Add su option
diff --git a/generate.sh b/generate.sh
index 7fcefd3..382b352 100644
--- a/generate.sh
+++ b/generate.sh
@@ -5,28 +5,36 @@
for part in a ab;do
for apps in vanilla gapps foss;do
for arch in arm64;do
- apps_suffix=""
- apps_script=""
- apps_name=""
- if [ "$apps" == "gapps" ];then
- apps_suffix="g"
- apps_script='$(call inherit-product, device/phh/treble/gapps.mk)'
- apps_name="with GApps"
- fi
- if [ "$apps" == "foss" ];then
- apps_suffix="f"
- apps_script='$(call inherit-product, vendor/foss/foss.mk)'
- apps_name="with FOSS apps"
- fi
- if [ "$apps" == "vanilla" ];then
- apps_suffix="v"
- apps_script=''
- apps_name="vanilla"
- fi
+ for su in yes no;do
+ apps_suffix=""
+ apps_script=""
+ apps_name=""
+ extra_packages=""
+ if [ "$apps" == "gapps" ];then
+ apps_suffix="g"
+ apps_script='$(call inherit-product, device/phh/treble/gapps.mk)'
+ apps_name="with GApps"
+ fi
+ if [ "$apps" == "foss" ];then
+ apps_suffix="f"
+ apps_script='$(call inherit-product, vendor/foss/foss.mk)'
+ apps_name="with FOSS apps"
+ fi
+ if [ "$apps" == "vanilla" ];then
+ apps_suffix="v"
+ apps_script=''
+ apps_name="vanilla"
+ fi
- target="treble_${arch}_${part}${apps_suffix}"
+ su_suffix='N'
+ if [ "$su" == "yes" ];then
+ su_suffix='S'
+ extra_packages+=' phh-su'
+ fi
- cat > ${target}.mk << EOF
+ target="treble_${arch}_${part}${apps_suffix}${su_suffix}"
+
+ cat > ${target}.mk << EOF
include build/make/target/product/treble_common.mk
\$(call inherit-product, device/phh/treble/base.mk)
$apps_script
@@ -35,8 +43,11 @@
PRODUCT_DEVICE := generic_arm64_$part
PRODUCT_BRAND := Android
PRODUCT_MODEL := Phh-Treble $apps_name
+
+PRODUCT_PACKAGES += $extra_packages
EOF
echo -e '\t$(LOCAL_DIR)/'$target.mk '\' >> AndroidProducts.mk
+ done
done
done
done
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
new file mode 100644
index 0000000..15ebca2
--- /dev/null
+++ b/sepolicy/file_contexts
@@ -0,0 +1 @@
+/system/bin/phh-su u:object_r:phhsu_exec:s0
diff --git a/sepolicy/su.te b/sepolicy/su.te
new file mode 100644
index 0000000..01d665f
--- /dev/null
+++ b/sepolicy/su.te
@@ -0,0 +1,47 @@
+type phhsu_daemon, domain;
+type phhsu_exec, exec_type, file_type;
+
+typeattribute phhsu_daemon coredomain;
+permissive phhsu_daemon;
+
+tmpfs_domain(phhsu_daemon);
+domain_auto_trans(init, phhsu_exec, phhsu_daemon);
+file_type_auto_trans(phhsu_daemon, device, phhsu_daemon);
+
+allow { appdomain shell } phhsu_daemon:unix_stream_socket { connectto write read };
+allow { appdomain shell } phhsu_daemon:sock_file { write read };
+allow { appdomain shell } phhsu_exec:file { getattr read open execute execute_no_trans };
+
+create_pty(shell)
+allowxperm shell devpts:chr_file ioctl TCSETSF;
+allowxperm untrusted_app untrusted_app_devpts:chr_file ioctl TCSETSF;
+
+allow servicemanager phhsu_daemon:dir { search read };
+allow servicemanager phhsu_daemon:file { open read };
+allow servicemanager phhsu_daemon:process { getattr };
+allow servicemanager phhsu_daemon:binder { call transfer };
+
+typeattribute phhsu_daemon mlstrustedobject;
+typeattribute phhsu_daemon mlstrustedsubject;
+
+allow shell su_exec:file getattr;
+typeattribute su mlstrustedsubject;
+
+allow phhsu_daemon { system_api_service app_api_service system_server_service }:service_manager find;
+
+allow system_server phhsu_daemon:fd use;
+allow system_server phhsu_daemon:binder { call };
+
+# Add su to various domains
+net_domain(su)
+
+# grant su access to vndbinder
+vndbinder_use(su)
+
+allow phhsu_daemon toolbox_exec:file { read open execute_no_trans };
+allow phhsu_daemon untrusted_app_devpts:chr_file { getattr };
+allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr };
+
+allow phhsu_daemon phhsu_daemon:capability { setuid setgid dac_override chown};
+
+allow appdomain phhsu_daemon:dir { search };
diff --git a/su/Android.mk b/su/Android.mk
new file mode 100644
index 0000000..4d2e612
--- /dev/null
+++ b/su/Android.mk
@@ -0,0 +1,11 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := su
+LOCAL_MODULE := phh-su
+LOCAL_MODULE_CLASS := EXECUTABLES
+
+LOCAL_INIT_RC := su.rc
+
+include $(BUILD_PREBUILT)
diff --git a/su/su b/su/su
new file mode 100755
index 0000000..59f1aaf
--- /dev/null
+++ b/su/su
Binary files differ
diff --git a/su/su.rc b/su/su.rc
new file mode 100644
index 0000000..935bdde
--- /dev/null
+++ b/su/su.rc
@@ -0,0 +1,2 @@
+service sudaemon /system/bin/phh-su --daemon
+ class main