Move /sbin/charger to /system/bin/charger.

With the CLs in the same topic, it's being built as a dynamically linked executable. And this applies to normal boot (including charger mode) and recovery mode both. /system/bin/charger under normal boot will be labeled as charger_exec, which has the attribute of system_file_type. The file in recovery image will still be labeled as rootfs. So we keep the domain_trans rule for rootfs file, but allowing for recovery mode only. Bug: 73660730 Test: Boot into charger mode on taimen. Check that charger UI works. Test: Boot into recovery mode. Check that charger process works. Change-Id: I062d81c346578cdfce1cc2dce18c829387a1fdbc
2018-09-07 15:05:33 -07:00 · 2018-09-07 15:05:33 -07:00 · ecc7e8cacb
commit ecc7e8cacb
parent 64b812c27e
6 changed files with 10 additions and 5 deletions
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -31,6 +31,7 @@
    bpfloader_exec
    broadcastradio_service
    cgroup_bpf
+    charger_exec
    color_display_service
    content_capture_service
    crossprofileapps_service
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@ -29,6 +29,7 @@
    bpfloader
    bpfloader_exec
    cgroup_bpf
+    charger_exec
    color_display_service
    content_capture_service
    crossprofileapps_service
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@ -28,6 +28,7 @@
    bugreport_service
    cgroup_desc_file
    cgroup_rc_file
+    charger_exec
    content_capture_service
    content_suggestions_service
    cpu_variant_prop
--- a/private/file_contexts
+++ b/private/file_contexts
@ -14,9 +14,7 @@
 /verity_key         u:object_r:rootfs:s0

 # Executables
-/charger            u:object_r:rootfs:s0
 /init               u:object_r:init_exec:s0
-/system/bin/init    u:object_r:init_exec:s0
 /sbin(/.*)?         u:object_r:rootfs:s0

 # For kernel modules
@ -36,6 +34,7 @@
 # Symlinks
 /bin                u:object_r:rootfs:s0
 /bugreports         u:object_r:rootfs:s0
+/charger            u:object_r:rootfs:s0
 /d                  u:object_r:rootfs:s0
 /etc                u:object_r:rootfs:s0
 /sdcard             u:object_r:rootfs:s0
@ -189,11 +188,13 @@
 /system/bin/ashmemd	u:object_r:ashmemd_exec:s0
 /system/bin/bcc                 u:object_r:rs_exec:s0
 /system/bin/blank_screen	u:object_r:blank_screen_exec:s0
+/system/bin/charger		u:object_r:charger_exec:s0
 /system/bin/e2fsdroid		u:object_r:e2fs_exec:s0
 /system/bin/mke2fs		u:object_r:e2fs_exec:s0
 /system/bin/e2fsck	--	u:object_r:fsck_exec:s0
 /system/bin/fsck\.exfat	--	u:object_r:fsck_exec:s0
 /system/bin/fsck\.f2fs	--	u:object_r:fsck_exec:s0
+/system/bin/init		u:object_r:init_exec:s0
 /system/bin/mini-keyctl	--	u:object_r:mini-keyctl_exec:s0
 /system/bin/sload_f2fs	--	u:object_r:e2fs_exec:s0
 /system/bin/make_f2fs	--	u:object_r:e2fs_exec:s0
--- a/private/init.te
+++ b/private/init.te
@ -3,14 +3,16 @@ typeattribute init coredomain;
 tmpfs_domain(init)

 # Transitions to seclabel processes in init.rc
-domain_trans(init, rootfs, charger)
 domain_trans(init, rootfs, healthd)
 domain_trans(init, rootfs, slideshow)
+domain_auto_trans(init, charger_exec, charger)
 domain_auto_trans(init, e2fs_exec, e2fs)
 domain_auto_trans(init, bpfloader_exec, bpfloader)

 recovery_only(`
+  # Files in recovery image are labeled as rootfs.
  domain_trans(init, rootfs, adbd)
+  domain_trans(init, rootfs, charger)
  domain_trans(init, rootfs, fastbootd)
  domain_trans(init, rootfs, recovery)
 ')
--- a/public/charger.te
+++ b/public/charger.te
@ -1,6 +1,5 @@
-# charger seclabel is specified in init.rc since
-# it lives in the rootfs and has no unique file type.
 type charger, domain;
+type charger_exec, system_file_type, exec_type, file_type;

 # Write to /dev/kmsg
 allow charger kmsg_device:chr_file rw_file_perms;