Merge "Products launching with API 28 needs system-as-root" into pi-dev
diff --git a/core/Makefile b/core/Makefile
index 7911026..28e7df4 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -1203,6 +1203,12 @@
$(TARGET_RECOVERY_ROOT_OUT)/plat_property_contexts \
$(TARGET_RECOVERY_ROOT_OUT)/vendor_property_contexts
+ifdef BOARD_ODM_SEPOLICY_DIRS
+recovery_sepolicy += \
+ $(TARGET_RECOVERY_ROOT_OUT)/odm_file_contexts \
+ $(TARGET_RECOVERY_ROOT_OUT)/odm_property_contexts
+endif
+
# Passed into rsync from non-recovery root to recovery root, to avoid overwriting recovery-specific
# SELinux files
IGNORE_RECOVERY_SEPOLICY := $(patsubst $(TARGET_RECOVERY_OUT)/%,--exclude=/%,$(recovery_sepolicy))
@@ -1273,11 +1279,15 @@
# (BOARD_USES_RECOVERY_AS_BOOT = true);
# c) We build the root into system image - not needing the resource file as we do bsdiff
# (BOARD_BUILD_SYSTEM_ROOT_IMAGE = true).
+# d) We include the recovery DTBO image within recovery - not needing the resource file as we
+# do bsdiff because boot and recovery will contain different number of entries
+# (BOARD_INCLUDE_RECOVERY_DTBO = true).
# Note that condition b) implies condition c), because of the earlier check in this file:
# "BOARD_USES_RECOVERY_AS_BOOT = true must have BOARD_BUILD_SYSTEM_ROOT_IMAGE = true" (not vice
# versa though).
-ifeq (,$(filter true, $(BOARD_USES_FULL_RECOVERY_IMAGE) $(BOARD_BUILD_SYSTEM_ROOT_IMAGE)))
+ifeq (,$(filter true, $(BOARD_USES_FULL_RECOVERY_IMAGE) $(BOARD_BUILD_SYSTEM_ROOT_IMAGE) \
+ $(BOARD_INCLUDE_RECOVERY_DTBO)))
# Named '.dat' so we don't attempt to use imgdiff for patching it.
RECOVERY_RESOURCE_ZIP := $(TARGET_OUT)/etc/recovery-resource.dat
else
@@ -1299,6 +1309,9 @@
ifdef BOARD_KERNEL_PAGESIZE
INTERNAL_RECOVERYIMAGE_ARGS += --pagesize $(BOARD_KERNEL_PAGESIZE)
endif
+ifdef BOARD_INCLUDE_RECOVERY_DTBO
+ INTERNAL_RECOVERYIMAGE_ARGS += --recovery_dtbo $(BOARD_PREBUILT_DTBOIMAGE)
+endif
# Keys authorized to sign OTA packages this build will accept. The
# build always uses dev-keys for this; release packaging tools will
@@ -1564,7 +1577,7 @@
# image size check calculation.
ifneq ($(INSTALLED_RECOVERYIMAGE_TARGET),)
ifneq ($(BOARD_USES_FULL_RECOVERY_IMAGE),true)
-ifeq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true)
+ifneq (,$(filter true, $(BOARD_BUILD_SYSTEM_ROOT_IMAGE) $(BOARD_INCLUDE_RECOVERY_DTBO)))
diff_tool := $(HOST_OUT_EXECUTABLES)/bsdiff
else
diff_tool := $(HOST_OUT_EXECUTABLES)/imgdiff
@@ -2545,6 +2558,9 @@
ifdef INSTALLED_2NDBOOTLOADER_TARGET
$(hide) cp $(INSTALLED_2NDBOOTLOADER_TARGET) $(zip_root)/$(PRIVATE_RECOVERY_OUT)/second
endif
+ifdef BOARD_INCLUDE_RECOVERY_DTBO
+ $(hide) cp $(INSTALLED_DTBOIMAGE_TARGET) $(zip_root)/$(PRIVATE_RECOVERY_OUT)/recovery_dtbo
+endif
ifdef INTERNAL_KERNEL_CMDLINE
$(hide) echo "$(INTERNAL_KERNEL_CMDLINE)" > $(zip_root)/$(PRIVATE_RECOVERY_OUT)/cmdline
endif
@@ -2636,6 +2652,9 @@
ifeq ($(INSTALLED_RECOVERYIMAGE_TARGET),)
$(hide) echo "no_recovery=true" >> $(zip_root)/META/misc_info.txt
endif
+ifdef BOARD_INCLUDE_RECOVERY_DTBO
+ $(hide) echo "include_recovery_dtbo=true" >> $(zip_root)/META/misc_info.txt
+endif
ifdef BOARD_RECOVERYIMAGE_PARTITION_SIZE
$(hide) echo "recovery_size=$(BOARD_RECOVERYIMAGE_PARTITION_SIZE)" >> $(zip_root)/META/misc_info.txt
endif
diff --git a/core/binary.mk b/core/binary.mk
index c2fa27c..97429c3 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -225,7 +225,15 @@
endif
ifneq ($(LOCAL_USE_VNDK),)
- my_cflags += -D__ANDROID_API__=__ANDROID_API_FUTURE__ -D__ANDROID_VNDK__
+ # Required VNDK version for vendor modules is BOARD_VNDK_VERSION.
+ my_vndk_version := $(BOARD_VNDK_VERSION)
+ ifeq ($(my_vndk_version),current)
+ # Build with current PLATFORM_VNDK_VERSION.
+ # If PLATFORM_VNDK_VERSION has a CODENAME, it will return
+ # __ANDROID_API_FUTURE__.
+ my_vndk_version := $(call codename-or-sdk-to-sdk,$(PLATFORM_VNDK_VERSION))
+ endif
+ my_cflags += -D__ANDROID_API__=$(my_vndk_version) -D__ANDROID_VNDK__
endif
ifndef LOCAL_IS_HOST_MODULE
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index 35d077c..9ea1ff4 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -324,8 +324,8 @@
endif
endif
-# Use minimal diagnostics when integer overflow is enabled
-ifndef LOCAL_IS_HOST_MODULE
+# Use minimal diagnostics when integer overflow is enabled; never do it for HOST or AUX modules
+ifeq ($(LOCAL_IS_HOST_MODULE)$(LOCAL_IS_AUX_MODULE),)
# Pre-emptively add UBSAN minimal runtime incase a static library dependency requires it
ifeq ($(filter STATIC_LIBRARIES,$(LOCAL_MODULE_CLASS)),)
ifndef LOCAL_SDK_VERSION
diff --git a/core/dex_preopt_odex_install.mk b/core/dex_preopt_odex_install.mk
index 9f66451..82f5f8d 100644
--- a/core/dex_preopt_odex_install.mk
+++ b/core/dex_preopt_odex_install.mk
@@ -285,19 +285,39 @@
$(eval $(call copy-one-file,$(my_built_dm),$(my_installed_dm)))
endif
-# PRODUCT_SYSTEM_SERVER_DEBUG_INFO overrides WITH_DEXPREOPT_DEBUG_INFO.
-my_system_server_debug_info := $(PRODUCT_SYSTEM_SERVER_DEBUG_INFO)
-ifeq (,$(filter eng, $(TARGET_BUILD_VARIANT)))
-# Only enable for non-eng builds.
-ifeq (,$(my_system_server_debug_info))
-my_system_server_debug_info := true
-endif
+# By default, emit debug info.
+my_dexpreopt_debug_info := true
+# If the global setting suppresses mini-debug-info, disable it.
+ifeq (false,$(WITH_DEXPREOPT_DEBUG_INFO))
+ my_dexpreopt_debug_info := false
endif
-ifeq (true, $(my_system_server_debug_info))
- ifneq (,$(filter $(PRODUCT_SYSTEM_SERVER_JARS),$(LOCAL_MODULE)))
- LOCAL_DEX_PREOPT_FLAGS += --generate-mini-debug-info
+# PRODUCT_SYSTEM_SERVER_DEBUG_INFO overrides WITH_DEXPREOPT_DEBUG_INFO.
+# PRODUCT_OTHER_JAVA_DEBUG_INFO overrides WITH_DEXPREOPT_DEBUG_INFO.
+ifneq (,$(filter $(PRODUCT_SYSTEM_SERVER_JARS),$(LOCAL_MODULE)))
+ ifeq (true,$(PRODUCT_SYSTEM_SERVER_DEBUG_INFO))
+ my_dexpreopt_debug_info := true
+ else ifeq (false,$(PRODUCT_SYSTEM_SERVER_DEBUG_INFO))
+ my_dexpreopt_debug_info := false
endif
+else
+ ifeq (true,$(PRODUCT_OTHER_JAVA_DEBUG_INFO))
+ my_dexpreopt_debug_info := true
+ else ifeq (false,$(PRODUCT_OTHER_JAVA_DEBUG_INFO))
+ my_dexpreopt_debug_info := false
+ endif
+endif
+
+# Never enable on eng.
+ifeq (eng,$(filter eng, $(TARGET_BUILD_VARIANT)))
+my_dexpreopt_debug_info := false
+endif
+
+# Add dex2oat flag for debug-info/no-debug-info.
+ifeq (true,$(my_dexpreopt_debug_info))
+ LOCAL_DEX_PREOPT_FLAGS += --generate-mini-debug-info
+else ifeq (false,$(my_dexpreopt_debug_info))
+ LOCAL_DEX_PREOPT_FLAGS += --no-generate-mini-debug-info
endif
# Set the compiler reason to 'prebuilt' to identify the oat files produced
diff --git a/core/local_systemsdk.mk b/core/local_systemsdk.mk
index 6dab346..49085fd 100644
--- a/core/local_systemsdk.mk
+++ b/core/local_systemsdk.mk
@@ -25,7 +25,12 @@
ifneq (,$(filter JAVA_LIBRARIES APPS,$(LOCAL_MODULE_CLASS)))
ifndef LOCAL_SDK_VERSION
ifeq ($(_is_vendor_app),true)
- LOCAL_SDK_VERSION := system_current
+ ifeq (,$(findstring __auto_generated_rro,$(LOCAL_MODULE)))
+ # Runtime resource overlay for framework-res is exempted from building
+ # against System SDK.
+ # TODO(b/35859726): remove this exception
+ LOCAL_SDK_VERSION := system_current
+ endif
endif
endif
endif
diff --git a/core/product.mk b/core/product.mk
index 19ede82..8e1fb95 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -128,6 +128,7 @@
PRODUCT_VENDOR_VERITY_PARTITION \
PRODUCT_PRODUCT_VERITY_PARTITION \
PRODUCT_SYSTEM_SERVER_DEBUG_INFO \
+ PRODUCT_OTHER_JAVA_DEBUG_INFO \
PRODUCT_DEX_PREOPT_MODULE_CONFIGS \
PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER \
PRODUCT_DEX_PREOPT_DEFAULT_FLAGS \
diff --git a/core/product_config.mk b/core/product_config.mk
index 2620adb..9406812 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -413,6 +413,8 @@
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_SERVER_COMPILER_FILTER))
PRODUCT_SYSTEM_SERVER_DEBUG_INFO := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_SERVER_DEBUG_INFO))
+PRODUCT_OTHER_JAVA_DEBUG_INFO := \
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_OTHER_JAVA_DEBUG_INFO))
# Resolve and setup per-module dex-preopt configs.
PRODUCT_DEX_PREOPT_MODULE_CONFIGS := \
diff --git a/core/project_definitions.mk b/core/project_definitions.mk
index 68572eb..5728b67 100644
--- a/core/project_definitions.mk
+++ b/core/project_definitions.mk
@@ -19,6 +19,6 @@
#
#
-# Include definitions for Support Library modules, if present.
+# Include definitions for prebuilt SDK, if present.
#
--include prebuilts/sdk/current/support/definitions.mk
+-include prebuilts/sdk/current/definitions.mk
diff --git a/core/soong_config.mk b/core/soong_config.mk
index bf5034b..169c62b 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -125,6 +125,7 @@
$(call add_json_bool, Enforce_vintf_manifest, $(filter true,$(PRODUCT_ENFORCE_VINTF_MANIFEST)))
$(call add_json_bool, Uml, $(filter true,$(TARGET_USER_MODE_LINUX)))
+$(call add_json_bool, Use_lmkd_stats_log, $(filter true,$(TARGET_LMKD_STATS_LOG)))
$(call add_json_str, VendorPath, $(TARGET_COPY_OUT_VENDOR))
$(call add_json_str, OdmPath, $(TARGET_COPY_OUT_ODM))
$(call add_json_str, ProductPath, $(TARGET_COPY_OUT_PRODUCT))
diff --git a/core/support_libraries.mk b/core/support_libraries.mk
index e204cc4..f1b86f4 100644
--- a/core/support_libraries.mk
+++ b/core/support_libraries.mk
@@ -35,16 +35,15 @@
# its output in the variables support_android_deps and support_java_deps.
include $(RESOLVE_SUPPORT_LIBRARIES)
-# Store the expanded dependencies in the appropriate variables. Libraries
-# should NEVER statically include Support Library modules with resources.
+# Everything is static, which simplifies resource handling. Don't write to any
+# vars unless we actually have data, since even an empty ANDROID_LIBRARIES var
+# requires an AndroidManifest.xml file!
ifdef support_android_deps
- ifdef LOCAL_IS_STATIC_JAVA_LIBRARY
- LOCAL_SHARED_ANDROID_LIBRARIES += $(support_android_deps)
- else
- LOCAL_STATIC_ANDROID_LIBRARIES += $(support_android_deps)
- endif # LOCAL_IS_STATIC_JAVA_LIBRARY
+ LOCAL_STATIC_ANDROID_LIBRARIES += $(support_android_deps)
endif #support_android_deps
-LOCAL_STATIC_JAVA_LIBRARIES += $(support_java_deps)
+ifdef support_java_deps
+ LOCAL_STATIC_JAVA_LIBRARIES += $(support_java_deps)
+endif #support_java_deps
# We have consumed these values. Clean them up.
support_android_deps :=
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk
index 67d019f..7ab9021 100644
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -65,6 +65,17 @@
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
+# Wifi.
+BOARD_WLAN_DEVICE := emulator
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
+
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
diff --git a/target/board/generic/sepolicy/createns.te b/target/board/generic/sepolicy/createns.te
new file mode 100644
index 0000000..1eaf9ef
--- /dev/null
+++ b/target/board/generic/sepolicy/createns.te
@@ -0,0 +1,14 @@
+# Network namespace creation
+type createns, domain;
+type createns_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(createns)
+
+allow createns self:capability { sys_admin net_raw setuid setgid };
+allow createns varrun_file:dir { add_name search write };
+allow createns varrun_file:file { create mounton open read write };
+
+#Allow createns itself to be run by init in its own domain
+domain_auto_trans(goldfish_setup, createns_exec, createns);
+allow createns goldfish_setup:fd use;
+
diff --git a/target/board/generic/sepolicy/dhcpclient.te b/target/board/generic/sepolicy/dhcpclient.te
new file mode 100644
index 0000000..df71fca
--- /dev/null
+++ b/target/board/generic/sepolicy/dhcpclient.te
@@ -0,0 +1,20 @@
+# DHCP client
+type dhcpclient, domain;
+type dhcpclient_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(dhcpclient)
+net_domain(dhcpclient)
+
+allow dhcpclient execns:fd use;
+
+set_prop(dhcpclient, net_eth0_prop);
+allow dhcpclient self:capability { net_admin net_raw };
+allow dhcpclient self:udp_socket create;
+allow dhcpclient self:netlink_route_socket { write nlmsg_write };
+allow dhcpclient varrun_file:dir search;
+allow dhcpclient self:packet_socket { create bind write read };
+allowxperm dhcpclient self:udp_socket ioctl { SIOCSIFFLAGS
+ SIOCSIFADDR
+ SIOCSIFNETMASK
+ SIOCSIFMTU
+ SIOCGIFHWADDR };
diff --git a/target/board/generic/sepolicy/dhcpserver.te b/target/board/generic/sepolicy/dhcpserver.te
new file mode 100644
index 0000000..7e8ba26
--- /dev/null
+++ b/target/board/generic/sepolicy/dhcpserver.te
@@ -0,0 +1,12 @@
+# DHCP server
+type dhcpserver, domain;
+type dhcpserver_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(dhcpserver)
+net_domain(dhcpserver)
+
+allow dhcpserver execns:fd use;
+
+get_prop(dhcpserver, net_eth0_prop);
+allow dhcpserver self:udp_socket { ioctl create setopt bind };
+allow dhcpserver self:capability { net_raw net_bind_service };
diff --git a/target/board/generic/sepolicy/execns.te b/target/board/generic/sepolicy/execns.te
new file mode 100644
index 0000000..9675a99
--- /dev/null
+++ b/target/board/generic/sepolicy/execns.te
@@ -0,0 +1,34 @@
+# Network namespace transitions
+type execns, domain;
+type execns_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(execns)
+
+allow execns varrun_file:dir search;
+allow execns varrun_file:file r_file_perms;
+allow execns self:capability sys_admin;
+allow execns nsfs:file { open read };
+
+#Allow execns itself to be run by init in its own domain
+domain_auto_trans(init, execns_exec, execns);
+
+# Allow dhcpclient to be run by execns in its own domain
+domain_auto_trans(execns, dhcpclient_exec, dhcpclient);
+
+# Allow dhcpserver to be run by execns in its own domain
+domain_auto_trans(execns, dhcpserver_exec, dhcpserver);
+
+# Rules to allow execution of hostapd and allow it to run
+allow execns hal_wifi_hostapd_default_exec:file { execute_no_trans };
+allow execns self:capability { net_admin net_raw };
+allow execns self:netlink_generic_socket { bind create getattr read setopt write };
+allow execns self:netlink_route_socket { bind create read write nlmsg_write };
+allow execns execns:udp_socket { create ioctl };
+allow execns self:packet_socket { create setopt };
+allow execns sysfs_net:dir { search };
+allowxperm execns self:udp_socket ioctl priv_sock_ioctls;
+
+# Allow execns to read createns proc file to get the namespace file
+allow execns createns:file read;
+allow execns createns:dir search;
+allow execns createns:lnk_file read;
diff --git a/target/board/generic/sepolicy/file.te b/target/board/generic/sepolicy/file.te
index 3afd706..b0aa217 100644
--- a/target/board/generic/sepolicy/file.te
+++ b/target/board/generic/sepolicy/file.te
@@ -1 +1,4 @@
+type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
+type varrun_file, file_type, data_file_type, mlstrustedobject;
type mediadrm_vendor_data_file, file_type, data_file_type;
+type nsfs, fs_type;
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index c65aaec..73fe752 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -17,7 +17,13 @@
/dev/ttyS2 u:object_r:console_device:s0
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
+/vendor/bin/init\.wifi\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
+/vendor/bin/createns u:object_r:createns_exec:s0
+/vendor/bin/execns u:object_r:execns_exec:s0
+/vendor/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
+/vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0
+/vendor/bin/dhcpserver u:object_r:dhcpserver_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
@@ -36,4 +42,5 @@
# data
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
+/data/vendor/var/run(/.*)? u:object_r:varrun_file:s0
diff --git a/target/board/generic/sepolicy/genfs_contexts b/target/board/generic/sepolicy/genfs_contexts
index 91cedf1..1b81626 100644
--- a/target/board/generic/sepolicy/genfs_contexts
+++ b/target/board/generic/sepolicy/genfs_contexts
@@ -15,3 +15,6 @@
genfscon sysfs /devices/pci0000:00/0000:00:08.0/virtio5/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim0/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim1/net u:object_r:sysfs_net:s0
+
+# /proc/<pid>/ns
+genfscon nsfs / u:object_r:nsfs:s0
diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te
index eb913e9..1492cbd 100644
--- a/target/board/generic/sepolicy/goldfish_setup.te
+++ b/target/board/generic/sepolicy/goldfish_setup.te
@@ -11,3 +11,35 @@
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
wakelock_use(goldfish_setup);
allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
+
+# Set system properties to start services
+set_prop(goldfish_setup, ctl_default_prop);
+
+# Set up WiFi
+allow goldfish_setup self:netlink_route_socket { create nlmsg_write setopt bind getattr read write nlmsg_read };
+allow goldfish_setup self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow goldfish_setup self:capability { sys_module sys_admin };
+allow goldfish_setup varrun_file:dir { mounton open read write add_name search remove_name };
+allow goldfish_setup varrun_file:file { mounton getattr create read write open unlink };
+allow goldfish_setup execns_exec:file rx_file_perms;
+allow goldfish_setup proc_net:file rw_file_perms;
+allow goldfish_setup proc:file r_file_perms;
+set_prop(goldfish_setup, ctl_default_prop);
+allow goldfish_setup nsfs:file r_file_perms;
+allow goldfish_setup system_data_file:dir getattr;
+allow goldfish_setup kernel:system module_request;
+# Allow goldfish_setup to run /system/bin/ip and /system/bin/iw
+allow goldfish_setup system_file:file execute_no_trans;
+# Allow goldfish_setup to run init.wifi.sh
+allow goldfish_setup goldfish_setup_exec:file execute_no_trans;
+#Allow goldfish_setup to run createns in its own domain
+domain_auto_trans(goldfish_setup, createns_exec, createns);
+# iw
+allow goldfish_setup sysfs:file { read open };
+# iptables
+allow goldfish_setup system_file:file lock;
+allow goldfish_setup self:rawip_socket { create getopt setopt };
+# Allow goldfish_setup to read createns proc file to get the namespace file
+allow goldfish_setup createns:file { read };
+allow goldfish_setup createns:dir { search };
+allow goldfish_setup createns:lnk_file { read };
diff --git a/target/board/generic/sepolicy/hal_wifi_default.te b/target/board/generic/sepolicy/hal_wifi_default.te
new file mode 100644
index 0000000..de4b996
--- /dev/null
+++ b/target/board/generic/sepolicy/hal_wifi_default.te
@@ -0,0 +1 @@
+allow hal_wifi_default hal_wifi_default:netlink_route_socket { create bind write read nlmsg_read };
diff --git a/target/board/generic/sepolicy/ipv6proxy.te b/target/board/generic/sepolicy/ipv6proxy.te
new file mode 100644
index 0000000..22976fe
--- /dev/null
+++ b/target/board/generic/sepolicy/ipv6proxy.te
@@ -0,0 +1,16 @@
+# IPv6 proxying
+type ipv6proxy, domain;
+type ipv6proxy_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(ipv6proxy)
+net_domain(ipv6proxy)
+
+# Allow ipv6proxy to be run by execns in its own domain
+domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
+allow ipv6proxy execns:fd use;
+
+allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
+allow ipv6proxy self:packet_socket { bind create read };
+allow ipv6proxy self:netlink_route_socket nlmsg_write;
+allow ipv6proxy varrun_file:dir search;
+allowxperm ipv6proxy self:udp_socket ioctl { SIOCSIFFLAGS SIOCGIFHWADDR };
diff --git a/target/board/generic/sepolicy/property.te b/target/board/generic/sepolicy/property.te
index 56e02ef..8c7c892 100644
--- a/target/board/generic/sepolicy/property.te
+++ b/target/board/generic/sepolicy/property.te
@@ -1,3 +1,4 @@
type qemu_prop, property_type;
type qemu_cmdline, property_type;
type radio_noril_prop, property_type;
+type net_eth0_prop, property_type;
diff --git a/target/board/generic/sepolicy/property_contexts b/target/board/generic/sepolicy/property_contexts
index 3a61b6b..c5a2bc1 100644
--- a/target/board/generic/sepolicy/property_contexts
+++ b/target/board/generic/sepolicy/property_contexts
@@ -3,3 +3,4 @@
ro.emu. u:object_r:qemu_prop:s0
ro.emulator. u:object_r:qemu_prop:s0
ro.radio.noril u:object_r:radio_noril_prop:s0
+net.eth0. u:object_r:net_eth0_prop:s0
diff --git a/target/board/generic/sepolicy/radio.te b/target/board/generic/sepolicy/radio.te
new file mode 100644
index 0000000..742d3b2
--- /dev/null
+++ b/target/board/generic/sepolicy/radio.te
@@ -0,0 +1,3 @@
+# Allow the radio to read these properties, they only have an SELinux label in
+# the emulator.
+get_prop(radio, net_eth0_prop);
diff --git a/target/board/generic/sepolicy/rild.te b/target/board/generic/sepolicy/rild.te
new file mode 100644
index 0000000..ea18373
--- /dev/null
+++ b/target/board/generic/sepolicy/rild.te
@@ -0,0 +1,3 @@
+# Allow rild to read these properties, they only have an SELinux label in the
+# emulator.
+get_prop(rild, net_eth0_prop);
diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index e066e3a..d5f79f4 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@@ -96,6 +96,17 @@
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
+# Wifi.
+BOARD_WLAN_DEVICE := emulator
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
+
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
diff --git a/target/board/generic_arm64_ab/BoardConfig.mk b/target/board/generic_arm64_ab/BoardConfig.mk
index 00afee6..286a741 100644
--- a/target/board/generic_arm64_ab/BoardConfig.mk
+++ b/target/board/generic_arm64_ab/BoardConfig.mk
@@ -39,5 +39,3 @@
# TODO(b/36764215): remove this setting when the generic system image
# no longer has QCOM-specific directories under /.
BOARD_SEPOLICY_DIRS += build/target/board/generic_arm64_ab/sepolicy
-
-BOARD_VNDK_VERSION := current
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index d1cbeb9..2d00506 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -67,3 +67,14 @@
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
+
+# Wifi.
+BOARD_WLAN_DEVICE := emulator
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
diff --git a/target/board/generic_x86_64/BoardConfig.mk b/target/board/generic_x86_64/BoardConfig.mk
index a9c5142..5377fb1 100755
--- a/target/board/generic_x86_64/BoardConfig.mk
+++ b/target/board/generic_x86_64/BoardConfig.mk
@@ -62,6 +62,17 @@
BOARD_VNDK_VERSION := current
+# Wifi.
+BOARD_WLAN_DEVICE := emulator
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
+
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
diff --git a/target/product/emulator.mk b/target/product/emulator.mk
index 67ebe04..11466b8 100644
--- a/target/product/emulator.mk
+++ b/target/product/emulator.mk
@@ -55,6 +55,7 @@
audio.primary.goldfish \
audio.primary.goldfish_legacy \
android.hardware.audio@2.0-service \
+ android.hardware.wifi@1.0-service \
vibrator.goldfish \
power.goldfish \
power.ranchu \
@@ -116,9 +117,23 @@
PRODUCT_PACKAGES += \
vndk-sp
+# WiFi
+PRODUCT_PACKAGES += \
+ createns \
+ dhcpclient \
+ dhcpserver \
+ execns \
+ hostapd \
+ ip \
+ ipv6proxy \
+ iw \
+ wificond \
+ wpa_supplicant \
+
PRODUCT_COPY_FILES += \
device/generic/goldfish/init.ranchu-core.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-core.sh \
device/generic/goldfish/init.ranchu-net.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-net.sh \
+ device/generic/goldfish/wifi/init.wifi.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.wifi.sh \
device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
device/generic/goldfish/fstab.ranchu:root/fstab.ranchu \
device/generic/goldfish/fstab.ranchu.early:root/fstab.ranchu.early \
@@ -127,6 +142,9 @@
device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
device/generic/goldfish/data/etc/permissions/privapp-permissions-goldfish.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/privapp-permissions-goldfish.xml \
device/generic/goldfish/data/etc/config.ini:config.ini \
+ device/generic/goldfish/wifi/simulated_hostapd.conf:$(TARGET_COPY_OUT_VENDOR)/etc/simulated_hostapd.conf \
+ device/generic/goldfish/wifi/wpa_supplicant.conf:$(TARGET_COPY_OUT_VENDOR)/etc/wifi/wpa_supplicant.conf \
+ device/generic/goldfish/wifi/WifiConfigStore.xml:data/misc/wifi/WifiConfigStore.xml \
frameworks/native/data/etc/android.hardware.wifi.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.wifi.xml
PRODUCT_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
diff --git a/target/product/product_launched_with_l.mk b/target/product/product_launched_with_l.mk
index 8127bc3..6e782f7 100644
--- a/target/product/product_launched_with_l.mk
+++ b/target/product/product_launched_with_l.mk
@@ -1,3 +1,3 @@
-#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launced on.
+#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launched on.
PRODUCT_SHIPPING_API_LEVEL := 21
diff --git a/target/product/product_launched_with_l_mr1.mk b/target/product/product_launched_with_l_mr1.mk
index 7a5bd0f..2086832 100644
--- a/target/product/product_launched_with_l_mr1.mk
+++ b/target/product/product_launched_with_l_mr1.mk
@@ -1,2 +1,2 @@
-#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launced on.
+#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launched on.
PRODUCT_SHIPPING_API_LEVEL := 22
diff --git a/target/product/product_launched_with_m.mk b/target/product/product_launched_with_m.mk
index afd8647..1ba1014 100644
--- a/target/product/product_launched_with_m.mk
+++ b/target/product/product_launched_with_m.mk
@@ -1,2 +1,2 @@
-#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launced on.
+#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launched on.
PRODUCT_SHIPPING_API_LEVEL := 23
diff --git a/target/product/product_launched_with_n.mk b/target/product/product_launched_with_n.mk
index f7c5d79..cac29eb 100644
--- a/target/product/product_launched_with_n.mk
+++ b/target/product/product_launched_with_n.mk
@@ -1,2 +1,2 @@
-#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launced on.
+#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launched on.
PRODUCT_SHIPPING_API_LEVEL := 24
diff --git a/target/product/product_launched_with_n_mr1.mk b/target/product/product_launched_with_n_mr1.mk
index 65d4d3f..194a1aa 100644
--- a/target/product/product_launched_with_n_mr1.mk
+++ b/target/product/product_launched_with_n_mr1.mk
@@ -1,2 +1,2 @@
-#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launced on.
+#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launched on.
PRODUCT_SHIPPING_API_LEVEL := 25
diff --git a/target/product/product_launched_with_o.mk b/target/product/product_launched_with_o.mk
index 94d30c6..8e25a2b 100644
--- a/target/product/product_launched_with_o.mk
+++ b/target/product/product_launched_with_o.mk
@@ -1,2 +1,2 @@
-#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launced on.
+#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launched on.
PRODUCT_SHIPPING_API_LEVEL := 26
diff --git a/target/product/product_launched_with_o_mr1.mk b/target/product/product_launched_with_o_mr1.mk
index 25620aa..2f3d7e6 100644
--- a/target/product/product_launched_with_o_mr1.mk
+++ b/target/product/product_launched_with_o_mr1.mk
@@ -1,2 +1,2 @@
-#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launced on.
+#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launched on.
PRODUCT_SHIPPING_API_LEVEL := 27
diff --git a/target/product/product_launched_with_p.mk b/target/product/product_launched_with_p.mk
new file mode 100644
index 0000000..fe7591f
--- /dev/null
+++ b/target/product/product_launched_with_p.mk
@@ -0,0 +1,2 @@
+#PRODUCT_SHIPPING_API_LEVEL indicates the first api level, device has been commercially launched on.
+PRODUCT_SHIPPING_API_LEVEL := 28
\ No newline at end of file
diff --git a/target/product/runtime_libart.mk b/target/product/runtime_libart.mk
index 6d7ac4a..8f277f2 100644
--- a/target/product/runtime_libart.mk
+++ b/target/product/runtime_libart.mk
@@ -84,8 +84,11 @@
pm.dexopt.boot=verify
endif
+# The install filter is speed-profile in order to enable the use of
+# profiles from the dex metadata files. Note that if a profile is not provided
+# or if it is empty speed-profile is equivalent to quicken.
PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
- pm.dexopt.install=quicken \
+ pm.dexopt.install=speed-profile \
pm.dexopt.bg-dexopt=speed-profile \
pm.dexopt.ab-ota=speed-profile \
pm.dexopt.inactive=verify \
diff --git a/target/product/sdk_base.mk b/target/product/sdk_base.mk
index df68d02..e3f2db2 100644
--- a/target/product/sdk_base.mk
+++ b/target/product/sdk_base.mk
@@ -44,7 +44,7 @@
SysuiDarkThemeOverlay \
EasterEgg \
WallpaperPicker \
- WidgetPreview
+ WidgetPreview \
# Define the host tools and libs that are parts of the SDK.
-include sdk/build/product_sdk.mk
diff --git a/target/product/treble_common.mk b/target/product/treble_common.mk
index cd5442f..8fa2974 100644
--- a/target/product/treble_common.mk
+++ b/target/product/treble_common.mk
@@ -66,6 +66,12 @@
PRODUCT_COPY_FILES += \
device/generic/goldfish/data/etc/apns-conf.xml:system/etc/apns-conf.xml
+# NFC:
+# Provide default libnfc-nci.conf file for devices that does not have one in
+# vendor/etc
+PRODUCT_COPY_FILES += \
+ device/generic/common/nfc/libnfc-nci.conf:system/etc/libnfc-nci.conf
+
# Support for the devices with no VNDK enforcing
PRODUCT_COPY_FILES += \
build/make/target/product/vndk/init.gsi.rc:system/etc/init/init.gsi.rc \
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 787de98..6defb2b 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -460,6 +460,11 @@
# "boot" or "recovery", without extension.
partition_name = os.path.basename(sourcedir).lower()
+ if (partition_name == "recovery" and
+ info_dict.get("include_recovery_dtbo") == "true"):
+ fn = os.path.join(sourcedir, "recovery_dtbo")
+ cmd.extend(["--recovery_dtbo", fn])
+
p = Run(cmd, stdout=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, "mkbootimg of %s image failed" % (partition_name,)