From 0ccb1ab0b37d8036700de11fbf7f042c362b04ae Mon Sep 17 00:00:00 2001
From: Kris Chen <chenkris@google.com>
Date: Mon, 8 Mar 2021 16:45:38 +0800
Subject: [PATCH] trusty_apploader: Fix avc errors

Fix the following avc denial:
trusty_apploade: type=1400 audit(0.0:3): avc: denied { dac_override } for capability=1 scontext=u:r:trusty_apploader:s0 tcontext=u:r:trusty_apploader:s0 tclass=capability permissive=1

Bug: 180874342
Test: Verify no avc denied when trusty app is loaded.
Change-Id: I4f54fb70c92ba47027cc8bd19b4fe9c2ff9e5a03
---
 conf/init.oriole.rc | 2 +-
 conf/init.raven.rc  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/init.oriole.rc b/conf/init.oriole.rc
index 4abb1c2..cfe3106 100644
--- a/conf/init.oriole.rc
+++ b/conf/init.oriole.rc
@@ -26,4 +26,4 @@ service insmod_sh_oriole /vendor/bin/init.insmod.sh /vendor/etc/init.insmod.orio
 on fs
     # Fingerprint
     chown system system /dev/goodix_fp
-    exec_background /vendor/bin/trusty_apploader /vendor/firmware/g6.app
+    exec_background - system shell -- /vendor/bin/trusty_apploader /vendor/firmware/g6.app
diff --git a/conf/init.raven.rc b/conf/init.raven.rc
index 30cfbf5..2c5db8d 100644
--- a/conf/init.raven.rc
+++ b/conf/init.raven.rc
@@ -26,7 +26,7 @@ service insmod_sh_raven /vendor/bin/init.insmod.sh /vendor/etc/init.insmod.raven
 on fs
     # Fingerprint
     chown system system /dev/goodix_fp
-    exec_background /vendor/bin/trusty_apploader /vendor/firmware/g6.app
+    exec_background - system shell -- /vendor/bin/trusty_apploader /vendor/firmware/g6.app
 
 on property:mfgapi.touchpanel.permission=1
     chmod 0600 /sys/devices/virtual/sec/tsp/cmd