From c145e57b0f1d2f3553549a2a73b42ec1e8030f02 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Wed, 21 Jun 2017 09:43:32 -0700 Subject: [PATCH] sdm660: Move folio_daemon to system in sepolicy Remove Treble violations. Bug: 36867326 Bug: 62387246 Test: loaded on taimen, checked dmesg, and tested daemon with magnet Change-Id: I4662b41206b94cae6ac9843b5dc7e1452003c63c --- folio_daemon/Android.mk | 1 - rootdir/etc/init.target.rc | 6 +++--- sepolicy/private/file_contexts | 1 + sepolicy/{vendor => private}/folio_daemon.te | 8 ++------ sepolicy/private/system_server.te | 1 + sepolicy/vendor/file_contexts | 3 --- sepolicy/vendor/system_server.te | 1 - 7 files changed, 7 insertions(+), 14 deletions(-) create mode 100644 sepolicy/private/file_contexts rename sepolicy/{vendor => private}/folio_daemon.te (55%) create mode 100644 sepolicy/private/system_server.te diff --git a/folio_daemon/Android.mk b/folio_daemon/Android.mk index 7318789f..d2787c06 100755 --- a/folio_daemon/Android.mk +++ b/folio_daemon/Android.mk @@ -18,6 +18,5 @@ LOCAL_CFLAGS += -Wall -Werror LOCAL_MODULE := folio_daemon LOCAL_MODULE_TAGS := optional LOCAL_MODULE_OWNER := google -LOCAL_PROPRIETARY_MODULE := true include $(BUILD_EXECUTABLE) diff --git a/rootdir/etc/init.target.rc b/rootdir/etc/init.target.rc index 5ad2d7ce..3e622a79 100755 --- a/rootdir/etc/init.target.rc +++ b/rootdir/etc/init.target.rc @@ -152,17 +152,17 @@ on boot chmod 660 /sys/devices/platform/kcal_ctrl.0/kcal_min chmod 660 /sys/devices/platform/kcal_ctrl.0/kcal -service vendor.folio_daemon /vendor/bin/folio_daemon +service folio_daemon /system/bin/folio_daemon class late_start user system group system uhid disabled on property:init.svc.zygote=running - start vendor.folio_daemon + start folio_daemon on property:init.svc.zygote=stopped - stop vendor.folio_daemon + stop folio_daemon #Peripheral manager service vendor.per_mgr /system/vendor/bin/pm-service diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts new file mode 100644 index 00000000..f52868dc --- /dev/null +++ b/sepolicy/private/file_contexts @@ -0,0 +1 @@ +/system/bin/folio_daemon u:object_r:folio_daemon_exec:s0 diff --git a/sepolicy/vendor/folio_daemon.te b/sepolicy/private/folio_daemon.te similarity index 55% rename from sepolicy/vendor/folio_daemon.te rename to sepolicy/private/folio_daemon.te index 6bd6946b..0c4d2d3e 100644 --- a/sepolicy/vendor/folio_daemon.te +++ b/sepolicy/private/folio_daemon.te @@ -1,15 +1,11 @@ +type folio_daemon, domain, coredomain; +type folio_daemon_exec, exec_type, file_type; -type folio_daemon, domain; -type folio_daemon_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(folio_daemon) allow folio_daemon binder_device:chr_file rw_file_perms; allow folio_daemon uhid_device:chr_file rw_file_perms; -# TODO(b/35870313): Remove this attribute when the corresponding bug is fixed and the treble -# violations are handled -typeattribute folio_daemon binder_in_vendor_violators; -typeattribute folio_daemon socket_between_core_and_vendor_violators; allow folio_daemon system_server:unix_stream_socket rw_socket_perms_no_ioctl; binder_use(folio_daemon) diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te new file mode 100644 index 00000000..389fee02 --- /dev/null +++ b/sepolicy/private/system_server.te @@ -0,0 +1 @@ +binder_call(system_server, folio_daemon) diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index cb3548ed..cb1a0477 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -22,9 +22,6 @@ /firmware u:object_r:firmware_file:s0 /bt_firmware u:object_r:bt_firmware_file:s0 -# Folio daemon -/vendor/bin/folio_daemon u:object_r:folio_daemon_exec:s0 - # HVDCP /sys/devices(/platform)?/soc/[a-z0-9]+\.i2c/i2c-[0-9]+/[0-9]+-[a-z0-9]+/[a-z0-9]+\.i2c:qcom,[a-z0-9]+@[a-z0-9]:qcom,smb[a-z0-9]+-parallel-slave@[0-9]+/power_supply/parallel(/.*)? u:object_r:sysfs_usb_supply:s0 diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te index b9bcc273..1425346a 100644 --- a/sepolicy/vendor/system_server.te +++ b/sepolicy/vendor/system_server.te @@ -6,4 +6,3 @@ allow system_server vendor_camera_prop:file { getattr open read }; allow system_server vendor_default_prop:file { getattr open read }; allow system_server thermal_service:service_manager find; allow system_server sysfs_battery_supply:file { getattr open read write }; -binder_call(system_server, folio_daemon)