forked from WSA-Community/WSAGAScript
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapply.sh
85 lines (74 loc) · 5.26 KB
/
apply.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/bash
# added quote mark ('"') for every variable so it wont be a problem if the path has space/whitespace
. ./VARIABLES.sh
echo "Copying build.prop for each image"
cp "$PropRoot"/build_system_ext.prop /mnt/system_ext/build.prop
cp "$PropRoot"/build_system.prop /mnt/system/build.prop
cp "$PropRoot"/build_system.prop /mnt/system/system/build.prop
cp "$PropRoot"/build_product.prop /mnt/product/build.prop
cp "$PropRoot"/build_vendor.prop /mnt/vendor/build.prop
cp "$PropRoot"/build_vendor_odm.prop /mnt/vendor/odm/etc/vendor.prop
echo "Copying GApps files to system..."
cp -f -a "$GAppsOutputFolder"/app/* "$InstallDir"/app
cp -f -a "$GAppsOutputFolder"/etc/* "$InstallDir"/etc
cp -f -a "$GAppsOutputFolder"/overlay/* "$InstallDir"/overlay
cp -f -a "$GAppsOutputFolder"/priv-app/* "$InstallDir"/priv-app
cp -f -a "$GAppsOutputFolder"/framework/* "$InstallDir"/framework
echo "Applying root file ownership"
find "$InstallDir"/app -exec chown root:root {} &>/dev/null \;
find "$InstallDir"/etc -exec chown root:root {} &>/dev/null \;
find "$InstallDir"/overlay -exec chown root:root {} &>/dev/null \;
find "$InstallDir"/priv-app -exec chown root:root {} &>/dev/null \;
find "$InstallDir"/framework -exec chown root:root {} &>/dev/null \;
find "$InstallDir"/lib -exec chown root:root {} &>/dev/null \;
find "$InstallDir"/lib64 -exec chown root:root {} &>/dev/null \;
echo "Setting directory permissions"
find "$InstallDir"/app -type d -exec chmod 755 {} \;
find "$InstallDir"/etc -type d -exec chmod 755 {} \;
find "$InstallDir"/overlay -type d -exec chmod 755 {} \;
find "$InstallDir"/priv-app -type d -exec chmod 755 {} \;
find "$InstallDir"/framework -type d -exec chmod 755 {} \;
find "$InstallDir"/lib -type d -exec chmod 755 {} \;
find "$InstallDir"/lib64 -type d -exec chmod 755 {} \;
echo "Setting file permissions"
find "$InstallDir"/app -type f -exec chmod 644 {} \;
find "$InstallDir"/overlay -type f -exec chmod 644 {} \;
find "$InstallDir"/priv-app -type f -exec chmod 644 {} \;
find "$InstallDir"/framework -type f -exec chmod 644 {} \;
find "$InstallDir"/lib -type f -exec chmod 644 {} \;
find "$InstallDir"/lib64 -type f -exec chmod 644 {} \;
find "$InstallDir"/etc/permissions -type f -exec chmod 644 {} \;
find "$InstallDir"/etc/default-permissions -type f -exec chmod 644 {} \;
find "$InstallDir"/etc/preferred-apps -type f -exec chmod 644 {} \;
find "$InstallDir"/etc/sysconfig -type f -exec chmod 644 {} \;
echo "Applying SELinux security contexts to directories"
find "$InstallDir"/app -type d -exec chcon --reference="$InstallDir"/app {} \;
find "$InstallDir"/overlay -type d -exec chcon --reference="$InstallDir"/overlay {} \;
find "$InstallDir"/priv-app -type d -exec chcon --reference="$InstallDir"/priv-app {} \;
find "$InstallDir"/framework -type d -exec chcon --reference="$InstallDir"/framework {} \;
find "$InstallDir"/lib -type d -exec chcon --reference="$InstallDir"/lib {} \;
find "$InstallDir"/lib64 -type d -exec chcon --reference="$InstallDir"/lib64 {} \;
find "$InstallDir"/etc/permissions -type d -exec chcon --reference="$InstallDir"/etc/permissions {} \;
find "$InstallDir"/etc/default-permissions -type d -exec chcon --reference="$InstallDir"/etc/permissions {} \;
find "$InstallDir"/etc/preferred-apps -type d -exec chcon --reference="$InstallDir"/etc/permissions {} \;
find "$InstallDir"/etc/sysconfig -type d -exec chcon --reference="$InstallDir"/etc/sysconfig {} \;
echo "Applying SELinux security contexts to files"
find "$InstallDir"/framework -type f -exec chcon --reference="$InstallDir"/framework/ext.jar {} \;
find "$InstallDir"/overlay -type f -exec chcon --reference="$InstallDir"/app/CertInstaller/CertInstaller.apk {} \;
find "$InstallDir"/app -type f -exec chcon --reference="$InstallDir"/app/CertInstaller/CertInstaller.apk {} \;
find "$InstallDir"/priv-app -type f -exec chcon --reference="$InstallDir"/priv-app/Shell/Shell.apk {} \;
find "$InstallDir"/lib -type f -exec chcon --reference="$InstallDir"/lib/libcap.so {} \;
find "$InstallDir"/lib64 -type f -exec chcon --reference="$InstallDir"/lib64/libcap.so {} \;
find "$InstallDir"/etc/permissions -type f -exec chcon --reference="$InstallDir"/etc/fs_config_dirs {} \;
find "$InstallDir"/etc/default-permissions -type f -exec chcon --reference="$InstallDir"/etc/fs_config_dirs {} \;
find "$InstallDir"/etc/preferred-apps -type f -exec chcon --reference="$InstallDir"/etc/fs_config_dirs {} \;
find "$InstallDir"/etc/sysconfig -type f -exec chcon --reference="$InstallDir"/etc/fs_config_dirs {} \;
echo "Applying SELinux policy"
# Sed will remove the SELinux policy for plat_sepolicy.cil, preserve policy using cp
cp "$InstallDir"/etc/selinux/plat_sepolicy.cil "$InstallDir"/etc/selinux/plat_sepolicy_new.cil
sed -i 's/(allow gmscore_app self (process (ptrace)))/(allow gmscore_app self (process (ptrace)))\n(allow gmscore_app self (vsock_socket (read write create connect)))\n(allow gmscore_app device_config_runtime_native_boot_prop (file (read)))/g' "$InstallDir"/etc/selinux/plat_sepolicy_new.cil
cp "$InstallDir"/etc/selinux/plat_sepolicy_new.cil "$InstallDir"/etc/selinux/plat_sepolicy.cil
rm "$InstallDir"/etc/selinux/plat_sepolicy_new.cil
# Prevent android from using cached SELinux policy
echo '0000000000000000000000000000000000000000000000000000000000000000' > "$InstallDir"/etc/selinux/plat_sepolicy_and_mapping.sha256
echo "!! Apply completed !!"