diff options
-rw-r--r-- | rootdir/init.camera.rc | 18 | ||||
-rwxr-xr-x | rootdir/system/bin/credmgrfirstboot.sh | 27 | ||||
-rw-r--r-- | sepolicy/credmgrd.te | 14 | ||||
-rw-r--r-- | sepolicy/file_contexts | 1 | ||||
-rw-r--r-- | shinano.mk | 3 |
5 files changed, 61 insertions, 2 deletions
diff --git a/rootdir/init.camera.rc b/rootdir/init.camera.rc index 07fbc14..b27f675 100644 --- a/rootdir/init.camera.rc +++ b/rootdir/init.camera.rc @@ -72,8 +72,6 @@ on post-fs-data mkdir /data/media 0770 media_rw media_rw - mkdir /data/credmgr 0770 system credmgr_client - # SONY: Create dir for Widevine keybox mkdir /data/persist/wv 0700 system system @@ -98,6 +96,9 @@ on post-fs-data # SONY: Import MiscTA to System properties exec -- /system/bin/taimport property + + #Wait /data to init credmgrd + start initcredmgr service taimport /system/bin/taimport class late_start @@ -110,12 +111,25 @@ service iddd /system/bin/iddd user idd group idd log inet +# This script init /cache/CredentialManagerData if /data/credmgr doesn't meet our requirements +service initcredmgr /system/bin/credmgrfirstboot.sh + class main + user system + group credmgr_client + oneshot + +# When credmgrfirstboot is ready it set sys.credmgrdready=true. +# Start credmgrd after that +on property:sys.credmgrdready=true +start credmgrd + # Start Credential manager daemon service credmgrd /system/bin/credmgrd user system group credmgr_client socket credmgr stream 0660 system credmgr_client class main + disabled #doesn't exist on shinano. Keept for compat purpose # Start Security Daemon diff --git a/rootdir/system/bin/credmgrfirstboot.sh b/rootdir/system/bin/credmgrfirstboot.sh new file mode 100755 index 0000000..9d9c837 --- /dev/null +++ b/rootdir/system/bin/credmgrfirstboot.sh @@ -0,0 +1,27 @@ +#!/system/bin/sh +CREDFOLDER=/data/credmgr + +# If credmgrd data doesn't match our + +if [ $(find $CREDFOLDER -group credmgr_client -type f -name "credmgr.db" | wc -l ) -eq 0 ]; then + # If /data/credmgr exist remove it + /system/bin/logwrapper /system/bin/toybox echo "CREDINIT: Dont match" + if [ -d "$CREDFOLDER" ]; then + /system/bin/logwrapper /system/bin/toybox echo "CREDINIT: Drop old credmgrdata" + /system/bin/mv -vf $CREDFOLDER $CREDFOLDER.old + fi + # Put binary into /cache + /system/bin/logwrapper mkdir $CREDFOLDER + /system/bin/logwrapper chown system:credmgr_client $CREDFOLDER + /system/bin/logwrapper chcon u:object_r:credmgrd_data_file:s0 $CREDFOLDER + /system/bin/logwrapper /system/bin/toybox echo "CREDINIT: cp initial file" + /system/bin/logwrapper cp -v /system/vendor/CredentialManagerData /cache/CredentialManagerData +fi + +if [ $? -eq 0 ]; then + # Tell init we are ready + /system/bin/setprop sys.credmgrdready true +else + /system/bin/toybox echo "CREDINIT: Something goes wrong at credmgrd init!" +fi + diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te index d696393..9a26a89 100644 --- a/sepolicy/credmgrd.te +++ b/sepolicy/credmgrd.te @@ -63,4 +63,18 @@ allow credmgrd ion_device:chr_file { ioctl open read }; #============= credmgrd ============== allow credmgrd cache_file:dir search; +#============= credmgr init script ============== +allow credmgrd cache_file:dir add_name; +allow credmgrd cache_file:file { create getattr open read unlink write }; +allow credmgrd credmgrd_data_file:dir { getattr rename search }; +allow credmgrd devpts:chr_file { getattr ioctl open read write }; +allow credmgrd init:unix_stream_socket connectto; +allow credmgrd property_socket:sock_file write; +allow credmgrd shell_exec:file { getattr read }; +allow credmgrd system_data_file:dir { add_name remove_name write }; +allow credmgrd system_file:file execute_no_trans; +allow credmgrd system_prop:property_service set; +allow credmgrd toolbox_exec:file { execute execute_no_trans getattr open read }; +allow credmgrd credmgrd_data_file:dir { relabelto reparent rmdir }; +allow credmgrd system_data_file:dir { create relabelfrom setattr }; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index de91760..ef24289 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -37,6 +37,7 @@ ########### #credmgrd /system/bin/credmgrd u:object_r:credmgrd_exec:s0 +/system/bin/credmgrfirstboot.sh u:object_r:credmgrd_exec:s0 /dev/socket/credmgr u:object_r:credmgrd_socket:s0 /data/credmgr(/.*)? u:object_r:credmgrd_data_file:s0 /cache/CredentialManagerData u:object_r:credmgrd_data_file:s0 @@ -55,6 +55,9 @@ PRODUCT_PACKAGES += \ libshims_signal \ libshims_idd +PRODUCT_COPY_FILES += \ + $(COMMON_PATH)/rootdir/system/bin/credmgrfirstboot.sh:system/bin/credmgrfirstboot.sh + # ANT+ PRODUCT_PACKAGES += \ AntHalService \ |