Add copy from /persist/elabel to /data/misc/elabel

Bug: 62837579 Test: place test files in /persist/elabel, check that they are copied to /data/misc/elabel on boot Change-Id: Id29e7c7c01ed54bf4d2f488cfa6dba51046bc5bf Merged-In: Id29e7c7c01ed54bf4d2f488cfa6dba51046bc5bf
2026-01-27 17:09:46 +00:00 · 2017-07-05 14:42:11 -07:00
parent 0e1346c32c
commit 4402ccfb27
10 changed files with 52 additions and 2 deletions
--- a/device.mk
+++ b/device.mk
@@ -59,6 +59,7 @@ PRODUCT_COPY_FILES += \
    $(LOCAL_PATH)/init.hardware.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.$(PRODUCT_HARDWARE).rc \
    $(LOCAL_PATH)/init.hardware.usb.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.wahoo.usb.rc \
    $(LOCAL_PATH)/ueventd.hardware.rc:$(TARGET_COPY_OUT_VENDOR)/ueventd.rc \
+    $(LOCAL_PATH)/init.elabel.sh:$(TARGET_COPY_OUT_SYSTEM)/bin/init.elabel.sh \
    $(LOCAL_PATH)/init.power.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.power.sh \
    $(LOCAL_PATH)/init.radio.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.radio.sh \
    $(LOCAL_PATH)/uinput-fpc.kl:system/usr/keylayout/uinput-fpc.kl \
--- a/init.elabel.sh
+++ b/init.elabel.sh
@@ -0,0 +1,10 @@
+#! /system/bin/sh
+
+if [ -d /persist/elabel ]; then
+    if [ ! -f /data/misc/elabel/elabels_copied ]; then
+        cp /persist/elabel/* /data/misc/elabel/
+        echo 1 > /data/misc/elabel/elabels_copied
+        chown system.system /data/misc/elabel/*
+        chmod 400 /data/misc/elabel/*
+    fi
+fi
--- a/init.hardware.rc
+++ b/init.hardware.rc
@@ -158,6 +158,7 @@ on fs
    mkdir /persist/display 0770 system graphics
    mkdir /persist/rfs 0770 root system
    mkdir /persist/hlos_rfs 0770 root system
+    mkdir /persist/elabel 0700 system system
    chmod 0770 /persist/rfs
    chmod 0770 /persist/rfs/shared
    chmod 0770 /persist/rfs/msm
@@ -351,6 +352,10 @@ on zygote-start
    mkdir /data/nfc/param 0770 nfc nfc
    mkdir /data/vendor/nfc 0770 nfc nfc

+    # b/62837579 elabel directory
+    mkdir /data/misc/elabel 0700 system system
+
+
 on early-boot
    # wait for devices
    wait_for_prop sys.qcom.devup 1
@@ -429,6 +434,12 @@ on boot
    # default country code
    setprop ro.boot.wificountrycode 00

+service init-elabel-sh /system/bin/init.elabel.sh
+    class late_start
+    user system
+    group system
+    oneshot
+
 service init-radio-sh /vendor/bin/init.radio.sh
    class late_start
    user radio
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -2,3 +2,5 @@
 /system/bin/mke2fs		u:object_r:e2fs_exec:s0
 /sys/fs/ext4/features(/.*)?    u:object_r:sysfs_fs_ext4_features:s0
 /system/bin/folio_daemon        u:object_r:folio_daemon_exec:s0
+/data/misc/elabel(/.*)?         u:object_r:elabel_data_file:s0
+/system/bin/init\.elabel\.sh    u:object_r:init_elabel_exec:s0
--- a/sepolicy/private/init_elabel.te
+++ b/sepolicy/private/init_elabel.te
@@ -0,0 +1,12 @@
+# /system/bin/init.elabel.sh
+#
+# write data from /persist/elabel to /data/misc/elabel for use by
+# settings app
+#
+init_daemon_domain(init_elabel)
+
+allow init_elabel shell_exec:file rx_file_perms;
+allow init_elabel toolbox_exec:file rx_file_perms;
+
+allow init_elabel elabel_data_file:dir rw_dir_perms;
+allow init_elabel elabel_data_file:file create_file_perms;
--- a/sepolicy/public/file.te
+++ b/sepolicy/public/file.te
@@ -0,0 +1 @@
+type elabel_data_file, file_type, data_file_type;
--- a/sepolicy/public/init_elabel.te
+++ b/sepolicy/public/init_elabel.te
@@ -0,0 +1,7 @@
+# /system/bin/init.elabel.sh
+#
+# write data from /persist/elabel to /data/misc/elabel for use by
+# settings app
+#
+type init_elabel, domain, coredomain;
+type init_elabel_exec, exec_type, file_type;
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -42,7 +42,6 @@ type hal_bootctl_socket, file_type;

 type firmware_file, fs_type, contextmount_type;

-type elabel_data_file, file_type, data_file_type;
 type location_data_file, file_type, data_file_type;

 type persist_file, file_type;
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -240,7 +240,6 @@
 /data/vendor/ese(/.*)?                 u:object_r:ese_vendor_data_file:s0
 /data/vendor/ipa(/.*)?                 u:object_r:ipa_vendor_data_file:s0
 /data/vendor/sensors(/.*)?             u:object_r:sensors_vendor_data_file:s0
-/data/misc/elabel(/.*)?                u:object_r:elabel_data_file:s0

 # /
 /tombstones             u:object_r:rootfs:s0
--- a/sepolicy/vendor/init_elabel.te
+++ b/sepolicy/vendor/init_elabel.te
@@ -0,0 +1,8 @@
+# /system/bin/init.elabel.sh
+#
+# write data from /persist/elabel to /data/misc/elabel for use by
+# settings app
+#
+allow init_elabel persist_file:dir {search getattr};
+allow init_elabel persist_elabel_file:dir r_dir_perms;
+allow init_elabel persist_elabel_file:file r_file_perms;
				`@@ -0,0 +1 @@`
				`type elabel_data_file, file_type, data_file_type;`