ecc7e8cacb
With the CLs in the same topic, it's being built as a dynamically linked executable. And this applies to normal boot (including charger mode) and recovery mode both. /system/bin/charger under normal boot will be labeled as charger_exec, which has the attribute of system_file_type. The file in recovery image will still be labeled as rootfs. So we keep the domain_trans rule for rootfs file, but allowing for recovery mode only. Bug: 73660730 Test: Boot into charger mode on taimen. Check that charger UI works. Test: Boot into recovery mode. Check that charger process works. Change-Id: I062d81c346578cdfce1cc2dce18c829387a1fdbc
34 lines
1.1 KiB
Text
34 lines
1.1 KiB
Text
typeattribute init coredomain;
|
|
|
|
tmpfs_domain(init)
|
|
|
|
# Transitions to seclabel processes in init.rc
|
|
domain_trans(init, rootfs, healthd)
|
|
domain_trans(init, rootfs, slideshow)
|
|
domain_auto_trans(init, charger_exec, charger)
|
|
domain_auto_trans(init, e2fs_exec, e2fs)
|
|
domain_auto_trans(init, bpfloader_exec, bpfloader)
|
|
|
|
recovery_only(`
|
|
# Files in recovery image are labeled as rootfs.
|
|
domain_trans(init, rootfs, adbd)
|
|
domain_trans(init, rootfs, charger)
|
|
domain_trans(init, rootfs, fastbootd)
|
|
domain_trans(init, rootfs, recovery)
|
|
')
|
|
domain_trans(init, shell_exec, shell)
|
|
domain_trans(init, init_exec, ueventd)
|
|
domain_trans(init, init_exec, vendor_init)
|
|
domain_trans(init, { rootfs toolbox_exec }, modprobe)
|
|
userdebug_or_eng(`
|
|
# case where logpersistd is actually logcat -f in logd context (nee: logcatd)
|
|
domain_auto_trans(init, logcat_exec, logpersist)
|
|
|
|
# allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng
|
|
allow init su:process transition;
|
|
dontaudit init su:process noatsecure;
|
|
allow init su:process { siginh rlimitinh };
|
|
')
|
|
|
|
# Allow the BoringSSL self test to request a reboot upon failure
|
|
set_prop(init, powerctl_prop)
|