From aa426ec0760e8605abe326910d04124c3ccefd88 Mon Sep 17 00:00:00 2001 From: Matthew Maurer Date: Thu, 21 Feb 2019 13:58:26 -0800 Subject: Configure and launch storageproxyd Bug: 124277696 Test: Boot with trusty, run trusty-ut-ctrl "com.android.storage-unittest.td" Change-Id: Idc447015f222cb5a5cbcc2be2ca84c73d4045d1d --- init.qemu_trusty.rc | 9 +++++++++ qemu_trusty_base.mk | 1 + sepolicy/file_contexts | 5 ++++- sepolicy/storageproxyd.te | 4 ++++ sepolicy/trusty_test.te | 3 --- ueventd.qemu_trusty.rc | 2 ++ 6 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 sepolicy/storageproxyd.te delete mode 100644 sepolicy/trusty_test.te create mode 100644 ueventd.qemu_trusty.rc diff --git a/init.qemu_trusty.rc b/init.qemu_trusty.rc index a67cf48..0adfad0 100644 --- a/init.qemu_trusty.rc +++ b/init.qemu_trusty.rc @@ -6,6 +6,9 @@ on early-init on post-fs-data setprop vold.post_fs_data_done 1 +# The storage proxy is a vendor binary, and so cannot access /data/ss + mkdir /data/vendor/ss 700 system system + enable storageproxyd on boot chown root system /sys/power/wake_lock @@ -104,3 +107,9 @@ service bugreport /system/bin/dumpstate -d -p -B \ disabled oneshot keycodes 114 115 116 + +service storageproxyd /vendor/bin/storageproxyd -d /dev/trusty-ipc-dev0 \ + -r /dev/vport3p1 -p /data/vendor/ss -t virt + class main + disabled + user root diff --git a/qemu_trusty_base.mk b/qemu_trusty_base.mk index 87b1bf1..e910048 100644 --- a/qemu_trusty_base.mk +++ b/qemu_trusty_base.mk @@ -74,6 +74,7 @@ PRODUCT_FULL_TREBLE_OVERRIDE := true PRODUCT_COPY_FILES += \ device/generic/qemu/fstab.ranchu:root/fstab.qemu_trusty \ device/generic/trusty/init.qemu_trusty.rc:root/init.qemu_trusty.rc \ + device/generic/trusty/ueventd.qemu_trusty.rc:root/ueventd.qemu_trusty.rc \ PRODUCT_COPY_FILES += \ device/generic/goldfish/data/etc/config.ini:config.ini \ diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 6e7e8c6..42e1b50 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,3 +1,6 @@ -/dev/trusty-ipc-dev0 u:object_r:trusty_ipc_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/vport3p1 u:object_r:rpmb_virt_device:s0 /vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 /data/vendor/var/run(/.*)? u:object_r:varrun_file:s0 +/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 diff --git a/sepolicy/storageproxyd.te b/sepolicy/storageproxyd.te new file mode 100644 index 0000000..578106b --- /dev/null +++ b/sepolicy/storageproxyd.te @@ -0,0 +1,4 @@ +type rpmb_virt_device, dev_type; + +allow tee rpmb_virt_device:chr_file { open read write }; +allow tee self:capability { setgid setuid }; diff --git a/sepolicy/trusty_test.te b/sepolicy/trusty_test.te deleted file mode 100644 index 08d347a..0000000 --- a/sepolicy/trusty_test.te +++ /dev/null @@ -1,3 +0,0 @@ -type trusty_ipc_device, dev_type; - -allow shell trusty_ipc_device:chr_file { open read write ioctl }; diff --git a/ueventd.qemu_trusty.rc b/ueventd.qemu_trusty.rc new file mode 100644 index 0000000..0fd832e --- /dev/null +++ b/ueventd.qemu_trusty.rc @@ -0,0 +1,2 @@ +/dev/vport3p1 0660 system system +/dev/trusty-ipc-dev0 0660 system drmrpc -- cgit v1.2.3