Add microdroid_vendor
microdroid_vendor implements the vendor.img of microdroid. In theory,
microdroid doesn't need a vendor partition as it by definition isn't
specific to any SoC. However, init demands some files from the vendor
partition during the boot process. Until we find a way to make the
dependencies optional, let's have the vendor partition. Fortunately, it
is very small. It currently has a few number of sepolicy files only.
Bug: 180986662
Test: run microdroid following README.md
init enters into the second stage, sepolicy files are compiled, init
tries to start the servicemanager (which fails)
Change-Id: I82a66a00a8680ef1070ae7313d8e326f3ebc3112
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index d0c6675..ac6e055 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -92,6 +92,27 @@
installable: false, // avoid collision with system partition's init.rc
}
+android_filesystem {
+ name: "microdroid_vendor",
+ use_avb: true,
+ deps: [
+ "microdroid_plat_sepolicy_vers.txt",
+ "microdroid_vendor_sepolicy.cil",
+ "microdroid_plat_pub_versioned.cil",
+ ],
+ avb_private_key: "microdroid.pem",
+ avb_algorithm: "SHA256_RSA4096",
+ file_contexts: "microdroid_vendor_file_contexts",
+}
+
+prebuilt_etc {
+ name: "microdroid_plat_sepolicy_vers.txt",
+ src: "plat_sepolicy_vers.txt",
+ filename: "plat_sepolicy_vers.txt",
+ sub_dir: "selinux",
+ installable: false,
+}
+
logical_partition {
name: "microdroid_super",
sparse: true,
@@ -107,6 +128,10 @@
name: "system",
filesystem: ":microdroid",
},
+ {
+ name: "vendor",
+ filesystem: ":microdroid_vendor",
+ },
],
},
],
diff --git a/microdroid/fstab b/microdroid/fstab
index 494f5b4..129718e 100644
--- a/microdroid/fstab
+++ b/microdroid/fstab
@@ -1 +1,2 @@
system /system ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
+vendor /vendor ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
diff --git a/microdroid/microdroid_vendor_file_contexts b/microdroid/microdroid_vendor_file_contexts
new file mode 100644
index 0000000..7405f1a
--- /dev/null
+++ b/microdroid/microdroid_vendor_file_contexts
@@ -0,0 +1,36 @@
+# TODO(jiyong): clean this up
+#############################
+# Vendor files
+#
+(/.*)? u:object_r:vendor_file:s0
+/bin/sh u:object_r:vendor_shell_exec:s0
+/bin/toybox_vendor u:object_r:vendor_toolbox_exec:s0
+/bin/toolbox u:object_r:vendor_toolbox_exec:s0
+/etc(/.*)? u:object_r:vendor_configs_file:s0
+/etc/cgroups\.json u:object_r:vendor_cgroup_desc_file:s0
+/etc/task_profiles\.json u:object_r:vendor_task_profiles_file:s0
+
+/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0
+
+/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0
+
+/manifest\.xml u:object_r:vendor_configs_file:s0
+/compatibility_matrix\.xml u:object_r:vendor_configs_file:s0
+/etc/vintf(/.*)? u:object_r:vendor_configs_file:s0
+/app(/.*)? u:object_r:vendor_app_file:s0
+/priv-app(/.*)? u:object_r:vendor_app_file:s0
+/overlay(/.*)? u:object_r:vendor_overlay_file:s0
+/framework(/.*)? u:object_r:vendor_framework_file:s0
+
+/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
+/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
+/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0
+
+# HAL location
+/lib(64)?/hw u:object_r:vendor_hal_file:s0
+
+/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
+
+/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0
+
+/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
diff --git a/microdroid/plat_sepolicy_vers.txt b/microdroid/plat_sepolicy_vers.txt
new file mode 100644
index 0000000..36c9030
--- /dev/null
+++ b/microdroid/plat_sepolicy_vers.txt
@@ -0,0 +1 @@
+10000.0