From 851d88070eeeac5e5e3adb8ef352ddc06e35c477 Mon Sep 17 00:00:00 2001 From: Chenyang Zhong Date: Tue, 9 Feb 2021 11:04:23 +0600 Subject: [PATCH] sdm660-common: create and symlink a dummy /metadata/apex Google moved apex sessions directory from /data/apex/sessions to /metadata/apex/sessions after commit: "Move apex sessions directory to /metadata" https://android.googlesource.com/platform/system/apex/+/36cf4bbac6108898a531aacc102dcc489d791b37 Devices with a mounted metadata partition will have the needed directories set up by system/core/rootdir/init.rc. Xiaomi devices on sm6125 do not have a metadata partition out of the box, so things like "Google Play system update" will fail to install the update. Therefore, create a dummy directory under /data/vendor/metadata_apex and symlink it to /metadata/apex. The reason why the old /data/apex/sessions directory is not used for the symlink is that apexd will call migrateSessionsDirIfNeeded() to recursively copy things from the old directory to the new one. Creating the symlink from /data/apex/sessions may result in unintended behaviors. Signed-off-by: OdSazib --- Android.mk | 8 ++++++++ rootdir/etc/init.qcom.rc | 4 ++++ sepolicy/private/file_contexts | 8 ++++++-- sepolicy/vendor/apexd.te | 1 + sepolicy/vendor/vendor_init.te | 1 + 5 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 sepolicy/vendor/apexd.te diff --git a/Android.mk b/Android.mk index e7726f27..ccc9994e 100644 --- a/Android.mk +++ b/Android.mk @@ -130,6 +130,14 @@ $(EGL_SYMLINKS): $(LOCAL_INSTALLED_MODULE) ALL_DEFAULT_INSTALLED_MODULES += $(EGL_SYMLINKS) +METADATA_SYMLINK := $(TARGET_ROOT_OUT)/metadata +$(METADATA_SYMLINK): $(LOCAL_INSTALLED_MODULE) + @echo "Creating $@" + @mkdir -p $(TARGET_ROOT_OUT)/metadata + $(hide) ln -sf /data/vendor/metadata_apex $@/apex + +ALL_DEFAULT_INSTALLED_MODULES += $(METADATA_SYMLINK) + subdir_makefiles=$(call first-makefiles-under,$(LOCAL_PATH)) $(foreach mk,$(subdir_makefiles),$(info including $(mk) ...)$(eval include $(mk))) endif diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index 43a96592..fcc79f0f 100755 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -231,6 +231,10 @@ on post-fs-data # Create directory used by display clients mkdir /data/vendor/display 0770 system graphics + + # Create apex symlinked dirs + mkdir /data/vendor/metadata_apex 0755 root system + mkdir /data/vendor/metadata_apex/sessions 0700 root system # Change lm related dirs mkdir /data/vendor/lm 0700 root root diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts index e45924bd..f1789ff1 100644 --- a/sepolicy/private/file_contexts +++ b/sepolicy/private/file_contexts @@ -1,5 +1,9 @@ +# Apex Metadata +/data/vendor/metadata_apex(/.*)? u:object_r:apex_metadata_file:s0 +/data/vendor/metadata_apex/sessions(/.*)? u:object_r:apex_metadata_file:s0 + # Executables -/system/bin/chargeonlymode u:object_r:charger_exec:s0 +/system/bin/chargeonlymode u:object_r:charger_exec:s0 # OTA packages -/data/awaken_updates(/.*)? u:object_r:ota_package_file:s0 +/data/awaken_updates(/.*)? u:object_r:ota_package_file:s0 diff --git a/sepolicy/vendor/apexd.te b/sepolicy/vendor/apexd.te new file mode 100644 index 00000000..7e3fde6d --- /dev/null +++ b/sepolicy/vendor/apexd.te @@ -0,0 +1 @@ +allow apexd apex_metadata_file:lnk_file r_file_perms; diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 1166234e..c163c237 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -8,6 +8,7 @@ allow vendor_init { camera_data_file }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; +allow vendor_init apex_metadata_file:dir create_dir_perms; allow vendor_init fingerprint_data_file:dir {setattr create}; allow vendor_init media_rw_data_file:file { getattr relabelfrom }; allow vendor_init persist_debug_prop:file read;