summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--rootdir/init.camera.rc18
-rwxr-xr-xrootdir/system/bin/credmgrfirstboot.sh27
-rw-r--r--sepolicy/credmgrd.te14
-rw-r--r--sepolicy/file_contexts1
-rw-r--r--shinano.mk3
5 files changed, 61 insertions, 2 deletions
diff --git a/rootdir/init.camera.rc b/rootdir/init.camera.rc
index 07fbc14..b27f675 100644
--- a/rootdir/init.camera.rc
+++ b/rootdir/init.camera.rc
@@ -72,8 +72,6 @@ on post-fs-data
mkdir /data/media 0770 media_rw media_rw
- mkdir /data/credmgr 0770 system credmgr_client
-
# SONY: Create dir for Widevine keybox
mkdir /data/persist/wv 0700 system system
@@ -98,6 +96,9 @@ on post-fs-data
# SONY: Import MiscTA to System properties
exec -- /system/bin/taimport property
+
+ #Wait /data to init credmgrd
+ start initcredmgr
service taimport /system/bin/taimport
class late_start
@@ -110,12 +111,25 @@ service iddd /system/bin/iddd
user idd
group idd log inet
+# This script init /cache/CredentialManagerData if /data/credmgr doesn't meet our requirements
+service initcredmgr /system/bin/credmgrfirstboot.sh
+ class main
+ user system
+ group credmgr_client
+ oneshot
+
+# When credmgrfirstboot is ready it set sys.credmgrdready=true.
+# Start credmgrd after that
+on property:sys.credmgrdready=true
+start credmgrd
+
# Start Credential manager daemon
service credmgrd /system/bin/credmgrd
user system
group credmgr_client
socket credmgr stream 0660 system credmgr_client
class main
+ disabled
#doesn't exist on shinano. Keept for compat purpose
# Start Security Daemon
diff --git a/rootdir/system/bin/credmgrfirstboot.sh b/rootdir/system/bin/credmgrfirstboot.sh
new file mode 100755
index 0000000..9d9c837
--- /dev/null
+++ b/rootdir/system/bin/credmgrfirstboot.sh
@@ -0,0 +1,27 @@
+#!/system/bin/sh
+CREDFOLDER=/data/credmgr
+
+# If credmgrd data doesn't match our
+
+if [ $(find $CREDFOLDER -group credmgr_client -type f -name "credmgr.db" | wc -l ) -eq 0 ]; then
+ # If /data/credmgr exist remove it
+ /system/bin/logwrapper /system/bin/toybox echo "CREDINIT: Dont match"
+ if [ -d "$CREDFOLDER" ]; then
+ /system/bin/logwrapper /system/bin/toybox echo "CREDINIT: Drop old credmgrdata"
+ /system/bin/mv -vf $CREDFOLDER $CREDFOLDER.old
+ fi
+ # Put binary into /cache
+ /system/bin/logwrapper mkdir $CREDFOLDER
+ /system/bin/logwrapper chown system:credmgr_client $CREDFOLDER
+ /system/bin/logwrapper chcon u:object_r:credmgrd_data_file:s0 $CREDFOLDER
+ /system/bin/logwrapper /system/bin/toybox echo "CREDINIT: cp initial file"
+ /system/bin/logwrapper cp -v /system/vendor/CredentialManagerData /cache/CredentialManagerData
+fi
+
+if [ $? -eq 0 ]; then
+ # Tell init we are ready
+ /system/bin/setprop sys.credmgrdready true
+else
+ /system/bin/toybox echo "CREDINIT: Something goes wrong at credmgrd init!"
+fi
+
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
index d696393..9a26a89 100644
--- a/sepolicy/credmgrd.te
+++ b/sepolicy/credmgrd.te
@@ -63,4 +63,18 @@ allow credmgrd ion_device:chr_file { ioctl open read };
#============= credmgrd ==============
allow credmgrd cache_file:dir search;
+#============= credmgr init script ==============
+allow credmgrd cache_file:dir add_name;
+allow credmgrd cache_file:file { create getattr open read unlink write };
+allow credmgrd credmgrd_data_file:dir { getattr rename search };
+allow credmgrd devpts:chr_file { getattr ioctl open read write };
+allow credmgrd init:unix_stream_socket connectto;
+allow credmgrd property_socket:sock_file write;
+allow credmgrd shell_exec:file { getattr read };
+allow credmgrd system_data_file:dir { add_name remove_name write };
+allow credmgrd system_file:file execute_no_trans;
+allow credmgrd system_prop:property_service set;
+allow credmgrd toolbox_exec:file { execute execute_no_trans getattr open read };
+allow credmgrd credmgrd_data_file:dir { relabelto reparent rmdir };
+allow credmgrd system_data_file:dir { create relabelfrom setattr };
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index de91760..ef24289 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -37,6 +37,7 @@
###########
#credmgrd
/system/bin/credmgrd u:object_r:credmgrd_exec:s0
+/system/bin/credmgrfirstboot.sh u:object_r:credmgrd_exec:s0
/dev/socket/credmgr u:object_r:credmgrd_socket:s0
/data/credmgr(/.*)? u:object_r:credmgrd_data_file:s0
/cache/CredentialManagerData u:object_r:credmgrd_data_file:s0
diff --git a/shinano.mk b/shinano.mk
index a6a5612..07a40bb 100644
--- a/shinano.mk
+++ b/shinano.mk
@@ -55,6 +55,9 @@ PRODUCT_PACKAGES += \
libshims_signal \
libshims_idd
+PRODUCT_COPY_FILES += \
+ $(COMMON_PATH)/rootdir/system/bin/credmgrfirstboot.sh:system/bin/credmgrfirstboot.sh
+
# ANT+
PRODUCT_PACKAGES += \
AntHalService \