From e99db13236bc8ac3471fcb22e81178fc423679eb Mon Sep 17 00:00:00 2001
From: Arian <arian.kulmer@web.de>
Date: Tue, 6 Apr 2021 19:29:03 +0200
Subject: shinano-common: rootdir: Introduce a service to start suntrold

* suntrold is a oneshot service and spawns a subprocess which is required
  for the rear camera. Since [1] oneshot services' process groups are
  killed which prevents suntrold from working correctly.

* To work this issue around create a non-oneshot service, suntrold.sh, which
  never exits, so that suntrold can be started from it and it's subprocesses
  will not be killed.

[1] https://github.com/aosp-mirror/platform_system_core/commit/d89ed132a0ee1a57046286b83e64a35b71774952

[Idea of this is from LuK1337]

Co-authored-by: LuK1337 <priv.luk@gmail.com>
Change-Id: Id9c4f56648168f0ffe19b2bb31c591750afe6f97
---
 sepolicy/credmgrd.te   | 3 +++
 sepolicy/dontaudit.te  | 2 +-
 sepolicy/file_contexts | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'sepolicy')

diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
index 2b61930..38edd9f 100644
--- a/sepolicy/credmgrd.te
+++ b/sepolicy/credmgrd.te
@@ -18,4 +18,7 @@ allow credmgrd system_data_root_file:dir { create_dir_perms relabelfrom };
 allow credmgrd credmgrd_data_file:dir { create_dir_perms relabelto };
 allow credmgrd credmgrd_data_file:file create_file_perms;
 
+# Allow suntrold.sh to start suntrold
+allow credmgrd credmgrd_exec:file rx_file_perms;
+
 set_prop(credmgrd, credmgrd_prop)
diff --git a/sepolicy/dontaudit.te b/sepolicy/dontaudit.te
index 2ddef4b..faf73b3 100644
--- a/sepolicy/dontaudit.te
+++ b/sepolicy/dontaudit.te
@@ -1 +1 @@
-dontaudit domain credmgrd_exec:file *;
+dontaudit { domain -credmgrd } credmgrd_exec:file *;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index d95a492..d953062 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -18,6 +18,7 @@
 /(vendor|system/vendor)/bin/credmgrd                      u:object_r:credmgrd_exec:s0
 /(vendor|system/vendor)/bin/credmgrfirstboot\.sh          u:object_r:credmgrd_exec:s0
 /(vendor|system/vendor)/bin/suntrold                      u:object_r:credmgrd_exec:s0
+/(vendor|system/vendor)/bin/suntrold.sh                   u:object_r:credmgrd_exec:s0
 
 # Lineage hardware
 /(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.shinano u:object_r:hal_lineage_touch_default_exec:s0
-- 
cgit v1.2.3