Andrid 9.0 init.rc中增加启动自定义service
平台
RK3288 + Android 9
概述
本文是基于 Andrid 7.1 启动init.rc中自定义service 关于SELINUX部分的补充说明.
问题
全程参照bootanimation的实现
新增/修改文件列表
anson@server:~/codes/rk3288_pie$ git status system/sepolicy/
On branch master
Your branch is behind 'origin/master' by 6 commits, and can be fast-forwarded.
(use "git pull" to update your local branch)
Changes not staged for commit:
(use "git add ..." to update what will be committed)
(use "git checkout -- ..." to discard changes in working directory)
modified: system/sepolicy/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
modified: system/sepolicy/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
modified: system/sepolicy/prebuilts/api/28.0/private/file_contexts
modified: system/sepolicy/prebuilts/api/28.0/private/property_contexts
modified: system/sepolicy/prebuilts/api/28.0/private/system_server.te
modified: system/sepolicy/prebuilts/api/28.0/public/bootstat.te
modified: system/sepolicy/prebuilts/api/28.0/public/domain.te
modified: system/sepolicy/prebuilts/api/28.0/public/property.te
modified: system/sepolicy/private/compat/26.0/26.0.ignore.cil
modified: system/sepolicy/private/compat/27.0/27.0.ignore.cil
modified: system/sepolicy/private/file_contexts
modified: system/sepolicy/private/property_contexts
modified: system/sepolicy/private/system_server.te
modified: system/sepolicy/public/bootstat.te
modified: system/sepolicy/public/domain.te
modified: system/sepolicy/public/property.te
Untracked files:
(use "git add ..." to include in what will be committed)
system/sepolicy/prebuilts/api/28.0/private/infoservice.te
system/sepolicy/prebuilts/api/28.0/public/infoservice.te
system/sepolicy/private/infoservice.te
system/sepolicy/public/infoservice.te
system/sepolicy/private/infoservice.te
typeattribute infoservice coredomain;
init_daemon_domain(infoservice)
# b/68864350
dontaudit infoservice unlabeled:dir search;
system/sepolicy/public/infoservice.te
# infoservice oneshot service
type infoservice, domain;
type infoservice_exec, exec_type, file_type;
#hal_client_domain(infoservice, hal_configstore)
#hal_client_domain(infoservice, hal_graphics_allocator)
#hal_client_domain(infoservice, hal_graphics_composer)
binder_use(infoservice)
#binder_call(infoservice, surfaceflinger)
#binder_call(infoservice, audioserver)
hwbinder_use(infoservice)
allow infoservice gpu_device:chr_file rw_file_perms;
# /oem access
allow infoservice oemfs:dir search;
allow infoservice oemfs:file r_file_perms;
allow infoservice audio_device:dir r_dir_perms;
allow infoservice audio_device:chr_file rw_file_perms;
allow infoservice audioserver_service:service_manager find;
allow infoservice surfaceflinger_service:service_manager find;
# Allow access to ion memory allocation device
allow infoservice ion_device:chr_file rw_file_perms;
allow infoservice hal_graphics_allocator:fd use;
# Fences
allow infoservice hal_graphics_composer:fd use;
# Read access to pseudo filesystems.
allow infoservice proc_meminfo:file r_file_perms;
# System file accesses.
allow infoservice system_file:dir r_dir_perms;
# Read ro.boot.bootreason b/30654343
get_prop(infoservice, bootloader_boot_reason_prop)
其他文件
git diff system/sepolicy/private/file_contexts system/sepolicy/private/property_contexts system/sepolicy/private/system_server.te system/sepolicy/public/bootstat.te system/sepolicy/public/domain.te system/sepolicy/public/property.te
diff --git a/system/sepolicy/private/file_contexts b/system/sepolicy/private/file_contexts
index 564e45c..0077d42 100644
--- a/system/sepolicy/private/file_contexts
+++ b/system/sepolicy/private/file_contexts
@@ -201,6 +201,7 @@
/system/bin/sh -- u:object_r:shell_exec:s0
/system/bin/run-as -- u:object_r:runas_exec:s0
/system/bin/bootanimation u:object_r:bootanim_exec:s0
+/system/xbin/infoservice u:object_r:infoservice_exec:s0
/system/bin/bootstat u:object_r:bootstat_exec:s0
/system/bin/app_process32 u:object_r:zygote_exec:s0
/system/bin/app_process64 u:object_r:zygote_exec:s0
diff --git a/system/sepolicy/private/property_contexts b/system/sepolicy/private/property_contexts
index 32be0b3..f73ecbc 100644
--- a/system/sepolicy/private/property_contexts
+++ b/system/sepolicy/private/property_contexts
@@ -95,6 +95,7 @@ ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0
# ctl properties
ctl.bootanim u:object_r:ctl_bootanim_prop:s0
+ctl.infoservice u:object_r:ctl_infoservice_prop:s0
ctl.android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
ctl.fuse_ u:object_r:ctl_fuse_prop:s0
diff --git a/system/sepolicy/private/system_server.te b/system/sepolicy/private/system_server.te
index b037fe4..b3f6307 100644
--- a/system/sepolicy/private/system_server.te
+++ b/system/sepolicy/private/system_server.te
@@ -110,6 +110,8 @@ allow system_server cameraserver:process { getsched setsched };
allow system_server hal_camera:process { getsched setsched };
allow system_server mediaserver:process { getsched setsched };
allow system_server bootanim:process { getsched setsched };
+# AnsonCode
+allow system_server infoservice:process { getsched setsched };
# Allow system_server to write to /proc//timerslack_ns
allow system_server appdomain:file w_file_perms;
diff --git a/system/sepolicy/public/bootstat.te b/system/sepolicy/public/bootstat.te
old mode 100644
new mode 100755
index 7ba0238..8453df8
--- a/system/sepolicy/public/bootstat.te
+++ b/system/sepolicy/public/bootstat.te
@@ -31,6 +31,7 @@ read_logd(bootstat)
neverallow {
domain
-bootanim
+ -infoservice
-bootstat
-dumpstate
-init
diff --git a/system/sepolicy/public/domain.te b/system/sepolicy/public/domain.te
old mode 100644
new mode 100755
index e9337b6..8237939
--- a/system/sepolicy/public/domain.te
+++ b/system/sepolicy/public/domain.te
@@ -448,6 +448,7 @@ neverallow {
domain
-appdomain # for oemfs
-bootanim # for oemfs
+ -infoservice
-recovery # for /tmp/update_binary in tmpfs
} { fs_type -rootfs }:file execute;
@@ -1330,6 +1331,7 @@ full_treble_only(`
neverallow {
coredomain
-appdomain
+ -infoservice
-bootanim
-crash_dump
-init
diff --git a/system/sepolicy/public/property.te b/system/sepolicy/public/property.te
index 09200b8..4f2dfa4 100644
--- a/system/sepolicy/public/property.te
+++ b/system/sepolicy/public/property.te
@@ -6,6 +6,8 @@ type bootloader_boot_reason_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
type ctl_bootanim_prop, property_type;
+# AnsonCode
+type ctl_infoservice_prop, property_type;
type ctl_bugreport_prop, property_type;
type ctl_console_prop, property_type;
type ctl_default_prop, property_type;
@@ -142,6 +144,7 @@ neverallow {
# in the audit log
dontaudit domain {
ctl_bootanim_prop
+ ctl_infoservice_prop
ctl_bugreport_prop
ctl_console_prop
ctl_default_prop
@@ -326,6 +329,7 @@ compatible_property_only(`
-config_prop
-cppreopt_prop
-ctl_bootanim_prop
+ -ctl_infoservice_prop
-ctl_bugreport_prop
-ctl_console_prop
-ctl_default_prop
CIL文件
git diff system/sepolicy/private/compat/26.0/26.0.ignore.cil system/sepolicy/private/compat/27.0/27.0.ignore.cil
diff --git a/system/sepolicy/private/compat/26.0/26.0.ignore.cil b/system/sepolicy/private/compat/26.0/26.0.ignore.cil
old mode 100644
new mode 100755
index c8edf9f..cfdd79f
--- a/system/sepolicy/private/compat/26.0/26.0.ignore.cil
+++ b/system/sepolicy/private/compat/26.0/26.0.ignore.cil
@@ -10,6 +10,10 @@
blank_screen
blank_screen_exec
blank_screen_tmpfs
+ infoservice
+ infoservice_exec
+ infoservice_tmpfs
+ ctl_infoservice_prop
bluetooth_a2dp_offload_prop
bpfloader
bpfloader_exec
diff --git a/system/sepolicy/private/compat/27.0/27.0.ignore.cil b/system/sepolicy/private/compat/27.0/27.0.ignore.cil
old mode 100644
new mode 100755
index 6106748..5bab216
--- a/system/sepolicy/private/compat/27.0/27.0.ignore.cil
+++ b/system/sepolicy/private/compat/27.0/27.0.ignore.cil
@@ -8,6 +8,10 @@
blank_screen
blank_screen_exec
blank_screen_tmpfs
+ infoservice
+ infoservice_exec
+ infoservice_tmpfs
+ ctl_infoservice_prop
bootloader_boot_reason_prop
bluetooth_a2dp_offload_prop
bpfloader
剩下就是COPY操作
从system/sepolicy 拷贝到 system/sepolicy/prebuilts/api/28.0
编译错误及解决
LOG1
device/rockchip/rk3288/preinstall_del_forever/preinstall.mk was modified, regenerating...
device/rockchip/rk3288/preinstall_del/preinstall.mk was modified, regenerating...
system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version
[ 50% 3/6] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0
FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0
/bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/rk3288/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/rk3288/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/rk3288/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_mapping.combined.cil -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy -p out/target/product/rk3288/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0 )"
SELinux: The following types were found added to the policy without an entry into the compatibility mapping file(s) found in private/compat/26.0/26.0[.ignore].cil
ctl_infoservice_prop infoservice infoservice_exec infoservice_tmpfs
[ 66% 4/6] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0
FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0
/bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/rk3288/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/rk3288/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/rk3288/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_mapping.combined.cil -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy -p out/target/product/rk3288/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0 )"
SELinux: The following types were found added to the policy without an entry into the compatibility mapping file(s) found in private/compat/27.0/27.0[.ignore].cil
ctl_infoservice_prop infoservice infoservice_exec infoservice_tmpfs
ninja: build stopped: subcommand failed.
10:18:16 ninja failed with: exit status 1
#### failed to build some targets (51 seconds) ####
LOG2
device/rockchip/rk3288/preinstall_del_forever/preinstall.mk was modified, regenerating...
device/rockchip/rk3288/preinstall_del/preinstall.mk was modified, regenerating...
system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version
[ 50% 3/6] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0
FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0
/bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/rk3288/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/rk3288/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/rk3288/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_mapping.combined.cil -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy -p out/target/product/rk3288/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0 )"
SELinux: The following types were found added to the policy without an entry into the compatibility mapping file(s) found in private/compat/26.0/26.0[.ignore].cil
ctl_infoservice_prop
[ 66% 4/6] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0
FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0
/bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/rk3288/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/rk3288/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/rk3288/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_mapping.combined.cil -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy -p out/target/product/rk3288/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0 )"
SELinux: The following types were found added to the policy without an entry into the compatibility mapping file(s) found in private/compat/27.0/27.0[.ignore].cil
ctl_infoservice_prop
ninja: build stopped: subcommand failed.
11:11:31 ninja failed with: exit status 1
#### failed to build some targets (01:32 (mm:ss)) ####
往private/compat/26.0/26.0[.ignore].cil 和 private/compat/27.0/27.0[.ignore].cil 把对应的内容添加(如:ctl_infoservice_prop)到指定文件即可.
假如当前SDK是29, 则需要添加到 28, 27, 26的 *…ignore.cil里
system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version
[ 12% 1/8] build out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test
FAILED: out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test
/bin/bash -c "(diff -rq system/sepolicy/prebuilts/api/28.0/public system/sepolicy/public ) && (diff -rq system/sepolicy/prebuilts/api/28.0/private system/sepolicy/private ) && (touch out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test )"
Only in system/sepolicy/public: infoservice.te
[ 25% 2/8] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_plat_policy.conf
out/host/linux-x86/bin/checkpolicy: policy configuration loaded
out/host/linux-x86/bin/checkpolicy: writing CIL to out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy
[ 37% 3/8] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_plat_policy.conf
out/host/linux-x86/bin/checkpolicy: policy configuration loaded
out/host/linux-x86/bin/checkpolicy: writing CIL to out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy
ninja: build stopped: subcommand failed.
10:09:25 ninja failed with: exit status 1
#### failed to build some targets (48 seconds) ####
cp system/sepolicy/public/infoservice.te system/sepolicy/prebuilts/api/28.0/public/infoservice.te
system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version
[ 37% 3/8] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy
FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy
/bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -C -c 30 -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_plat_policy.conf ) && (cat system/sepolicy/prebuilts/api/26.0/private/technical_debt.cil >> out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy ) && (out/host/linux-x86/bin/secilc -m -M true -G -c 30 out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy -f /dev/null )"
system/sepolicy/prebuilts/api/26.0/public/domain.te:88:ERROR 'syntax error' at token 'not_compatible_property' on line 7908:
not_compatible_property(
# Device specific properties are not granted by default
checkpolicy: error(s) encountered while parsing configuration
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_plat_policy.conf
[ 50% 4/8] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy
FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy
/bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -C -c 30 -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_plat_policy.conf ) && (cat system/sepolicy/prebuilts/api/27.0/private/technical_debt.cil >> out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy ) && (out/host/linux-x86/bin/secilc -m -M true -G -c 30 out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy -f /dev/null )"
system/sepolicy/prebuilts/api/27.0/public/domain.te:88:ERROR 'syntax error' at token 'not_compatible_property' on line 8075:
# Device specific properties are not granted by default
not_compatible_property(
checkpolicy: error(s) encountered while parsing configuration
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_plat_policy.conf
ninja: build stopped: subcommand failed.
10:05:06 ninja failed with: exit status 1
#### failed to build some targets (43 seconds) ####
刚开始, 把system/sepolicy 目录下新增加的文件拷贝到了 system/sepolicy/prebuilts/api/目录下所有SDK(26,27,28)编译后出的错误, 而实际只需要拷贝到28即可, 相应的26,27需要在.ignore.cli中增加相应的声明.
错误的文件列表
git status system/sepolicy/
On branch master
Your branch is behind 'origin/master' by 6 commits, and can be fast-forwarded.
(use "git pull" to update your local branch)
Changes not staged for commit:
(use "git add ..." to update what will be committed)
(use "git checkout -- ..." to discard changes in working directory)
modified: system/sepolicy/prebuilts/api/26.0/private/file_contexts
modified: system/sepolicy/prebuilts/api/26.0/private/property_contexts
modified: system/sepolicy/prebuilts/api/26.0/private/system_server.te
modified: system/sepolicy/prebuilts/api/26.0/public/bootstat.te
modified: system/sepolicy/prebuilts/api/26.0/public/domain.te
modified: system/sepolicy/prebuilts/api/26.0/public/property.te
modified: system/sepolicy/prebuilts/api/27.0/private/file_contexts
modified: system/sepolicy/prebuilts/api/27.0/private/property_contexts
modified: system/sepolicy/prebuilts/api/27.0/private/system_server.te
modified: system/sepolicy/prebuilts/api/27.0/public/bootstat.te
modified: system/sepolicy/prebuilts/api/27.0/public/domain.te
modified: system/sepolicy/prebuilts/api/27.0/public/property.te
modified: system/sepolicy/prebuilts/api/28.0/private/file_contexts
modified: system/sepolicy/prebuilts/api/28.0/private/property_contexts
modified: system/sepolicy/prebuilts/api/28.0/private/system_server.te
modified: system/sepolicy/prebuilts/api/28.0/public/bootstat.te
modified: system/sepolicy/prebuilts/api/28.0/public/domain.te
modified: system/sepolicy/prebuilts/api/28.0/public/property.te
modified: system/sepolicy/private/file_contexts
modified: system/sepolicy/private/property_contexts
modified: system/sepolicy/private/system_server.te
modified: system/sepolicy/public/bootstat.te
modified: system/sepolicy/public/domain.te
modified: system/sepolicy/public/property.te
Untracked files:
(use "git add ..." to include in what will be committed)
system/sepolicy/prebuilts/api/26.0/private/infoservice.te
system/sepolicy/prebuilts/api/26.0/public/infoservice.te
system/sepolicy/prebuilts/api/27.0/private/infoservice.te
system/sepolicy/prebuilts/api/27.0/public/infoservice.te
system/sepolicy/prebuilts/api/28.0/private/infoservice.te
system/sepolicy/prebuilts/api/28.0/public/infoservice.te
system/sepolicy/private/infoservice.te
system/sepolicy/public/infoservice.te
system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version
[ 10% 1/10] build out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test
FAILED: out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test
/bin/bash -c "(diff -rq system/sepolicy/prebuilts/api/28.0/public system/sepolicy/public ) && (diff -rq system/sepolicy/prebuilts/api/28.0/private system/sepolicy/private ) && (touch out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test )"
Files system/sepolicy/prebuilts/api/28.0/public/bootstat.te and system/sepolicy/public/bootstat.te differ
Files system/sepolicy/prebuilts/api/28.0/public/domain.te and system/sepolicy/public/domain.te differ
Only in system/sepolicy/public: infoservice.te
Files system/sepolicy/prebuilts/api/28.0/public/property.te and system/sepolicy/public/property.te differ
[ 30% 3/10] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_plat_policy.conf
ninja: build stopped: subcommand failed.
10:07:45 ninja failed with: exit status 1
#### failed to build some targets (43 seconds) ####
Files system/sepolicy/prebuilts/api/28.0/public/bootstat.te and system/sepolicy/public/bootstat.te differ
文件不同, 直接拷贝覆盖, 需注意正确的文件是哪个, 以免覆盖错.