Allow system app and update_engine to read OTA from /vendor
Introuducing vendor_boot_ota_file which will be used to allow reading OTAs from /vendor/boot_otas when BOARD_16K_OTA_MOVE_VENDOR := true is set. These OTAs will be read from settings app(system_app) and update engine. Test: m, m Settings && adb install -r $ANDROID_PRODUCT_OUT/system_ext/priv-app/Settings/Settings.apk Bug: 335022191 Change-Id: Ie42e0de12694ed74f9a98cd115f72d207f67c834
This commit is contained in:
parent
77a8ac9ab4
commit
b071882d76
7 changed files with 17 additions and 1 deletions
|
@ -539,6 +539,8 @@
|
||||||
/vendor/priv-app/test vendor_app_file
|
/vendor/priv-app/test vendor_app_file
|
||||||
/system/vendor/priv-app vendor_app_file
|
/system/vendor/priv-app vendor_app_file
|
||||||
/system/vendor/priv-app/test vendor_app_file
|
/system/vendor/priv-app/test vendor_app_file
|
||||||
|
/vendor/boot_otas/ vendor_boot_ota_file
|
||||||
|
/vendor/boot_otas/test vendor_boot_ota_file
|
||||||
/vendor/overlay vendor_overlay_file
|
/vendor/overlay vendor_overlay_file
|
||||||
/vendor/overlay/test vendor_overlay_file
|
/vendor/overlay/test vendor_overlay_file
|
||||||
/system/vendor/overlay vendor_overlay_file
|
/system/vendor/overlay vendor_overlay_file
|
||||||
|
|
|
@ -2682,7 +2682,7 @@
|
||||||
(typeattributeset vendor_configs_file_202404 (vendor_configs_file))
|
(typeattributeset vendor_configs_file_202404 (vendor_configs_file))
|
||||||
(typeattributeset vendor_data_file_202404 (vendor_data_file))
|
(typeattributeset vendor_data_file_202404 (vendor_data_file))
|
||||||
(typeattributeset vendor_default_prop_202404 (vendor_default_prop))
|
(typeattributeset vendor_default_prop_202404 (vendor_default_prop))
|
||||||
(typeattributeset vendor_file_202404 (vendor_file))
|
(typeattributeset vendor_file_202404 (vendor_file vendor_boot_ota_file))
|
||||||
(typeattributeset vendor_framework_file_202404 (vendor_framework_file))
|
(typeattributeset vendor_framework_file_202404 (vendor_framework_file))
|
||||||
(typeattributeset vendor_hal_file_202404 (vendor_hal_file))
|
(typeattributeset vendor_hal_file_202404 (vendor_hal_file))
|
||||||
(typeattributeset vendor_idc_file_202404 (vendor_idc_file))
|
(typeattributeset vendor_idc_file_202404 (vendor_idc_file))
|
||||||
|
|
|
@ -2036,6 +2036,7 @@ full_treble_only(`
|
||||||
-vendor_app_file
|
-vendor_app_file
|
||||||
-vendor_apex_file
|
-vendor_apex_file
|
||||||
-vendor_apex_metadata_file
|
-vendor_apex_metadata_file
|
||||||
|
-vendor_boot_ota_file
|
||||||
-vendor_configs_file
|
-vendor_configs_file
|
||||||
-vendor_microdroid_file
|
-vendor_microdroid_file
|
||||||
-vendor_service_contexts_file
|
-vendor_service_contexts_file
|
||||||
|
|
|
@ -437,6 +437,8 @@
|
||||||
|
|
||||||
/(vendor|system/vendor)/etc/aconfig(/.*)? u:object_r:vendor_aconfig_storage_file:s0
|
/(vendor|system/vendor)/etc/aconfig(/.*)? u:object_r:vendor_aconfig_storage_file:s0
|
||||||
|
|
||||||
|
/vendor/boot_otas(/.*)? u:object_r:vendor_boot_ota_file:s0
|
||||||
|
|
||||||
# HAL location
|
# HAL location
|
||||||
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
||||||
|
|
||||||
|
|
|
@ -196,3 +196,6 @@ neverallow system_app shell_data_file:file { open read ioctl lock };
|
||||||
neverallow { domain -init -system_app } adaptive_haptics_prop:property_service set;
|
neverallow { domain -init -system_app } adaptive_haptics_prop:property_service set;
|
||||||
# system_app should be the only domain writing the force l3 prop
|
# system_app should be the only domain writing the force l3 prop
|
||||||
neverallow { domain -init -system_app } drm_forcel3_prop:property_service set;
|
neverallow { domain -init -system_app } drm_forcel3_prop:property_service set;
|
||||||
|
|
||||||
|
allow system_app vendor_boot_ota_file:dir { r_dir_perms };
|
||||||
|
allow system_app vendor_boot_ota_file:file { r_file_perms };
|
||||||
|
|
|
@ -115,3 +115,6 @@ allow update_engine snapshotctl_log_data_file:file create_file_perms;
|
||||||
# Allow determining filesystems available on system.
|
# Allow determining filesystems available on system.
|
||||||
# Needed for checking if overlayfs is enabled
|
# Needed for checking if overlayfs is enabled
|
||||||
allow update_engine proc_filesystems:file r_file_perms;
|
allow update_engine proc_filesystems:file r_file_perms;
|
||||||
|
|
||||||
|
allow update_engine vendor_boot_ota_file:dir { r_dir_perms };
|
||||||
|
allow update_engine vendor_boot_ota_file:file { r_file_perms };
|
||||||
|
|
|
@ -280,6 +280,11 @@ type vendor_public_framework_file, vendor_file_type, file_type;
|
||||||
# Files having this type should be read-only.
|
# Files having this type should be read-only.
|
||||||
type vendor_microdroid_file, vendor_file_type, file_type;
|
type vendor_microdroid_file, vendor_file_type, file_type;
|
||||||
|
|
||||||
|
starting_at_board_api(202504, `
|
||||||
|
# boot otas for 16KB developer option
|
||||||
|
type vendor_boot_ota_file, vendor_file_type, file_type;
|
||||||
|
')
|
||||||
|
|
||||||
# Input configuration
|
# Input configuration
|
||||||
type vendor_keylayout_file, vendor_file_type, file_type;
|
type vendor_keylayout_file, vendor_file_type, file_type;
|
||||||
type vendor_keychars_file, vendor_file_type, file_type;
|
type vendor_keychars_file, vendor_file_type, file_type;
|
||||||
|
|
Loading…
Reference in a new issue