5 files changed, 61 insertions, 2 deletions

diff --git a/rootdir/init.camera.rc b/rootdir/init.camera.rc
index 07fbc14..b27f675 100644
--- a/rootdir/init.camera.rc
+++ b/rootdir/init.camera.rc
@@ -72,8 +72,6 @@ on post-fs-data
 
     mkdir /data/media 0770 media_rw media_rw
 
-    mkdir /data/credmgr 0770 system credmgr_client
-
     # SONY: Create dir for Widevine keybox
     mkdir /data/persist/wv 0700 system system
 
@@ -98,6 +96,9 @@ on post-fs-data
 
     # SONY: Import MiscTA to System properties
     exec -- /system/bin/taimport property
+
+    #Wait /data to init credmgrd
+    start initcredmgr
  
 service taimport /system/bin/taimport
     class late_start
@@ -110,12 +111,25 @@ service iddd /system/bin/iddd
     user idd
     group idd log inet
 
+# This script init /cache/CredentialManagerData if /data/credmgr doesn't meet our requirements
+service initcredmgr /system/bin/credmgrfirstboot.sh
+    class main
+    user system
+    group credmgr_client
+    oneshot
+
+# When credmgrfirstboot is ready it set sys.credmgrdready=true.
+# Start credmgrd after that
+on property:sys.credmgrdready=true
+start credmgrd
+
 # Start Credential manager daemon
 service credmgrd /system/bin/credmgrd
     user system
     group credmgr_client
     socket credmgr stream 0660 system credmgr_client
     class main
+    disabled
 
 #doesn't exist on shinano. Keept for compat purpose
 # Start Security Daemon
diff --git a/rootdir/system/bin/credmgrfirstboot.sh b/rootdir/system/bin/credmgrfirstboot.sh
new file mode 100755
index 0000000..9d9c837
--- /dev/null
+++ b/rootdir/system/bin/credmgrfirstboot.sh
@@ -0,0 +1,27 @@
+#!/system/bin/sh
+CREDFOLDER=/data/credmgr
+
+# If credmgrd data doesn't match our
+
+if [ $(find $CREDFOLDER -group credmgr_client -type f -name "credmgr.db" | wc -l ) -eq 0 ]; then
+	# If /data/credmgr exist remove it
+	/system/bin/logwrapper /system/bin/toybox echo "CREDINIT: Dont match"
+	if [ -d "$CREDFOLDER" ]; then
+		/system/bin/logwrapper /system/bin/toybox echo "CREDINIT: Drop old credmgrdata"
+		/system/bin/mv -vf $CREDFOLDER $CREDFOLDER.old
+	fi
+	# Put binary into /cache
+	/system/bin/logwrapper mkdir $CREDFOLDER
+	/system/bin/logwrapper chown system:credmgr_client $CREDFOLDER
+	/system/bin/logwrapper chcon u:object_r:credmgrd_data_file:s0 $CREDFOLDER
+	/system/bin/logwrapper /system/bin/toybox echo "CREDINIT: cp initial file"
+	/system/bin/logwrapper cp -v /system/vendor/CredentialManagerData /cache/CredentialManagerData
+fi
+
+if [ $? -eq 0 ]; then
+	# Tell init we are ready
+	/system/bin/setprop sys.credmgrdready true
+else
+	/system/bin/toybox echo "CREDINIT: Something goes wrong at credmgrd init!"
+fi
+
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
index d696393..9a26a89 100644
--- a/sepolicy/credmgrd.te
+++ b/sepolicy/credmgrd.te
@@ -63,4 +63,18 @@ allow credmgrd ion_device:chr_file { ioctl open read };
 #============= credmgrd ==============
 allow credmgrd cache_file:dir search;
 
+#============= credmgr init script ==============
+allow credmgrd cache_file:dir add_name;
+allow credmgrd cache_file:file { create getattr open read unlink write };
+allow credmgrd credmgrd_data_file:dir { getattr rename search };
+allow credmgrd devpts:chr_file { getattr ioctl open read write };
+allow credmgrd init:unix_stream_socket connectto;
+allow credmgrd property_socket:sock_file write;
+allow credmgrd shell_exec:file { getattr read };
+allow credmgrd system_data_file:dir { add_name remove_name write };
+allow credmgrd system_file:file execute_no_trans;
+allow credmgrd system_prop:property_service set;
+allow credmgrd toolbox_exec:file { execute execute_no_trans getattr open read };
+allow credmgrd credmgrd_data_file:dir { relabelto reparent rmdir };
+allow credmgrd system_data_file:dir { create relabelfrom setattr };
 
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index de91760..ef24289 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -37,6 +37,7 @@
 ###########
 #credmgrd
 /system/bin/credmgrd 					u:object_r:credmgrd_exec:s0
+/system/bin/credmgrfirstboot.sh			u:object_r:credmgrd_exec:s0
 /dev/socket/credmgr						u:object_r:credmgrd_socket:s0
 /data/credmgr(/.*)?						u:object_r:credmgrd_data_file:s0
 /cache/CredentialManagerData			u:object_r:credmgrd_data_file:s0
diff --git a/shinano.mk b/shinano.mk
index a6a5612..07a40bb 100644
--- a/shinano.mk
+++ b/shinano.mk
@@ -55,6 +55,9 @@ PRODUCT_PACKAGES += \
 	libshims_signal \
 	libshims_idd
 
+PRODUCT_COPY_FILES += \
+    $(COMMON_PATH)/rootdir/system/bin/credmgrfirstboot.sh:system/bin/credmgrfirstboot.sh
+
 # ANT+
 PRODUCT_PACKAGES += \
     AntHalService \