make init_gsi its own domain
..so that we are no longer violating Treble SELinux checks
This commit is contained in:
parent
f4a2675011
commit
3e3c06374d
|
@ -8,4 +8,3 @@ TARGET_SYSTEM_PROP := $(DEVICE_PATH)/system.prop
|
||||||
|
|
||||||
# Sepolicy
|
# Sepolicy
|
||||||
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/private
|
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/private
|
||||||
SELINUX_IGNORE_NEVERALLOWS := true
|
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
on post-fs
|
on post-fs
|
||||||
exec u:r:init:s0 -- /system_ext/bin/init_gsi
|
exec -- /system_ext/bin/init_gsi
|
||||||
|
|
1
sepolicy/private/file_contexts
Normal file
1
sepolicy/private/file_contexts
Normal file
|
@ -0,0 +1 @@
|
||||||
|
/system/system_ext/bin/init_gsi u:object_r:init_gsi_exec:s0
|
|
@ -1 +0,0 @@
|
||||||
allow init system_file:file execute_no_trans;
|
|
7
sepolicy/private/init_gsi.te
Normal file
7
sepolicy/private/init_gsi.te
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
type init_gsi, domain, coredomain;
|
||||||
|
type init_gsi_exec, system_file_type, exec_type, file_type;
|
||||||
|
|
||||||
|
init_daemon_domain(init_gsi);
|
||||||
|
|
||||||
|
# TODO: Address denials and remove this
|
||||||
|
permissive init_gsi;
|
Loading…
Reference in a new issue