Merge "sepolicy: add permission for PCM of pixelstats-vend." into udc-qpr-dev am: 0e4eb6a744 am: 1c740e78cc
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/23844624
Change-Id: I128d9f0e10556e16a24321a1f922c09d0454f38d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/dauntless/sepolicy/citadeld.te b/dauntless/sepolicy/citadeld.te
index 86cb61c..60c633c 100644
--- a/dauntless/sepolicy/citadeld.te
+++ b/dauntless/sepolicy/citadeld.te
@@ -11,3 +11,5 @@
allow citadeld citadel_device:chr_file rw_file_perms;
allow citadeld fwk_stats_service:service_manager find;
allow citadeld hal_power_stats_vendor_service:service_manager find;
+
+set_prop(citadeld, vendor_nos_citadel_version);
diff --git a/dauntless/sepolicy/property.te b/dauntless/sepolicy/property.te
new file mode 100644
index 0000000..2e1c4ec
--- /dev/null
+++ b/dauntless/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_nos_citadel_version)
diff --git a/dauntless/sepolicy/property_contexts b/dauntless/sepolicy/property_contexts
new file mode 100644
index 0000000..835de17
--- /dev/null
+++ b/dauntless/sepolicy/property_contexts
@@ -0,0 +1 @@
+vendor.nos.citadel.version u:object_r:vendor_nos_citadel_version:s0
diff --git a/gear/dumpstate/Dumpstate.cpp b/gear/dumpstate/Dumpstate.cpp
index 9fe7c1a..31df2c7 100644
--- a/gear/dumpstate/Dumpstate.cpp
+++ b/gear/dumpstate/Dumpstate.cpp
@@ -74,21 +74,21 @@
void Dumpstate::dumpTextSection(int fd, const std::string §ionName) {
bool dumpAll = (sectionName == kAllSections);
std::string dumpFiles;
-
- // Execute all or designated programs under vendor/bin/dump/
- std::unique_ptr<DIR, decltype(&closedir)> dir(opendir("/vendor/bin/dump"), closedir);
- if (!dir) {
- ALOGE("Fail To Open Dir vendor/bin/dump/");
- ::android::base::WriteStringToFd("Fail To Open Dir vendor/bin/dump/\n", fd);
+ struct dirent **dirent_list = NULL;
+ int num_entries = scandir("/vendor/bin/dump", &dirent_list, 0, (int (*)(const struct dirent **, const struct dirent **)) alphasort);
+ if (!dirent_list) {
+ ALOGE("Unable to scan dir: /vendor/bin/dump\n");
+ return;
+ } else if (num_entries <= 0) {
+ ALOGE("No file is found.\n");
return;
}
- dirent *entry;
- while ((entry = readdir(dir.get())) != nullptr) {
- // Skip '.', '..'
- if (entry->d_name[0] == '.') {
+ // Execute all or designated programs under vendor/bin/dump/
+ for (int i = 0; i < num_entries; i++) {
+ if (dirent_list[i]->d_name[0] == '.') {
continue;
}
- std::string bin(entry->d_name);
+ std::string bin(dirent_list[i]->d_name);
dumpFiles = dumpFiles + " " + bin;
if (dumpAll || sectionName == bin) {
auto startTime = startSection(fd, bin);
@@ -111,6 +111,10 @@
::android::base::WriteStringToFd(dumpFiles, fd);
::android::base::WriteStringToFd("\nNote: sections with attachments (e.g. dump_soc) are"
"not available from the command line.\n", fd);
+ while (num_entries--) {
+ free(dirent_list[num_entries]);
+ }
+ free(dirent_list);
}
void Dumpstate::dumpLogSection(int fd, int fd_bin)
diff --git a/gpu/gpu.mk b/gpu/gpu.mk
new file mode 100644
index 0000000..d1c3a6d
--- /dev/null
+++ b/gpu/gpu.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gpu/sepolicy
+
+PRODUCT_PACKAGES += gpu_probe
diff --git a/gpu/sepolicy/file_contexts b/gpu/sepolicy/file_contexts
new file mode 100644
index 0000000..3752908
--- /dev/null
+++ b/gpu/sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/gpu_probe u:object_r:gpu_probe_exec:s0
diff --git a/gpu/sepolicy/gpu_probe.te b/gpu/sepolicy/gpu_probe.te
new file mode 100644
index 0000000..d8ffb78
--- /dev/null
+++ b/gpu/sepolicy/gpu_probe.te
@@ -0,0 +1,8 @@
+# gpu_probe
+type gpu_probe_exec, exec_type, vendor_file_type, file_type;
+type gpu_probe, domain;
+
+init_daemon_domain(gpu_probe)
+allow gpu_probe gpu_device:chr_file rw_file_perms;
+
+perfetto_producer(gpu_probe)
diff --git a/pixelsystemservice/pixelsystemservice.mk b/pixelsystemservice/pixelsystemservice.mk
new file mode 100644
index 0000000..fcabe89
--- /dev/null
+++ b/pixelsystemservice/pixelsystemservice.mk
@@ -0,0 +1,5 @@
+PRODUCT_SOONG_NAMESPACES += vendor/google/apps/PersistentBackgroundServices
+PRODUCT_PACKAGES += \
+ PersistentBackgroundServices
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/pixelsystemservice/sepolicy
diff --git a/pixelsystemservice/sepolicy/pixelsystemservice_app.te b/pixelsystemservice/sepolicy/pixelsystemservice_app.te
new file mode 100644
index 0000000..f120058
--- /dev/null
+++ b/pixelsystemservice/sepolicy/pixelsystemservice_app.te
@@ -0,0 +1,6 @@
+type pixelsystemservice_app, domain, coredomain;
+
+app_domain(pixelsystemservice_app);
+
+# Standard system services
+allow pixelsystemservice_app app_api_service:service_manager find;
diff --git a/pixelsystemservice/sepolicy/seapp_contexts b/pixelsystemservice/sepolicy/seapp_contexts
new file mode 100644
index 0000000..f1c1262
--- /dev/null
+++ b/pixelsystemservice/sepolicy/seapp_contexts
@@ -0,0 +1,2 @@
+# Pixel System Service
+user=_app seinfo=platform name=com.google.android.pixelsystemservice domain=pixelsystemservice_app type=app_data_file levelFrom=all