Merge changes from topic "customgnss" into main
* changes:
sepolicy: Allow hal_gnss_pixel access sscoredump file
sepolicy: Allow gnssd access modem_state
diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts
index ed8a6d6..73293f7 100644
--- a/aoc/sepolicy/file_contexts
+++ b/aoc/sepolicy/file_contexts
@@ -31,6 +31,9 @@
/dev/acd-aocx_inject[0-9]* u:object_r:aoc_device:s0
/dev/acd-aocx_tapout[0-9]* u:object_r:aoc_device:s0
/dev/acd-mc_headpos u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_ctl u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_tx u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_rx u:object_r:aoc_device:s0
# AoC vendor binaries
/vendor/bin/aocd u:object_r:aocd_exec:s0
diff --git a/aoc/sepolicy/service.te b/aoc/sepolicy/service.te
new file mode 100644
index 0000000..502b28d
--- /dev/null
+++ b/aoc/sepolicy/service.te
@@ -0,0 +1 @@
+type aocx, service_manager_type;
diff --git a/aoc/sepolicy/vndservice_contexts b/aoc/sepolicy/service_contexts
similarity index 100%
rename from aoc/sepolicy/vndservice_contexts
rename to aoc/sepolicy/service_contexts
diff --git a/aoc/sepolicy/vndservice.te b/aoc/sepolicy/vndservice.te
deleted file mode 100644
index 01c2436..0000000
--- a/aoc/sepolicy/vndservice.te
+++ /dev/null
@@ -1 +0,0 @@
-type aocx, vndservice_manager_type;
diff --git a/gps/lsi/sepolicy/device.te b/gps/lsi/sepolicy/device.te
new file mode 100644
index 0000000..15d049f
--- /dev/null
+++ b/gps/lsi/sepolicy/device.te
@@ -0,0 +1 @@
+type vendor_gnss_device, dev_type;
diff --git a/gps/lsi/sepolicy/file.te b/gps/lsi/sepolicy/file.te
index af9582b..246700a 100644
--- a/gps/lsi/sepolicy/file.te
+++ b/gps/lsi/sepolicy/file.te
@@ -1 +1,5 @@
type vendor_gps_file, file_type, data_file_type;
+type sysfs_gps, sysfs_type, fs_type;
+userdebug_or_eng(`
+ typeattribute vendor_gps_file mlstrustedobject;
+')
diff --git a/gps/lsi/sepolicy/file_contexts b/gps/lsi/sepolicy/file_contexts
index 9840eab..e6af3b1 100644
--- a/gps/lsi/sepolicy/file_contexts
+++ b/gps/lsi/sepolicy/file_contexts
@@ -7,6 +7,4 @@
/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
/vendor/bin/hw/spad u:object_r:spad_exec:s0
/vendor/bin/hw/android.hardware.gnss-service u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
-# keep only one rule and use eGNSS one
-# /data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
+/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
diff --git a/gps/lsi/sepolicy/property.te b/gps/lsi/sepolicy/property.te
new file mode 100644
index 0000000..6b62560
--- /dev/null
+++ b/gps/lsi/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_gps_prop)
diff --git a/gps/lsi/sepolicy/property_contexts b/gps/lsi/sepolicy/property_contexts
new file mode 100644
index 0000000..4546116
--- /dev/null
+++ b/gps/lsi/sepolicy/property_contexts
@@ -0,0 +1,2 @@
+vendor.gps. u:object_r:vendor_gps_prop:s0
+persist.vendor.gps. u:object_r:vendor_gps_prop:s0
diff --git a/gyotaku_app/fingerprint/gyotaku_app.te b/gyotaku_app/fingerprint/gyotaku_app.te
new file mode 100644
index 0000000..f6475f5
--- /dev/null
+++ b/gyotaku_app/fingerprint/gyotaku_app.te
@@ -0,0 +1,19 @@
+# Specific build for fingerprint
+type gyotaku_app, domain;
+
+app_domain(gyotaku_app)
+net_domain(gyotaku_app)
+
+# For Gyotaku app common use
+allow gyotaku_app app_api_service:service_manager find;
+allow gyotaku_app privapp_data_file:lnk_file read;
+allow gyotaku_app system_app_data_file:dir create_dir_perms;
+allow gyotaku_app system_app_data_file:file create_file_perms;
+
+# For getproperty isDebuggable use
+get_prop(gyotaku_app, userdebug_or_eng_prop)
+
+# For access /data/vendor/misc fingerprint use.
+allow gyotaku_app vendor_misc_data_file:dir search;
+allow gyotaku_app vendor_fingerprint_data_file:dir r_dir_perms;
+allow gyotaku_app vendor_fingerprint_data_file:file r_file_perms;
diff --git a/gyotaku_app/fingerprint/seapp_contexts b/gyotaku_app/fingerprint/seapp_contexts
new file mode 100644
index 0000000..b1c6248
--- /dev/null
+++ b/gyotaku_app/fingerprint/seapp_contexts
@@ -0,0 +1,2 @@
+# Gyotaku app
+user=system seinfo=platform name=com.google.android.apps.internal.gyotaku domain=gyotaku_app type=system_app_data_file levelFrom=all
diff --git a/gyotaku_app/gyotaku_fingerprint.mk b/gyotaku_app/gyotaku_fingerprint.mk
new file mode 100644
index 0000000..051b88e
--- /dev/null
+++ b/gyotaku_app/gyotaku_fingerprint.mk
@@ -0,0 +1,5 @@
+# Specific build for fingerprint
+PRODUCT_PACKAGES_DEBUG += \
+ Gyotaku
+
+BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/fingerprint
diff --git a/recorder/recorder.mk b/recorder/recorder.mk
new file mode 100644
index 0000000..87620da
--- /dev/null
+++ b/recorder/recorder.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/vendor
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/product/private
diff --git a/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem b/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem
new file mode 100644
index 0000000..833c86b
--- /dev/null
+++ b/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF+zCCA+OgAwIBAgIVAJFfB9eQ7J1w93C6aGBchm77ysA3MA0GCSqGSIb3DQEBCwUAMIGNMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
+MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxKTAnBgNVBAMMIGNvbV9nb29n
+bGVfYW5kcm9pZF9hcHBzX3JlY29yZGVyMB4XDTE5MDIxNTE1NDQxMloXDTQ5MDIxNTE1NDQxMlow
+gY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBW
+aWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEpMCcGA1UEAwwgY29t
+X2dvb2dsZV9hbmRyb2lkX2FwcHNfcmVjb3JkZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCFSs/DqyyRbMD2mEHxxv+DDnV7V8j/RUB43aZXC11kKbLAD/E8/WxV+e9frFoXlzXepK4m
+FliWHyLWNSUmFwVxl2JsrkxUJ4QWXIpw9azHkW9kO5r/VPTXCBAZn80qqaqHlzplHbflxLiQc+zv
+lWEg7HJPBMMMFC3yCYfhLbDrriZdMnT4mHMLUo24TzO2znv7c7SDBWQ57lAsdRB0OX+N4DfBXvUR
+QLUO9FazerGdcK58KHkxgo3ZHY3c2+efkfCkZUgu6HKLwA24O2e0/iYmC7vQTItGYCCyzbdlXDix
+t0YgpsdcsOtVSJLwv6movtAX9JGsrGkvZR9Ffa52Vfc+vW0yqahHxVFJ5VD6UrrQpkWjonrsIbHb
+RLQ05ZM735kd4NWrxgS0sDwdfvhmsj29Ag3q/cuIpG/+x37+vmTlMKggeqxSxoQ4RwGyZuvyb8PB
+/lCf6r6bAYyr88oAs03ATz3RqRH38rkHmFp5Cdf488tw2Wj6vB/JqnfPN8woslle0hUIkqH7Ezna
+0zF79yov7oePFdqr++khDHrrMQziwIk2PN+V0MLGQpmX5FF47Zmprtzvu52QN2f5rnKq2HSfBG0i
+FqZ8/iAEnUsCngVObHaASPxXq1AKiy3iEJaLDjFhGbQk9mbj9o/RHb0kyorI3d90PU8ss8xNsUnm
+pXa4sQIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRXxQfB1H79Hq56Ld1GUrRRfzWo
+ojAfBgNVHSMEGDAWgBRXxQfB1H79Hq56Ld1GUrRRfzWoojANBgkqhkiG9w0BAQsFAAOCAgEARATw
+47mgvvLpdLTPzjORUSLBWXS2WdH43o9tPBNOaLBVRWiua2OyMp8F+nbxm4y/3djGuXsn5S2F12jp
+7xQZcBU4c21vF/ttio/spnnkPBnf0nKndTLoKt4Tpcxq4vnyqyXlBJHIybh+bbc6HVTYM6n8k4vw
+KReUjEjCXAxZ8vWjTgSOAtDrHkaez3tOkACMFmRv+JP1zNG32chLG+8K0/pyLsnknloPAk02Btoc
+t7FI4XKtS/9Z9oipMHfWg8fjI4vRXqiiAR4ctf9EgxcwHY/KVX8RJxsAXMgl65e7qGagbfTWCbHl
+MnRnapjLKkvJKPiIbBx/xdgUoOxdugwL6XPfzg4THQzAiduCgxkDs/H3SQWem6VBZ57KSuudJsop
+s5hb7GS2Hqb5F3YHAlSGQxvj37mDTzbuTH3paqzPwSgnqw0jnkGl//f2osw/mqfD5msDLk4UcmpQ
+IeC10ofhF7hzaZOGwMg8VGzsMR5M154haxj6Y2NFEir6ylz/stPrelkwDvMIDgIororj2Bj7TkWu
++EABNAr8h9yTsJEvxayNMk96U+Rn2LKMZilJdf00SILpr6IFTD8uvRwLIHSCjSbd9C8kkAqbqKs4
+VCg5HPLHjxyXgWOAK1IeqqnryaFPjLqa2RsG6UL+UtIjC6eWMsWOfvRRrpTU21mo2Koc0MI=
+-----END CERTIFICATE-----
diff --git a/recorder/sepolicy/product/private/google_recorder_app.te b/recorder/sepolicy/product/private/google_recorder_app.te
new file mode 100644
index 0000000..ac308aa
--- /dev/null
+++ b/recorder/sepolicy/product/private/google_recorder_app.te
@@ -0,0 +1,16 @@
+app_domain(google_recorder_app)
+net_domain(google_recorder_app)
+
+get_prop(google_recorder_app, graphics_config_writable_prop)
+
+allow google_recorder_app app_api_service:service_manager find;
+allow google_recorder_app audioserver_service:service_manager find;
+allow google_recorder_app mediaextractor_service:service_manager find;
+allow google_recorder_app mediametrics_service:service_manager find;
+allow google_recorder_app mediaserver_service:service_manager find;
+
+allow google_recorder_app privapp_data_file:lnk_file r_file_perms;
+allow google_recorder_app privapp_data_file:file execute;
+
+# Library code may try to access default properties, but should be denied
+dontaudit google_recorder_app default_prop:file read;
diff --git a/recorder/sepolicy/product/private/keys.conf b/recorder/sepolicy/product/private/keys.conf
new file mode 100644
index 0000000..9dad2f5
--- /dev/null
+++ b/recorder/sepolicy/product/private/keys.conf
@@ -0,0 +1,2 @@
+[@GOOGLERECORDER]
+ALL : device/google/gs-common/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem
diff --git a/recorder/sepolicy/product/private/mac_permissions.xml b/recorder/sepolicy/product/private/mac_permissions.xml
new file mode 100644
index 0000000..b1d21bf
--- /dev/null
+++ b/recorder/sepolicy/product/private/mac_permissions.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+ * A signature is a hex encoded X.509 certificate or a tag defined in
+ keys.conf and is required for each signer tag.
+ * A signer tag may contain a seinfo tag and multiple package stanzas.
+ * A default tag is allowed that can contain policy for all apps not signed with a
+ previously listed cert. It may not contain any inner package stanzas.
+ * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
+ represents additional info that each app can use in setting a SELinux security
+ context on the eventual process.
+ * When a package is installed the following logic is used to determine what seinfo
+ value, if any, is assigned.
+ - All signatures used to sign the app are checked first.
+ - If a signer stanza has inner package stanzas, those stanza will be checked
+ to try and match the package name of the app. If the package name matches
+ then that seinfo tag is used. If no inner package matches then the outer
+ seinfo tag is assigned.
+ - The default tag is consulted last if needed.
+-->
+ <!-- Google Recorder app key -->
+ <signer signature="@GOOGLERECORDER" >
+ <seinfo value="GoogleRecorder" />
+ </signer>
+</policy>
diff --git a/recorder/sepolicy/product/private/seapp_contexts b/recorder/sepolicy/product/private/seapp_contexts
new file mode 100644
index 0000000..f264927
--- /dev/null
+++ b/recorder/sepolicy/product/private/seapp_contexts
@@ -0,0 +1,2 @@
+# Google Recorder
+user=_app isPrivApp=true seinfo=GoogleRecorder name=com.google.android.apps.recorder domain=google_recorder_app type=app_data_file levelFrom=all
diff --git a/recorder/sepolicy/product/public/google_recorder_app.te b/recorder/sepolicy/product/public/google_recorder_app.te
new file mode 100644
index 0000000..b718e12
--- /dev/null
+++ b/recorder/sepolicy/product/public/google_recorder_app.te
@@ -0,0 +1 @@
+type google_recorder_app, domain;
diff --git a/recorder/sepolicy/vendor/google_recorder_app.te b/recorder/sepolicy/vendor/google_recorder_app.te
new file mode 100644
index 0000000..e140678
--- /dev/null
+++ b/recorder/sepolicy/vendor/google_recorder_app.te
@@ -0,0 +1 @@
+get_prop(google_recorder_app, vendor_audio_prop_restricted)
diff --git a/storage/init.storage.rc b/storage/init.storage.rc
index 71fce43..9cad2ea 100644
--- a/storage/init.storage.rc
+++ b/storage/init.storage.rc
@@ -13,6 +13,7 @@
write /dev/sys/block/by-name/rootdisk/queue/iostats 1
write /dev/sys/block/by-name/rootdisk/queue/nr_requests 128
write /dev/sys/block/by-name/rootdisk/queue/rq_affinity 2
+ write /dev/sys/block/by-name/zoned_device/queue/rq_affinity 2
# UFS
write /dev/sys/block/bootdevice/clkgate_enable 1
diff --git a/touch/gti/touch_gti_ical.cpp b/touch/gti/touch_gti_ical.cpp
index 0aabd9e..9b5eed5 100644
--- a/touch/gti/touch_gti_ical.cpp
+++ b/touch/gti/touch_gti_ical.cpp
@@ -34,6 +34,18 @@
char *line = NULL;
size_t len = 0;
FILE *ical_fd;
+ const char *ical_override_cmd_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.override.cmd",
+ [1] = "vendor.touch.gti1.ical.override.cmd",
+ };
+ const char *ical_override_result_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.override.result",
+ [1] = "vendor.touch.gti1.ical.override.result",
+ };
+ const char *ical_write_history_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.write.history",
+ [1] = "vendor.touch.gti1.ical.write.history",
+ };
const char *ical_state_prop[2] = {
[0] = "vendor.touch.gti0.ical.state",
[1] = "vendor.touch.gti1.ical.state",
@@ -46,9 +58,16 @@
[0] = "/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate",
[1] = "/sys/devices/virtual/goog_touch_interface/gti.1/interactive_calibrate",
};
+ const char *ical_override_cmd_prop_path = ical_override_cmd_prop[0];
+ const char *ical_override_result_prop_path = ical_override_result_prop[0];
+ const char *ical_write_history_prop_path = ical_write_history_prop[0];
const char *ical_state_prop_path = ical_state_prop[0];
const char *ical_result_prop_path = ical_result_prop[0];
const char *ical_sysfs_path = ical_sysfs[0];
+ const char ical_override_all_cmd_prop_val[PROPERTY_VALUE_MAX] = "xxx";
+ char ical_override_cmd_prop_val[PROPERTY_VALUE_MAX] = "\0";
+ char ical_override_result_prop_val[PROPERTY_VALUE_MAX] = "\0";
+ char ical_write_history_prop_val[PROPERTY_VALUE_MAX] = "\0";
if (argc < 3) {
ALOGW("No target dev or command for interactive_calibrate sysfs.\n");
@@ -60,11 +79,18 @@
if (strncmp(argv[1], "1", strlen(argv[1])) == 0 ||
strncmp(argv[1], "gti1", strlen(argv[1])) == 0 ||
strncmp(argv[1], "gti.1", strlen(argv[1])) == 0) {
+ ical_override_cmd_prop_path = ical_override_cmd_prop[1];
+ ical_override_result_prop_path = ical_override_result_prop[1];
+ ical_write_history_prop_path = ical_write_history_prop[1];
ical_state_prop_path = ical_state_prop[1];
ical_result_prop_path = ical_result_prop[1];
ical_sysfs_path = ical_sysfs[1];
}
+ property_get(ical_override_cmd_prop_path, ical_override_cmd_prop_val, NULL);
+ property_get(ical_override_result_prop_path, ical_override_result_prop_val, "0 - -2147483648");
+ property_get(ical_write_history_prop_path, ical_write_history_prop_val, NULL);
+
property_set(ical_result_prop_path, "na");
property_set(ical_state_prop_path, "running");
if (access(ical_sysfs_path, F_OK | R_OK | W_OK)) {
@@ -84,11 +110,25 @@
getline(&line, &len, ical_fd);
if (line != NULL) {
property_set(ical_state_prop_path, "read");
- property_set(ical_result_prop_path, line);
- ALOGI("read: %s => %s", ical_sysfs_path, line);
+ if (strncmp(ical_override_cmd_prop_val,
+ ical_write_history_prop_val,
+ strlen(ical_write_history_prop_path)) == 0 ||
+ strncasecmp(ical_override_cmd_prop_val,
+ ical_override_all_cmd_prop_val,
+ strlen(ical_override_all_cmd_prop_val)) == 0) {
+ property_set(ical_result_prop_path, ical_override_result_prop_val);
+ ALOGW("read(original): %s => %s",
+ ical_sysfs_path, line);
+ ALOGW("read(override): %s => %s",
+ ical_sysfs_path, ical_override_result_prop_val);
+ } else {
+ property_set(ical_result_prop_path, line);
+ ALOGI("read: %s => %s", ical_sysfs_path, line);
+ }
free(line);
}
} else {
+ property_set(ical_write_history_prop_path, argv[2]);
property_set(ical_state_prop_path, argv[2]);
fwrite(argv[2], 1, strlen(argv[2]), ical_fd);
ALOGI("write: %s => %s\n", argv[2], ical_sysfs_path);
diff --git a/touch/twoshay/sepolicy/touchflow_debug/file_contexts b/touch/twoshay/sepolicy/touchflow_debug/file_contexts
deleted file mode 100644
index 17dfe62..0000000
--- a/touch/twoshay/sepolicy/touchflow_debug/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-/vendor/bin/hw/android\.hardware\.input\.processor-reflector u:object_r:hal_input_processor_default_exec:s0
-/vendor/bin/twoshay_touchflow u:object_r:twoshay_exec:s0