From 3b85d8a04ce103ed1530c82f521a913a068179b4 Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 1 Jun 2017 02:55:50 -0400 Subject: [PATCH] TimeKeep sepolicy atteempt 2 --- Scripts/Generic_Deblob.sh | 18 +++++++++++++----- Scripts/LAOS-14.1_Patches.sh | 1 + 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/Scripts/Generic_Deblob.sh b/Scripts/Generic_Deblob.sh index c7e93060..2f2d0935 100755 --- a/Scripts/Generic_Deblob.sh +++ b/Scripts/Generic_Deblob.sh @@ -247,12 +247,20 @@ deblobDevice() { fi; if [ -d sepolicy ]; then #Switch to Sony TimeKeep - echo "/system/bin/timekeep u:object_r:timekeep_exec:s0" >> sepolicy/file_contexts; + echo "set_prop(system_app, timekeep_prop)" >> sepolicy/system_app.te; + echo "r_dir_file(system_app, sysfs_timekeep)" >> sepolicy/system_app.te; + echo "allow system_app time_data_file:dir { create_dir_perms search };" >> sepolicy/system_app.te; + echo "allow system_app time_data_file:file create_file_perms;" >> sepolicy/system_app.te; + echo "get_prop(shell, timekeep_prop)" >> sepolicy/shell.te; + echo "com.sony.timekeep u:object_r:timekeep_service:s0" >> sepolicy/service_contexts; + echo "type timekeep_service, service_manager_type;" >> sepolicy/service.te; + echo "user=system seinfo=platform name=com.sony.timekeep domain=system_app type=system_app_data_fil" >> sepolicy/seapp_contexts; + echo "persist.sys.timeadjust u:object_r:timekeep_prop:s0" >> sepolicy/property_contexts; echo "type timekeep_prop, property_type;" >> sepolicy/property.te; - echo "persist.sys.timeadjust u:object_r:timekeep_prop:s0" >> sepolicy/property_contexts; - echo "com.sony.timekeep u:object_r:timekeep_service:s0" >> sepolicy/service_contexts; - echo "allow system_app timekeep_prop:property_service set" >> sepolicy/system_app.te; - echo -e "type timekeep, domain;\ntype timekeep_exec, exec_type, file_type;\ntype timekeep_service, service_manager_type;\ninit_daemon_domain(timekeep)\nallow timekeep self:capability { sys_time };" >> sepolicy/timekeep.te; + echo "/system/bin/timekeep u:object_r:timekeep_exec:s0" >> sepolicy/file_contexts; + echo "/sys/devices(/soc\.0|/soc)?/00-qcom,pm(8226|8941|8950|8974|8992|8994)_rtc/rtc/rtc0/since_epoch u:object_r:sysfs_timekeep:s0" >> sepolicy/file_contexts; + echo "type sysfs_timekeep, fs_type, sysfs_type;" >> sepolicy/file.te; + cp /tmp/ar/timekeep.te sepolicy/timekeep.te; fi; sed -i 's|service time_daemon /system/bin/time_daemon|service timekeep /system/bin/timekeep restore\n oneshot|' init.*.rc rootdir/init.*.rc rootdir/etc/init.*.rc &> /dev/null || true; #Switch to Sony TimeKeep rm -f rootdir/etc/init.qti.ims.sh #Remove IMS startup script diff --git a/Scripts/LAOS-14.1_Patches.sh b/Scripts/LAOS-14.1_Patches.sh index 6e2ec866..1176a76c 100755 --- a/Scripts/LAOS-14.1_Patches.sh +++ b/Scripts/LAOS-14.1_Patches.sh @@ -24,6 +24,7 @@ mkdir -p /tmp/ar cd /tmp/ar wget https://spotco.us/hosts -N #XXX: /hosts is built from non-commercial use files, switch to /hsc for release wget https://github.com/Ranks/emojione/raw/master/extras/fonts/emojione-android.ttf -N #XXX: Requires attribuition +wget https://raw.githubusercontent.com/omnirom/android_device_sony_loire-common/android-7.1/sepolicy/timekeep.te #Accept all SDK licences, not normally needed but Gradle managed apps fail without it mkdir -p "$ANDROID_HOME/licenses"