How to apply SELinux file_contexts change on device without a full image flash?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

How to apply SELinux file_contexts change on device without a full image flash?

Kushtrim Pacaj
I am modifying SELinux policies for a hardware device running Android 9.  

Currently my process is like this:  
 
 0. Run the device as userdebug but with SELinux set to enforcing
 1. Make changes to `.te` files and/or `file_contexts`
 2. Build the policies using `mmm system/sepolicy`
 3. Push the policies on the device using the following script:  


    adb root
    adb wait
-for-device
    adb remount
    adb wait
-for-device
   
    adb push
out/target/product/<PRODUCT_NAME>/vendor/etc/selinux /vendor/etc/
    adb push
out/target/product/<PRODUCT_NAME>/system/etc/selinux /system/etc/
    adb shell sync
; sync; sync;
   
    adb reboot




 4. Test and go back to step 1 if needed.

This process seems to work fine when modifications involve `.te` files. But when I modify the `file_contexts`, this doesn't work, and labels I changed are not applied on the device.  
For now, I have to do a full make and flash when I modify `file_contexts`, which is very time consuming...   

So is there a way to apply `file_contexts` changes without a full make/flash ?

--
--
You received this message because you are subscribed to the "Android Building" mailing list.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to
[hidden email]
For more options, visit this group at
http://groups.google.com/group/android-building?hl=en

---
You received this message because you are subscribed to the Google Groups "Android Building" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/android-building/1776a446-ca2a-4810-9417-ce38a5c45cffo%40googlegroups.com.