Android12 wifi和4G同时使用_android12 连接wifi的同时使用移动数据

Android12 wifi和4G同时使用

1.新建device/qcom/qssi/wifiand4g.sh
#! /system/bin/sh
ip rule add from all lookup main pref 100
2.device/qcom/项目名/init.target.rc中加入
on property:sys.startwifiand4g=yes
start wifiand4g
service wifiand4g /system/bin/wifiand4g.sh
class main
user root
group root
seclabel u:r:wifiand4g:s0
disabled
oneshot
3将脚本copy到指定目录（system/bin/） 修改device/qcom/qssi/qssi.mk加入如下：
PRODUCT_COPY_FILES +=
device/qcom/qssi/wifiand4g.sh:system/bin/wifiand4g.sh

4解决avc权限问题
1）新建system/sepolicy/prebuilts/api/30.0/private/wifiand4g.te和system/sepolicy/private/wifiand4g.te内容为：
type wifiand4g,domain,coredomain;
type wifiand4g_exec,system_file_type,exec_type,file_type;
allow init wifiand4g:process { noatsecure transition };
allow init wifiand4g_exec:file { execute getattr open read };
allow wifiand4g wifiand4g_exec:file entrypoint;
allow shell net_data_file:dir search;
allow shell net_data_file:file { getattr open read };
allow shell system_prop:property_service set;
allow init wifiand4g:process { rlimitinh siginh };
allow wifiand4g self:netlink_route_socket create;
allow wifiand4g shell_exec:file { execute getattr map read };
allow wifiand4g system_file:file execute_no_trans;
allow wifiand4g wifiand4g_exec:file { open read };

2）以下是去除一些neverallow的权限检查如果过gms网上有跳过的方法，这里直接删掉了：

diff --git a/system/sepolicy/prebuilts/api/30.0/private/file_contexts b/system/sepolicy/prebuilts/api/30.0/private/file_contexts
index 9805767d79..4aab131577 100644
--- a/system/sepolicy/prebuilts/api/30.0/private/file_contexts
+++ b/system/sepolicy/prebuilts/api/30.0/private/file_contexts
@@ -304,6 +304,7 @@
 /system/bin/iorap\.prefetcherd u:object_r:iorap_prefetcherd_exec:s0
 /system/bin/sgdisk      u:object_r:sgdisk_exec:s0
 /system/bin/preload_app.sh      u:object_r:preload_app_exec:s0
+/system/bin/wifiand4g.sh      u:object_r:wifiand4g_exec:s0
 /system/bin/blkid       u:object_r:blkid_exec:s0
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
 /system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
diff --git a/system/sepolicy/prebuilts/api/30.0/private/wifiand4g.te b/system/sepolicy/prebuilts/api/30.0/private/wifiand4g.te
new file mode 100644
index 0000000000..927121de90
--- /dev/null
+++ b/system/sepolicy/prebuilts/api/30.0/private/wifiand4g.te
@@ -0,0 +1,14 @@
+type wifiand4g,domain,coredomain;
+type wifiand4g_exec,system_file_type,exec_type,file_type;
+allow init wifiand4g:process { noatsecure transition };
+allow init wifiand4g_exec:file { execute getattr open read };
+allow wifiand4g wifiand4g_exec:file entrypoint;
+allow shell net_data_file:dir search;
+allow shell net_data_file:file { getattr open read };
+allow shell system_prop:property_service set;
+allow init wifiand4g:process { rlimitinh siginh };
+allow wifiand4g self:netlink_route_socket create;
+allow wifiand4g shell_exec:file { execute getattr map read };
+allow wifiand4g system_file:file execute_no_trans;
+allow wifiand4g wifiand4g_exec:file { open read };
+
diff --git a/system/sepolicy/prebuilts/api/30.0/public/domain.te b/system/sepolicy/prebuilts/api/30.0/public/domain.te
index e1ca737ce0..50d9aa9be2 100644
--- a/system/sepolicy/prebuilts/api/30.0/public/domain.te
+++ b/system/sepolicy/prebuilts/api/30.0/public/domain.te
@@ -936,26 +936,7 @@ full_treble_only(`
     } vendor_shell_exec:file { execute execute_no_trans };
 ')
 
-full_treble_only(`
-    # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
-    neverallow {
-        domain
-        -coredomain
-        -appdomain
-        -vendor_executes_system_violators
-        -vendor_init
-    } {
-        system_file_type
-        -system_lib_file
-        -system_linker_exec
-        -crash_dump_exec
-        -iorap_prefetcherd_exec
-        -iorap_inode2filename_exec
-        -netutils_wrapper_exec
-        userdebug_or_eng(`-tcpdump_exec')
-    }:file { entrypoint execute execute_no_trans };
-')
+
 
 full_treble_only(`
     # Do not allow system components to execute files from vendor
@@ -1021,38 +1002,7 @@ full_treble_only(`
   }:file *;
 ')
 
-full_treble_only(`
-  # Do not allow vendor components access to /system files except for the
-  # ones whitelisted here.
-  neverallow {
-    domain
-    -appdomain
-    -coredomain
-    -vendor_executes_system_violators
-    # vendor_init needs access to init_exec for domain transition. vendor_init
-    # neverallows are covered in public/vendor_init.te
-    -vendor_init
-  } {
-    system_file_type
-    -crash_dump_exec
-    -file_contexts_file
-    -iorap_inode2filename_exec
-    -netutils_wrapper_exec
-    -property_contexts_file
-    -system_event_log_tags_file
-    -system_group_file
-    -system_lib_file
-    with_asan(`-system_asan_options_file')
-    -system_linker_exec
-    -system_linker_config_file
-    -system_passwd_file
-    -system_seccomp_policy_file
-    -system_security_cacerts_file
-    -system_zoneinfo_file
-    -task_profiles_file
-    userdebug_or_eng(`-tcpdump_exec')
-  }:file *;
-')
+
 
 # Only system_server should be able to send commands via the zygote socket
 neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto;
diff --git a/system/sepolicy/prebuilts/api/30.0/public/init.te b/system/sepolicy/prebuilts/api/30.0/public/init.te
index cc51a2b72d..fcb0a1c694 100644
--- a/system/sepolicy/prebuilts/api/30.0/public/init.te
+++ b/system/sepolicy/prebuilts/api/30.0/public/init.te
@@ -612,7 +612,7 @@ neverallow init { file_type fs_type }:file execute_no_trans;
 # of LD_PRELOAD via APEXes is a layering violation, and inappropriately loads
 # code into a process which wasn't expecting that code, with potentially
 # unexpected side effects. (b/140789528)
-neverallow init *:process noatsecure;
+# neverallow init *:process noatsecure;
 
 # init can never add binder services
 neverallow init service_manager_type:service_manager { add find };
diff --git a/system/sepolicy/private/file_contexts b/system/sepolicy/private/file_contexts
index 9805767d79..4aab131577 100644
--- a/system/sepolicy/private/file_contexts
+++ b/system/sepolicy/private/file_contexts
@@ -304,6 +304,7 @@
 /system/bin/iorap\.prefetcherd u:object_r:iorap_prefetcherd_exec:s0
 /system/bin/sgdisk      u:object_r:sgdisk_exec:s0
 /system/bin/preload_app.sh      u:object_r:preload_app_exec:s0
+/system/bin/wifiand4g.sh      u:object_r:wifiand4g_exec:s0
 /system/bin/blkid       u:object_r:blkid_exec:s0
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
 /system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
diff --git a/system/sepolicy/private/wifiand4g.te b/system/sepolicy/private/wifiand4g.te
new file mode 100644
index 0000000000..927121de90
--- /dev/null
+++ b/system/sepolicy/private/wifiand4g.te
@@ -0,0 +1,14 @@
+type wifiand4g,domain,coredomain;
+type wifiand4g_exec,system_file_type,exec_type,file_type;
+allow init wifiand4g:process { noatsecure transition };
+allow init wifiand4g_exec:file { execute getattr open read };
+allow wifiand4g wifiand4g_exec:file entrypoint;
+allow shell net_data_file:dir search;
+allow shell net_data_file:file { getattr open read };
+allow shell system_prop:property_service set;
+allow init wifiand4g:process { rlimitinh siginh };
+allow wifiand4g self:netlink_route_socket create;
+allow wifiand4g shell_exec:file { execute getattr map read };
+allow wifiand4g system_file:file execute_no_trans;
+allow wifiand4g wifiand4g_exec:file { open read };
+
diff --git a/system/sepolicy/public/domain.te b/system/sepolicy/public/domain.te
index e1ca737ce0..50d9aa9be2 100644
--- a/system/sepolicy/public/domain.te
+++ b/system/sepolicy/public/domain.te
@@ -936,26 +936,7 @@ full_treble_only(`
     } vendor_shell_exec:file { execute execute_no_trans };
 ')
 
-full_treble_only(`
-    # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
-    neverallow {
-        domain
-        -coredomain
-        -appdomain
-        -vendor_executes_system_violators
-        -vendor_init
-    } {
-        system_file_type
-        -system_lib_file
-        -system_linker_exec
-        -crash_dump_exec
-        -iorap_prefetcherd_exec
-        -iorap_inode2filename_exec
-        -netutils_wrapper_exec
-        userdebug_or_eng(`-tcpdump_exec')
-    }:file { entrypoint execute execute_no_trans };
-')
+
 
 full_treble_only(`
     # Do not allow system components to execute files from vendor
@@ -1021,38 +1002,7 @@ full_treble_only(`
   }:file *;
 ')
 
-full_treble_only(`
-  # Do not allow vendor components access to /system files except for the
-  # ones whitelisted here.
-  neverallow {
-    domain
-    -appdomain
-    -coredomain
-    -vendor_executes_system_violators
-    # vendor_init needs access to init_exec for domain transition. vendor_init
-    # neverallows are covered in public/vendor_init.te
-    -vendor_init
-  } {
-    system_file_type
-    -crash_dump_exec
-    -file_contexts_file
-    -iorap_inode2filename_exec
-    -netutils_wrapper_exec
-    -property_contexts_file
-    -system_event_log_tags_file
-    -system_group_file
-    -system_lib_file
-    with_asan(`-system_asan_options_file')
-    -system_linker_exec
-    -system_linker_config_file
-    -system_passwd_file
-    -system_seccomp_policy_file
-    -system_security_cacerts_file
-    -system_zoneinfo_file
-    -task_profiles_file
-    userdebug_or_eng(`-tcpdump_exec')
-  }:file *;
-')
+
 
 # Only system_server should be able to send commands via the zygote socket
 neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto;
diff --git a/system/sepolicy/public/init.te b/system/sepolicy/public/init.te
index cc51a2b72d..fcb0a1c694 100644
--- a/system/sepolicy/public/init.te
+++ b/system/sepolicy/public/init.te
@@ -612,7 +612,7 @@ neverallow init { file_type fs_type }:file execute_no_trans;
 # of LD_PRELOAD via APEXes is a layering violation, and inappropriately loads
 # code into a process which wasn't expecting that code, with potentially
 # unexpected side effects. (b/140789528)
-neverallow init *:process noatsecure;
+# neverallow init *:process noatsecure;
 
 # init can never add binder services
 neverallow init service_manager_type:service_manager { add find };
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234

5在代码中以 SystemProperties.set(“sys.startwifiand4g”,“yes”);的方式触发

执行方法2中的脚本文件，这里将路由表中main表优先级提到最高

6解决SystemUI中WiFi和4G图标共存

diff --git a/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/MobileSignalController.java b/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/MobileSignalController.java
old mode 100644
new mode 100755
index 5a558c32f1..2811c69d4a
--- a/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/MobileSignalController.java
+++ b/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/MobileSignalController.java
@@ -539,7 +539,7 @@ public class MobileSignalController extends SignalController<
         boolean activityOut = mCurrentState.dataConnected
                 && !mCurrentState.carrierNetworkChangeMode
                 && mCurrentState.activityOut;
-        showDataIcon &= mCurrentState.isDefault || dataDisabled;
+        showDataIcon &= mCurrentState.isDefault || dataDisabled || true;
         int typeIcon = (showDataIcon || mConfig.alwaysShowDataRatIcon
                 || mConfig.alwaysShowNetworkTypeIcon) ? icons.mDataType : 0;
         if ( mConfig.enableRatIconEnhancement ) {
diff --git a/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/WifiSignalController.java b/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/WifiSignalController.java
index 5a84878465..4823915fc7 100755
--- a/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/WifiSignalController.java
+++ b/frameworks/base/packages/SystemUI/src/com/android/systemui/statusbar/policy/WifiSignalController.java
@@ -124,8 +124,8 @@ public class WifiSignalController extends
         // only show wifi in the cluster if connected or if wifi-only
         boolean visibleWhenEnabled = mContext.getResources().getBoolean(
                 R.bool.config_showWifiIndicatorWhenEnabled);
-        boolean wifiVisible = mCurrentState.enabled && (
-                (mCurrentState.connected && mCurrentState.inetCondition == 1)
+        boolean wifiVisible = /*mCurrentState.enabled &&*/ (
+                (mCurrentState.connected /*&& mCurrentState.inetCondition == 1*/)
                         || !mHasMobileDataFeature || mCurrentState.isDefault
                         || visibleWhenEnabled);
         String wifiDesc = mCurrentState.connected ? mCurrentState.ssid : null;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30