MTK Android10添加分区

提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档

MTK Android10添加分区

  • 前言
  • 一、添加分区
    • 1.添加分区,写大小
    • 1.修改编译脚本,生成xunye.img
  • 二、修改权限
    • 1.修改SE权限
    • 2.修改系统app读写xunye分区的权限
  • 总结


前言

这里的分区修改是xml文件的,如果是修改表格文件的,参考
AndroidQ(10.0) MTK平台添加新分区
Android11.0® MTK平台添加新分区


一、添加分区

1.添加分区,写大小

diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml
index 18c4eb4bd3..dc4b46cb9e 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml
@@ -26,7 +26,7 @@
        <!-- <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="65536" name="recovery"/> -->
        <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="1024" name="para"/>
        <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="16384" name="logo"/>
-       
+       <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="262144" name="xunye"/>
        <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="16384" name="dtbo_a"/>
        <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="16384" name="dtbo_b"/>
        
diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json
index cf04a1fcd6..f0055695ae 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json
@@ -203,6 +203,14 @@
     "logo": {
         "file_name": "logo.bin",
         "type": "NORMAL_ROM"
+    },
+       "XUNYE": {
+        "file_name": "xunye.img",
+        "type": "NORMAL_ROM"
+    },
+    "xunye": {
+        "file_name": "xunye.img",
+        "type": "NORMAL_ROM"
     },
     "DTBO": {
         "file_name": "dtbo.img",

1.修改编译脚本,生成xunye.img


diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk
index 06c275f4ac..c1ed6354c3 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk
@@ -7,6 +7,8 @@ include device/mediatek/mt8168/BoardConfig.mk
 # Bluetooth
 BOARD_BLUETOOTH_BDROID_BUILDCFG_INCLUDE_DIR := $(MTK_TARGET_PROJECT_FOLDER)/bluetooth
 
+BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE := ext4


diff --git a/alps/build/make/core/Makefile b/alps/build/make/core/Makefile
index a4cbd608c2..6ccbccc15d 100644
--- a/alps/build/make/core/Makefile
+++ b/alps/build/make/core/Makefile
@@ -1402,6 +1402,12 @@ endif # PRODUCT_USE_DYNAMIC_PARTITIONS
 # $(2): a subset of "system vendor cache userdata product product_services oem odm"
 # $(3): additional "key=value" pairs to append to the dictionary file.
 define generate-image-prop-dictionary
+
+@echo "xunye_fs_type generate-image-prop-dictionary"
+@echo "xunye(2)=$(2)"
+@echo "xunye_fs_type=$(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE)"
+@echo "xunye_size=$(BOARD_XUNYEIMAGE_PARTITION_SIZE)"  
+
 $(if $(filter $(2),system),\
     $(if $(BOARD_SYSTEMIMAGE_PARTITION_SIZE),$(hide) echo "system_size=$(BOARD_SYSTEMIMAGE_PARTITION_SIZE)" >> $(1))
     $(if $(INTERNAL_SYSTEM_OTHER_PARTITION_SIZE),$(hide) echo "system_other_size=$(INTERNAL_SYSTEM_OTHER_PARTITION_SIZE)" >> $(1))
@@ -1421,6 +1427,12 @@ $(if $(filter $(2),userdata),\
     $(if $(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "userdata_fs_type=$(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
     $(if $(BOARD_USERDATAIMAGE_PARTITION_SIZE),$(hide) echo "userdata_size=$(BOARD_USERDATAIMAGE_PARTITION_SIZE)" >> $(1))
 )
+$(if $(filter $(2),xunye),\
+    $(if $(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "xunye_fs_type=$(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
+    $(if $(BOARD_XUNYEIMAGE_PARTITION_SIZE),$(hide) echo "xunye_size=$(BOARD_XUNYEIMAGE_PARTITION_SIZE)" >> $(1))
+       @echo "xunye_fs_type=$(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE)"
+       @echo "xunye_size=$(BOARD_XUNYEIMAGE_PARTITION_SIZE)"
+)
 $(if $(filter $(2),cache),\
     $(if $(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "cache_fs_type=$(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
     $(if $(BOARD_CACHEIMAGE_PARTITION_SIZE),$(hide) echo "cache_size=$(BOARD_CACHEIMAGE_PARTITION_SIZE)" >> $(1))
@@ -2684,6 +2696,45 @@ else # BUILDING_CACHE_IMAGE
 IGNORE_CACHE_LINK := --exclude=cache
 endif # BUILDING_CACHE_IMAGE
 
+
+#-----add by xuanye start
+# -----------------------------------------------------------------
+# xunye partition image
+# ifdef BUILDING_XUNYE_IMAGE
+ifdef BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+INTERNAL_XUNYEIMAGE_FILES := \
+    $(filter $(TARGET_OUT_XUNYE)/%,$(ALL_DEFAULT_INSTALLED_MODULES))
+
+xunyeimage_intermediates := \
+    $(call intermediates-dir-for,PACKAGING,xunye)
+BUILT_XUNYEIMAGE_TARGET := $(PRODUCT_OUT)/xunye.img
+
+define build-xunyeimage-target
+  $(call pretty,"Target xunye fs image: $(INSTALLED_XUNYEIMAGE_TARGET)")
+  @mkdir -p $(TARGET_OUT_XUNYE)
+  @mkdir -p $(xunyeimage_intermediates) && rm -rf $(xunyeimage_intermediates)/xunye_image_info.txt
+  $(call generate-image-prop-dictionary, $(xunyeimage_intermediates)/xunye_image_info.txt,xunye,skip_fsck=true)
+  $(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH \
+      build/make/tools/releasetools/build_image.py \
+      $(TARGET_OUT_XUNYE) $(xunyeimage_intermediates)/xunye_image_info.txt $(INSTALLED_XUNYEIMAGE_TARGET) $(TARGET_OUT)
+  $(hide) $(call assert-max-image-size,$(INSTALLED_XUNYEIMAGE_TARGET),$(BOARD_XUNYEIMAGE_PARTITION_SIZE))
+endef
+
+# We just build this directly to the install location.
+INSTALLED_XUNYEIMAGE_TARGET := $(BUILT_XUNYEIMAGE_TARGET)
+$(INSTALLED_XUNYEIMAGE_TARGET): $(INTERNAL_USERIMAGES_DEPS) $(INTERNAL_XUNYEIMAGE_FILES) $(BUILD_IMAGE_SRCS)
+       $(build-xunyeimage-target)
+
+.PHONY: xunyeimage-nodeps
+xunyeimage-nodeps: | $(INTERNAL_USERIMAGES_DEPS)
+       $(build-xunyeimage-target)
+
+else # BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+# we need to ignore the broken xunye link when doing the rsync
+IGNORE_XUNYE_LINK := --exclude=xunye
+endif # BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+#-----add by xuanye end 
+
 # -----------------------------------------------------------------
 # system_other partition image
 ifdef BUILDING_SYSTEM_OTHER_IMAGE
@@ -3864,6 +3915,7 @@ $(BUILT_TARGET_FILES_PACKAGE): \
            $(FULL_SYSTEMIMAGE_DEPS) \
            $(INSTALLED_USERDATAIMAGE_TARGET) \
            $(INSTALLED_CACHEIMAGE_TARGET) \
+           $(INSTALLED_XUNYEIMAGE_TARGET) \
            $(INSTALLED_VENDORIMAGE_TARGET) \
            $(INSTALLED_PRODUCTIMAGE_TARGET) \
            $(INSTALLED_PRODUCT_SERVICESIMAGE_TARGET) \

diff --git a/alps/build/make/core/board_config.mk b/alps/build/make/core/board_config.mk
index ac0f27da53..00f234a505 100644
--- a/alps/build/make/core/board_config.mk
+++ b/alps/build/make/core/board_config.mk
@@ -63,6 +63,8 @@ _board_strip_readonly_list += \
   BOARD_USERDATAIMAGE_PARTITION_SIZE \
   BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE \
   BOARD_CACHEIMAGE_PARTITION_SIZE \
+  BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE \
+  BOARD_XUNYEIMAGE_PARTITION_SIZE \
   BOARD_VENDORIMAGE_PARTITION_SIZE \
   BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE \
   BOARD_PRODUCTIMAGE_PARTITION_SIZE \
diff --git a/alps/build/make/core/config.mk b/alps/build/make/core/config.mk
index 5b66b2ba05..78e6445f51 100644
--- a/alps/build/make/core/config.mk
+++ b/alps/build/make/core/config.mk
@@ -1162,6 +1162,7 @@ dont_bother_goals := out \
     stnod systemtarball-nodeps \
     userdataimage-nodeps userdatatarball-nodeps \
     cacheimage-nodeps \
+    xunyeimage-nodeps \
     bptimage-nodeps \
     vnod vendorimage-nodeps \
     pnod productimage-nodeps \
diff --git a/alps/build/make/core/envsetup.mk b/alps/build/make/core/envsetup.mk
index 5131598a94..b0467a9563 100644
--- a/alps/build/make/core/envsetup.mk
+++ b/alps/build/make/core/envsetup.mk
@@ -599,6 +599,9 @@ endif
 TARGET_OUT_CACHE := $(PRODUCT_OUT)/cache
 .KATI_READONLY := TARGET_OUT_CACHE
 
+TARGET_OUT_XUNYE := $(PRODUCT_OUT)/xunye
+
+
 TARGET_OUT_VENDOR := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_VENDOR)
 .KATI_READONLY := TARGET_OUT_VENDOR
 ifneq ($(filter address,$(SANITIZE_TARGET)),)
diff --git a/alps/build/make/core/main.mk b/alps/build/make/core/main.mk
index 80078e3a83..f74c389905 100644
--- a/alps/build/make/core/main.mk
+++ b/alps/build/make/core/main.mk
@@ -1602,6 +1602,9 @@ userdatatarball: $(INSTALLED_USERDATATARBALL_TARGET)
 .PHONY: cacheimage
 cacheimage: $(INSTALLED_CACHEIMAGE_TARGET)
 
+.PHONY: xunyeimage
+xunyeimage: $(INSTALLED_XUNYEIMAGE_TARGET)
+
 .PHONY: bptimage
 bptimage: $(INSTALLED_BPTIMAGE_TARGET)
 
@@ -1647,6 +1650,7 @@ droidcore: $(filter $(HOST_OUT_ROOT)/%,$(modules_to_install)) \
     $(INSTALLED_VBMETAIMAGE_TARGET) \
     $(INSTALLED_USERDATAIMAGE_TARGET) \
     $(INSTALLED_CACHEIMAGE_TARGET) \
+    $(INSTALLED_XUNYEIMAGE_TARGET) \
     $(INSTALLED_BPTIMAGE_TARGET) \
     $(INSTALLED_VENDORIMAGE_TARGET) \
     $(INSTALLED_ODMIMAGE_TARGET) \
diff --git a/alps/build/make/tools/releasetools/build_image.py b/alps/build/make/tools/releasetools/build_image.py
index 4136ed432e..e6f1dcfd3c 100755
--- a/alps/build/make/tools/releasetools/build_image.py
+++ b/alps/build/make/tools/releasetools/build_image.py
@@ -389,7 +389,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None):
 
   build_command = []
   fs_type = prop_dict.get("fs_type", "")
-
+  logger.error("xunye fs_type %s", fs_type)
+  logger.error("xunye in_dir %s",in_dir)
   fs_spans_partition = True
   if fs_type.startswith("squash"):
     fs_spans_partition = False
@@ -401,6 +402,7 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None):
   if (prop_dict.get("use_dynamic_partition_size") == "true" and
       "partition_size" not in prop_dict):
     # If partition_size is not defined, use output of `du' + reserved_size.
+    logger.error("no partition_size %s",in_dir)
     size = GetDiskUsage(in_dir)
     logger.info(
         "The tree size of %s is %d MB.", in_dir, size // BYTES_IN_MB)
@@ -468,6 +470,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None):
         "Allocating %d MB for %s.", size // BYTES_IN_MB, out_file)
 
   prop_dict["image_size"] = prop_dict["partition_size"]
+  logger.error("xunye image_size %s", prop_dict["image_size"])
+  logger.error("xunye partition_size %s", prop_dict["partition_size"])
 
   # Adjust the image size to make room for the hashes if this is to be verified.
   if verity_image_builder:
@@ -536,6 +540,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
     copy_prop(p, p)
 
   d["mount_point"] = mount_point
+  logger.error("xunye mount_point %s", mount_point)
   if mount_point == "system":
     copy_prop("avb_system_hashtree_enable", "avb_hashtree_enable")
     copy_prop("avb_system_add_hashtree_footer_args",
@@ -597,6 +602,10 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
   elif mount_point == "cache":
     copy_prop("cache_fs_type", "fs_type")
     copy_prop("cache_size", "partition_size")
+  elif mount_point == "xunye":
+    copy_prop("fs_type", "fs_type")
+    copy_prop("xunye_fs_type", "fs_type")
+    copy_prop("xunye_size", "partition_size")  
   elif mount_point == "vendor":
     copy_prop("avb_vendor_hashtree_enable", "avb_hashtree_enable")
     copy_prop("avb_vendor_add_hashtree_footer_args",
@@ -761,6 +770,8 @@ def main(argv):
       mount_point = "data"
     elif image_filename == "cache.img":
       mount_point = "cache"
+    elif image_filename == "xunye.img":
+      mount_point = "xunye"  
     elif image_filename == "vendor.img":
       mount_point = "vendor"
     elif image_filename == "odm.img":
diff --git a/alps/device/mediatek/mt8168/BoardConfig.mk b/alps/device/mediatek/mt8168/BoardConfig.mk
index fe2e7390e2..30d5356cd0 100644
--- a/alps/device/mediatek/mt8168/BoardConfig.mk
+++ b/alps/device/mediatek/mt8168/BoardConfig.mk
@@ -189,6 +189,7 @@ BOARD_USERDATAIMAGE_PARTITION_SIZE := $(call get-partition-size,userdata)
 BOARD_VENDORIMAGE_PARTITION_SIZE := $(call get-partition-size,vendor_a)
 BOARD_BOOTIMAGE_PARTITION_SIZE := $(call get-partition-size,boot_a)
 BOARD_DTBOIMG_PARTITION_SIZE := $(call get-partition-size,dtbo_a)
+BOARD_XUNYEIMAGE_PARTITION_SIZE := $(call get-partition-size,xunye)
 else
 BOARD_MAIN_SIZE := $(call get-partition-size,super)
 BOARD_SUPER_PARTITION_SIZE := $(call get-partition-size,super)
@@ -199,6 +200,7 @@ BOARD_BOOTIMAGE_PARTITION_SIZE := $(call get-partition-size,boot)
 BOARD_DTBOIMG_PARTITION_SIZE := $(call get-partition-size,dtbo)
 BOARD_CACHEIMAGE_PARTITION_SIZE := $(call get-partition-size,cache)
 BOARD_RECOVERYIMAGE_PARTITION_SIZE := $(call get-partition-size,recovery)
+BOARD_XUNYEIMAGE_PARTITION_SIZE := $(call get-partition-size,xunye)
 endif

生成xunye目录
diff --git a/alps/system/core/rootdir/Android.mk b/alps/system/core/rootdir/Android.mk
index 7ff1588b23..2291e5532a 100644
--- a/alps/system/core/rootdir/Android.mk
+++ b/alps/system/core/rootdir/Android.mk
@@ -144,6 +144,11 @@ ifdef BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE
 else
   LOCAL_POST_INSTALL_CMD += ; ln -sf /data/cache $(TARGET_ROOT_OUT)/cache
 endif
+
+ifdef BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+  LOCAL_POST_INSTALL_CMD += ; mkdir -p $(TARGET_ROOT_OUT)/xunye
+endif
+


二、修改权限

1.修改SE权限

diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/device.te b/alps/device/mediatek/sepolicy/bsp/non_plat/device.te
index 2a0a28eee2..831378eed5 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/device.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/device.te
@@ -21,3 +21,8 @@ allow system_server teei_client_device:chr_file r_file_perms;
 # Purpose : Add permission for nwk
 type nwkopt_device, dev_type;
 type tx_device, dev_type;
+
+#  add for xunye
+type xunye_device, dev_type;
+type xunye_block_device, dev_type;



diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te b/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te
index 6086c27678..ca6195b52f 100644
--- a/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te
@@ -5,3 +5,6 @@
 # Date : WK16.33
 # Purpose: Allow to access ged for gralloc_extra functions
 allow drmserver proc_ged:file rw_file_perms;
+allow drmserver xunye_file:dir search;
+allow drmserver xunye_file:dir rw_dir_perms;
+allow drmserver xunye_file:file { read write open ioctl map};
diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te b/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te
index 635d3c7641..e54295c0a5 100644
--- a/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te
@@ -16,3 +16,5 @@ allow fsck oem_block_device:blk_file rw_file_perms;
 # Date : WK17.12
 # Purpose: Fix bootup fail
 allow fsck system_block_device:blk_file getattr;
+#allow fsck block_device:blk_file read;
+#allow fsck block_device:blk_file write;


diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/file.te b/alps/device/mediatek/sepolicy/bsp/non_plat/file.te
index 6202d0be45..f2b49a1f66 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/file.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/file.te
@@ -77,3 +77,5 @@ type proc_tkcore, fs_type, proc_type;
 
 type mnt_het, file_type;
 
+#  add for xunye
+type xunye_file, file_type, data_file_type;
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts b/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts
index 407ad8e08a..db7c743a4f 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts
@@ -182,3 +182,7 @@
 
 /mnt/het(/.*)? u:object_r:mnt_het:s0
 
+#  add for xunye
+/dev/block/platform/bootdevice/by-name/xunye u:object_r:xunye_block_device:s0
+/xunye(/.*)? u:object_r:xunye_file:s0
+
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te b/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te
index 33e62cff55..5b5d18f92c 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te
@@ -6,3 +6,8 @@ allow fsck sysfs_fs_ext4_features:dir search;
 # Purpose : Allow resize.f2fs to read in "f2fs" block dev
 allow init fsck_exec: lnk_file r_file_perms;
 allowxperm fsck userdata_block_device:blk_file ioctl BLKSECDISCARD;
+
+# add for xunye
+allow fsck xunye_block_device:blk_file rw_file_perms;
+
+
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/init.te b/alps/device/mediatek/sepolicy/bsp/non_plat/init.te
index 2bf788da9e..37cddc93a7 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/init.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/init.te
@@ -32,3 +32,8 @@ allow init proc_drop_caches:file w_file_perms;
 # Purpose: Allow to setattr for duraspeed.rc
 allow init proc_cpu_loading:file setattr;
 allow init proc_low_memory_hit:file setattr;
+
+# add for xunye
+allow init xunye_block_device:blk_file relabelto;
+allow init xunye_file:dir mounton;


2.修改系统app读写xunye分区的权限

diff --git a/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te b/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te
index 319bd99c59..378aa02a98 100644
--- a/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te
+++ b/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te
@@ -14,3 +14,9 @@ allow system_app system_data_file:file create;
 allow system_app system_data_file:dir write;
 allow system_app system_data_file:dir read;
 allow system_app system_data_file:dir add_name;
+allow system_app apk_data_file:dir write;
+allow system_app logo_block_device:blk_file write;
+allow system_app logo_block_device:blk_file read;
+allow system_app logo_block_device:blk_file open;
+allow system_app logo_block_device:blk_file getattr;
+allow system_app xunye_file:file setattr;
diff --git a/alps/device/mediatek/mt8168/ueventd.mt8168.rc b/alps/device/mediatek/mt8168/ueventd.mt8168.rc
index d2cdeba2a1..019bd67094 100644
--- a/alps/device/mediatek/mt8168/ueventd.mt8168.rc
+++ b/alps/device/mediatek/mt8168/ueventd.mt8168.rc
@@ -6,6 +6,7 @@
 /dev/block/platform/soc/11230000.mmc/by-name/nvram     0660    root    system
 /dev/block/platform/soc/11230000.mmc/by-name/para      0660    root    system
 /dev/block/platform/soc/11230000.mmc/by-name/logo      0660    root    system
+/dev/block/platform/soc/11230000.mmc/by-name/xunye     0660    root    system
 /dev/block/platform/soc/11230000.mmc/by-name/frp       0660    root    system
 /dev/block/platform/soc/11230000.mmc/by-name/odmdtbo   0660    root    system
 /dev/block/platform/soc/11230000.mmc/by-name/odmdtbo_a 0660    root    system

diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te b/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te
index 56af7adef2..2e22be3f8d 100644
--- a/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te
@@ -333,3 +333,8 @@ allow mediaserver  mtk_hal_keymanage:binder call;
 # Purpose : Allow mediadrmserver  to call vendor.mediatek.hardware.keymanage@1.0-service.
 hal_client_domain(mediaserver , hal_keymaster)
 allow mediaserver mtk_hal_keymanage_hwservice:hwservice_manager find;
+
+allow mediaserver xunye_file:dir search;
+allow mediaserver xunye_file:dir rw_dir_perms;
+allow mediaserver xunye_file:file { read write open ioctl map};
+
diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te b/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te
index 491cf8eada..a378ead82e 100755
--- a/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te
@@ -51,6 +51,8 @@ allow mtkbootanimation proc_perfmgr:file {open read ioctl};
 
 allow mtkbootanimation mediaextractor:dir search;
 allow mtkbootanimation debugfs_ion:dir search;
+allow mtkbootanimation xunye_file:dir rw_dir_perms;
+allow mtkbootanimation xunye_file:file { read write open ioctl map};
 allow mediaserver mtkbootanimation:dir search;
 
 allowxperm mtkbootanimation proc_ged:file ioctl { proc_ged_ioctls };

diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te b/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te
index 20cffc85b6..566650df89 100755
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te
@@ -253,3 +253,7 @@ allow system_app ttyS_device:chr_file { rw_file_perms };
 
 allow system_app app_data_file:file { rw_file_perms };
 
+# add for xunye
+allow system_app xunye_file:file { getattr unlink open read write create };
+allow system_app xunye_file:dir rw_dir_perms;

diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc
index 4bb8ac5dc3..882e875bf2 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc
@@ -38,7 +38,8 @@ on post-fs-data
     chmod 660 /dev/ttyGS1
     chown system /dev/ttyGS1
 
-
+       chown system system /xunye
+    chmod 0777 /xunye


diff --git a/alps/system/core/libcutils/fs_config.cpp b/alps/system/core/libcutils/fs_config.cpp
index 6b80ca9aca..f0a7b111b4 100644
--- a/alps/system/core/libcutils/fs_config.cpp
+++ b/alps/system/core/libcutils/fs_config.cpp
@@ -86,6 +86,7 @@ static const struct fs_path_config android_dirs[] = {
     { 00750, AID_ROOT,         AID_SHELL,        0, "data/nativetest64" },
     { 00775, AID_ROOT,         AID_ROOT,         0, "data/preloads" },
     { 00771, AID_SYSTEM,       AID_SYSTEM,       0, "data" },
+    { 00777, AID_SYSTEM,       AID_SYSTEM,       0, "xunye" },
     { 00755, AID_ROOT,         AID_SYSTEM,       0, "mnt" },
     { 00751, AID_ROOT,         AID_SHELL,        0, "product/bin" },
     { 00750, AID_ROOT,         AID_SHELL,        0, "sbin" },
@@ -150,6 +151,8 @@ static const char* conf[][2] = {
 static const struct fs_path_config android_files[] = {
         // clang-format off
     { 00644, AID_SYSTEM,    AID_SYSTEM,    0, "data/app/*" },
+    { 00777, AID_SYSTEM,    AID_SYSTEM,    0, "xunye/*" },
+    { 00777, AID_SYSTEM,    AID_SYSTEM,    0, "xunye/media/*" },
     { 00644, AID_SYSTEM,    AID_SYSTEM,    0, "data/app-ephemeral/*" },
     { 00644, AID_SYSTEM,    AID_SYSTEM,    0, "data/app-private/*" },
     { 00644, AID_APP,       AID_APP,       0, "data/data/*" },

diff --git a/alps/system/sepolicy/prebuilts/api/29.0/public/app.te b/alps/system/sepolicy/prebuilts/api/29.0/public/app.te
index d5a079b769..aa094cd2cc 100644
--- a/alps/system/sepolicy/prebuilts/api/29.0/public/app.te
+++ b/alps/system/sepolicy/prebuilts/api/29.0/public/app.te
@@ -371,7 +371,7 @@ binder_call({ appdomain -coredomain }, ashmemd)
 neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *;
 
 # Block device access.
-neverallow appdomain dev_type:blk_file { read write };
+neverallow { appdomain -system_app } dev_type:blk_file { read write };
 
 # Access to any of the following character devices.
 neverallow appdomain {
@@ -467,7 +467,7 @@ neverallow {appdomain -system_app} system_data_file:dir_file_class_set
 # Write to various other parts of /data.
 neverallow appdomain drm_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -platform_app }
+neverallow { appdomain -platform_app -system_app}
     apk_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
 neverallow { appdomain -platform_app }
diff --git a/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te b/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te
index f348701819..ef839d1e6d 100644
--- a/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te
+++ b/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te
@@ -818,6 +818,7 @@ full_treble_only(`
   # /data/vendor
   neverallow {
     coredomain
+       -domain
     -appdomain # TODO(b/34980020) remove exemption for appdomain
     -data_between_core_and_vendor_violators
     -init
@@ -836,6 +837,7 @@ full_treble_only(`
     -vold_prepare_subdirs
     } {
       data_file_type
+         -data_file_type
       -core_data_file_type
       # TODO(b/72998741) Remove exemption. Further restricted in a subsequent
       # neverallow. Currently only getattr and search are allowed.
diff --git a/alps/system/sepolicy/public/app.te b/alps/system/sepolicy/public/app.te
index d5a079b769..aa094cd2cc 100644
--- a/alps/system/sepolicy/public/app.te
+++ b/alps/system/sepolicy/public/app.te
@@ -371,7 +371,7 @@ binder_call({ appdomain -coredomain }, ashmemd)
 neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *;
 
 # Block device access.
-neverallow appdomain dev_type:blk_file { read write };
+neverallow { appdomain -system_app } dev_type:blk_file { read write };
 
 # Access to any of the following character devices.
 neverallow appdomain {
@@ -467,7 +467,7 @@ neverallow {appdomain -system_app} system_data_file:dir_file_class_set
 # Write to various other parts of /data.
 neverallow appdomain drm_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -platform_app }
+neverallow { appdomain -platform_app -system_app}
     apk_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
 neverallow { appdomain -platform_app }
diff --git a/alps/system/sepolicy/public/domain.te b/alps/system/sepolicy/public/domain.te
index f348701819..ef839d1e6d 100644
--- a/alps/system/sepolicy/public/domain.te
+++ b/alps/system/sepolicy/public/domain.te
@@ -818,6 +818,7 @@ full_treble_only(`
   # /data/vendor
   neverallow {
     coredomain
+       -domain
     -appdomain # TODO(b/34980020) remove exemption for appdomain
     -data_between_core_and_vendor_violators
     -init
@@ -836,6 +837,7 @@ full_treble_only(`
     -vold_prepare_subdirs
     } {
       data_file_type
+         -data_file_type
       -core_data_file_type
       # TODO(b/72998741) Remove exemption. Further restricted in a subsequent
       # neverallow. Currently only getattr and search are allowed.
diff --git a/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in b/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in
index 470eb504af..34eed17d72 100644
--- a/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in
+++ b/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in
@@ -145,6 +145,7 @@ DEVPATH(cache)      /cache       ext4   noatime,nosuid,nodev,noauto_da_alloc,dis
 
 DEVPATH(nvdata)     /mnt/vendor/nvdata      ext4   noatime,nosuid,nodev,noauto_da_alloc,discard               wait,check,formattable
 DEVPATH(nvcfg)     /mnt/vendor/nvcfg      ext4   noatime,nosuid,nodev,noauto_da_alloc,discard               wait,check,formattable
+DEVPATH(xunye)     /xunye     ext4   noatime,nosuid,nodev,noauto_da_alloc,discard               wait,check,formattable
 



总结

主要是SE的权限修改,后面系统应用是为了系统app读写该分区做的

你可能感兴趣的:(elasticsearch,java,大数据)