Commit graph

7 commits

Author SHA1 Message Date
Alex Light
a1cdf2e311 Use postinstall file_contexts
Previously we would mount OTA images with a 'context=...' mount
option. This meant that all selinux contexts were ignored in the ota
image, limiting the usefulness of selinux in this situation. To fix
this the mount has been changed to not overwrite the declared contexts
and the policies have been updated to accurately describe the actions
being performed by an OTA.

Bug: 181182967
Test: Manual OTA of blueline
Test: lunch wembley-userdebug; m droid
Ignore-AOSP-First: Requires changes to device/mediatek/wembley-sepolicy
                   to be applied simultaneously to avoid breaking
                   builds. Once merged this will be cherry-picked back
                   to AOSP to maintain state.
Change-Id: I5eb53625202479ea7e75c27273531257d041e69d
2021-03-25 00:01:25 +00:00
Jeff Vander Stoep
4c0259d5c7 Fix otapreopt_chroot
A number of things have changed, such as how the linkerconfig is
managed. Update permissions to reflect the changes.

Bug: 181182967
Test: Manual OTA of cuttlefish
Change-Id: I32207eb7c5653969e5cef4830e18f8c8fb330026
2021-03-05 14:50:29 -08:00
Jooyung Han
86f2284fcd Allow linkerconfig to read apex-info-file.xml
Linkerconfig reads apex-info-list.xml to distinguish vendor apexes.

Bug: 159576928
Test: build & device boots
Change-Id: I1b791f9c03bbdfa5258eea5e7cb0896168beb114
2020-07-30 01:11:15 +09:00
Kiyoung Kim
b55d444c40 Update linkerconfig to generate APEX binary config
Linkerconfig should generate multiple linker configurations for APEX
with binaries. To meet this requirement, linkerconfig should be able to
create sub-directories per APEX module with binary, and also
linkerconfig should be able to scan APEX directories.

Bug: 147987608
Test: m -j passed && No sepolicy error from cuttlefish
Change-Id: I804a8e6121f647dfb1778c564649a33e4547a24a
2020-01-20 13:40:08 +09:00
Kiyoung Kim
6f73396d4c Allow linkerconfig to be executed with logwrap
As part of extending linkerconfig execution based on mount namespace and
APEX status, linkerconfig will be executed from init with logwrap. To
support this there should be an extra sepolicy to allow linkerconfig to
be executed with logwrap.

Bug: 144664390
Test: m -j passed & cuttlefish booted
Change-Id: Ia8b970a1c396a769eff4b102afbf4d33802923cf
2019-12-18 13:30:28 +09:00
Kiyoung Kim
2d5f2e242d Enable Kernel log from linkerconfig
LinkerConfig generator runs from early init, so if there is any warning
/ error then logs can be only found from kernel log. To enable kernel
logging from linkerconfig, specific policy should be added.

Test: m -j && Tested from Cuttlefish
Change-Id: I6c49d7693e0334ae8550891b72bcb04e37c16d89
2019-07-23 13:42:55 +09:00
Kiyoung Kim
affa6f323c Add linker config generator and output file to sepolicy
Sepolicy for linkerconfig generator and ld.config.txt file from
generator

Bug: 135004088
Test: m -j & tested from device
Change-Id: I2ea7653a33996dde67a84a2e7a0efa660886434a
2019-07-12 12:32:19 +09:00