Add su option
This commit is contained in:
parent
fd24ea3347
commit
40ae10433e
13
generate.sh
13
generate.sh
@ -5,9 +5,11 @@ echo 'PRODUCT_MAKEFILES := \' > AndroidProducts.mk
|
||||
for part in a ab;do
|
||||
for apps in vanilla gapps foss;do
|
||||
for arch in arm64;do
|
||||
for su in yes no;do
|
||||
apps_suffix=""
|
||||
apps_script=""
|
||||
apps_name=""
|
||||
extra_packages=""
|
||||
if [ "$apps" == "gapps" ];then
|
||||
apps_suffix="g"
|
||||
apps_script='$(call inherit-product, device/phh/treble/gapps.mk)'
|
||||
@ -24,7 +26,13 @@ for part in a ab;do
|
||||
apps_name="vanilla"
|
||||
fi
|
||||
|
||||
target="treble_${arch}_${part}${apps_suffix}"
|
||||
su_suffix='N'
|
||||
if [ "$su" == "yes" ];then
|
||||
su_suffix='S'
|
||||
extra_packages+=' phh-su'
|
||||
fi
|
||||
|
||||
target="treble_${arch}_${part}${apps_suffix}${su_suffix}"
|
||||
|
||||
cat > ${target}.mk << EOF
|
||||
include build/make/target/product/treble_common.mk
|
||||
@ -35,9 +43,12 @@ PRODUCT_NAME := $target
|
||||
PRODUCT_DEVICE := generic_arm64_$part
|
||||
PRODUCT_BRAND := Android
|
||||
PRODUCT_MODEL := Phh-Treble $apps_name
|
||||
|
||||
PRODUCT_PACKAGES += $extra_packages
|
||||
EOF
|
||||
echo -e '\t$(LOCAL_DIR)/'$target.mk '\' >> AndroidProducts.mk
|
||||
done
|
||||
done
|
||||
done
|
||||
done
|
||||
echo >> AndroidProducts.mk
|
||||
|
1
sepolicy/file_contexts
Normal file
1
sepolicy/file_contexts
Normal file
@ -0,0 +1 @@
|
||||
/system/bin/phh-su u:object_r:phhsu_exec:s0
|
47
sepolicy/su.te
Normal file
47
sepolicy/su.te
Normal file
@ -0,0 +1,47 @@
|
||||
type phhsu_daemon, domain;
|
||||
type phhsu_exec, exec_type, file_type;
|
||||
|
||||
typeattribute phhsu_daemon coredomain;
|
||||
permissive phhsu_daemon;
|
||||
|
||||
tmpfs_domain(phhsu_daemon);
|
||||
domain_auto_trans(init, phhsu_exec, phhsu_daemon);
|
||||
file_type_auto_trans(phhsu_daemon, device, phhsu_daemon);
|
||||
|
||||
allow { appdomain shell } phhsu_daemon:unix_stream_socket { connectto write read };
|
||||
allow { appdomain shell } phhsu_daemon:sock_file { write read };
|
||||
allow { appdomain shell } phhsu_exec:file { getattr read open execute execute_no_trans };
|
||||
|
||||
create_pty(shell)
|
||||
allowxperm shell devpts:chr_file ioctl TCSETSF;
|
||||
allowxperm untrusted_app untrusted_app_devpts:chr_file ioctl TCSETSF;
|
||||
|
||||
allow servicemanager phhsu_daemon:dir { search read };
|
||||
allow servicemanager phhsu_daemon:file { open read };
|
||||
allow servicemanager phhsu_daemon:process { getattr };
|
||||
allow servicemanager phhsu_daemon:binder { call transfer };
|
||||
|
||||
typeattribute phhsu_daemon mlstrustedobject;
|
||||
typeattribute phhsu_daemon mlstrustedsubject;
|
||||
|
||||
allow shell su_exec:file getattr;
|
||||
typeattribute su mlstrustedsubject;
|
||||
|
||||
allow phhsu_daemon { system_api_service app_api_service system_server_service }:service_manager find;
|
||||
|
||||
allow system_server phhsu_daemon:fd use;
|
||||
allow system_server phhsu_daemon:binder { call };
|
||||
|
||||
# Add su to various domains
|
||||
net_domain(su)
|
||||
|
||||
# grant su access to vndbinder
|
||||
vndbinder_use(su)
|
||||
|
||||
allow phhsu_daemon toolbox_exec:file { read open execute_no_trans };
|
||||
allow phhsu_daemon untrusted_app_devpts:chr_file { getattr };
|
||||
allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr };
|
||||
|
||||
allow phhsu_daemon phhsu_daemon:capability { setuid setgid dac_override chown};
|
||||
|
||||
allow appdomain phhsu_daemon:dir { search };
|
11
su/Android.mk
Normal file
11
su/Android.mk
Normal file
@ -0,0 +1,11 @@
|
||||
LOCAL_PATH := $(call my-dir)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_SRC_FILES := su
|
||||
LOCAL_MODULE := phh-su
|
||||
LOCAL_MODULE_CLASS := EXECUTABLES
|
||||
|
||||
LOCAL_INIT_RC := su.rc
|
||||
|
||||
include $(BUILD_PREBUILT)
|
Loading…
Reference in New Issue
Block a user