From a4afb280abf6858ce1a8558eb064bde30aee02c0 Mon Sep 17 00:00:00 2001 From: Bruno Martins Date: Mon, 8 Oct 2018 01:25:18 +0200 Subject: [PATCH] universal7580: Create root folders outside of vendor init script * The core SELinux policies for vendor_init are being restricted as to comply with Treble. Simply adding a local rule to allow creating folders under rootfs would be enough, but at the same time defining the extra root folders and making use of AID/fs configuration file to set perms is more neat and clean. * Furthermore, with System As Root / is a read-only filesystem so we can't create our mountpoints from init script anymore Change-Id: Idabd7ae72e4c4fd9daac5ba3be3e6236f79f251b --- BoardConfigCommon.mk | 2 ++ config.fs | 5 +++++ ramdisk/etc/fstab.samsungexynos7580 | 1 + ramdisk/etc/init.baseband.rc | 9 --------- ramdisk/etc/init.samsungexynos7580.rc | 15 --------------- sepolicy/file_contexts | 1 + 6 files changed, 9 insertions(+), 24 deletions(-) create mode 100644 config.fs diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 60c1d05..23f225a 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -59,6 +59,8 @@ BOARD_KERNEL_IMAGE_NAME := Image #BOARD_KERNEL_CMDLINE := The bootloader ignores the cmdline from the boot.img BOARD_KERNEL_SEPARATED_DT := true TARGET_CUSTOM_DTBTOOL := dtbhtoolExynos +BOARD_ROOT_EXTRA_FOLDERS += efs cpefs +TARGET_FS_CONFIG_GEN := $(LOCAL_PATH)/config.fs # Kernel TARGET_KERNEL_ARCH := arm64 diff --git a/config.fs b/config.fs new file mode 100644 index 0000000..403da02 --- /dev/null +++ b/config.fs @@ -0,0 +1,5 @@ +[cpefs/] +mode: 0771 +user: AID_SYSTEM +group: AID_RADIO +caps: 0 diff --git a/ramdisk/etc/fstab.samsungexynos7580 b/ramdisk/etc/fstab.samsungexynos7580 index 51ebcfc..685ac82 100644 --- a/ramdisk/etc/fstab.samsungexynos7580 +++ b/ramdisk/etc/fstab.samsungexynos7580 @@ -8,6 +8,7 @@ /dev/block/platform/13540000.dwmmc0/by-name/BOOT /boot emmc defaults defaults /dev/block/platform/13540000.dwmmc0/by-name/OTA /misc emmc defaults defaults /dev/block/platform/13540000.dwmmc0/by-name/RECOVERY /recovery emmc defaults defaults +/dev/block/platform/13540000.dwmmc0/by-name/CPEFS /cpefs ext4 noatime,nosuid,nodev,noauto_da_alloc,discard,journal_async_commit,errors=panic wait,check /dev/block/platform/13540000.dwmmc0/by-name/EFS /efs ext4 nosuid,nodev,noatime,noauto_da_alloc,discard,journal_async_commit,errors=panic wait,check /dev/block/platform/13540000.dwmmc0/by-name/CACHE /cache f2fs rw,nosuid,nodev,noatime,nodiratime,inline_xattr wait,check /dev/block/platform/13540000.dwmmc0/by-name/CACHE /cache ext4 nosuid,nodev,noatime,noauto_da_alloc,discard,journal_async_commit,errors=panic wait,check diff --git a/ramdisk/etc/init.baseband.rc b/ramdisk/etc/init.baseband.rc index 1aa1f09..6e008e5 100644 --- a/ramdisk/etc/init.baseband.rc +++ b/ramdisk/etc/init.baseband.rc @@ -1,5 +1,4 @@ on init - mkdir /efs 0771 radio system symlink /dev/block/platform/13540000.dwmmc0/by-name/RADIO /dev/mbin0 restorecon /dev/mbin0 write /sys/class/net/rmnet0/queues/rx-0/rps_cpus 6 @@ -34,14 +33,6 @@ on fs chmod 0660 /sys/devices/virtual/misc/umts_dm0/dm_state chown radio system /sys/devices/virtual/misc/umts_dm0/dm_state -#For cpefs partition - mkdir /cpefs 0771 radio system - wait /dev/block/platform/13540000.dwmmc0/by-name/CPEFS - exec /system/bin/e2fsck -p /dev/block/platform/13540000.dwmmc0/by-name/CPEFS - mount ext4 /dev/block/platform/13540000.dwmmc0/by-name/CPEFS /cpefs noatime nosuid nodev barrier=1 - chown radio system /cpefs - chmod 0771 /cpefs - # Parse hardware revision (needs to happen before cbd starts) service modemloader /system/bin/modemloader class core diff --git a/ramdisk/etc/init.samsungexynos7580.rc b/ramdisk/etc/init.samsungexynos7580.rc index 6106216..4a50901 100644 --- a/ramdisk/etc/init.samsungexynos7580.rc +++ b/ramdisk/etc/init.samsungexynos7580.rc @@ -9,8 +9,6 @@ on early-init mount debugfs /sys/kernel/debug /sys/kernel/debug mode=755 on init - mkdir /preload 0771 system system - # RIL <-> audioserver comm chmod 0644 /proc/cmdline @@ -274,19 +272,6 @@ on fs chmod 0660 /sys/class/mdnie/mdnie/lux chown system system /sys/class/mdnie/mdnie/lux -#For Absolute Persistence Partition - mkdir /persdata 0755 system system - mkdir /persdata/absolute 0750 system system - - wait /dev/block/platform/13540000.dwmmc0/by-name/PERSDATA - exec /system/bin/e2fsck -p /dev/block/platform/13540000.dwmmc0/by-name/PERSDATA - mount ext4 /dev/block/platform/13540000.dwmmc0/by-name/PERSDATA /persdata/absolute nosuid nodev barrier=1 - - chown system system /persdata - chmod 0755 /persdata - chown system system /persdata/absolute - chmod 0750 /persdata/absolute - # Permissions for TouchScreen chown system radio /sys/class/sec/tsp/cmd chown system system /sys/class/sec/tsp/input/enabled diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 4009c04..d18ec30 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -81,6 +81,7 @@ /efs/prov_data(/.*)? u:object_r:prov_efs_file:s0 /efs/wifi(/.*)? u:object_r:wifi_efs_file:s0 /efs/wv\.keys u:object_r:cpk_efs_file:s0 +/cpefs(/.*)? u:object_r:sec_efs_file:s0 #################################### # data files -- 2.20.1