Turn init-persist-sensors into vendor service

Including carefully crafted sepolicy as a result of hours upon hours of sweat and tears while fighting with neverallows. No neverallows were hurt during this process. Change-Id: I918e0091bb8526006012e304208c2b064c01afd7 Signed-off-by: Noah <noah.anleitner@halogenos.org>
2023-11-02 01:51:52 +01:00 · 2023-11-02 01:51:52 +01:00 · 44c4a21000
parent 60fff2053b
commit 44c4a21000
6 changed files with 35 additions and 11 deletions
--- a/common.mk
+++ b/common.mk
@ -318,7 +318,9 @@ PRODUCT_PACKAGES += \
    als_correction_service.oneplus_msmnile \
    android.hardware.sensors@2.0-service.oneplus_msmnile \
    sensors.oneplus \
-    libsensorndkbridge
+    libsensorndkbridge \
+    init.persist.sensors.rc \
+    init.persist.sensors.sh

 PRODUCT_SYSTEM_EXT_PROPERTIES += \
    persist.vendor.naruto.light.support=true \
--- a/init/Android.bp
+++ b/init/Android.bp
@ -26,10 +26,16 @@ sh_binary {
    vendor: true,
 }

+prebuilt_etc {
+    name: "init.persist.sensors.rc",
+    src: "etc/init.persist.sensors.rc",
+    vendor: true,
+}
+
 sh_binary {
    name: "init.persist.sensors.sh",
    src: "etc/init.persist.sensors.sh",
-    device_specific: true,
+    vendor: true,
 }

 sh_binary {
--- a/init/etc/init.persist.sensors.rc
+++ b/init/etc/init.persist.sensors.rc
@ -0,0 +1,8 @@
+on post-fs
+    exec_start init-persist-sensors
+
+service init-persist-sensors /vendor/bin/init.persist.sensors.sh
+    class core
+    user root
+    group root
+    oneshot
--- a/init/etc/init.target.rc
+++ b/init/etc/init.target.rc
@ -54,9 +54,6 @@ on fs
    chmod 0771 /mnt/vendor/persist
    restorecon_recursive /mnt/vendor/persist
    mkdir /mnt/vendor/persist/data 0700 system system
-
-    exec_start init-persist-sensors
-
    #liuhaituo@MM.Audio, 2019/6/25, chmod to support audio_hal and sensor hal
    chmod 0666 /dev/audio_ultrasound
    chmod 0666 /dev/sensor_ultrasound
@ -241,12 +238,6 @@ service vendor.mdm_launcher /vendor/bin/sh /vendor/bin/init.mdm.sh
    class main
    oneshot

-service init-persist-sensors /odm/bin/init.persist.sensors.sh
-    class late_start
-    user root
-    group root
-    oneshot
-
 on property:vold.decrypt=trigger_restart_framework
    start cnss_diag

--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@ -90,3 +90,7 @@
 /sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d300/leds/led:switch_[0-9]/brightness u:object_r:sysfs_oem:s0
 /sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,flash_led@ee00/leds/led:torch_[0-9]/brightness u:object_r:sysfs_oem:s0
 /sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,flash_led@ee00/leds/led:switch_[0-9]/brightness u:object_r:sysfs_oem:s0
+
+# Sensors
+/vendor/bin/init\.persist\.sensors\.sh	u:object_r:init_persist_sensors_exec:s0
+/mnt/vendor/persist/sensors/sensors_list\.txt	u:object_r:vendor_persist_sensors_list:s0
--- a/sepolicy/vendor/init_persist_sensors.te
+++ b/sepolicy/vendor/init_persist_sensors.te
@ -0,0 +1,13 @@
+type vendor_persist_sensors_list, data_file_type, file_type;
+type init_persist_sensors_exec, vendor_file_type, exec_type, file_type;
+
+type init_persist_sensors, domain;
+init_daemon_domain(init_persist_sensors);
+
+allow init_persist_sensors vendor_persist_sensors_list:file { getattr open read write lock };
+allow init_persist_sensors vendor_persist_sensors_file:dir search;
+allow init_persist_sensors mnt_vendor_file:dir search;
+allow init_persist_sensors vendor_shell_exec:file { execute open map read getattr };
+allow init_persist_sensors vendor_toolbox_exec:file { execute getattr };
+allow init_persist_sensors proc:file { getattr };
+