Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2a7171a7 authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Explicitly depend on sepolicy artifacts in recovery targets 

This makes recoveryimage/bootimage targets explicitly depend on SELinux
policy artifacts needed by recovery. Prior to this change, the
dependency was contrived: these targets would rely on copying these
files from "root" directory, and then overwriting sepolicy file with
sepolicy.recovery.

Test: Clean build, flash, device boots up just fine. No new denials.
      Reboot into recovery, recovery boot up just fine, no denials.
      This was tested on bullhead (non A/B device) and sailfish (A/B
      device).
Bug: 33642277
Change-Id: Id2369253d0c7e02e079ae01ac7140b41880fd5ad
parent e65af5ce

core/Makefile

+11 −4
Original line number Diff line number Diff line
@@ -910,7 +910,15 @@ INTERNAL_RECOVERYIMAGE_FILES := $(filter $(TARGET_RECOVERY_OUT)/%, \ 
    $(ALL_DEFAULT_INSTALLED_MODULES))



recovery_initrc := $(call include-path-for, recovery)/etc/init.rc

recovery_sepolicy := $(call intermediates-dir-for,ETC,sepolicy.recovery)/sepolicy.recovery

recovery_sepolicy := \

    $(TARGET_RECOVERY_ROOT_OUT)/sepolicy \

    $(TARGET_RECOVERY_ROOT_OUT)/file_contexts.bin \

    $(TARGET_RECOVERY_ROOT_OUT)/plat_property_contexts \

    $(TARGET_RECOVERY_ROOT_OUT)/nonplat_property_contexts

# Passed into rsync from non-recovery root to recovery root, to avoid overwriting recovery-specific

# SELinux files

IGNORE_RECOVERY_SEPOLICY := $(patsubst $(TARGET_RECOVERY_OUT)/%,--exclude=/%,$(recovery_sepolicy))



recovery_kernel := $(INSTALLED_KERNEL_TARGET) # same as a non-recovery system

recovery_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.img

recovery_build_prop := $(intermediate_system_build_prop)
@@ -1045,14 +1053,13 @@ define build-recoveryimage-target 
  $(hide) mkdir -p $(TARGET_RECOVERY_OUT)

  $(hide) mkdir -p $(TARGET_RECOVERY_ROOT_OUT)/etc $(TARGET_RECOVERY_ROOT_OUT)/sdcard $(TARGET_RECOVERY_ROOT_OUT)/tmp

  @echo Copying baseline ramdisk...

  $(hide) rsync -a --exclude=etc --exclude=sdcard $(IGNORE_CACHE_LINK) $(TARGET_ROOT_OUT) $(TARGET_RECOVERY_OUT) # "cp -Rf" fails to overwrite broken symlinks on Mac.

  # Use rsync because "cp -Rf" fails to overwrite broken symlinks on Mac.

  $(hide) rsync -a --exclude=etc --exclude=sdcard $(IGNORE_RECOVERY_SEPOLICY) $(IGNORE_CACHE_LINK) $(TARGET_ROOT_OUT) $(TARGET_RECOVERY_OUT)

  @echo Modifying ramdisk contents...

  $(if $(BOARD_RECOVERY_KERNEL_MODULES), \

    $(call build-image-kernel-modules,$(BOARD_RECOVERY_KERNEL_MODULES),$(TARGET_RECOVERY_ROOT_OUT),,$(call intermediates-dir-for,PACKAGING,depmod_recovery)))

  $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/init*.rc

  $(hide) cp -f $(recovery_initrc) $(TARGET_RECOVERY_ROOT_OUT)/

  $(hide) rm -f $(TARGET_RECOVERY_ROOT_OUT)/sepolicy

  $(hide) cp -f $(recovery_sepolicy) $(TARGET_RECOVERY_ROOT_OUT)/sepolicy

  $(hide) cp $(TARGET_ROOT_OUT)/init.recovery.*.rc $(TARGET_RECOVERY_ROOT_OUT)/ || true # Ignore error when the src file doesn't exist.

  $(hide) mkdir -p $(TARGET_RECOVERY_ROOT_OUT)/res

  $(hide) rm -rf $(TARGET_RECOVERY_ROOT_OUT)/res/*