make init_gsi its own domain
..so that we are no longer violating Treble SELinux checks
This commit is contained in:
parent
f4a2675011
commit
3e3c06374d
|
@ -8,4 +8,3 @@ TARGET_SYSTEM_PROP := $(DEVICE_PATH)/system.prop
|
|||
|
||||
# Sepolicy
|
||||
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/private
|
||||
SELINUX_IGNORE_NEVERALLOWS := true
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
on post-fs
|
||||
exec u:r:init:s0 -- /system_ext/bin/init_gsi
|
||||
exec -- /system_ext/bin/init_gsi
|
||||
|
|
1
sepolicy/private/file_contexts
Normal file
1
sepolicy/private/file_contexts
Normal file
|
@ -0,0 +1 @@
|
|||
/system/system_ext/bin/init_gsi u:object_r:init_gsi_exec:s0
|
|
@ -1 +0,0 @@
|
|||
allow init system_file:file execute_no_trans;
|
7
sepolicy/private/init_gsi.te
Normal file
7
sepolicy/private/init_gsi.te
Normal file
|
@ -0,0 +1,7 @@
|
|||
type init_gsi, domain, coredomain;
|
||||
type init_gsi_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(init_gsi);
|
||||
|
||||
# TODO: Address denials and remove this
|
||||
permissive init_gsi;
|
Loading…
Reference in a new issue