Add su option

This commit is contained in:
Pierre-Hugues Husson 2017-12-19 13:08:26 +01:00
parent fd24ea3347
commit 40ae10433e
6 changed files with 92 additions and 20 deletions

View File

@ -5,28 +5,36 @@ echo 'PRODUCT_MAKEFILES := \' > AndroidProducts.mk
for part in a ab;do for part in a ab;do
for apps in vanilla gapps foss;do for apps in vanilla gapps foss;do
for arch in arm64;do for arch in arm64;do
apps_suffix="" for su in yes no;do
apps_script="" apps_suffix=""
apps_name="" apps_script=""
if [ "$apps" == "gapps" ];then apps_name=""
apps_suffix="g" extra_packages=""
apps_script='$(call inherit-product, device/phh/treble/gapps.mk)' if [ "$apps" == "gapps" ];then
apps_name="with GApps" apps_suffix="g"
fi apps_script='$(call inherit-product, device/phh/treble/gapps.mk)'
if [ "$apps" == "foss" ];then apps_name="with GApps"
apps_suffix="f" fi
apps_script='$(call inherit-product, vendor/foss/foss.mk)' if [ "$apps" == "foss" ];then
apps_name="with FOSS apps" apps_suffix="f"
fi apps_script='$(call inherit-product, vendor/foss/foss.mk)'
if [ "$apps" == "vanilla" ];then apps_name="with FOSS apps"
apps_suffix="v" fi
apps_script='' if [ "$apps" == "vanilla" ];then
apps_name="vanilla" apps_suffix="v"
fi apps_script=''
apps_name="vanilla"
fi
target="treble_${arch}_${part}${apps_suffix}" su_suffix='N'
if [ "$su" == "yes" ];then
su_suffix='S'
extra_packages+=' phh-su'
fi
cat > ${target}.mk << EOF target="treble_${arch}_${part}${apps_suffix}${su_suffix}"
cat > ${target}.mk << EOF
include build/make/target/product/treble_common.mk include build/make/target/product/treble_common.mk
\$(call inherit-product, device/phh/treble/base.mk) \$(call inherit-product, device/phh/treble/base.mk)
$apps_script $apps_script
@ -35,8 +43,11 @@ PRODUCT_NAME := $target
PRODUCT_DEVICE := generic_arm64_$part PRODUCT_DEVICE := generic_arm64_$part
PRODUCT_BRAND := Android PRODUCT_BRAND := Android
PRODUCT_MODEL := Phh-Treble $apps_name PRODUCT_MODEL := Phh-Treble $apps_name
PRODUCT_PACKAGES += $extra_packages
EOF EOF
echo -e '\t$(LOCAL_DIR)/'$target.mk '\' >> AndroidProducts.mk echo -e '\t$(LOCAL_DIR)/'$target.mk '\' >> AndroidProducts.mk
done
done done
done done
done done

1
sepolicy/file_contexts Normal file
View File

@ -0,0 +1 @@
/system/bin/phh-su u:object_r:phhsu_exec:s0

47
sepolicy/su.te Normal file
View File

@ -0,0 +1,47 @@
type phhsu_daemon, domain;
type phhsu_exec, exec_type, file_type;
typeattribute phhsu_daemon coredomain;
permissive phhsu_daemon;
tmpfs_domain(phhsu_daemon);
domain_auto_trans(init, phhsu_exec, phhsu_daemon);
file_type_auto_trans(phhsu_daemon, device, phhsu_daemon);
allow { appdomain shell } phhsu_daemon:unix_stream_socket { connectto write read };
allow { appdomain shell } phhsu_daemon:sock_file { write read };
allow { appdomain shell } phhsu_exec:file { getattr read open execute execute_no_trans };
create_pty(shell)
allowxperm shell devpts:chr_file ioctl TCSETSF;
allowxperm untrusted_app untrusted_app_devpts:chr_file ioctl TCSETSF;
allow servicemanager phhsu_daemon:dir { search read };
allow servicemanager phhsu_daemon:file { open read };
allow servicemanager phhsu_daemon:process { getattr };
allow servicemanager phhsu_daemon:binder { call transfer };
typeattribute phhsu_daemon mlstrustedobject;
typeattribute phhsu_daemon mlstrustedsubject;
allow shell su_exec:file getattr;
typeattribute su mlstrustedsubject;
allow phhsu_daemon { system_api_service app_api_service system_server_service }:service_manager find;
allow system_server phhsu_daemon:fd use;
allow system_server phhsu_daemon:binder { call };
# Add su to various domains
net_domain(su)
# grant su access to vndbinder
vndbinder_use(su)
allow phhsu_daemon toolbox_exec:file { read open execute_no_trans };
allow phhsu_daemon untrusted_app_devpts:chr_file { getattr };
allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr };
allow phhsu_daemon phhsu_daemon:capability { setuid setgid dac_override chown};
allow appdomain phhsu_daemon:dir { search };

11
su/Android.mk Normal file
View File

@ -0,0 +1,11 @@
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := su
LOCAL_MODULE := phh-su
LOCAL_MODULE_CLASS := EXECUTABLES
LOCAL_INIT_RC := su.rc
include $(BUILD_PREBUILT)

BIN
su/su Executable file

Binary file not shown.

2
su/su.rc Normal file
View File

@ -0,0 +1,2 @@
service sudaemon /system/bin/phh-su --daemon
class main