refresh system/core and system/sepolicy patches for Sv2

This commit is contained in:
Peter Cai 2022-04-28 18:28:32 -04:00
parent 8c4bc15e8f
commit 22526128c0
4 changed files with 67 additions and 16 deletions

View File

@ -1,7 +1,7 @@
From 2a6fd2529fa57658fb503f43ffd11bcddd22aacb Mon Sep 17 00:00:00 2001 From 6e17845221ec781e003432b96c1d08dc582859f3 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me> From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 7 Oct 2021 15:48:11 -0400 Date: Thu, 7 Oct 2021 15:48:11 -0400
Subject: [PATCH 1/2] Stop overriding system properties from vendor Subject: [PATCH 1/3] Stop overriding system properties from vendor
This is annoying to disable apexes, or force adb This is annoying to disable apexes, or force adb
@ -11,7 +11,7 @@ Change-Id: Ifd0072c631349b23945df4ab401ba26eca07131f
1 file changed, 1 deletion(-) 1 file changed, 1 deletion(-)
diff --git a/init/property_service.cpp b/init/property_service.cpp diff --git a/init/property_service.cpp b/init/property_service.cpp
index 4805a7b9f..a2b424386 100644 index 6711e7d66..6bf0e81bd 100644
--- a/init/property_service.cpp --- a/init/property_service.cpp
+++ b/init/property_service.cpp +++ b/init/property_service.cpp
@@ -725,7 +725,6 @@ static void LoadProperties(char* data, const char* filter, const char* filename, @@ -725,7 +725,6 @@ static void LoadProperties(char* data, const char* filter, const char* filename,
@ -23,5 +23,5 @@ index 4805a7b9f..a2b424386 100644
} else { } else {
LOG(ERROR) << "Do not have permissions to set '" << key << "' to '" << value LOG(ERROR) << "Do not have permissions to set '" << key << "' to '" << value
-- --
2.33.1 2.36.0

View File

@ -1,7 +1,7 @@
From 3dc5868ed984b0ec01e5d3d96ad7a6e6af31f585 Mon Sep 17 00:00:00 2001 From 40f60ce5f786f8121aebcb8e1521d2edb5bb7f43 Mon Sep 17 00:00:00 2001
From: Isaac Chen <tingyi364@gmail.com> From: Isaac Chen <tingyi364@gmail.com>
Date: Wed, 23 Jun 2021 13:07:30 +0800 Date: Wed, 23 Jun 2021 13:07:30 +0800
Subject: [PATCH 2/2] init: Do not start console service when debuggable Subject: [PATCH 2/3] init: Do not start console service when debuggable
Google added a check for this in R, when it's running it will show a Google added a check for this in R, when it's running it will show a
notification about that performance is impacted. notification about that performance is impacted.
@ -13,10 +13,10 @@ Change-Id: I34cfd6b42d3b9aee4b3e63181480cfb8b1255f29
1 file changed, 3 deletions(-) 1 file changed, 3 deletions(-)
diff --git a/rootdir/init.rc b/rootdir/init.rc diff --git a/rootdir/init.rc b/rootdir/init.rc
index d38eb5d4a..1680aebcc 100644 index c59cbf0cc..d262be761 100644
--- a/rootdir/init.rc --- a/rootdir/init.rc
+++ b/rootdir/init.rc +++ b/rootdir/init.rc
@@ -1217,9 +1217,6 @@ on property:ro.debuggable=1 @@ -1235,9 +1235,6 @@ on property:ro.debuggable=1
# Give reads to anyone for the accessibility trace folder on debug builds. # Give reads to anyone for the accessibility trace folder on debug builds.
chmod 0775 /data/misc/a11ytrace chmod 0775 /data/misc/a11ytrace
@ -27,5 +27,5 @@ index d38eb5d4a..1680aebcc 100644
# TODO(b/135984674): reset all necessary properties here. # TODO(b/135984674): reset all necessary properties here.
setprop sys.boot_completed "" setprop sys.boot_completed ""
-- --
2.33.1 2.36.0

View File

@ -0,0 +1,38 @@
From 74faf05b941682bd1930b92ae879c8baba09d6ac Mon Sep 17 00:00:00 2001
From: Leo Yan <leo.yan@linaro.org>
Date: Fri, 4 Jun 2021 15:19:33 +0100
Subject: [PATCH 3/3] remount: Fix failure for system-as-root
Since commit 5ad7b3cbc5c1 ("Try to remount mounted points only"), the
system-as-root cannot be remounted successfully when execute command
"adb remount". This is because the mount point "/system" cannot be
found and directly bails out with failure.
Add an extra checking for the mount point "/system" for the
system-as-root case, takes it as a found entry; thus the function can
continue to run and fix up to remount root.
Suggested-by: David Anderson <dvander@google.com>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Change-Id: Ia936c9d97bed951184813a087c70fe591cb33fe0
---
fs_mgr/fs_mgr_remount.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp
index e685070a8..5411acacf 100644
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@@ -420,7 +420,8 @@ static int do_remount(int argc, char* argv[]) {
break;
}
// Find overlayfs mount point?
- if ((mount_point == "/") && (rentry.mount_point == "/system")) {
+ if ((mount_point == "/" && rentry.mount_point == "/system") ||
+ (mount_point == "/system" && rentry.mount_point == "/")) {
blk_device = rentry.blk_device;
mount_point = "/system";
found = true;
--
2.36.0

View File

@ -1,4 +1,4 @@
From d64b74058176dedbe0c7f209956ecb1a9377f079 Mon Sep 17 00:00:00 2001 From 2586397a0d9f1d7ade0e9919821a6a194f011475 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net> From: Peter Cai <peter@typeblog.net>
Date: Wed, 20 Oct 2021 16:01:00 -0400 Date: Wed, 20 Oct 2021 16:01:00 -0400
Subject: [PATCH] Protect real SPL property Subject: [PATCH] Protect real SPL property
@ -6,14 +6,27 @@ Subject: [PATCH] Protect real SPL property
Label it with the same SELinux context as the original SPL property. Label it with the same SELinux context as the original SPL property.
--- ---
prebuilts/api/31.0/private/property_contexts | 1 + prebuilts/api/31.0/private/property_contexts | 1 +
prebuilts/api/32.0/private/property_contexts | 1 +
private/property_contexts | 1 + private/property_contexts | 1 +
2 files changed, 2 insertions(+) 3 files changed, 3 insertions(+)
diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts
index 8ac1e7005..b8be6dbf2 100644 index 192e55e56..f7aba0c96 100644
--- a/prebuilts/api/31.0/private/property_contexts --- a/prebuilts/api/31.0/private/property_contexts
+++ b/prebuilts/api/31.0/private/property_contexts +++ b/prebuilts/api/31.0/private/property_contexts
@@ -710,6 +710,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string @@ -711,6 +711,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string
ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string
ro.build.version.sdk u:object_r:build_prop:s0 exact int
ro.build.version.security_patch u:object_r:build_prop:s0 exact string
+ro.build.version.real_security_patch u:object_r:build_prop:s0 exact string
ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool
diff --git a/prebuilts/api/32.0/private/property_contexts b/prebuilts/api/32.0/private/property_contexts
index 1c7151837..709328436 100644
--- a/prebuilts/api/32.0/private/property_contexts
+++ b/prebuilts/api/32.0/private/property_contexts
@@ -716,6 +716,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string
ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string
ro.build.version.sdk u:object_r:build_prop:s0 exact int ro.build.version.sdk u:object_r:build_prop:s0 exact int
ro.build.version.security_patch u:object_r:build_prop:s0 exact string ro.build.version.security_patch u:object_r:build_prop:s0 exact string
@ -22,10 +35,10 @@ index 8ac1e7005..b8be6dbf2 100644
ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool
diff --git a/private/property_contexts b/private/property_contexts diff --git a/private/property_contexts b/private/property_contexts
index 8ac1e7005..b8be6dbf2 100644 index 1c7151837..709328436 100644
--- a/private/property_contexts --- a/private/property_contexts
+++ b/private/property_contexts +++ b/private/property_contexts
@@ -710,6 +710,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string @@ -716,6 +716,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string
ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string
ro.build.version.sdk u:object_r:build_prop:s0 exact int ro.build.version.sdk u:object_r:build_prop:s0 exact int
ro.build.version.security_patch u:object_r:build_prop:s0 exact string ro.build.version.security_patch u:object_r:build_prop:s0 exact string
@ -34,5 +47,5 @@ index 8ac1e7005..b8be6dbf2 100644
ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool
-- --
2.33.1 2.36.0