From 089dcc7bc0ad171764185568a88dd7e139202630 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Tue, 1 Feb 2022 19:22:27 -0500 Subject: [PATCH] WIP continue on ota --- ota/phh-ota.cpp | 5 +++-- sepolicy/phh.te | 12 ++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/ota/phh-ota.cpp b/ota/phh-ota.cpp index c799c48..d0cc16e 100644 --- a/ota/phh-ota.cpp +++ b/ota/phh-ota.cpp @@ -75,10 +75,11 @@ int main(int argc, char **argv) { } unlink("/dev/phh-ota"); - mknod("/dev/phh-ota", 0644, S_IFBLK | makedev(major(sb.st_rdev), minor(sb.st_rdev))); + mknod("/dev/phh-ota", 0664 | S_IFBLK, makedev(major(sb.st_rdev), minor(sb.st_rdev))); + chmod("/dev/phh-ota", 0664); // Allow system uid to write there chown("/dev/phh-ota", 0, 1000); - const char *dstContext = "u:r:phhota_dev:s0"; + const char *dstContext = "u:object_r:phhota_dev:s0"; setxattr("/dev/phh-ota", "security.selinux", dstContext, strlen(dstContext), 0); return 0; diff --git a/sepolicy/phh.te b/sepolicy/phh.te index 24631f9..7fcf9fc 100644 --- a/sepolicy/phh.te +++ b/sepolicy/phh.te @@ -3,3 +3,15 @@ typeattribute phhota_dev mlstrustedobject; allow phhsu_daemon phhota_dev:blk_file rw_file_perms; allow system_app phhota_dev:blk_file rw_file_perms; +allow kernel phhsu_daemon:fd use; + +allow phhsu_daemon gsi_data_file:file ioctl; +allowxperm phhsu_daemon gsi_data_file:file ioctl { 0x660b }; + +allow phhsu_daemon loop_device:blk_file ioctl; +allowxperm phhsu_daemon loop_device:blk_file ioctl { 0x4c00 }; + +allow phhsu_daemon userdata_block_device:blk_file ioctl; +allowxperm phhsu_daemon userdata_block_device:blk_file ioctl { 0x1278 }; + +allow kernel gsi_data_file:file rw_file_perms;