From c54dcd6f01e32af4048bb41fc7751681eb425a8d Mon Sep 17 00:00:00 2001 From: Erfan Abdi <erfangplus@gmail.com> Date: Fri, 29 Jun 2018 14:05:10 +0430 Subject: [PATCH] evert: SE Policy Bringup for 8.1.0 [2/2] Signed-off-by: Erfan Abdi <erfangplus@gmail.com> --- BoardConfig.mk | 2 +- rootdir/etc/fstab.qcom | 9 +++------ sepolicy/file_contexts | 9 +++++++++ 3 files changed, 13 insertions(+), 7 deletions(-) create mode 100644 sepolicy/file_contexts diff --git a/BoardConfig.mk b/BoardConfig.mk index 9e8abe8..fb034ff 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -36,7 +36,7 @@ BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4 TARGET_COPY_OUT_VENDOR := vendor # SELinux -#BOARD_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy +BOARD_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy # Treble BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true diff --git a/rootdir/etc/fstab.qcom b/rootdir/etc/fstab.qcom index c8a9836..2841bc0 100644 --- a/rootdir/etc/fstab.qcom +++ b/rootdir/etc/fstab.qcom @@ -11,13 +11,10 @@ /devices/soc/c084000.sdhci/mmc_host* auto auto defaults wait,voldmanaged=sdcard1:auto /dev/block/zram0 none swap defaults zramsize=1073741824 /dev/block/bootdevice/by-name/misc /misc emmc defaults defaults -#/dev/block/bootdevice/by-name/modem /firmware ext4 ro,nosuid,nodev,context=u:object_r:firmware_file:s0 wait,slotselect -#/dev/block/bootdevice/by-name/bluetooth /bt_firmware ext4 ro,nosuid,nodev,context=u:object_r:bt_firmware_file:s0 wait,slotselect -/dev/block/bootdevice/by-name/modem /firmware ext4 ro,nosuid,nodev wait,slotselect -/dev/block/bootdevice/by-name/bluetooth /bt_firmware ext4 ro,nosuid,nodev wait,slotselect +/dev/block/bootdevice/by-name/modem /firmware ext4 ro,nosuid,nodev,context=u:object_r:firmware_file:s0 wait,slotselect +/dev/block/bootdevice/by-name/bluetooth /bt_firmware ext4 ro,nosuid,nodev,context=u:object_r:bt_firmware_file:s0 wait,slotselect /dev/block/bootdevice/by-name/dsp /dsp ext4 ro,nosuid,nodev,barrier=1 wait,slotselect /dev/block/bootdevice/by-name/persist /persist ext4 nosuid,nodev,noatime,barrier=1 wait -#/dev/block/bootdevice/by-name/fsg /vendor/fsg ext4 ro,nosuid,nodev,context=u:object_r:fsg_file:s0 wait,slotselect -/dev/block/bootdevice/by-name/fsg /vendor/fsg ext4 ro,nosuid,nodev wait,slotselect +/dev/block/bootdevice/by-name/fsg /vendor/fsg ext4 ro,nosuid,nodev,context=u:object_r:fsg_firmware_file:s0 wait,slotselect #/dev/block/bootdevice/by-name/oem /oem ext4 ro,nosuid,nodev,context=u:object_r:oemfs:s0 wait,verify,slotselect /devices/*/xhci-hcd.*.auto/usb* auto auto defaults voldmanaged=usb:auto diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts new file mode 100644 index 0000000..82f9d0a --- /dev/null +++ b/sepolicy/file_contexts @@ -0,0 +1,9 @@ +/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p([3-9]|[1-5][0-9]|6[0-7]) u:object_r:gpt_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p2[12] u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p2[34] u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p3[67] u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p5[67] u:object_r:ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p6[34] u:object_r:system_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p4[67] u:object_r:ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p1 u:object_r:xbl_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/mmcblk0p2 u:object_r:xbl_block_device:s0 -- GitLab