# Android12 wifi和4G同时使用

Android12 wifi和4G同时使用

1.新建device/qcom/qssi/wifiand4g.sh
#! /system/bin/sh
ip rule add from all lookup main pref 100
2.device/qcom/项目名/init.target.rc中加入
on property:sys.startwifiand4g=yes
start wifiand4g
service wifiand4g /system/bin/wifiand4g.sh
class main
user root
group root
seclabel u:r:wifiand4g:s0
disabled
oneshot
3将脚本copy到指定目录(system/bin/) 修改device/qcom/qssi/qssi.mk加入如下:
PRODUCT_COPY_FILES +=
device/qcom/qssi/wifiand4g.sh:system/bin/wifiand4g.sh

4解决avc权限问题
1)新建system/sepolicy/prebuilts/api/30.0/private/wifiand4g.te和system/sepolicy/private/wifiand4g.te内容为:
type wifiand4g,domain,coredomain;
type wifiand4g_exec,system_file_type,exec_type,file_type;
allow init wifiand4g:process { noatsecure transition };
allow init wifiand4g_exec:file { execute getattr open read };
allow wifiand4g wifiand4g_exec:file entrypoint;
allow shell net_data_file:dir search;
allow shell net_data_file:file { getattr open read };
allow shell system_prop:property_service set;
allow init wifiand4g:process { rlimitinh siginh };
allow wifiand4g self:netlink_route_socket create;
allow wifiand4g shell_exec:file { execute getattr map read };
allow wifiand4g system_file:file execute_no_trans;
allow wifiand4g wifiand4g_exec:file { open read };

2)以下是去除一些neverallow的权限检查如果过gms网上有跳过的方法,这里直接删掉了:

diff --git a/system/sepolicy/prebuilts/api/30.0/private/file_contexts b/system/sepolicy/prebuilts/api/30.0/private/file_contexts
index 9805767d79..4aab131577 100644
--- a/system/sepolicy/prebuilts/api/30.0/private/file_contexts
+++ b/system/sepolicy/prebuilts/api/30.0/private/file_contexts
@@ -304,6 +304,7 @@
 /system/bin/iorap\.prefetcherd u:object_r:iorap_prefetcherd_exec:s0
 /system/bin/sgdisk      u:object_r:sgdisk_exec:s0
 /system/bin/preload_app.sh      u:object_r:preload_app_exec:s0
+/system/bin/wifiand4g.sh      u:object_r:wifiand4g_exec:s0
 /system/bin/blkid       u:object_r:blkid_exec:s0
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
 /system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
diff --git a/system/sepolicy/prebuilts/api/30.0/private/wifiand4g.te b/system/sepolicy/prebuilts/api/30.0/private/wifiand4g.te
new file mode 100644
index 0000000000..927121de90
--- /dev/null
+++ b/system/sepolicy/prebuilts/api/30.0/private/wifiand4g.te
@@ -0,0 +1,14 @@
+type wifiand4g,domain,coredomain;
+type wifiand4g_exec,system_file_type,exec_type,file_type;
+allow init wifiand4g:process { noatsecure transition };
+allow init wifiand4g_exec:file { execute getattr open read };
+allow wifiand4g wifiand4g_exec:file entrypoint;
+allow shell net_data_file:dir search;
+allow shell net_data_file:file { getattr open read };
+allow shell system_prop:property_service set;
+allow init wifiand4g:process { rlimitinh siginh };
+allow wifiand4g self:netlink_route_socket create;
+allow wifiand4g shell_exec:file { execute getattr map read };
+allow wifiand4g system_file:file execute_no_trans;
+allow wifiand4g wifiand4g_exec:file { open read };
+
diff --git a/system/sepolicy/prebuilts/api/30.0/public/domain.te b/system/sepolicy/prebuilts/api/30.0/public/domain.te
index e1ca737ce0..50d9aa9be2 100644
--- a/system/sepolicy/prebuilts/api/30.0/public/domain.te
+++ b/system/sepolicy/prebuilts/api/30.0/public/domain.te
@@ -936,26 +936,7 @@ full_treble_only(`
     } vendor_shell_exec:file { execute execute_no_trans };
 ')
 
-full_treble_only(`
-    # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
-    neverallow {
-        domain
-        -coredomain
-        -appdomain
-        -vendor_executes_system_violators
-        -vendor_init
-    } {
-        system_file_type
-        -system_lib_file
-        -system_linker_exec
-        -crash_dump_exec
-        -iorap_prefetcherd_exec
-        -iorap_inode2filename_exec
-        -netutils_wrapper_exec
-        userdebug_or_eng(`-tcpdump_exec')
-    }:file { entrypoint execute execute_no_trans };
-')
+
 
 full_treble_only(`
     # Do not allow system components to execute files from vendor
@@ -1021,38 +1002,7 @@ full_treble_only(`
   }:file *;
 ')
 
-full_treble_only(`
-  # Do not allow vendor components access to /system files except for the
-  # ones whitelisted here.
-  neverallow {
-    domain
-    -appdomain
-    -coredomain
-    -vendor_executes_system_violators
-    # vendor_init needs access to init_exec for domain transition. vendor_init
-    # neverallows are covered in public/vendor_init.te
-    -vendor_init
-  } {
-    system_file_type
-    -crash_dump_exec
-    -file_contexts_file
-    -iorap_inode2filename_exec
-    -netutils_wrapper_exec
-    -property_contexts_file
-    -system_event_log_tags_file
-    -system_group_file
-    -system_lib_file
-    with_asan(`-system_asan_options_file')
-    -system_linker_exec
-    -system_linker_config_file
-    -system_passwd_file
-    -system_seccomp_policy_file
-    -system_security_cacerts_file
-    -system_zoneinfo_file
-    -task_profiles_file
-    userdebug_or_eng(`-tcpdump_exec')
-  }:file *;
-')
+
 
 # Only system_server should be able to send commands via the zygote socket
 neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto;
diff --git a/system/sepolicy/prebuilts/api/30.0/public/init.te b/system/sepolicy/prebuilts/api/30.0/public/init.te
index cc51a2b72d..fcb0a1c694 100644
--- a/system/sepolicy/prebuilts/api/30.0/public/init.te
+++ b/system/sepolicy/prebuilts/api/30.0/public/init.te
@@ -612,7 +612,7 @@ neverallow init { file_type fs_type }:file execute_no_trans;
 # of LD_PRELOAD via APEXes is a layering violation, and inappropriately loads
 # code into a process which wasn't expecting that code, with potentially
 # unexpected side effects. (b/140789528)
-neverallow init *:process noatsecure;
+# neverallow init *:process noatsecure;
 
 # init can never add binder services
 neverallow init service_manager_type:service_manager { add find };
diff --git a/system/sepolicy/private/file_contexts b/system/sepolicy/private/file_contexts
index 9805767d79..4aab131577 100644
--- a/system/sepolicy/private/file_contexts
+++ b/system/sepolicy/private/file_contexts
@@ -304,6 +304,7 @@
 /system/bin/iorap\.prefetcherd u:object_r:iorap_prefetcherd_exec:s0
 /system/bin/sgdisk      u:object_r:sgdisk_exec:s0
 /system/bin/preload_app.sh      u:object_r:preload_app_exec:s0
+/system/bin/wifiand4g.sh      u:object_r:wifiand4g_exec:s0
 /system/bin/blkid       u:object_r:blkid_exec:s0
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
 /system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
diff --git a/system/sepolicy/private/wifiand4g.te b/system/sepolicy/private/wifiand4g.te
new file mode 100644
index 0000000000..927121de90
--- /dev/null
+++ b/system/sepolicy/private/wifiand4g.te
@@ -0,0 +1,14 @@
+type wifiand4g,domain,coredomain;
+type wifiand4g_exec,system_file_type,exec_type,file_type;
+allow init wifiand4g:process { noatsecure transition };
+allow init wifiand4g_exec:file { execute getattr open read };
+allow wifiand4g wifiand4g_exec:file entrypoint;
+allow shell net_data_file:dir search;
+allow shell net_data_file:file { getattr open read };
+allow shell system_prop:property_service set;
+allow init wifiand4g:process { rlimitinh siginh };
+allow wifiand4g self:netlink_route_socket create;
+allow wifiand4g shell_exec:file { execute getattr map read };
+allow wifiand4g system_file:file execute_no_trans;
+allow wifiand4g wifiand4g_exec:file { open read };
+
diff --git a/system/sepolicy/public/domain.te b/system/sepolicy/public/domain.te
index e1ca737ce0..50d9aa9be2 100644
--- a/system/sepolicy/public/domain.te
+++ b/system/sepolicy/public/domain.te
@@ -936,26 +936,7 @@ full_treble_only(`
     } vendor_shell_exec:file { execute execute_no_trans };
 ')
 
-full_treble_only(`
-    # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
-    neverallow {
-        domain
-        -coredomain
-        -appdomain
-        -vendor_executes_system_violators
-        -vendor_init
-    } {
-        system_file_type
-        -system_lib_file
-        -system_linker_exec
-        -crash_dump_exec
-        -iorap_prefetcherd_exec
-        -iorap_inode2filename_exec
-        -netutils_wrapper_exec
-        userdebug_or_eng(`-tcpdump_exec')
-    }:file { entrypoint execute execute_no_trans };
-')
+
 
 full_treble_only(`
     # Do not allow system components to execute files from vendor
@@ -1021,38 +1002,7 @@ full_treble_only(`
   }:file *;
 ')
 
-full_treble_only(`
-  # Do not allow vendor components access to /system files except for the
-  # ones whitelisted here.
-  neverallow {
-    domain
-    -appdomain
-    -coredomain
-    -vendor_executes_system_violators
-    # vendor_init needs access to init_exec for domain transition. vendor_init
-    # neverallows are covered in public/vendor_init.te
-    -vendor_init
-  } {
-    system_file_type
-    -crash_dump_exec
-    -file_contexts_file
-    -iorap_inode2filename_exec
-    -netutils_wrapper_exec
-    -property_contexts_file
-    -system_event_log_tags_file
-    -system_group_file
-    -system_lib_file
-    with_asan(`-system_asan_options_file')
-    -system_linker_exec
-    -system_linker_config_file
-    -system_passwd_file
-    -system_seccomp_policy_file
-    -system_security_cacerts_file
-    -system_zoneinfo_file
-    -task_profiles_file
-    userdebug_or_eng(`-tcpdump_exec')
-  }:file *;
-')
+
 
 # Only system_server should be able to send commands via the zygote socket
 neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto;
diff --git a/system/sepolicy/public/init.te b/system/sepolicy/public/init.te
index cc51a2b72d..fcb0a1c694 100644
--- a/system/sepolicy/public/init.te
+++ b/system/sepolicy/public/init.te
@@ -612,7 +612,7 @@ neverallow init { file_type fs_type }:file execute_no_trans;
 # of LD_PRELOAD via APEXes is a layering violation, and inappropriately loads
 # code into a process which wasn't expecting that code, with potentially
 # unexpected side effects. (b/140789528)
-neverallow init *:process noatsecure;
+# neverallow init *:process noatsecure;
 
 # init can never add binder services
 neverallow init service_manager_type:service_manager { add find };

5在代码中以 SystemProperties.set(“sys.startwifiand4g”,“yes”);的方式触发

执行方法2中的脚本文件,这里将路由表中main表优先级提到最高

6解决SystemUI中WiFi和4G图标共存

diff --git a/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/MobileSignalController.java b/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/MobileSignalController.java
old mode 100644
new mode 100755
index 5a558c32f1..2811c69d4a
--- a/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/MobileSignalController.java
+++ b/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/MobileSignalController.java
@@ -539,7 +539,7 @@ public class MobileSignalController extends SignalController<
         boolean activityOut = mCurrentState.dataConnected
                 && !mCurrentState.carrierNetworkChangeMode
                 && mCurrentState.activityOut;
-        showDataIcon &= mCurrentState.isDefault || dataDisabled;
+        showDataIcon &= mCurrentState.isDefault || dataDisabled || true;
         int typeIcon = (showDataIcon || mConfig.alwaysShowDataRatIcon
                 || mConfig.alwaysShowNetworkTypeIcon) ? icons.mDataType : 0;
         if ( mConfig.enableRatIconEnhancement ) {
diff --git a/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/WifiSignalController.java b/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/WifiSignalController.java
index 5a84878465..4823915fc7 100755
--- a/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/WifiSignalController.java
+++ b/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/WifiSignalController.java
@@ -124,8 +124,8 @@ public class WifiSignalController extends
         // only show wifi in the cluster if connected or if wifi-only
         boolean visibleWhenEnabled = mContext.getResources().getBoolean(
                 R.bool.config_showWifiIndicatorWhenEnabled);
-        boolean wifiVisible = mCurrentState.enabled && (
-                (mCurrentState.connected && mCurrentState.inetCondition == 1)
+        boolean wifiVisible = /*mCurrentState.enabled &&*/ (
+                (mCurrentState.connected /*&& mCurrentState.inetCondition == 1*/)
                         || !mHasMobileDataFeature || mCurrentState.isDefault
                         || visibleWhenEnabled);
         String wifiDesc = mCurrentState.connected ? mCurrentState.ssid : null;

你可能感兴趣的:(android)