1. seandroid
  2. Untitled project
  3. device/lge/mako

Commits

Robert Craig  committed 56a5e22

Apply SELinux labels to the persist filesystem.

Presently, the persist filesystem remains
unlabeled when mounted. This patch defines
types and file_context entries to label the
persist filesystem, and applies a recursive
restorecon to /persist.

Depends on Ia7fbcc82645baf52c6bff0490d3492f458881cbb.

Change-Id: I48eaa2b9901ac8c978192c14493ba1058a089423
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

  • Participants
  • Parent commits 20b86b0
  • Branches master

Comments (0)

Files changed (3)

File init.mako.rc

View file
  • Ignore whitespace
 
 on fs
     mount_all ./fstab.mako
+    restorecon_recursive /persist
     setprop ro.crypto.fuse_sdcard true
     write /sys/kernel/boot_adsp/boot 1
 

File sepolicy/file.te

View file
  • Ignore whitespace
 
 # Default type for anything under /firmware
 type radio_efs_file, fs_type;
+
+# Persist firmware types
+type persist_file, file_type;
+type persist_bluetooth_file, file_type;
+type persist_drm_file, file_type;
+type persist_sensors_file, file_type;
+type persist_wifi_file, file_type;

File sepolicy/file_contexts

View file
  • Ignore whitespace
 /system/bin/mm-qcamera-daemon      u:object_r:camera_exec:s0
 /system/bin/qseecomd               u:object_r:tee_exec:s0
 /system/bin/conn_init              u:object_r:conn_init_exec:s0
+
+# Persist firmware filesystem
+/persist(/.*)?                   u:object_r:persist_file:s0
+/persist/bluetooth(/.*)?         u:object_r:persist_bluetooth_file:s0
+/persist/sensors(/.*)?           u:object_r:persist_sensors_file:s0
+/persist/playready(/.*)?         u:object_r:persist_drm_file:s0
+/persist/widevine(/.*)?          u:object_r:persist_drm_file:s0
+/persist/wifi(/.*)?              u:object_r:persist_wifi_file:s0