:object_r:e2fs_exec:s0 /system/bin/mke2fs u:object_r:e2fs_exec:s0 /system/bin/e2fsck -- u:object_r:fsck_exec:s0 /system/bin/fsck\.exfat -- u:object_r:fsck_exec:s0 /system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0 +/system/bin/init u:object_r:init_exec:s0 /system/bin/mini-keyctl -- u:object_r:mini-keyctl_exec:s0 /system/bin/sload_f2fs -- u:object_r:e2fs_exec:s0 /system/bin/make_f2fs -- u:object_r:e2fs_exec:s0 diff --git a/private/init.te b/private/init.te index 5b1ebc8c3..374b20791 100644 --- a/private/init.te +++ b/private/init.te @@ -3,14 +3,16 @@ typeattribute init coredomain; tmpfs_domain(init) # Transitions to seclabel processes in init.rc -domain_trans(init, rootfs, charger) domain_trans(init, rootfs, healthd) domain_trans(init, rootfs, slideshow) +domain_auto_trans(init, charger_exec, charger) domain_auto_trans(init, e2fs_exec, e2fs) domain_auto_trans(init, bpfloader_exec, bpfloader) recovery_only(` + # Files in recovery image are labeled as rootfs. domain_trans(init, rootfs, adbd) + domain_trans(init, rootfs, charger) domain_trans(init, rootfs, fastbootd) domain_trans(init, rootfs, recovery) ') diff --git a/public/charger.te b/public/charger.te index 7145548a5..238b41373 100644 --- a/public/charger.te +++ b/public/charger.te @@ -1,6 +1,5 @@ -# charger seclabel is specified in init.rc since -# it lives in the rootfs and has no unique file type. type charger, domain; +type charger_exec, system_file_type, exec_type, file_type; # Write to /dev/kmsg allow charger kmsg_device:chr_file rw_file_perms;