diff --git a/Android.mk b/Android.mk index e7726f27..ccc9994e 100644 --- a/Android.mk +++ b/Android.mk @@ -130,6 +130,14 @@ $(EGL_SYMLINKS): $(LOCAL_INSTALLED_MODULE) ALL_DEFAULT_INSTALLED_MODULES += $(EGL_SYMLINKS) +METADATA_SYMLINK := $(TARGET_ROOT_OUT)/metadata +$(METADATA_SYMLINK): $(LOCAL_INSTALLED_MODULE) + @echo "Creating $@" + @mkdir -p $(TARGET_ROOT_OUT)/metadata + $(hide) ln -sf /data/vendor/metadata_apex $@/apex + +ALL_DEFAULT_INSTALLED_MODULES += $(METADATA_SYMLINK) + subdir_makefiles=$(call first-makefiles-under,$(LOCAL_PATH)) $(foreach mk,$(subdir_makefiles),$(info including $(mk) ...)$(eval include $(mk))) endif diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index 43a96592..fcc79f0f 100755 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -231,6 +231,10 @@ on post-fs-data # Create directory used by display clients mkdir /data/vendor/display 0770 system graphics + + # Create apex symlinked dirs + mkdir /data/vendor/metadata_apex 0755 root system + mkdir /data/vendor/metadata_apex/sessions 0700 root system # Change lm related dirs mkdir /data/vendor/lm 0700 root root diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts index e45924bd..f1789ff1 100644 --- a/sepolicy/private/file_contexts +++ b/sepolicy/private/file_contexts @@ -1,5 +1,9 @@ +# Apex Metadata +/data/vendor/metadata_apex(/.*)? u:object_r:apex_metadata_file:s0 +/data/vendor/metadata_apex/sessions(/.*)? u:object_r:apex_metadata_file:s0 + # Executables -/system/bin/chargeonlymode u:object_r:charger_exec:s0 +/system/bin/chargeonlymode u:object_r:charger_exec:s0 # OTA packages -/data/awaken_updates(/.*)? u:object_r:ota_package_file:s0 +/data/awaken_updates(/.*)? u:object_r:ota_package_file:s0 diff --git a/sepolicy/vendor/apexd.te b/sepolicy/vendor/apexd.te new file mode 100644 index 00000000..7e3fde6d --- /dev/null +++ b/sepolicy/vendor/apexd.te @@ -0,0 +1 @@ +allow apexd apex_metadata_file:lnk_file r_file_perms; diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 1166234e..c163c237 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -8,6 +8,7 @@ allow vendor_init { camera_data_file }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; +allow vendor_init apex_metadata_file:dir create_dir_perms; allow vendor_init fingerprint_data_file:dir {setattr create}; allow vendor_init media_rw_data_file:file { getattr relabelfrom }; allow vendor_init persist_debug_prop:file read;