diff options
| author | Matthew Maurer <mmaurer@google.com> | 2019-02-21 13:58:26 -0800 |
|---|---|---|
| committer | Matthew Maurer <mmaurer@google.com> | 2019-03-21 15:43:16 -0700 |
| commit | aa426ec0760e8605abe326910d04124c3ccefd88 (patch) | |
| tree | 856151d6f451a3b5dd7313d215c0e985977baf95 | |
| parent | 15084b78fca9ab32dfbd72b882b0b02a6dd64eb9 (diff) | |
| download | device_generic_trusty-aa426ec0760e8605abe326910d04124c3ccefd88.tar.gz device_generic_trusty-aa426ec0760e8605abe326910d04124c3ccefd88.tar.bz2 device_generic_trusty-aa426ec0760e8605abe326910d04124c3ccefd88.zip | |
Configure and launch storageproxyd
Bug: 124277696
Test: Boot with trusty, run trusty-ut-ctrl "com.android.storage-unittest.td"
Change-Id: Idc447015f222cb5a5cbcc2be2ca84c73d4045d1d
| -rw-r--r-- | init.qemu_trusty.rc | 9 | ||||
| -rw-r--r-- | qemu_trusty_base.mk | 1 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 5 | ||||
| -rw-r--r-- | sepolicy/storageproxyd.te | 4 | ||||
| -rw-r--r-- | sepolicy/trusty_test.te | 3 | ||||
| -rw-r--r-- | ueventd.qemu_trusty.rc | 2 |
6 files changed, 20 insertions, 4 deletions
diff --git a/init.qemu_trusty.rc b/init.qemu_trusty.rc index a67cf48..0adfad0 100644 --- a/init.qemu_trusty.rc +++ b/init.qemu_trusty.rc @@ -6,6 +6,9 @@ on early-init on post-fs-data setprop vold.post_fs_data_done 1 +# The storage proxy is a vendor binary, and so cannot access /data/ss + mkdir /data/vendor/ss 700 system system + enable storageproxyd on boot chown root system /sys/power/wake_lock @@ -104,3 +107,9 @@ service bugreport /system/bin/dumpstate -d -p -B \ disabled oneshot keycodes 114 115 116 + +service storageproxyd /vendor/bin/storageproxyd -d /dev/trusty-ipc-dev0 \ + -r /dev/vport3p1 -p /data/vendor/ss -t virt + class main + disabled + user root diff --git a/qemu_trusty_base.mk b/qemu_trusty_base.mk index 87b1bf1..e910048 100644 --- a/qemu_trusty_base.mk +++ b/qemu_trusty_base.mk @@ -74,6 +74,7 @@ PRODUCT_FULL_TREBLE_OVERRIDE := true PRODUCT_COPY_FILES += \ device/generic/qemu/fstab.ranchu:root/fstab.qemu_trusty \ device/generic/trusty/init.qemu_trusty.rc:root/init.qemu_trusty.rc \ + device/generic/trusty/ueventd.qemu_trusty.rc:root/ueventd.qemu_trusty.rc \ PRODUCT_COPY_FILES += \ device/generic/goldfish/data/etc/config.ini:config.ini \ diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 6e7e8c6..42e1b50 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,3 +1,6 @@ -/dev/trusty-ipc-dev0 u:object_r:trusty_ipc_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/vport3p1 u:object_r:rpmb_virt_device:s0 /vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 /data/vendor/var/run(/.*)? u:object_r:varrun_file:s0 +/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 diff --git a/sepolicy/storageproxyd.te b/sepolicy/storageproxyd.te new file mode 100644 index 0000000..578106b --- /dev/null +++ b/sepolicy/storageproxyd.te @@ -0,0 +1,4 @@ +type rpmb_virt_device, dev_type; + +allow tee rpmb_virt_device:chr_file { open read write }; +allow tee self:capability { setgid setuid }; diff --git a/sepolicy/trusty_test.te b/sepolicy/trusty_test.te deleted file mode 100644 index 08d347a..0000000 --- a/sepolicy/trusty_test.te +++ /dev/null @@ -1,3 +0,0 @@ -type trusty_ipc_device, dev_type; - -allow shell trusty_ipc_device:chr_file { open read write ioctl }; diff --git a/ueventd.qemu_trusty.rc b/ueventd.qemu_trusty.rc new file mode 100644 index 0000000..0fd832e --- /dev/null +++ b/ueventd.qemu_trusty.rc @@ -0,0 +1,2 @@ +/dev/vport3p1 0660 system system +/dev/trusty-ipc-dev0 0660 system drmrpc |