deblobber: fixup timekeep replacement, credit Wang Han/aviraxp

2020-10-20 05:24:09 -04:00 · 2020-10-20 05:24:09 -04:00 · 00a6a86126
parent 38c52cc43b
commit 00a6a86126
4 changed files with 60 additions and 6 deletions
--- a/Patches/Common/android_timekeep_sepolicy/timekeep.te
+++ b/Patches/Common/android_timekeep_sepolicy/timekeep.te
@ -0,0 +1,22 @@
+# Policy for the timekeep.c oneshot system service
+# Gets called once during init by vendor timekeep.rc and restores
+# clock from persist.vendor.timeadjust property, reads
+# /sys/class/rtc/rtc0/since_epoch
+type timekeep, domain;
+type timekeep_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(timekeep)
+
+# Grant permission to set system time and to set the real-time clock
+allow timekeep self:capability sys_time;
+
+# Write to /data/vendor/time/ats_2
+allow timekeep time_data_file:dir rw_dir_perms;
+allow timekeep time_data_file:file create_file_perms;
+
+# Set persist.vendor.timeadjust
+set_prop(timekeep, vendor_timekeep_prop)
+
+# Read /sys/class/rtc/rtc0/since_epoch
+allow timekeep sysfs_rtc:dir search;
+allow timekeep sysfs_rtc:{ file lnk_file } r_file_perms;
--- a/Patches/Common/android_timekeep_sepolicy/timekeep_app.te
+++ b/Patches/Common/android_timekeep_sepolicy/timekeep_app.te
@ -0,0 +1,25 @@
+# Policy for the TimeKeep Java app. It listens to a BootReceiver
+# or TIME_SET event and calculates the offset between the rtc clock
+# in /sys/class/rtc0/since_epoch and the current device time and stores that
+# value in /data/vendor/time/ats_2 and as persist.vendor.timeadjust.
+type timekeep_app, domain;
+
+app_domain(timekeep_app)
+
+# Needed to get access to /data/data/com.sony.timekeep
+# Only getattr and search are requested since TimeKeep does not write to its own directory
+# /data/data/com.sony.timekeep only has two empty subdirs
+dontaudit timekeep_app app_data_file:dir { getattr search };
+
+allow timekeep_app activity_service:service_manager find;
+
+# Read from /data/vendor/time/ats_2
+allow timekeep_app time_data_file:dir create_dir_perms;
+allow timekeep_app time_data_file:file create_file_perms;
+
+# Read /sys/class/rtc/rtc0/since_epoch
+allow timekeep_app sysfs_rtc:dir { search };
+allow timekeep_app sysfs_rtc:{ file lnk_file } r_file_perms;
+
+# Set the persist.vendor.timeadjust property
+set_prop(timekeep_app, vendor_timekeep_prop)
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 61ad2ecdbebd9aa10e8974082fad38edce618227
+Subproject commit 7d02900d51925b09f6b086c64c6404fdae998f41
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@ -620,15 +620,22 @@ deblobDevice() {
 		if [ -z "$replaceTime" ]; then
 			numfiles=(*); numfiles=${#numfiles[@]};
 			if [ "$numfiles"  -gt "5" ]; then #only if device doesn't use a common sepolicy dir
-			#Switch to Sony TimeKeep
-			echo "allow system_app time_data_file:dir { create_dir_perms search };" >> sepolicy/system_app.te;
-			echo "allow system_app time_data_file:file create_file_perms;" >> sepolicy/system_app.te;
+				#Switch to Sony TimeKeep
+				#Credit: @aviraxp
+				#Reference: https://github.com/LineageOS/android_device_oneplus_oneplus2/commit/3b152a3c1198d795de4175e6b9927493caf01bf0
+				echo "/sys/devices/soc\.0/qpnp-rtc-8/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0" >> sepolicy/file_contexts;
+				echo "/(system/vendor|vendor)/bin/timekeep u:object_r:timekeep_exec:s0" >> sepolicy/file_contexts;
+				echo "type vendor_timekeep_prop, property_type;" >> sepolicy/property.te;
+				echo "persist.vendor.timeadjust u:object_r:vendor_timekeep_prop:s0" >> sepolicy/property_contexts;
+				echo "user=system seinfo=platform name=com.sony.timekeep domain=timekeep_app type=app_data_file" >> sepolicy/seapp_contexts;
+				cp "$DOS_PATCHES_COMMON/timekeep.te" sepolicy/;
+				cp "$DOS_PATCHES_COMMON/timekeep_app.te" sepolicy/;
 			fi;
 		fi;
 	fi;
 	if [ -z "$replaceTime" ]; then #Switch to Sony TimeKeep
-		sed -i 's|service time_daemon /system/bin/time_daemon|service time_daemon /system/bin/timekeep restore\n    oneshot|' init.*.rc rootdir/init.*.rc rootdir/etc/init.*.rc &> /dev/null || true;
-		sed -i 's|mkdir /data/time/ 0700 system system|mkdir /data/time/ 0700 system system\n    chmod 0770 /data/time/ats_2|' init.*.rc rootdir/init.*.rc rootdir/etc/init.*.rc &> /dev/null || true;
+		#sed -i 's|service time_daemon /system/bin/time_daemon|service time_daemon /system/bin/timekeep restore\n    oneshot|' init.*.rc rootdir/init.*.rc rootdir/etc/init.*.rc &> /dev/null || true;
+		awk -i inplace '!|mkdir /data/time/ 0700 system system|' init.*.rc rootdir/init.*.rc rootdir/etc/init.*.rc &> /dev/null || true;
 	fi;
 	rm -f board/qcom-cne.mk product/qcom-cne.mk; #Remove CNE
 	if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then rm -f rootdir/etc/init.qti.ims.sh rootdir/init.qti.ims.sh init.qti.ims.sh; fi; #Remove IMS startup script