分区"/>
MTK Android10添加分区
提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
MTK Android10添加分区
- 前言
- 一、添加分区
- 1.添加分区,写大小
- 1.修改编译脚本,生成xunye.img
- 二、修改权限
- 1.修改SE权限
- 2.修改系统app读写xunye分区的权限
- 总结
前言
这里的分区修改是xml文件的,如果是修改表格文件的,参考
AndroidQ(10.0) MTK平台添加新分区
Android11.0® MTK平台添加新分区
一、添加分区
1.添加分区,写大小
diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml
index 18c4eb4bd3..dc4b46cb9e 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/partition_ab_dynamic.xml
@@ -26,7 +26,7 @@<!-- <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="65536" name="recovery"/> --><entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="1024" name="para"/><entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="16384" name="logo"/>
-
+ <entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="262144" name="xunye"/><entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="16384" name="dtbo_a"/><entry type="{0FC63DAF-8483-4772-8E79-3D69D8477DE4}" size="16384" name="dtbo_b"/>diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json
index cf04a1fcd6..f0055695ae 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/partition/scatter.json
@@ -203,6 +203,14 @@"logo": {"file_name": "logo.bin","type": "NORMAL_ROM"
+ },
+ "XUNYE": {
+ "file_name": "xunye.img",
+ "type": "NORMAL_ROM"
+ },
+ "xunye": {
+ "file_name": "xunye.img",
+ "type": "NORMAL_ROM"},"DTBO": {"file_name": "dtbo.img",1.修改编译脚本,生成xunye.img
diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk
index 06c275f4ac..c1ed6354c3 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/BoardConfig.mk
@@ -7,6 +7,8 @@ include device/mediatek/mt8168/BoardConfig.mk# BluetoothBOARD_BLUETOOTH_BDROID_BUILDCFG_INCLUDE_DIR := $(MTK_TARGET_PROJECT_FOLDER)/bluetooth+BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE := ext4diff --git a/alps/build/make/core/Makefile b/alps/build/make/core/Makefile
index a4cbd608c2..6ccbccc15d 100644
--- a/alps/build/make/core/Makefile
+++ b/alps/build/make/core/Makefile
@@ -1402,6 +1402,12 @@ endif # PRODUCT_USE_DYNAMIC_PARTITIONS# $(2): a subset of "system vendor cache userdata product product_services oem odm"# $(3): additional "key=value" pairs to append to the dictionary file.define generate-image-prop-dictionary
+
+@echo "xunye_fs_type generate-image-prop-dictionary"
+@echo "xunye(2)=$(2)"
+@echo "xunye_fs_type=$(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE)"
+@echo "xunye_size=$(BOARD_XUNYEIMAGE_PARTITION_SIZE)"
+$(if $(filter $(2),system),\$(if $(BOARD_SYSTEMIMAGE_PARTITION_SIZE),$(hide) echo "system_size=$(BOARD_SYSTEMIMAGE_PARTITION_SIZE)" >> $(1))$(if $(INTERNAL_SYSTEM_OTHER_PARTITION_SIZE),$(hide) echo "system_other_size=$(INTERNAL_SYSTEM_OTHER_PARTITION_SIZE)" >> $(1))
@@ -1421,6 +1427,12 @@ $(if $(filter $(2),userdata),\$(if $(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "userdata_fs_type=$(BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE)" >> $(1))$(if $(BOARD_USERDATAIMAGE_PARTITION_SIZE),$(hide) echo "userdata_size=$(BOARD_USERDATAIMAGE_PARTITION_SIZE)" >> $(1)))
+$(if $(filter $(2),xunye),\
+ $(if $(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "xunye_fs_type=$(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE)" >> $(1))
+ $(if $(BOARD_XUNYEIMAGE_PARTITION_SIZE),$(hide) echo "xunye_size=$(BOARD_XUNYEIMAGE_PARTITION_SIZE)" >> $(1))
+ @echo "xunye_fs_type=$(BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE)"
+ @echo "xunye_size=$(BOARD_XUNYEIMAGE_PARTITION_SIZE)"
+)$(if $(filter $(2),cache),\$(if $(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE),$(hide) echo "cache_fs_type=$(BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE)" >> $(1))$(if $(BOARD_CACHEIMAGE_PARTITION_SIZE),$(hide) echo "cache_size=$(BOARD_CACHEIMAGE_PARTITION_SIZE)" >> $(1))
@@ -2684,6 +2696,45 @@ else # BUILDING_CACHE_IMAGEIGNORE_CACHE_LINK := --exclude=cacheendif # BUILDING_CACHE_IMAGE+
+#-----add by xuanye start
+# -----------------------------------------------------------------
+# xunye partition image
+# ifdef BUILDING_XUNYE_IMAGE
+ifdef BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+INTERNAL_XUNYEIMAGE_FILES := \
+ $(filter $(TARGET_OUT_XUNYE)/%,$(ALL_DEFAULT_INSTALLED_MODULES))
+
+xunyeimage_intermediates := \
+ $(call intermediates-dir-for,PACKAGING,xunye)
+BUILT_XUNYEIMAGE_TARGET := $(PRODUCT_OUT)/xunye.img
+
+define build-xunyeimage-target
+ $(call pretty,"Target xunye fs image: $(INSTALLED_XUNYEIMAGE_TARGET)")
+ @mkdir -p $(TARGET_OUT_XUNYE)
+ @mkdir -p $(xunyeimage_intermediates) && rm -rf $(xunyeimage_intermediates)/xunye_image_info.txt
+ $(call generate-image-prop-dictionary, $(xunyeimage_intermediates)/xunye_image_info.txt,xunye,skip_fsck=true)
+ $(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH \
+ build/make/tools/releasetools/build_image.py \
+ $(TARGET_OUT_XUNYE) $(xunyeimage_intermediates)/xunye_image_info.txt $(INSTALLED_XUNYEIMAGE_TARGET) $(TARGET_OUT)
+ $(hide) $(call assert-max-image-size,$(INSTALLED_XUNYEIMAGE_TARGET),$(BOARD_XUNYEIMAGE_PARTITION_SIZE))
+endef
+
+# We just build this directly to the install location.
+INSTALLED_XUNYEIMAGE_TARGET := $(BUILT_XUNYEIMAGE_TARGET)
+$(INSTALLED_XUNYEIMAGE_TARGET): $(INTERNAL_USERIMAGES_DEPS) $(INTERNAL_XUNYEIMAGE_FILES) $(BUILD_IMAGE_SRCS)
+ $(build-xunyeimage-target)
+
+.PHONY: xunyeimage-nodeps
+xunyeimage-nodeps: | $(INTERNAL_USERIMAGES_DEPS)
+ $(build-xunyeimage-target)
+
+else # BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+# we need to ignore the broken xunye link when doing the rsync
+IGNORE_XUNYE_LINK := --exclude=xunye
+endif # BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+#-----add by xuanye end
+# -----------------------------------------------------------------# system_other partition imageifdef BUILDING_SYSTEM_OTHER_IMAGE
@@ -3864,6 +3915,7 @@ $(BUILT_TARGET_FILES_PACKAGE): \$(FULL_SYSTEMIMAGE_DEPS) \$(INSTALLED_USERDATAIMAGE_TARGET) \$(INSTALLED_CACHEIMAGE_TARGET) \
+ $(INSTALLED_XUNYEIMAGE_TARGET) \$(INSTALLED_VENDORIMAGE_TARGET) \$(INSTALLED_PRODUCTIMAGE_TARGET) \$(INSTALLED_PRODUCT_SERVICESIMAGE_TARGET) \diff --git a/alps/build/make/core/board_config.mk b/alps/build/make/core/board_config.mk
index ac0f27da53..00f234a505 100644
--- a/alps/build/make/core/board_config.mk
+++ b/alps/build/make/core/board_config.mk
@@ -63,6 +63,8 @@ _board_strip_readonly_list += \BOARD_USERDATAIMAGE_PARTITION_SIZE \BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE \BOARD_CACHEIMAGE_PARTITION_SIZE \
+ BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE \
+ BOARD_XUNYEIMAGE_PARTITION_SIZE \BOARD_VENDORIMAGE_PARTITION_SIZE \BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE \BOARD_PRODUCTIMAGE_PARTITION_SIZE \
diff --git a/alps/build/make/core/config.mk b/alps/build/make/core/config.mk
index 5b66b2ba05..78e6445f51 100644
--- a/alps/build/make/core/config.mk
+++ b/alps/build/make/core/config.mk
@@ -1162,6 +1162,7 @@ dont_bother_goals := out \stnod systemtarball-nodeps \userdataimage-nodeps userdatatarball-nodeps \cacheimage-nodeps \
+ xunyeimage-nodeps \bptimage-nodeps \vnod vendorimage-nodeps \pnod productimage-nodeps \
diff --git a/alps/build/make/core/envsetup.mk b/alps/build/make/core/envsetup.mk
index 5131598a94..b0467a9563 100644
--- a/alps/build/make/core/envsetup.mk
+++ b/alps/build/make/core/envsetup.mk
@@ -599,6 +599,9 @@ endifTARGET_OUT_CACHE := $(PRODUCT_OUT)/cache.KATI_READONLY := TARGET_OUT_CACHE+TARGET_OUT_XUNYE := $(PRODUCT_OUT)/xunye
+
+TARGET_OUT_VENDOR := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_VENDOR).KATI_READONLY := TARGET_OUT_VENDORifneq ($(filter address,$(SANITIZE_TARGET)),)
diff --git a/alps/build/make/core/main.mk b/alps/build/make/core/main.mk
index 80078e3a83..f74c389905 100644
--- a/alps/build/make/core/main.mk
+++ b/alps/build/make/core/main.mk
@@ -1602,6 +1602,9 @@ userdatatarball: $(INSTALLED_USERDATATARBALL_TARGET).PHONY: cacheimagecacheimage: $(INSTALLED_CACHEIMAGE_TARGET)+.PHONY: xunyeimage
+xunyeimage: $(INSTALLED_XUNYEIMAGE_TARGET)
+.PHONY: bptimagebptimage: $(INSTALLED_BPTIMAGE_TARGET)@@ -1647,6 +1650,7 @@ droidcore: $(filter $(HOST_OUT_ROOT)/%,$(modules_to_install)) \$(INSTALLED_VBMETAIMAGE_TARGET) \$(INSTALLED_USERDATAIMAGE_TARGET) \$(INSTALLED_CACHEIMAGE_TARGET) \
+ $(INSTALLED_XUNYEIMAGE_TARGET) \$(INSTALLED_BPTIMAGE_TARGET) \$(INSTALLED_VENDORIMAGE_TARGET) \$(INSTALLED_ODMIMAGE_TARGET) \
diff --git a/alps/build/make/tools/releasetools/build_image.py b/alps/build/make/tools/releasetools/build_image.py
index 4136ed432e..e6f1dcfd3c 100755
--- a/alps/build/make/tools/releasetools/build_image.py
+++ b/alps/build/make/tools/releasetools/build_image.py
@@ -389,7 +389,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None):build_command = []fs_type = prop_dict.get("fs_type", "")
-
+ logger.error("xunye fs_type %s", fs_type)
+ logger.error("xunye in_dir %s",in_dir)fs_spans_partition = Trueif fs_type.startswith("squash"):fs_spans_partition = False
@@ -401,6 +402,7 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None):if (prop_dict.get("use_dynamic_partition_size") == "true" and"partition_size" not in prop_dict):# If partition_size is not defined, use output of `du' + reserved_size.
+ logger.error("no partition_size %s",in_dir)size = GetDiskUsage(in_dir)logger.info("The tree size of %s is %d MB.", in_dir, size // BYTES_IN_MB)
@@ -468,6 +470,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None):"Allocating %d MB for %s.", size // BYTES_IN_MB, out_file)prop_dict["image_size"] = prop_dict["partition_size"]
+ logger.error("xunye image_size %s", prop_dict["image_size"])
+ logger.error("xunye partition_size %s", prop_dict["partition_size"])# Adjust the image size to make room for the hashes if this is to be verified.if verity_image_builder:
@@ -536,6 +540,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):copy_prop(p, p)d["mount_point"] = mount_point
+ logger.error("xunye mount_point %s", mount_point)if mount_point == "system":copy_prop("avb_system_hashtree_enable", "avb_hashtree_enable")copy_prop("avb_system_add_hashtree_footer_args",
@@ -597,6 +602,10 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):elif mount_point == "cache":copy_prop("cache_fs_type", "fs_type")copy_prop("cache_size", "partition_size")
+ elif mount_point == "xunye":
+ copy_prop("fs_type", "fs_type")
+ copy_prop("xunye_fs_type", "fs_type")
+ copy_prop("xunye_size", "partition_size") elif mount_point == "vendor":copy_prop("avb_vendor_hashtree_enable", "avb_hashtree_enable")copy_prop("avb_vendor_add_hashtree_footer_args",
@@ -761,6 +770,8 @@ def main(argv):mount_point = "data"elif image_filename == "cache.img":mount_point = "cache"
+ elif image_filename == "xunye.img":
+ mount_point = "xunye" elif image_filename == "vendor.img":mount_point = "vendor"elif image_filename == "odm.img":
diff --git a/alps/device/mediatek/mt8168/BoardConfig.mk b/alps/device/mediatek/mt8168/BoardConfig.mk
index fe2e7390e2..30d5356cd0 100644
--- a/alps/device/mediatek/mt8168/BoardConfig.mk
+++ b/alps/device/mediatek/mt8168/BoardConfig.mk
@@ -189,6 +189,7 @@ BOARD_USERDATAIMAGE_PARTITION_SIZE := $(call get-partition-size,userdata)BOARD_VENDORIMAGE_PARTITION_SIZE := $(call get-partition-size,vendor_a)BOARD_BOOTIMAGE_PARTITION_SIZE := $(call get-partition-size,boot_a)BOARD_DTBOIMG_PARTITION_SIZE := $(call get-partition-size,dtbo_a)
+BOARD_XUNYEIMAGE_PARTITION_SIZE := $(call get-partition-size,xunye)elseBOARD_MAIN_SIZE := $(call get-partition-size,super)BOARD_SUPER_PARTITION_SIZE := $(call get-partition-size,super)
@@ -199,6 +200,7 @@ BOARD_BOOTIMAGE_PARTITION_SIZE := $(call get-partition-size,boot)BOARD_DTBOIMG_PARTITION_SIZE := $(call get-partition-size,dtbo)BOARD_CACHEIMAGE_PARTITION_SIZE := $(call get-partition-size,cache)BOARD_RECOVERYIMAGE_PARTITION_SIZE := $(call get-partition-size,recovery)
+BOARD_XUNYEIMAGE_PARTITION_SIZE := $(call get-partition-size,xunye)endif生成xunye目录
diff --git a/alps/system/core/rootdir/Android.mk b/alps/system/core/rootdir/Android.mk
index 7ff1588b23..2291e5532a 100644
--- a/alps/system/core/rootdir/Android.mk
+++ b/alps/system/core/rootdir/Android.mk
@@ -144,6 +144,11 @@ ifdef BOARD_CACHEIMAGE_FILE_SYSTEM_TYPEelseLOCAL_POST_INSTALL_CMD += ; ln -sf /data/cache $(TARGET_ROOT_OUT)/cacheendif
+
+ifdef BOARD_XUNYEIMAGE_FILE_SYSTEM_TYPE
+ LOCAL_POST_INSTALL_CMD += ; mkdir -p $(TARGET_ROOT_OUT)/xunye
+endif
+二、修改权限
1.修改SE权限
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/device.te b/alps/device/mediatek/sepolicy/bsp/non_plat/device.te
index 2a0a28eee2..831378eed5 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/device.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/device.te
@@ -21,3 +21,8 @@ allow system_server teei_client_device:chr_file r_file_perms;# Purpose : Add permission for nwktype nwkopt_device, dev_type;type tx_device, dev_type;
+
+# add for xunye
+type xunye_device, dev_type;
+type xunye_block_device, dev_type;diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te b/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te
index 6086c27678..ca6195b52f 100644
--- a/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/drmserver.te
@@ -5,3 +5,6 @@# Date : WK16.33# Purpose: Allow to access ged for gralloc_extra functionsallow drmserver proc_ged:file rw_file_perms;
+allow drmserver xunye_file:dir search;
+allow drmserver xunye_file:dir rw_dir_perms;
+allow drmserver xunye_file:file { read write open ioctl map};
diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te b/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te
index 635d3c7641..e54295c0a5 100644
--- a/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/fsck.te
@@ -16,3 +16,5 @@ allow fsck oem_block_device:blk_file rw_file_perms;# Date : WK17.12# Purpose: Fix bootup failallow fsck system_block_device:blk_file getattr;
+#allow fsck block_device:blk_file read;
+#allow fsck block_device:blk_file write;diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/file.te b/alps/device/mediatek/sepolicy/bsp/non_plat/file.te
index 6202d0be45..f2b49a1f66 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/file.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/file.te
@@ -77,3 +77,5 @@ type proc_tkcore, fs_type, proc_type;type mnt_het, file_type;+# add for xunye
+type xunye_file, file_type, data_file_type;
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts b/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts
index 407ad8e08a..db7c743a4f 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/file_contexts
@@ -182,3 +182,7 @@/mnt/het(/.*)? u:object_r:mnt_het:s0+# add for xunye
+/dev/block/platform/bootdevice/by-name/xunye u:object_r:xunye_block_device:s0
+/xunye(/.*)? u:object_r:xunye_file:s0
+
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te b/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te
index 33e62cff55..5b5d18f92c 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/fsck.te
@@ -6,3 +6,8 @@ allow fsck sysfs_fs_ext4_features:dir search;# Purpose : Allow resize.f2fs to read in "f2fs" block devallow init fsck_exec: lnk_file r_file_perms;allowxperm fsck userdata_block_device:blk_file ioctl BLKSECDISCARD;
+
+# add for xunye
+allow fsck xunye_block_device:blk_file rw_file_perms;
+
+
diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/init.te b/alps/device/mediatek/sepolicy/bsp/non_plat/init.te
index 2bf788da9e..37cddc93a7 100644
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/init.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/init.te
@@ -32,3 +32,8 @@ allow init proc_drop_caches:file w_file_perms;# Purpose: Allow to setattr for duraspeed.rcallow init proc_cpu_loading:file setattr;allow init proc_low_memory_hit:file setattr;
+
+# add for xunye
+allow init xunye_block_device:blk_file relabelto;
+allow init xunye_file:dir mounton;2.修改系统app读写xunye分区的权限
diff --git a/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te b/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te
index 319bd99c59..378aa02a98 100644
--- a/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te
+++ b/alps/device/mediatek/mt8168/sepolicy/basic/system_app.te
@@ -14,3 +14,9 @@ allow system_app system_data_file:file create;allow system_app system_data_file:dir write;allow system_app system_data_file:dir read;allow system_app system_data_file:dir add_name;
+allow system_app apk_data_file:dir write;
+allow system_app logo_block_device:blk_file write;
+allow system_app logo_block_device:blk_file read;
+allow system_app logo_block_device:blk_file open;
+allow system_app logo_block_device:blk_file getattr;
+allow system_app xunye_file:file setattr;
diff --git a/alps/device/mediatek/mt8168/ueventd.mt8168.rc b/alps/device/mediatek/mt8168/ueventd.mt8168.rc
index d2cdeba2a1..019bd67094 100644
--- a/alps/device/mediatek/mt8168/ueventd.mt8168.rc
+++ b/alps/device/mediatek/mt8168/ueventd.mt8168.rc
@@ -6,6 +6,7 @@/dev/block/platform/soc/11230000.mmc/by-name/nvram 0660 root system/dev/block/platform/soc/11230000.mmc/by-name/para 0660 root system/dev/block/platform/soc/11230000.mmc/by-name/logo 0660 root system
+/dev/block/platform/soc/11230000.mmc/by-name/xunye 0660 root system/dev/block/platform/soc/11230000.mmc/by-name/frp 0660 root system/dev/block/platform/soc/11230000.mmc/by-name/odmdtbo 0660 root system/dev/block/platform/soc/11230000.mmc/by-name/odmdtbo_a 0660 root systemdiff --git a/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te b/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te
index 56af7adef2..2e22be3f8d 100644
--- a/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/mediaserver.te
@@ -333,3 +333,8 @@ allow mediaserver mtk_hal_keymanage:binder call;# Purpose : Allow mediadrmserver to call vendor.mediatek.hardware.keymanage@1.0-service.hal_client_domain(mediaserver , hal_keymaster)allow mediaserver mtk_hal_keymanage_hwservice:hwservice_manager find;
+
+allow mediaserver xunye_file:dir search;
+allow mediaserver xunye_file:dir rw_dir_perms;
+allow mediaserver xunye_file:file { read write open ioctl map};
+
diff --git a/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te b/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te
index 491cf8eada..a378ead82e 100755
--- a/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te
+++ b/alps/device/mediatek/sepolicy/basic/non_plat/mtkbootanimation.te
@@ -51,6 +51,8 @@ allow mtkbootanimation proc_perfmgr:file {open read ioctl};allow mtkbootanimation mediaextractor:dir search;allow mtkbootanimation debugfs_ion:dir search;
+allow mtkbootanimation xunye_file:dir rw_dir_perms;
+allow mtkbootanimation xunye_file:file { read write open ioctl map};allow mediaserver mtkbootanimation:dir search;allowxperm mtkbootanimation proc_ged:file ioctl { proc_ged_ioctls };diff --git a/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te b/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te
index 20cffc85b6..566650df89 100755
--- a/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te
+++ b/alps/device/mediatek/sepolicy/bsp/non_plat/system_app.te
@@ -253,3 +253,7 @@ allow system_app ttyS_device:chr_file { rw_file_perms };allow system_app app_data_file:file { rw_file_perms };+# add for xunye
+allow system_app xunye_file:file { getattr unlink open read write create };
+allow system_app xunye_file:dir rw_dir_perms;diff --git a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc
index 4bb8ac5dc3..882e875bf2 100755
--- a/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc
+++ b/alps/device/mediateksample/aiot8365p3_64_bsp_1024/init.project.rc
@@ -38,7 +38,8 @@ on post-fs-datachmod 660 /dev/ttyGS1chown system /dev/ttyGS1-
+ chown system system /xunye
+ chmod 0777 /xunyediff --git a/alps/system/core/libcutils/fs_config.cpp b/alps/system/core/libcutils/fs_config.cpp
index 6b80ca9aca..f0a7b111b4 100644
--- a/alps/system/core/libcutils/fs_config.cpp
+++ b/alps/system/core/libcutils/fs_config.cpp
@@ -86,6 +86,7 @@ static const struct fs_path_config android_dirs[] = {{ 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest64" },{ 00775, AID_ROOT, AID_ROOT, 0, "data/preloads" },{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" },
+ { 00777, AID_SYSTEM, AID_SYSTEM, 0, "xunye" },{ 00755, AID_ROOT, AID_SYSTEM, 0, "mnt" },{ 00751, AID_ROOT, AID_SHELL, 0, "product/bin" },{ 00750, AID_ROOT, AID_SHELL, 0, "sbin" },
@@ -150,6 +151,8 @@ static const char* conf[][2] = {static const struct fs_path_config android_files[] = {// clang-format off{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" },
+ { 00777, AID_SYSTEM, AID_SYSTEM, 0, "xunye/*" },
+ { 00777, AID_SYSTEM, AID_SYSTEM, 0, "xunye/media/*" },{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral/*" },{ 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" },{ 00644, AID_APP, AID_APP, 0, "data/data/*" },diff --git a/alps/system/sepolicy/prebuilts/api/29.0/public/app.te b/alps/system/sepolicy/prebuilts/api/29.0/public/app.te
index d5a079b769..aa094cd2cc 100644
--- a/alps/system/sepolicy/prebuilts/api/29.0/public/app.te
+++ b/alps/system/sepolicy/prebuilts/api/29.0/public/app.te
@@ -371,7 +371,7 @@ binder_call({ appdomain -coredomain }, ashmemd)neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *;# Block device access.
-neverallow appdomain dev_type:blk_file { read write };
+neverallow { appdomain -system_app } dev_type:blk_file { read write };# Access to any of the following character devices.neverallow appdomain {
@@ -467,7 +467,7 @@ neverallow {appdomain -system_app} system_data_file:dir_file_class_set# Write to various other parts of /data.neverallow appdomain drm_data_file:dir_file_class_set{ create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -platform_app }
+neverallow { appdomain -platform_app -system_app}apk_data_file:dir_file_class_set{ create write setattr relabelfrom relabelto append unlink link rename };neverallow { appdomain -platform_app }
diff --git a/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te b/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te
index f348701819..ef839d1e6d 100644
--- a/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te
+++ b/alps/system/sepolicy/prebuilts/api/29.0/public/domain.te
@@ -818,6 +818,7 @@ full_treble_only(`# /data/vendorneverallow {coredomain
+ -domain-appdomain # TODO(b/34980020) remove exemption for appdomain-data_between_core_and_vendor_violators-init
@@ -836,6 +837,7 @@ full_treble_only(`-vold_prepare_subdirs} {data_file_type
+ -data_file_type-core_data_file_type# TODO(b/72998741) Remove exemption. Further restricted in a subsequent# neverallow. Currently only getattr and search are allowed.
diff --git a/alps/system/sepolicy/public/app.te b/alps/system/sepolicy/public/app.te
index d5a079b769..aa094cd2cc 100644
--- a/alps/system/sepolicy/public/app.te
+++ b/alps/system/sepolicy/public/app.te
@@ -371,7 +371,7 @@ binder_call({ appdomain -coredomain }, ashmemd)neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *;# Block device access.
-neverallow appdomain dev_type:blk_file { read write };
+neverallow { appdomain -system_app } dev_type:blk_file { read write };# Access to any of the following character devices.neverallow appdomain {
@@ -467,7 +467,7 @@ neverallow {appdomain -system_app} system_data_file:dir_file_class_set# Write to various other parts of /data.neverallow appdomain drm_data_file:dir_file_class_set{ create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -platform_app }
+neverallow { appdomain -platform_app -system_app}apk_data_file:dir_file_class_set{ create write setattr relabelfrom relabelto append unlink link rename };neverallow { appdomain -platform_app }
diff --git a/alps/system/sepolicy/public/domain.te b/alps/system/sepolicy/public/domain.te
index f348701819..ef839d1e6d 100644
--- a/alps/system/sepolicy/public/domain.te
+++ b/alps/system/sepolicy/public/domain.te
@@ -818,6 +818,7 @@ full_treble_only(`# /data/vendorneverallow {coredomain
+ -domain-appdomain # TODO(b/34980020) remove exemption for appdomain-data_between_core_and_vendor_violators-init
@@ -836,6 +837,7 @@ full_treble_only(`-vold_prepare_subdirs} {data_file_type
+ -data_file_type-core_data_file_type# TODO(b/72998741) Remove exemption. Further restricted in a subsequent# neverallow. Currently only getattr and search are allowed.
diff --git a/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in b/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in
index 470eb504af..34eed17d72 100644
--- a/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in
+++ b/alps/vendor/mediatek/proprietary/hardware/fstab/mt8168/fstab.in
@@ -145,6 +145,7 @@ DEVPATH(cache) /cache ext4 noatime,nosuid,nodev,noauto_da_alloc,disDEVPATH(nvdata) /mnt/vendor/nvdata ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattableDEVPATH(nvcfg) /mnt/vendor/nvcfg ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattable
+DEVPATH(xunye) /xunye ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattable总结
主要是SE的权限修改,后面系统应用是为了系统app读写该分区做的
更多推荐
MTK Android10添加分区
发布评论