MTK Android10添加分区
提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
MTK Android10添加分区
- 前言
- 一、添加分区
-
- 1.添加分区,写大小
- 1.修改编译脚本,生成xunye.img
- 二、修改权限
-
- 1.修改SE权限
- 2.修改系统app读写xunye分区的权限
- 总结
前言
这里的分区修改是xml文件的,如果是修改表格文件的,参考
AndroidQ(10.0) MTK平台添加新分区
Android11.0® MTK平台添加新分区
一、添加分区
1.添加分区,写大小
diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml
index 18c4eb4bd3..dc4b46cb9e 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml
@@ -26,7 +26,7 @@
<!-- <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="65536" name="recovery"/> -->
<entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="1024" name="para"/>
<entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="16384" name="logo"/>
-
+ <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="262144" name="xunye"/>
<entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="16384" name="dtbo_a"/>
<entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="16384" name="dtbo_b"/>
diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json
index cf04a1fcd6..f0055695ae 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json
@@ -203,6 +203,14 @@
"logo": {
"file_name": "logo.bin",
"type": "NORMAL_ROM"
+ },
+ "XUNYE": {
+ "file_name": "xunye.img",
+ "type": "NORMAL_ROM"
+ },
+ "xunye": {
+ "file_name": "xunye.img",
+ "type": "NORMAL_ROM"
},
"DTBO": {
"file_name": "dtbo.img",
1.修改编译脚本,生成xunye.img
diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk
index 06c275f4ac..c1ed6354c3 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk
@@ -7,6 +7,8 @@ include device/mediatek/mt8168/BoardConfig.mk
# Bluetooth
BOARD_BLUETOOTH_BDROID_BUILDCFG_INCLUDE_DIR := $(MTK_TARGET_PROJECT_FOLDER)/bluetooth
+BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE := ext4
diff --git a/alps/build/make/core/Makefile b/alps/build/make/core/Makefile
index a4cbd608c2..6ccbccc15d 100644
--- a/alps/build/make/core/Makefile
+++ b/alps/build/make/core/Makefile
@@ -1402,6 +1402,12 @@ endif # PRODUCT_USE_DYNAMIC_PARTITIONS
# $(2): a subset of "system vendor cache userdata product product_services oem odm"
# $(3): additional "key=value" pairs to append to the dictionary file.
define generate-image-prop-dictionary
+
+@echo "xunye_fs_type generate-image-prop-dictionary"
+@echo "xunye(2)=$(2)"
+@echo "xunye_fs_type=$(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE)"
+@echo "xunye_size=$(BOARD_XUNYEIMAGE_PARTITION_SIZE)"
+
$(if $(filter $(2),system),\
$(if $(BOARD_SYSTEMIMAGE_PARTITION_SIZE),$(hide) echo "system_size=$(BOARD_SYSTEMIMAGE_PARTITION_SIZE)" >> $(1))
$(if $(INTERNAL_SYSTEM_OTHER_PARTITION_SIZE),$(hide) echo "system_other_size=$(INTERNAL_SYSTEM_OTHER_PARTITION_SIZE)" >> $(1))
@@ -1421,6 +1427,12 @@ $(if $(filter $(2),userdata),\
$(if $(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "userdata_fs_type=$(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
$(if $(BOARD_USERDATAIMAGE_PARTITION_SIZE),$(hide) echo "userdata_size=$(BOARD_USERDATAIMAGE_PARTITION_SIZE)" >> $(1))
)
+$(if $(filter $(2),xunye),\
+ $(if $(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "xunye_fs_type=$(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
+ $(if $(BOARD_XUNYEIMAGE_PARTITION_SIZE),$(hide) echo "xunye_size=$(BOARD_XUNYEIMAGE_PARTITION_SIZE)" >> $(1))
+ @echo "xunye_fs_type=$(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE)"
+ @echo "xunye_size=$(BOARD_XUNYEIMAGE_PARTITION_SIZE)"
+)
$(if $(filter $(2),cache),\
$(if $(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "cache_fs_type=$(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
$(if $(BOARD_CACHEIMAGE_PARTITION_SIZE),$(hide) echo "cache_size=$(BOARD_CACHEIMAGE_PARTITION_SIZE)" >> $(1))
@@ -2684,6 +2696,45 @@ else # BUILDING_CACHE_IMAGE
IGNORE_CACHE_LINK := --exclude=cache
endif # BUILDING_CACHE_IMAGE
+
+#-----add by xuanye start
+# -----------------------------------------------------------------
+# xunye partition image
+# ifdef BUILDING_XUNYE_IMAGE
+ifdef BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+INTERNAL_XUNYEIMAGE_FILES := \
+ $(filter $(TARGET_OUT_XUNYE)/%,$(ALL_DEFAULT_INSTALLED_MODULES))
+
+xunyeimage_intermediates := \
+ $(call intermediates-dir-for,PACKAGING,xunye)
+BUILT_XUNYEIMAGE_TARGET := $(PRODUCT_OUT)/xunye.img
+
+define build-xunyeimage-target
+ $(call pretty,"Target xunye fs image: $(INSTALLED_XUNYEIMAGE_TARGET)")
+ @mkdir -p $(TARGET_OUT_XUNYE)
+ @mkdir -p $(xunyeimage_intermediates) && rm -rf $(xunyeimage_intermediates)/xunye_image_info.txt
+ $(call generate-image-prop-dictionary, $(xunyeimage_intermediates)/xunye_image_info.txt,xunye,skip_fsck=true)
+ $(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH \
+ build/make/tools/releasetools/build_image.py \
+ $(TARGET_OUT_XUNYE) $(xunyeimage_intermediates)/xunye_image_info.txt $(INSTALLED_XUNYEIMAGE_TARGET) $(TARGET_OUT)
+ $(hide) $(call assert-max-image-size,$(INSTALLED_XUNYEIMAGE_TARGET),$(BOARD_XUNYEIMAGE_PARTITION_SIZE))
+endef
+
+# We just build this directly to the install location.
+INSTALLED_XUNYEIMAGE_TARGET := $(BUILT_XUNYEIMAGE_TARGET)
+$(INSTALLED_XUNYEIMAGE_TARGET): $(INTERNAL_USERIMAGES_DEPS) $(INTERNAL_XUNYEIMAGE_FILES) $(BUILD_IMAGE_SRCS)
+ $(build-xunyeimage-target)
+
+.PHONY: xunyeimage-nodeps
+xunyeimage-nodeps: | $(INTERNAL_USERIMAGES_DEPS)
+ $(build-xunyeimage-target)
+
+else # BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+# we need to ignore the broken xunye link when doing the rsync
+IGNORE_XUNYE_LINK := --exclude=xunye
+endif # BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+#-----add by xuanye end
+
# -----------------------------------------------------------------
# system_other partition image
ifdef BUILDING_SYSTEM_OTHER_IMAGE
@@ -3864,6 +3915,7 @@ $(BUILT_TARGET_FILES_PACKAGE): \
$(FULL_SYSTEMIMAGE_DEPS) \
$(INSTALLED_USERDATAIMAGE_TARGET) \
$(INSTALLED_CACHEIMAGE_TARGET) \
+ $(INSTALLED_XUNYEIMAGE_TARGET) \
$(INSTALLED_VENDORIMAGE_TARGET) \
$(INSTALLED_PRODUCTIMAGE_TARGET) \
$(INSTALLED_PRODUCT_SERVICESIMAGE_TARGET) \
diff --git a/alps/build/make/core/board_config.mk b/alps/build/make/core/board_config.mk
index ac0f27da53..00f234a505 100644
--- a/alps/build/make/core/board_config.mk
+++ b/alps/build/make/core/board_config.mk
@@ -63,6 +63,8 @@ _board_strip_readonly_list += \
BOARD_USERDATAIMAGE_PARTITION_SIZE \
BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE \
BOARD_CACHEIMAGE_PARTITION_SIZE \
+ BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE \
+ BOARD_XUNYEIMAGE_PARTITION_SIZE \
BOARD_VENDORIMAGE_PARTITION_SIZE \
BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE \
BOARD_PRODUCTIMAGE_PARTITION_SIZE \
diff --git a/alps/build/make/core/config.mk b/alps/build/make/core/config.mk
index 5b66b2ba05..78e6445f51 100644
--- a/alps/build/make/core/config.mk
+++ b/alps/build/make/core/config.mk
@@ -1162,6 +1162,7 @@ dont_bother_goals := out \
stnod systemtarball-nodeps \
userdataimage-nodeps userdatatarball-nodeps \
cacheimage-nodeps \
+ xunyeimage-nodeps \
bptimage-nodeps \
vnod vendorimage-nodeps \
pnod productimage-nodeps \
diff --git a/alps/build/make/core/envsetup.mk b/alps/build/make/core/envsetup.mk
index 5131598a94..b0467a9563 100644
--- a/alps/build/make/core/envsetup.mk
+++ b/alps/build/make/core/envsetup.mk
@@ -599,6 +599,9 @@ endif
TARGET_OUT_CACHE := $(PRODUCT_OUT)/cache
.KATI_READONLY := TARGET_OUT_CACHE
+TARGET_OUT_XUNYE := $(PRODUCT_OUT)/xunye
+
+
TARGET_OUT_VENDOR := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_VENDOR)
.KATI_READONLY := TARGET_OUT_VENDOR
ifneq ($(filter address,$(SANITIZE_TARGET)),)
diff --git a/alps/build/make/core/main.mk b/alps/build/make/core/main.mk
index 80078e3a83..f74c389905 100644
--- a/alps/build/make/core/main.mk
+++ b/alps/build/make/core/main.mk
@@ -1602,6 +1602,9 @@ userdatatarball: $(INSTALLED_USERDATATARBALL_TARGET)
.PHONY: cacheimage
cacheimage: $(INSTALLED_CACHEIMAGE_TARGET)
+.PHONY: xunyeimage
+xunyeimage: $(INSTALLED_XUNYEIMAGE_TARGET)
+
.PHONY: bptimage
bptimage: $(INSTALLED_BPTIMAGE_TARGET)
@@ -1647,6 +1650,7 @@ droidcore: $(filter $(HOST_OUT_ROOT)/%,$(modules_to_install)) \
$(INSTALLED_VBMETAIMAGE_TARGET) \
$(INSTALLED_USERDATAIMAGE_TARGET) \
$(INSTALLED_CACHEIMAGE_TARGET) \
+ $(INSTALLED_XUNYEIMAGE_TARGET) \
$(INSTALLED_BPTIMAGE_TARGET) \
$(INSTALLED_VENDORIMAGE_TARGET) \
$(INSTALLED_ODMIMAGE_TARGET) \
diff --git a/alps/build/make/tools/releasetools/build_image.py b/alps/build/make/tools/releasetools/build_image.py
index 4136ed432e..e6f1dcfd3c 100755
--- a/alps/build/make/tools/releasetools/build_image.py
+++ b/alps/build/make/tools/releasetools/build_image.py
@@ -389,7 +389,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None):
build_command = []
fs_type = prop_dict.get("fs_type", "")
-
+ logger.error("xunye fs_type %s", fs_type)
+ logger.error("xunye in_dir %s",in_dir)
fs_spans_partition = True
if fs_type.startswith("squash"):
fs_spans_partition = False
@@ -401,6 +402,7 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None):
if (prop_dict.get("use_dynamic_partition_size") == "true" and
"partition_size" not in prop_dict):
# If partition_size is not defined, use output of `du' + reserved_size.
+ logger.error("no partition_size %s",in_dir)
size = GetDiskUsage(in_dir)
logger.info(
"The tree size of %s is %d MB.", in_dir, size // BYTES_IN_MB)
@@ -468,6 +470,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None):
"Allocating %d MB for %s.", size // BYTES_IN_MB, out_file)
prop_dict["image_size"] = prop_dict["partition_size"]
+ logger.error("xunye image_size %s", prop_dict["image_size"])
+ logger.error("xunye partition_size %s", prop_dict["partition_size"])
# Adjust the image size to make room for the hashes if this is to be verified.
if verity_image_builder:
@@ -536,6 +540,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
copy_prop(p, p)
d["mount_point"] = mount_point
+ logger.error("xunye mount_point %s", mount_point)
if mount_point == "system":
copy_prop("avb_system_hashtree_enable", "avb_hashtree_enable")
copy_prop("avb_system_add_hashtree_footer_args",
@@ -597,6 +602,10 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
elif mount_point == "cache":
copy_prop("cache_fs_type", "fs_type")
copy_prop("cache_size", "partition_size")
+ elif mount_point == "xunye":
+ copy_prop("fs_type", "fs_type")
+ copy_prop("xunye_fs_type", "fs_type")
+ copy_prop("xunye_size", "partition_size")
elif mount_point == "vendor":
copy_prop("avb_vendor_hashtree_enable", "avb_hashtree_enable")
copy_prop("avb_vendor_add_hashtree_footer_args",
@@ -761,6 +770,8 @@ def main(argv):
mount_point = "data"
elif image_filename == "cache.img":
mount_point = "cache"
+ elif image_filename == "xunye.img":
+ mount_point = "xunye"
elif image_filename == "vendor.img":
mount_point = "vendor"
elif image_filename == "odm.img":
diff --git a/alps/device/mediatek/mt8168/BoardConfig.mk b/alps/device/mediatek/mt8168/BoardConfig.mk
index fe2e7390e2..30d5356cd0 100644
--- a/alps/device/mediatek/mt8168/BoardConfig.mk
+++ b/alps/device/mediatek/mt8168/BoardConfig.mk
@@ -189,6 +189,7 @@ BOARD_USERDATAIMAGE_PARTITION_SIZE := $(call get-partition-size,userdata)
BOARD_VENDORIMAGE_PARTITION_SIZE := $(call get-partition-size,vendor_a)
BOARD_BOOTIMAGE_PARTITION_SIZE := $(call get-partition-size,boot_a)
BOARD_DTBOIMG_PARTITION_SIZE := $(call get-partition-size,dtbo_a)
+BOARD_XUNYEIMAGE_PARTITION_SIZE := $(call get-partition-size,xunye)
else
BOARD_MAIN_SIZE := $(call get-partition-size,super)
BOARD_SUPER_PARTITION_SIZE := $(call get-partition-size,super)
@@ -199,6 +200,7 @@ BOARD_BOOTIMAGE_PARTITION_SIZE := $(call get-partition-size,boot)
BOARD_DTBOIMG_PARTITION_SIZE := $(call get-partition-size,dtbo)
BOARD_CACHEIMAGE_PARTITION_SIZE := $(call get-partition-size,cache)
BOARD_RECOVERYIMAGE_PARTITION_SIZE := $(call get-partition-size,recovery)
+BOARD_XUNYEIMAGE_PARTITION_SIZE := $(call get-partition-size,xunye)
endif
生成xunye目录
diff --git a/alps/system/core/rootdir/Android.mk b/alps/system/core/rootdir/Android.mk
index 7ff1588b23..2291e5532a 100644
--- a/alps/system/core/rootdir/Android.mk
+++ b/alps/system/core/rootdir/Android.mk
@@ -144,6 +144,11 @@ ifdef BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE
else
LOCAL_POST_INSTALL_CMD += ; ln -sf /data/cache $(TARGET_ROOT_OUT)/cache
endif
+
+ifdef BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+ LOCAL_POST_INSTALL_CMD += ; mkdir -p $(TARGET_ROOT_OUT)/xunye
+endif
+
二、修改权限
1.修改SE权限
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/device.te b/alps/device/mediatek/sepolicy/bsp/non_plat/device.te
index 2a0a28eee2..831378eed5 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/device.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/device.te
@@ -21,3 +21,8 @@ allow system_server teei_client_device:chr_file r_file_perms;
# Purpose : Add permission for nwk
type nwkopt_device, dev_type;
type tx_device, dev_type;
+
+# add for xunye
+type xunye_device, dev_type;
+type xunye_block_device, dev_type;
diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te b/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te
index 6086c27678..ca6195b52f 100644
--- a/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te
@@ -5,3 +5,6 @@
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow drmserver proc_ged:file rw_file_perms;
+allow drmserver xunye_file:dir search;
+allow drmserver xunye_file:dir rw_dir_perms;
+allow drmserver xunye_file:file { read write open ioctl map};
diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te b/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te
index 635d3c7641..e54295c0a5 100644
--- a/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te
@@ -16,3 +16,5 @@ allow fsck oem_block_device:blk_file rw_file_perms;
# Date : WK17.12
# Purpose: Fix bootup fail
allow fsck system_block_device:blk_file getattr;
+#allow fsck block_device:blk_file read;
+#allow fsck block_device:blk_file write;
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/file.te b/alps/device/mediatek/sepolicy/bsp/non_plat/file.te
index 6202d0be45..f2b49a1f66 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/file.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/file.te
@@ -77,3 +77,5 @@ type proc_tkcore, fs_type, proc_type;
type mnt_het, file_type;
+# add for xunye
+type xunye_file, file_type, data_file_type;
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts b/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts
index 407ad8e08a..db7c743a4f 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts
@@ -182,3 +182,7 @@
/mnt/het(/.*)? u:object_r:mnt_het:s0
+# add for xunye
+/dev/block/platform/bootdevice/by-name/xunye u:object_r:xunye_block_device:s0
+/xunye(/.*)? u:object_r:xunye_file:s0
+
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te b/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te
index 33e62cff55..5b5d18f92c 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te
@@ -6,3 +6,8 @@ allow fsck sysfs_fs_ext4_features:dir search;
# Purpose : Allow resize.f2fs to read in "f2fs" block dev
allow init fsck_exec: lnk_file r_file_perms;
allowxperm fsck userdata_block_device:blk_file ioctl BLKSECDISCARD;
+
+# add for xunye
+allow fsck xunye_block_device:blk_file rw_file_perms;
+
+
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/init.te b/alps/device/mediatek/sepolicy/bsp/non_plat/init.te
index 2bf788da9e..37cddc93a7 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/init.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/init.te
@@ -32,3 +32,8 @@ allow init proc_drop_caches:file w_file_perms;
# Purpose: Allow to setattr for duraspeed.rc
allow init proc_cpu_loading:file setattr;
allow init proc_low_memory_hit:file setattr;
+
+# add for xunye
+allow init xunye_block_device:blk_file relabelto;
+allow init xunye_file:dir mounton;
2.修改系统app读写xunye分区的权限
diff --git a/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te b/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te
index 319bd99c59..378aa02a98 100644
--- a/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te
+++ b/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te
@@ -14,3 +14,9 @@ allow system_app system_data_file:file create;
allow system_app system_data_file:dir write;
allow system_app system_data_file:dir read;
allow system_app system_data_file:dir add_name;
+allow system_app apk_data_file:dir write;
+allow system_app logo_block_device:blk_file write;
+allow system_app logo_block_device:blk_file read;
+allow system_app logo_block_device:blk_file open;
+allow system_app logo_block_device:blk_file getattr;
+allow system_app xunye_file:file setattr;
diff --git a/alps/device/mediatek/mt8168/ueventd.mt8168.rc b/alps/device/mediatek/mt8168/ueventd.mt8168.rc
index d2cdeba2a1..019bd67094 100644
--- a/alps/device/mediatek/mt8168/ueventd.mt8168.rc
+++ b/alps/device/mediatek/mt8168/ueventd.mt8168.rc
@@ -6,6 +6,7 @@
/dev/block/platform/soc/11230000.mmc/by-name/nvram 0660 root system
/dev/block/platform/soc/11230000.mmc/by-name/para 0660 root system
/dev/block/platform/soc/11230000.mmc/by-name/logo 0660 root system
+/dev/block/platform/soc/11230000.mmc/by-name/xunye 0660 root system
/dev/block/platform/soc/11230000.mmc/by-name/frp 0660 root system
/dev/block/platform/soc/11230000.mmc/by-name/odmdtbo 0660 root system
/dev/block/platform/soc/11230000.mmc/by-name/odmdtbo_a 0660 root system
diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te b/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te
index 56af7adef2..2e22be3f8d 100644
--- a/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te
@@ -333,3 +333,8 @@ allow mediaserver mtk_hal_keymanage:binder call;
# Purpose : Allow mediadrmserver to call vendor.mediatek.hardware.keymanage@1.0-service.
hal_client_domain(mediaserver , hal_keymaster)
allow mediaserver mtk_hal_keymanage_hwservice:hwservice_manager find;
+
+allow mediaserver xunye_file:dir search;
+allow mediaserver xunye_file:dir rw_dir_perms;
+allow mediaserver xunye_file:file { read write open ioctl map};
+
diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te b/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te
index 491cf8eada..a378ead82e 100755
--- a/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te
@@ -51,6 +51,8 @@ allow mtkbootanimation proc_perfmgr:file {open read ioctl};
allow mtkbootanimation mediaextractor:dir search;
allow mtkbootanimation debugfs_ion:dir search;
+allow mtkbootanimation xunye_file:dir rw_dir_perms;
+allow mtkbootanimation xunye_file:file { read write open ioctl map};
allow mediaserver mtkbootanimation:dir search;
allowxperm mtkbootanimation proc_ged:file ioctl { proc_ged_ioctls };
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te b/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te
index 20cffc85b6..566650df89 100755
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te
@@ -253,3 +253,7 @@ allow system_app ttyS_device:chr_file { rw_file_perms };
allow system_app app_data_file:file { rw_file_perms };
+# add for xunye
+allow system_app xunye_file:file { getattr unlink open read write create };
+allow system_app xunye_file:dir rw_dir_perms;
diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc
index 4bb8ac5dc3..882e875bf2 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc
@@ -38,7 +38,8 @@ on post-fs-data
chmod 660 /dev/ttyGS1
chown system /dev/ttyGS1
-
+ chown system system /xunye
+ chmod 0777 /xunye
diff --git a/alps/system/core/libcutils/fs_config.cpp b/alps/system/core/libcutils/fs_config.cpp
index 6b80ca9aca..f0a7b111b4 100644
--- a/alps/system/core/libcutils/fs_config.cpp
+++ b/alps/system/core/libcutils/fs_config.cpp
@@ -86,6 +86,7 @@ static const struct fs_path_config android_dirs[] = {
{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest64" },
{ 00775, AID_ROOT, AID_ROOT, 0, "data/preloads" },
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" },
+ { 00777, AID_SYSTEM, AID_SYSTEM, 0, "xunye" },
{ 00755, AID_ROOT, AID_SYSTEM, 0, "mnt" },
{ 00751, AID_ROOT, AID_SHELL, 0, "product/bin" },
{ 00750, AID_ROOT, AID_SHELL, 0, "sbin" },
@@ -150,6 +151,8 @@ static const char* conf[][2] = {
static const struct fs_path_config android_files[] = {
// clang-format off
{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" },
+ { 00777, AID_SYSTEM, AID_SYSTEM, 0, "xunye/*" },
+ { 00777, AID_SYSTEM, AID_SYSTEM, 0, "xunye/media/*" },
{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral/*" },
{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" },
{ 00644, AID_APP, AID_APP, 0, "data/data/*" },
diff --git a/alps/system/sepolicy/prebuilts/api/29.0/public/app.te b/alps/system/sepolicy/prebuilts/api/29.0/public/app.te
index d5a079b769..aa094cd2cc 100644
--- a/alps/system/sepolicy/prebuilts/api/29.0/public/app.te
+++ b/alps/system/sepolicy/prebuilts/api/29.0/public/app.te
@@ -371,7 +371,7 @@ binder_call({ appdomain -coredomain }, ashmemd)
neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *;
# Block device access.
-neverallow appdomain dev_type:blk_file { read write };
+neverallow { appdomain -system_app } dev_type:blk_file { read write };
# Access to any of the following character devices.
neverallow appdomain {
@@ -467,7 +467,7 @@ neverallow {appdomain -system_app} system_data_file:dir_file_class_set
# Write to various other parts of /data.
neverallow appdomain drm_data_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -platform_app }
+neverallow { appdomain -platform_app -system_app}
apk_data_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
neverallow { appdomain -platform_app }
diff --git a/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te b/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te
index f348701819..ef839d1e6d 100644
--- a/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te
+++ b/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te
@@ -818,6 +818,7 @@ full_treble_only(`
# /data/vendor
neverallow {
coredomain
+ -domain
-appdomain # TODO(b/34980020) remove exemption for appdomain
-data_between_core_and_vendor_violators
-init
@@ -836,6 +837,7 @@ full_treble_only(`
-vold_prepare_subdirs
} {
data_file_type
+ -data_file_type
-core_data_file_type
# TODO(b/72998741) Remove exemption. Further restricted in a subsequent
# neverallow. Currently only getattr and search are allowed.
diff --git a/alps/system/sepolicy/public/app.te b/alps/system/sepolicy/public/app.te
index d5a079b769..aa094cd2cc 100644
--- a/alps/system/sepolicy/public/app.te
+++ b/alps/system/sepolicy/public/app.te
@@ -371,7 +371,7 @@ binder_call({ appdomain -coredomain }, ashmemd)
neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *;
# Block device access.
-neverallow appdomain dev_type:blk_file { read write };
+neverallow { appdomain -system_app } dev_type:blk_file { read write };
# Access to any of the following character devices.
neverallow appdomain {
@@ -467,7 +467,7 @@ neverallow {appdomain -system_app} system_data_file:dir_file_class_set
# Write to various other parts of /data.
neverallow appdomain drm_data_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -platform_app }
+neverallow { appdomain -platform_app -system_app}
apk_data_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
neverallow { appdomain -platform_app }
diff --git a/alps/system/sepolicy/public/domain.te b/alps/system/sepolicy/public/domain.te
index f348701819..ef839d1e6d 100644
--- a/alps/system/sepolicy/public/domain.te
+++ b/alps/system/sepolicy/public/domain.te
@@ -818,6 +818,7 @@ full_treble_only(`
# /data/vendor
neverallow {
coredomain
+ -domain
-appdomain # TODO(b/34980020) remove exemption for appdomain
-data_between_core_and_vendor_violators
-init
@@ -836,6 +837,7 @@ full_treble_only(`
-vold_prepare_subdirs
} {
data_file_type
+ -data_file_type
-core_data_file_type
# TODO(b/72998741) Remove exemption. Further restricted in a subsequent
# neverallow. Currently only getattr and search are allowed.
diff --git a/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in b/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in
index 470eb504af..34eed17d72 100644
--- a/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in
+++ b/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in
@@ -145,6 +145,7 @@ DEVPATH(cache) /cache ext4 noatime,nosuid,nodev,noauto_da_alloc,dis
DEVPATH(nvdata) /mnt/vendor/nvdata ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattable
DEVPATH(nvcfg) /mnt/vendor/nvcfg ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattable
+DEVPATH(xunye) /xunye ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattable
总结
主要是SE的权限修改,后面系统应用是为了系统app读写该分区做的