Explicitly depend on sepolicy artifacts in recovery targets
This makes recoveryimage/bootimage targets explicitly depend on SELinux policy artifacts needed by recovery. Prior to this change, the dependency was contrived: these targets would rely on copying these files from "root" directory, and then overwriting sepolicy file with sepolicy.recovery. Test: Clean build, flash, device boots up just fine. No new denials. Reboot into recovery, recovery boot up just fine, no denials. This was tested on bullhead (non A/B device) and sailfish (A/B device). Bug: 33642277 Change-Id: Id2369253d0c7e02e079ae01ac7140b41880fd5ad
This commit is contained in:
parent
e65af5ce72
commit
2a7171a71a
|
@ -910,7 +910,15 @@ INTERNAL_RECOVERYIMAGE_FILES := $(filter $(TARGET_RECOVERY_OUT)/%, \
|
|||
$(ALL_DEFAULT_INSTALLED_MODULES))
|
||||
|
||||
recovery_initrc := $(call include-path-for, recovery)/etc/init.rc
|
||||
recovery_sepolicy := $(call intermediates-dir-for,ETC,sepolicy.recovery)/sepolicy.recovery
|
||||
recovery_sepolicy := \
|
||||
$(TARGET_RECOVERY_ROOT_OUT)/sepolicy \
|
||||
$(TARGET_RECOVERY_ROOT_OUT)/file_contexts.bin \
|
||||
$(TARGET_RECOVERY_ROOT_OUT)/plat_property_contexts \
|
||||
$(TARGET_RECOVERY_ROOT_OUT)/nonplat_property_contexts
|
||||
# Passed into rsync from non-recovery root to recovery root, to avoid overwriting recovery-specific
|
||||
# SELinux files
|
||||
IGNORE_RECOVERY_SEPOLICY := $(patsubst $(TARGET_RECOVERY_OUT)/%,--exclude=/%,$(recovery_sepolicy))
|
||||
|
||||
recovery_kernel := $(INSTALLED_KERNEL_TARGET) # same as a non-recovery system
|
||||
recovery_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.img
|
||||
recovery_build_prop := $(intermediate_system_build_prop)
|
||||
|
@ -1045,14 +1053,13 @@ define build-recoveryimage-target
|
|||
$(hide) mkdir -p $(TARGET_RECOVERY_OUT)
|
||||
$(hide) mkdir -p $(TARGET_RECOVERY_ROOT_OUT)/etc $(TARGET_RECOVERY_ROOT_OUT)/sdcard $(TARGET_RECOVERY_ROOT_OUT)/tmp
|
||||
@echo Copying baseline ramdisk...
|
||||
$(hide) rsync -a --exclude=etc --exclude=sdcard $(IGNORE_CACHE_LINK) $(TARGET_ROOT_OUT) $(TARGET_RECOVERY_OUT) # "cp -Rf" fails to overwrite broken symlinks on Mac.
|
||||
# Use rsync because "cp -Rf" fails to overwrite broken symlinks on Mac.
|
||||
$(hide) rsync -a --exclude=etc --exclude=sdcard $(IGNORE_RECOVERY_SEPOLICY) $(IGNORE_CACHE_LINK) $(TARGET_ROOT_OUT) $(TARGET_RECOVERY_OUT)
|
||||
@echo Modifying ramdisk contents...
|
||||
$(if $(BOARD_RECOVERY_KERNEL_MODULES), \
|
||||
$(call build-image-kernel-modules,$(BOARD_RECOVERY_KERNEL_MODULES),$(TARGET_RECOVERY_ROOT_OUT),,$(call intermediates-dir-for,PACKAGING,depmod_recovery)))
|
||||
$(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/init*.rc
|
||||
$(hide) cp -f $(recovery_initrc) $(TARGET_RECOVERY_ROOT_OUT)/
|
||||
$(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/sepolicy
|
||||
$(hide) cp -f $(recovery_sepolicy) $(TARGET_RECOVERY_ROOT_OUT)/sepolicy
|
||||
$(hide) cp $(TARGET_ROOT_OUT)/init.recovery.*.rc $(TARGET_RECOVERY_ROOT_OUT)/ || true # Ignore error when the src file doesn't exist.
|
||||
$(hide) mkdir -p $(TARGET_RECOVERY_ROOT_OUT)/res
|
||||
$(hide) rm -rf $(TARGET_RECOVERY_ROOT_OUT)/res/*
|
||||
|
|
Loading…
Reference in New Issue