平台
RK3288 + Android 9
概述
本文是基于 Andrid 7.1 启动init.rc中自定义service 关于SELINUX部分的补充说明.
问题
全程参照bootanimation的实现
新增/修改文件列表
anson@server:~/codes/rk3288_pie$ git status system/sepolicy/ On branch master Your branch is behind 'origin/master' by 6 commits, and can be fast-forwarded. (use "git pull" to update your local branch) Changes not staged for commit: (use "git add <file>..." to update what will be committed) (use "git checkout -- <file>..." to discard changes in working directory) modified: system/sepolicy/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil modified: system/sepolicy/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil modified: system/sepolicy/prebuilts/api/28.0/private/file_contexts modified: system/sepolicy/prebuilts/api/28.0/private/property_contexts modified: system/sepolicy/prebuilts/api/28.0/private/system_server.te modified: system/sepolicy/prebuilts/api/28.0/public/bootstat.te modified: system/sepolicy/prebuilts/api/28.0/public/domain.te modified: system/sepolicy/prebuilts/api/28.0/public/property.te modified: system/sepolicy/private/compat/26.0/26.0.ignore.cil modified: system/sepolicy/private/compat/27.0/27.0.ignore.cil modified: system/sepolicy/private/file_contexts modified: system/sepolicy/private/property_contexts modified: system/sepolicy/private/system_server.te modified: system/sepolicy/public/bootstat.te modified: system/sepolicy/public/domain.te modified: system/sepolicy/public/property.te Untracked files: (use "git add <file>..." to include in what will be committed) system/sepolicy/prebuilts/api/28.0/private/infoservice.te system/sepolicy/prebuilts/api/28.0/public/infoservice.te system/sepolicy/private/infoservice.te system/sepolicy/public/infoservice.te
system/sepolicy/private/infoservice.te
typeattribute infoservice coredomain; init_daemon_domain(infoservice) # b/68864350 dontaudit infoservice unlabeled:dir search;
system/sepolicy/public/infoservice.te
# infoservice oneshot service type infoservice, domain; type infoservice_exec, exec_type, file_type; #hal_client_domain(infoservice, hal_configstore) #hal_client_domain(infoservice, hal_graphics_allocator) #hal_client_domain(infoservice, hal_graphics_composer) binder_use(infoservice) #binder_call(infoservice, surfaceflinger) #binder_call(infoservice, audioserver) hwbinder_use(infoservice) allow infoservice gpu_device:chr_file rw_file_perms; # /oem access allow infoservice oemfs:dir search; allow infoservice oemfs:file r_file_perms; allow infoservice audio_device:dir r_dir_perms; allow infoservice audio_device:chr_file rw_file_perms; allow infoservice audioserver_service:service_manager find; allow infoservice surfaceflinger_service:service_manager find; # Allow access to ion memory allocation device allow infoservice ion_device:chr_file rw_file_perms; allow infoservice hal_graphics_allocator:fd use; # Fences allow infoservice hal_graphics_composer:fd use; # Read access to pseudo filesystems. allow infoservice proc_meminfo:file r_file_perms; # System file accesses. allow infoservice system_file:dir r_dir_perms; # Read ro.boot.bootreason b/30654343 get_prop(infoservice, bootloader_boot_reason_prop)
其他文件
git diff system/sepolicy/private/file_contexts system/sepolicy/private/property_contexts system/sepolicy/private/system_server.te system/sepolicy/public/bootstat.te system/sepolicy/public/domain.te system/sepolicy/public/property.te diff --git a/system/sepolicy/private/file_contexts b/system/sepolicy/private/file_contexts index 564e45c..0077d42 100644 --- a/system/sepolicy/private/file_contexts +++ b/system/sepolicy/private/file_contexts @@ -201,6 +201,7 @@ /system/bin/sh -- u:object_r:shell_exec:s0 /system/bin/run-as -- u:object_r:runas_exec:s0 /system/bin/bootanimation u:object_r:bootanim_exec:s0 +/system/xbin/infoservice u:object_r:infoservice_exec:s0 /system/bin/bootstat u:object_r:bootstat_exec:s0 /system/bin/app_process32 u:object_r:zygote_exec:s0 /system/bin/app_process64 u:object_r:zygote_exec:s0 diff --git a/system/sepolicy/private/property_contexts b/system/sepolicy/private/property_contexts index 32be0b3..f73ecbc 100644 --- a/system/sepolicy/private/property_contexts +++ b/system/sepolicy/private/property_contexts @@ -95,6 +95,7 @@ ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0 # ctl properties ctl.bootanim u:object_r:ctl_bootanim_prop:s0 +ctl.infoservice u:object_r:ctl_infoservice_prop:s0 ctl.android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0 ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0 ctl.fuse_ u:object_r:ctl_fuse_prop:s0 diff --git a/system/sepolicy/private/system_server.te b/system/sepolicy/private/system_server.te index b037fe4..b3f6307 100644 --- a/system/sepolicy/private/system_server.te +++ b/system/sepolicy/private/system_server.te @@ -110,6 +110,8 @@ allow system_server cameraserver:process { getsched setsched }; allow system_server hal_camera:process { getsched setsched }; allow system_server mediaserver:process { getsched setsched }; allow system_server bootanim:process { getsched setsched }; +# AnsonCode +allow system_server infoservice:process { getsched setsched }; # Allow system_server to write to /proc/<pid>/timerslack_ns allow system_server appdomain:file w_file_perms; diff --git a/system/sepolicy/public/bootstat.te b/system/sepolicy/public/bootstat.te old mode 100644 new mode 100755 index 7ba0238..8453df8 --- a/system/sepolicy/public/bootstat.te +++ b/system/sepolicy/public/bootstat.te @@ -31,6 +31,7 @@ read_logd(bootstat) neverallow { domain -bootanim + -infoservice -bootstat -dumpstate -init diff --git a/system/sepolicy/public/domain.te b/system/sepolicy/public/domain.te old mode 100644 new mode 100755 index e9337b6..8237939 --- a/system/sepolicy/public/domain.te +++ b/system/sepolicy/public/domain.te @@ -448,6 +448,7 @@ neverallow { domain -appdomain # for oemfs -bootanim # for oemfs + -infoservice -recovery # for /tmp/update_binary in tmpfs } { fs_type -rootfs }:file execute; @@ -1330,6 +1331,7 @@ full_treble_only(` neverallow { coredomain -appdomain + -infoservice -bootanim -crash_dump -init diff --git a/system/sepolicy/public/property.te b/system/sepolicy/public/property.te index 09200b8..4f2dfa4 100644 --- a/system/sepolicy/public/property.te +++ b/system/sepolicy/public/property.te @@ -6,6 +6,8 @@ type bootloader_boot_reason_prop, property_type; type config_prop, property_type, core_property_type; type cppreopt_prop, property_type, core_property_type; type ctl_bootanim_prop, property_type; +# AnsonCode +type ctl_infoservice_prop, property_type; type ctl_bugreport_prop, property_type; type ctl_console_prop, property_type; type ctl_default_prop, property_type; @@ -142,6 +144,7 @@ neverallow { # in the audit log dontaudit domain { ctl_bootanim_prop + ctl_infoservice_prop ctl_bugreport_prop ctl_console_prop ctl_default_prop @@ -326,6 +329,7 @@ compatible_property_only(` -config_prop -cppreopt_prop -ctl_bootanim_prop + -ctl_infoservice_prop -ctl_bugreport_prop -ctl_console_prop -ctl_default_prop
CIL文件
git diff system/sepolicy/private/compat/26.0/26.0.ignore.cil system/sepolicy/private/compat/27.0/27.0.ignore.cil diff --git a/system/sepolicy/private/compat/26.0/26.0.ignore.cil b/system/sepolicy/private/compat/26.0/26.0.ignore.cil old mode 100644 new mode 100755 index c8edf9f..cfdd79f --- a/system/sepolicy/private/compat/26.0/26.0.ignore.cil +++ b/system/sepolicy/private/compat/26.0/26.0.ignore.cil @@ -10,6 +10,10 @@ blank_screen blank_screen_exec blank_screen_tmpfs + infoservice + infoservice_exec + infoservice_tmpfs + ctl_infoservice_prop bluetooth_a2dp_offload_prop bpfloader bpfloader_exec diff --git a/system/sepolicy/private/compat/27.0/27.0.ignore.cil b/system/sepolicy/private/compat/27.0/27.0.ignore.cil old mode 100644 new mode 100755 index 6106748..5bab216 --- a/system/sepolicy/private/compat/27.0/27.0.ignore.cil +++ b/system/sepolicy/private/compat/27.0/27.0.ignore.cil @@ -8,6 +8,10 @@ blank_screen blank_screen_exec blank_screen_tmpfs + infoservice + infoservice_exec + infoservice_tmpfs + ctl_infoservice_prop bootloader_boot_reason_prop bluetooth_a2dp_offload_prop bpfloader
剩下就是COPY操作
从system/sepolicy 拷贝到 system/sepolicy/prebuilts/api/28.0
编译错误及解决
LOG1
device/rockchip/rk3288/preinstall_del_forever/preinstall.mk was modified, regenerating... device/rockchip/rk3288/preinstall_del/preinstall.mk was modified, regenerating... system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version [ 50% 3/6] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0 FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0 /bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/rk3288/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/rk3288/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/rk3288/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_mapping.combined.cil -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy -p out/target/product/rk3288/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0 )" SELinux: The following types were found added to the policy without an entry into the compatibility mapping file(s) found in private/compat/26.0/26.0[.ignore].cil ctl_infoservice_prop infoservice infoservice_exec infoservice_tmpfs [ 66% 4/6] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0 FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0 /bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/rk3288/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/rk3288/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/rk3288/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_mapping.combined.cil -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy -p out/target/product/rk3288/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0 )" SELinux: The following types were found added to the policy without an entry into the compatibility mapping file(s) found in private/compat/27.0/27.0[.ignore].cil ctl_infoservice_prop infoservice infoservice_exec infoservice_tmpfs ninja: build stopped: subcommand failed. 10:18:16 ninja failed with: exit status 1 #### failed to build some targets (51 seconds) ####
LOG2
device/rockchip/rk3288/preinstall_del_forever/preinstall.mk was modified, regenerating... device/rockchip/rk3288/preinstall_del/preinstall.mk was modified, regenerating... system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version [ 50% 3/6] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0 FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0 /bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/rk3288/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/rk3288/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/rk3288/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_mapping.combined.cil -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy -p out/target/product/rk3288/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0 )" SELinux: The following types were found added to the policy without an entry into the compatibility mapping file(s) found in private/compat/26.0/26.0[.ignore].cil ctl_infoservice_prop [ 66% 4/6] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0 FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0 /bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/rk3288/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/rk3288/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/rk3288/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_mapping.combined.cil -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy -p out/target/product/rk3288/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0 )" SELinux: The following types were found added to the policy without an entry into the compatibility mapping file(s) found in private/compat/27.0/27.0[.ignore].cil ctl_infoservice_prop ninja: build stopped: subcommand failed. 11:11:31 ninja failed with: exit status 1 #### failed to build some targets (01:32 (mm:ss)) ####
往private/compat/26.0/26.0[.ignore].cil 和 private/compat/27.0/27.0[.ignore].cil 把对应的内容添加(如:ctl_infoservice_prop)到指定文件即可.
假如当前SDK是29, 则需要添加到 28, 27, 26的 *…ignore.cil里
system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version [ 12% 1/8] build out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test FAILED: out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test /bin/bash -c "(diff -rq system/sepolicy/prebuilts/api/28.0/public system/sepolicy/public ) && (diff -rq system/sepolicy/prebuilts/api/28.0/private system/sepolicy/private ) && (touch out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test )" Only in system/sepolicy/public: infoservice.te [ 25% 2/8] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_plat_policy.conf out/host/linux-x86/bin/checkpolicy: policy configuration loaded out/host/linux-x86/bin/checkpolicy: writing CIL to out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy [ 37% 3/8] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_plat_policy.conf out/host/linux-x86/bin/checkpolicy: policy configuration loaded out/host/linux-x86/bin/checkpolicy: writing CIL to out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy ninja: build stopped: subcommand failed. 10:09:25 ninja failed with: exit status 1 #### failed to build some targets (48 seconds) ####
cp system/sepolicy/public/infoservice.te system/sepolicy/prebuilts/api/28.0/public/infoservice.te
system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version [ 37% 3/8] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy /bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -C -c 30 -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_plat_policy.conf ) && (cat system/sepolicy/prebuilts/api/26.0/private/technical_debt.cil >> out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy ) && (out/host/linux-x86/bin/secilc -m -M true -G -c 30 out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy -f /dev/null )" system/sepolicy/prebuilts/api/26.0/public/domain.te:88:ERROR 'syntax error' at token 'not_compatible_property' on line 7908: not_compatible_property( # Device specific properties are not granted by default checkpolicy: error(s) encountered while parsing configuration out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_plat_policy.conf [ 50% 4/8] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy FAILED: out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy /bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -C -c 30 -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_plat_policy.conf ) && (cat system/sepolicy/prebuilts/api/27.0/private/technical_debt.cil >> out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy ) && (out/host/linux-x86/bin/secilc -m -M true -G -c 30 out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy -o out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy -f /dev/null )" system/sepolicy/prebuilts/api/27.0/public/domain.te:88:ERROR 'syntax error' at token 'not_compatible_property' on line 8075: # Device specific properties are not granted by default not_compatible_property( checkpolicy: error(s) encountered while parsing configuration out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_plat_policy.conf ninja: build stopped: subcommand failed. 10:05:06 ninja failed with: exit status 1 #### failed to build some targets (43 seconds) ####
刚开始, 把system/sepolicy 目录下新增加的文件拷贝到了 system/sepolicy/prebuilts/api/目录下所有SDK(26,27,28)编译后出的错误, 而实际只需要拷贝到28即可, 相应的26,27需要在.ignore.cli中增加相应的声明.
错误的文件列表
git status system/sepolicy/ On branch master Your branch is behind 'origin/master' by 6 commits, and can be fast-forwarded. (use "git pull" to update your local branch) Changes not staged for commit: (use "git add <file>..." to update what will be committed) (use "git checkout -- <file>..." to discard changes in working directory) modified: system/sepolicy/prebuilts/api/26.0/private/file_contexts modified: system/sepolicy/prebuilts/api/26.0/private/property_contexts modified: system/sepolicy/prebuilts/api/26.0/private/system_server.te modified: system/sepolicy/prebuilts/api/26.0/public/bootstat.te modified: system/sepolicy/prebuilts/api/26.0/public/domain.te modified: system/sepolicy/prebuilts/api/26.0/public/property.te modified: system/sepolicy/prebuilts/api/27.0/private/file_contexts modified: system/sepolicy/prebuilts/api/27.0/private/property_contexts modified: system/sepolicy/prebuilts/api/27.0/private/system_server.te modified: system/sepolicy/prebuilts/api/27.0/public/bootstat.te modified: system/sepolicy/prebuilts/api/27.0/public/domain.te modified: system/sepolicy/prebuilts/api/27.0/public/property.te modified: system/sepolicy/prebuilts/api/28.0/private/file_contexts modified: system/sepolicy/prebuilts/api/28.0/private/property_contexts modified: system/sepolicy/prebuilts/api/28.0/private/system_server.te modified: system/sepolicy/prebuilts/api/28.0/public/bootstat.te modified: system/sepolicy/prebuilts/api/28.0/public/domain.te modified: system/sepolicy/prebuilts/api/28.0/public/property.te modified: system/sepolicy/private/file_contexts modified: system/sepolicy/private/property_contexts modified: system/sepolicy/private/system_server.te modified: system/sepolicy/public/bootstat.te modified: system/sepolicy/public/domain.te modified: system/sepolicy/public/property.te Untracked files: (use "git add <file>..." to include in what will be committed) system/sepolicy/prebuilts/api/26.0/private/infoservice.te system/sepolicy/prebuilts/api/26.0/public/infoservice.te system/sepolicy/prebuilts/api/27.0/private/infoservice.te system/sepolicy/prebuilts/api/27.0/public/infoservice.te system/sepolicy/prebuilts/api/28.0/private/infoservice.te system/sepolicy/prebuilts/api/28.0/public/infoservice.te system/sepolicy/private/infoservice.te system/sepolicy/public/infoservice.te
system/sepolicy/Android.mk:79: warning: BOARD_SEPOLICY_VERS not specified, assuming current platform version [ 10% 1/10] build out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test FAILED: out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test /bin/bash -c "(diff -rq system/sepolicy/prebuilts/api/28.0/public system/sepolicy/public ) && (diff -rq system/sepolicy/prebuilts/api/28.0/private system/sepolicy/private ) && (touch out/target/product/rk3288/obj/ETC/sepolicy_freeze_test_intermediates/sepolicy_freeze_test )" Files system/sepolicy/prebuilts/api/28.0/public/bootstat.te and system/sepolicy/public/bootstat.te differ Files system/sepolicy/prebuilts/api/28.0/public/domain.te and system/sepolicy/public/domain.te differ Only in system/sepolicy/public: infoservice.te Files system/sepolicy/prebuilts/api/28.0/public/property.te and system/sepolicy/public/property.te differ [ 30% 3/10] build out/target/product/rk3288/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_plat_policy.conf ninja: build stopped: subcommand failed. 10:07:45 ninja failed with: exit status 1 #### failed to build some targets (43 seconds) ####
Files system/sepolicy/prebuilts/api/28.0/public/bootstat.te and system/sepolicy/public/bootstat.te differ
文件不同, 直接拷贝覆盖, 需注意正确的文件是哪个, 以免覆盖错.
