From 4a2b3affdafb5d7f05b03ac61335c1dd77aa7feb Mon Sep 17 00:00:00 2001 From: Sandeep Patil Date: Mon, 19 Jun 2017 11:18:51 -0700 Subject: [PATCH] wahoo: Make vendor script use vendor shell and vendor toybox This also enables us to remove the vendor_executes_system_violator attribute from all the vendor scripts launched from init. Bug: 37914554 Test: Build and boot and ensure all services exited with status 0. Change-Id: If692b17b45f91ff128608c3f6e9524847c1af69f Signed-off-by: Sandeep Patil --- init.insmod.sh | 2 +- init.power.sh | 2 +- init.qcom.devstart.sh | 2 +- init.qcom.ipastart.sh | 2 +- init.radio.sh | 2 +- sepolicy/vendor/init-devstart-sh.te | 8 +++----- sepolicy/vendor/init-insmod-sh.te | 8 +++----- sepolicy/vendor/init-ipastart-sh.te | 5 +++-- sepolicy/vendor/init_power.te | 6 +++--- sepolicy/vendor/init_radio.te | 6 +++--- 10 files changed, 20 insertions(+), 23 deletions(-) diff --git a/init.insmod.sh b/init.insmod.sh index c697986a..d98037cf 100755 --- a/init.insmod.sh +++ b/init.insmod.sh @@ -1,4 +1,4 @@ -#!/system/bin/sh +#! /vendor/bin/sh ######################################### ### init.insmod.cfg format: ### diff --git a/init.power.sh b/init.power.sh index 805e1730..2b66c67f 100644 --- a/init.power.sh +++ b/init.power.sh @@ -1,4 +1,4 @@ -#!/system/bin/sh +#! /vendor/bin/sh ################################################################################ # helper functions to allow Android init like script diff --git a/init.qcom.devstart.sh b/init.qcom.devstart.sh index bdab56bd..55ff50a6 100644 --- a/init.qcom.devstart.sh +++ b/init.qcom.devstart.sh @@ -1,4 +1,4 @@ -#!/system/bin/sh +#! /vendor/bin/sh echo 1 > /sys/kernel/boot_adsp/boot echo 1 > /sys/kernel/boot_slpi/boot diff --git a/init.qcom.ipastart.sh b/init.qcom.ipastart.sh index 7b1ca3f0..48b96d09 100644 --- a/init.qcom.ipastart.sh +++ b/init.qcom.ipastart.sh @@ -1,3 +1,3 @@ -#!/system/bin/sh +#! /vendor/bin/sh echo 1 > /dev/ipa diff --git a/init.radio.sh b/init.radio.sh index cbfa6a1a..e8e38ac5 100644 --- a/init.radio.sh +++ b/init.radio.sh @@ -1,4 +1,4 @@ -#!/system/bin/sh +#! /vendor/bin/sh # # Copy qcril.db if needed for RIL diff --git a/sepolicy/vendor/init-devstart-sh.te b/sepolicy/vendor/init-devstart-sh.te index 69921226..9929cf66 100644 --- a/sepolicy/vendor/init-devstart-sh.te +++ b/sepolicy/vendor/init-devstart-sh.te @@ -1,12 +1,10 @@ -type init-qcom-devstart-sh, domain, vendor_executes_system_violators; +type init-qcom-devstart-sh, domain; type init-qcom-devstart-sh_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(init-qcom-devstart-sh) -allow init-qcom-devstart-sh shell_exec:file rx_file_perms; - -# execute toybox/toolbox -allow init-qcom-devstart-sh toolbox_exec:file rx_file_perms; +allow init-qcom-devstart-sh vendor_shell_exec:file rx_file_perms; +allow init-qcom-devstart-sh vendor_toolbox_exec:file rx_file_perms; # Set the sys.qcom.devup property set_prop(init-qcom-devstart-sh, system_prop) diff --git a/sepolicy/vendor/init-insmod-sh.te b/sepolicy/vendor/init-insmod-sh.te index 89e5923c..024984a5 100644 --- a/sepolicy/vendor/init-insmod-sh.te +++ b/sepolicy/vendor/init-insmod-sh.te @@ -1,12 +1,10 @@ -type init-insmod-sh, domain, vendor_executes_system_violators; +type init-insmod-sh, domain; type init-insmod-sh_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(init-insmod-sh) -allow init-insmod-sh shell_exec:file rx_file_perms; - -# execute toybox/toolbox -allow init-insmod-sh toolbox_exec:file rx_file_perms; +allow init-insmod-sh vendor_shell_exec:file rx_file_perms; +allow init-insmod-sh vendor_toolbox_exec:file rx_file_perms; # Set the sys.touch.modules.ready property set_prop(init-insmod-sh, system_prop) diff --git a/sepolicy/vendor/init-ipastart-sh.te b/sepolicy/vendor/init-ipastart-sh.te index cf509871..d2e1754c 100644 --- a/sepolicy/vendor/init-ipastart-sh.te +++ b/sepolicy/vendor/init-ipastart-sh.te @@ -1,9 +1,10 @@ -type init-qcom-ipastart-sh, domain, vendor_executes_system_violators; +type init-qcom-ipastart-sh, domain; type init-qcom-ipastart-sh_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(init-qcom-ipastart-sh) -allow init-qcom-ipastart-sh shell_exec:file rx_file_perms; +allow init-qcom-ipastart-sh vendor_shell_exec:file rx_file_perms; +allow init-qcom-ipastart-sh vendor_toolbox_exec:file rx_file_perms; # Set /dev/ipa to 1 allow init-qcom-ipastart-sh ipa_dev:chr_file w_file_perms; diff --git a/sepolicy/vendor/init_power.te b/sepolicy/vendor/init_power.te index 131f070b..cd4c4281 100644 --- a/sepolicy/vendor/init_power.te +++ b/sepolicy/vendor/init_power.te @@ -1,12 +1,12 @@ -type init_power, domain, vendor_executes_system_violators; +type init_power, domain; type init_power_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(init_power) set_prop(init_power, post_boot_prop) -allow init_power shell_exec:file rx_file_perms; -allow init_power toolbox_exec:file rx_file_perms; +allow init_power vendor_shell_exec:file rx_file_perms; +allow init_power vendor_toolbox_exec:file rx_file_perms; r_dir_file(init_power, sysfs_msm_subsys) diff --git a/sepolicy/vendor/init_radio.te b/sepolicy/vendor/init_radio.te index 47a6e551..34c31ea5 100644 --- a/sepolicy/vendor/init_radio.te +++ b/sepolicy/vendor/init_radio.te @@ -1,11 +1,11 @@ # /vendor/bin/init.radio.sh -type init_radio, domain, vendor_executes_system_violators; +type init_radio, domain; type init_radio_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(init_radio) -allow init_radio shell_exec:file r_file_perms; -allow init_radio toolbox_exec:file rx_file_perms; +allow init_radio vendor_shell_exec:file rx_file_perms; +allow init_radio vendor_toolbox_exec:file rx_file_perms; allow init_radio radio_data_file:dir create_dir_perms; allow init_radio radio_data_file:file create_file_perms;