diff options
| author | Nathan Chancellor <natechancellor@gmail.com> | 2018-01-06 17:58:25 -0700 |
|---|---|---|
| committer | Nathan Chancellor <natechancellor@gmail.com> | 2018-01-08 07:27:12 -0700 |
| commit | b0b754c09453d353f123a70d67223fa290c63c18 (patch) | |
| tree | 9b2accd1b8c565e013fc87b7d7a4027c5869261b | |
| parent | d0648af3a5f39865a53f35ee668ab6b98ca3c6cb (diff) | |
Backend: Only apply contexts to new modules
After working on the OnePlus 5/T with custom ROMs on Android 8.1.0, I
have noticed that several of them have modules in /system/lib/modules
with a context of "u:object_r:vendor_file:s0", which goes against the
assumption made in commit 6b11373 ("update-binary: Change how we handle
modules"). Because the context is changed, there is an SELinux denial
when trying to load the module during init.
While it would be nice for ROMs to fix that on their own, I suspect
they are not entirely at fault. Google's documentation does state that
all modules should be loaded from vendor whenever possible so I would
guess Google decided to force *.ko objects to have a vendor_file
context. This is all speculation as I haven't cared to do research into
the subject.
Easiest way around this is to just worry about applying contexts to new
modules. cp does not override contexts so if the module was already
present, we can assume it has the correct context to begin with.
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
| -rwxr-xr-x | META-INF/com/google/android/update-binary | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/META-INF/com/google/android/update-binary b/META-INF/com/google/android/update-binary index 50d27cb..d2c53a7 100755 --- a/META-INF/com/google/android/update-binary +++ b/META-INF/com/google/android/update-binary @@ -93,14 +93,18 @@ if [ "$(file_getprop /tmp/anykernel/anykernel.sh do.modules)" == 1 ]; then mount -o rw,remount -t auto /vendor 2>/dev/null; cd /tmp/anykernel/modules; for module in $(find . -name '*.ko'); do + if [ ! -e /$module ]; then + case $module in + */vendor/*) mod=vendor;; + *) mod=system;; + esac; + fi; $bb cp -rLf $module /$module; $bb chown 0:0 /$module; $bb chmod 644 /$module; - case $module in - */vendor/*) mod=vendor;; - *) mod=system;; - esac; - chcon "u:object_r:${mod}_file:s0" /$module; + if [ "$mod" ]; then + chcon "u:object_r:${mod}_file:s0" /$module; + fi; done; cd /tmp/anykernel; mount -o ro,remount -t auto /system; |