Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / e2423d149b6a5b9119965c097a2a75cb8d052763^! / .
commite2423d149b6a5b9119965c097a2a75cb8d052763[log] [tgz]
authorBowgo Tsai <bowgotsai@google.com>Mon Jul 31 18:38:28 2017 +0800
committerBowgo Tsai <bowgotsai@google.com>Wed Aug 16 10:03:51 2017 +0800
treeb022f55722be7ad3ce2b09755df7db6354c3b75d
parent78b3d573dac215d09dffac001e4223a30fef8e25 [diff]
Moving adbd from rootdir to system/bin

Bug: 63910933
Test: boot sailfish in normal mode, checks adbd is started
Test: boot sailfish in recovery mode, checks adbd is started
Test: boot bullhead in normal mode, checks adbd is started
Test: boot bullhead in recovery mode, checks adbd is started

Change-Id: I35ed78a15a34626fbd3c21d030e2bf51033f7b79

diff --git a/private/adbd.te b/private/adbd.te
index 2008364..d28b836 100644
--- a/private/adbd.te
+++ b/private/adbd.te

@@ -3,6 +3,8 @@
 typeattribute adbd coredomain;
 typeattribute adbd mlstrustedsubject;
 
+init_daemon_domain(adbd)
+
 domain_auto_trans(adbd, shell_exec, shell)
 
 userdebug_or_eng(`

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 6b37df7..a04e026 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -3,7 +3,8 @@
 ;;   previous ones.  Add here to pass checkapi tests.
 (typeattribute new_objects)
 (typeattributeset new_objects
-  ( broadcastradio_service
+  ( adbd_exec
+    broadcastradio_service
     e2fs
     e2fs_exec
     hal_cas_hwservice
@@ -29,5 +30,6 @@
 ;;     Thus, these types are also not mapped, but recorded for checkapi tests
 (typeattribute priv_objects)
 (typeattributeset priv_objects
-     ( screencap
+     ( adbd_tmpfs
+       screencap
        screencap_exec ))

diff --git a/private/file_contexts b/private/file_contexts
index eb31faf..49d954b 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -273,6 +273,7 @@
 /system/etc/selinux/plat_sepolicy.cil       u:object_r:sepolicy_file:s0
 /system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
 /system/bin/vr_hwc               u:object_r:vr_hwc_exec:s0
+/system/bin/adbd                 u:object_r:adbd_exec:s0
 
 #############################
 # Vendor files

diff --git a/private/init.te b/private/init.te
index 558ba96..5c23f66 100644
--- a/private/init.te
+++ b/private/init.te

@@ -3,12 +3,12 @@
 tmpfs_domain(init)
 
 # Transitions to seclabel processes in init.rc
-domain_trans(init, rootfs, adbd)
 domain_trans(init, rootfs, charger)
 domain_trans(init, rootfs, healthd)
 domain_trans(init, rootfs, slideshow)
 domain_auto_trans(init, e2fs_exec, e2fs)
 recovery_only(`
+  domain_trans(init, rootfs, adbd)
   domain_trans(init, rootfs, recovery)
 ')
 domain_trans(init, shell_exec, shell)

diff --git a/public/adbd.te b/public/adbd.te
index 7ecd045..95854c0 100644
--- a/public/adbd.te
+++ b/public/adbd.te

@@ -1,3 +1,4 @@
 # adbd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
 type adbd, domain;
+type adbd_exec, exec_type, file_type;