forked from WSA-Community/WSAGAScript
-
Notifications
You must be signed in to change notification settings - Fork 0
/
apply.sh
110 lines (98 loc) · 6.72 KB
/
apply.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/bin/bash
. ./VARIABLES.sh
echo "Copying build.prop for each image"
cp "$PropRoot/build_system_ext.prop" /mnt/system_ext/build.prop
cp "$PropRoot/build_system.prop" /mnt/system/build.prop
cp "$PropRoot/build_system.prop" /mnt/system/system/build.prop
cp "$PropRoot/build_product.prop" /mnt/product/build.prop
cp "$PropRoot/build_vendor.prop" /mnt/vendor/build.prop
cp "$PropRoot/build_vendor_odm.prop" /mnt/vendor/odm/etc/vendor.prop
printf 'removing duplicate apps from system\n'
rm -Rf $InstallDir/apex/com.android.extservices/
rm -Rf $InstallDir/app/DocumentsUI/
rm -Rf $InstallDir/app/ExtShared/
rm -Rf $InstallDir/priv-app/PackageInstaller/
rm -Rf $InstallDir/priv-app/SoundPicker/
rm -Rf $MountPointProduct/app/Gallery2/
rm -Rf $MountPointProduct/app/Music/
rm -Rf $MountPointProduct/app/talkback/
rm -Rf $MountPointProduct/priv-app/Contacts/
echo "Copying GApps files to system..."
cp -f -a $GAppsOutputFolder/app/* $InstallDir/app
cp -f -a $GAppsOutputFolder/etc/* $InstallDir/etc
cp -f -a $GAppsOutputFolder/priv-app/* $InstallDir/priv-app
cp -f -a $GAppsOutputFolder/framework/* $InstallDir/framework
cp -fra $GAppsRoot/product_output/* $MountPointProduct/
echo "Applying root file ownership"
find $InstallDir/app -exec chown root:root {} &>/dev/null \;
find $InstallDir/etc -exec chown root:root {} &>/dev/null \;
find $InstallDir/priv-app -exec chown root:root {} &>/dev/null \;
find $InstallDir/framework -exec chown root:root {} &>/dev/null \;
find $InstallDir/lib -exec chown root:root {} &>/dev/null \;
find $InstallDir/lib64 -exec chown root:root {} &>/dev/null \;
find $MountPointProduct/app -exec chown root:root {} &>/dev/null \;
find $MountPointProduct/etc -exec chown root:root {} &>/dev/null \;
find $MountPointProduct/overlay -exec chown root:root {} &>/dev/null \;
find $MountPointProduct/priv-app -exec chown root:root {} &>/dev/null \;
echo "Setting directory permissions"
find $InstallDir/app -type d -exec chmod 755 {} \;
find $InstallDir/etc -type d -exec chmod 755 {} \;
find $InstallDir/priv-app -type d -exec chmod 755 {} \;
find $InstallDir/framework -type d -exec chmod 755 {} \;
find $InstallDir/lib -type d -exec chmod 755 {} \;
find $InstallDir/lib64 -type d -exec chmod 755 {} \;
find $MountPointProduct/app -type d -exec chmod 755 {} \;
find $MountPointProduct/etc -type d -exec chmod 755 {} \;
find $MountPointProduct/overlay -type d -exec chmod 755 {} \;
find $MountPointProduct/priv-app -type d -exec chmod 755 {} \;
echo "Setting file permissions"
find $InstallDir/app -type f -exec chmod 644 {} \;
find $InstallDir/priv-app -type f -exec chmod 644 {} \;
find $InstallDir/framework -type f -exec chmod 644 {} \;
find $InstallDir/lib -type f -exec chmod 644 {} \;
find $InstallDir/lib64 -type f -exec chmod 644 {} \;
find $InstallDir/etc/permissions -type f -exec chmod 644 {} \;
find $InstallDir/etc/default-permissions -type f -exec chmod 644 {} \;
find $InstallDir/etc/preferred-apps -type f -exec chmod 644 {} \;
find $InstallDir/etc/sysconfig -type f -exec chmod 644 {} \;
find $MountPointProduct/app -type f -exec chmod 644 {} \;
find $MountPointProduct/etc -type f -exec chmod 644 {} \;
find $MountPointProduct/overlay -type f -exec chmod 644 {} \;
find $MountPointProduct/priv-app -type f -exec chmod 644 {} \;
echo "Applying SELinux security contexts to directories"
find $InstallDir/app -type d -exec chcon --reference=$InstallDir/app {} \;
find $InstallDir/priv-app -type d -exec chcon --reference=$InstallDir/priv-app {} \;
find $InstallDir/framework -type d -exec chcon --reference=$InstallDir/framework {} \;
find $InstallDir/lib -type d -exec chcon --reference=$InstallDir/lib {} \;
find $InstallDir/lib64 -type d -exec chcon --reference=$InstallDir/lib64 {} \;
find $InstallDir/etc/permissions -type d -exec chcon --reference=$InstallDir/etc/permissions {} \;
find $InstallDir/etc/default-permissions -type d -exec chcon --reference=$InstallDir/etc/permissions {} \;
find $InstallDir/etc/preferred-apps -type d -exec chcon --reference=$InstallDir/etc/permissions {} \;
find $InstallDir/etc/sysconfig -type d -exec chcon --reference=$InstallDir/etc/sysconfig {} \;
find $MountPointProduct/app -type d -exec chcon --reference=$MountPointProduct/app {} \;
find $MountPointProduct/etc/permissions -type d -exec chcon --reference=$MountPointProduct/etc/permissions {} \;
find $MountPointProduct/overlay -type d -exec chcon --reference=$MountPointVendor/overlay {} \;
find $MountPointProduct/priv-app -type d -exec chcon --reference=$MountPointProduct/priv-app {} \;
echo "Applying SELinux security contexts to files"
find $InstallDir/framework -type f -exec chcon --reference=$InstallDir/framework/ext.jar {} \;
find $InstallDir/app -type f -exec chcon --reference=$InstallDir/app/CertInstaller/CertInstaller.apk {} \;
find $InstallDir/priv-app -type f -exec chcon --reference=$InstallDir/priv-app/Shell/Shell.apk {} \;
find $InstallDir/lib -type f -exec chcon --reference=$InstallDir/lib/libcap.so {} \;
find $InstallDir/lib64 -type f -exec chcon --reference=$InstallDir/lib64/libcap.so {} \;
find $InstallDir/etc/permissions -type f -exec chcon --reference=$InstallDir/etc/fs_config_dirs {} \;
find $InstallDir/etc/default-permissions -type f -exec chcon --reference=$InstallDir/etc/fs_config_dirs {} \;
find $InstallDir/etc/preferred-apps -type f -exec chcon --reference=$InstallDir/etc/fs_config_dirs {} \;
find $InstallDir/etc/sysconfig -type f -exec chcon --reference=$InstallDir/etc/fs_config_dirs {} \;
find $MountPointProduct/app -type f -exec chcon --reference=$MountPointProduct/app/ModuleMetadata/ModuleMetadata.apk {} \;
find $MountPointProduct/etc/permissions -type f -exec chcon --reference=$MountPointProduct/etc/permissions/privapp-permissions-venezia.xml {} \;
find $MountPointProduct/overlay -type f -exec chcon --reference=$MountPointVendor/overlay/framework-res__auto_generated_rro_vendor.apk {} \;
find $MountPointProduct/priv-app -type f -exec chcon --reference=$MountPointProduct/priv-app/amazon-adm-release/amazon-adm-release.apk {} \;
echo "Applying SELinux policy"
# Sed will remove the SELinux policy for plat_sepolicy.cil, preserve policy using cp
cp $InstallDir/etc/selinux/plat_sepolicy.cil $InstallDir/etc/selinux/plat_sepolicy_new.cil
sed -i 's/(allow gmscore_app self (process (ptrace)))/(allow gmscore_app self (process (ptrace)))\n(allow gmscore_app self (vsock_socket (read write create connect)))\n(allow gmscore_app device_config_runtime_native_boot_prop (file (read)))/g' $InstallDir/etc/selinux/plat_sepolicy_new.cil
cp $InstallDir/etc/selinux/plat_sepolicy_new.cil $InstallDir/etc/selinux/plat_sepolicy.cil
rm $InstallDir/etc/selinux/plat_sepolicy_new.cil
# Prevent android from using cached SELinux policy
echo '0000000000000000000000000000000000000000000000000000000000000000' > $InstallDir/etc/selinux/plat_sepolicy_and_mapping.sha256
echo "!! Apply completed !!"