Support GKI updates
Adds proper file_contexts and domains for pre/postinstall hooks. Allow the pre/postinstall hooks to communicate with update_engine stable service. Bug: 161563386 Test: apply a GKI update Change-Id: I4437aab8e87ccbe55858150b95f67ec6e445ac1f
This commit is contained in:
parent
3e190653d7
commit
8ac37f025f
6 changed files with 37 additions and 0 deletions
|
@ -76,6 +76,13 @@ filegroup {
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
filegroup {
|
||||||
|
name: "com.android.gki-file_contexts",
|
||||||
|
srcs: [
|
||||||
|
"com.android.gki-file_contexts",
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
filegroup {
|
filegroup {
|
||||||
name: "com.android.ipsec-file_contexts",
|
name: "com.android.ipsec-file_contexts",
|
||||||
srcs: [
|
srcs: [
|
||||||
|
|
2
apex/com.android.gki-file_contexts
Normal file
2
apex/com.android.gki-file_contexts
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
(/.*)? u:object_r:system_file:s0
|
||||||
|
/bin/(.*)? u:object_r:gki_apex_prepostinstall_exec:s0
|
|
@ -134,6 +134,9 @@ userdebug_or_eng(`
|
||||||
domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall)
|
domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
# Allow transition to GKI update pre/post install domain
|
||||||
|
domain_auto_trans(apexd, gki_apex_prepostinstall_exec, gki_apex_prepostinstall)
|
||||||
|
|
||||||
# Allow apexd to be invoked with logwrapper from init during userspace reboot.
|
# Allow apexd to be invoked with logwrapper from init during userspace reboot.
|
||||||
allow apexd devpts:chr_file { read write };
|
allow apexd devpts:chr_file { read write };
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,8 @@
|
||||||
adbd_config_prop
|
adbd_config_prop
|
||||||
apex_info_file
|
apex_info_file
|
||||||
debugfs_kprobes
|
debugfs_kprobes
|
||||||
|
gki_apex_prepostinstall
|
||||||
|
gki_apex_prepostinstall_exec
|
||||||
gnss_device
|
gnss_device
|
||||||
keystore2_key_contexts_file
|
keystore2_key_contexts_file
|
||||||
mediatranscoding_tmpfs
|
mediatranscoding_tmpfs
|
||||||
|
|
20
private/gki_apex_prepostinstall.te
Normal file
20
private/gki_apex_prepostinstall.te
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# GKI pre- & post-install hooks.
|
||||||
|
#
|
||||||
|
# Allow to run pre- and post-install hooks for GKI APEXes
|
||||||
|
|
||||||
|
type gki_apex_prepostinstall, domain, coredomain;
|
||||||
|
type gki_apex_prepostinstall_exec, system_file_type, exec_type, file_type;
|
||||||
|
|
||||||
|
# Execute /system/bin/sh.
|
||||||
|
allow gki_apex_prepostinstall shell_exec:file rx_file_perms;
|
||||||
|
|
||||||
|
# Execute various toolsbox utilities.
|
||||||
|
allow gki_apex_prepostinstall toolbox_exec:file rx_file_perms;
|
||||||
|
|
||||||
|
# Allow preinstall.sh to execute update_engine_stable_client binary.
|
||||||
|
allow gki_apex_prepostinstall gki_apex_prepostinstall_exec:file execute_no_trans;
|
||||||
|
|
||||||
|
# Allow preinstall hook to communicate with update_engine to execute update.
|
||||||
|
binder_use(gki_apex_prepostinstall)
|
||||||
|
allow gki_apex_prepostinstall update_engine_stable_service:service_manager find;
|
||||||
|
binder_call(gki_apex_prepostinstall, update_engine)
|
|
@ -14,3 +14,6 @@ set_prop(update_engine, ota_prop)
|
||||||
|
|
||||||
# Allow to get the DSU status
|
# Allow to get the DSU status
|
||||||
get_prop(update_engine, gsid_prop)
|
get_prop(update_engine, gsid_prop)
|
||||||
|
|
||||||
|
# Allow update_engine to call the callback function provided by GKI update hook.
|
||||||
|
binder_call(update_engine, gki_apex_prepostinstall)
|
||||||
|
|
Loading…
Reference in a new issue