Merge "move camera dump to gs-common" into udc-dev
diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts
index 3fc88b5..70af43f 100644
--- a/aoc/sepolicy/file_contexts
+++ b/aoc/sepolicy/file_contexts
@@ -15,6 +15,7 @@
/dev/acd-debug u:object_r:aoc_device:s0
/dev/acd-audio_tap[0-9]* u:object_r:aoc_device:s0
/dev/acd-audio_dcdoff_ref u:object_r:aoc_device:s0
+/dev/acd-com.google.umfw_stat u:object_r:aoc_device:s0
/dev/acd-com.google.usf u:object_r:aoc_device:s0
/dev/acd-com.google.usf.non_wake_up u:object_r:aoc_device:s0
/dev/acd-logging u:object_r:aoc_device:s0
diff --git a/aoc/sepolicy/hal_audio_default.te b/aoc/sepolicy/hal_audio_default.te
index aa462bf..461875c 100644
--- a/aoc/sepolicy/hal_audio_default.te
+++ b/aoc/sepolicy/hal_audio_default.te
@@ -14,6 +14,8 @@
allow hal_audio_default hal_audio_ext_hwservice:hwservice_manager { find add };
+add_service(hal_audio_default, hal_audio_ext_service)
+
allow hal_audio_default amcs_device:file rw_file_perms;
allow hal_audio_default amcs_device:chr_file rw_file_perms;
allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
diff --git a/aoc/sepolicy/service.te b/aoc/sepolicy/service.te
new file mode 100644
index 0000000..052558c
--- /dev/null
+++ b/aoc/sepolicy/service.te
@@ -0,0 +1,2 @@
+# Audio
+type hal_audio_ext_service, service_manager_type;
diff --git a/aoc/sepolicy/service_contexts b/aoc/sepolicy/service_contexts
new file mode 100644
index 0000000..1b5f301
--- /dev/null
+++ b/aoc/sepolicy/service_contexts
@@ -0,0 +1,2 @@
+# Audio
+vendor.google.whitechapel.audio.extension.IAudioExtension/default u:object_r:hal_audio_ext_service:s0
diff --git a/display/Android.bp b/display/Android.bp
index 4ca3636..c3b346b 100644
--- a/display/Android.bp
+++ b/display/Android.bp
@@ -8,3 +8,20 @@
vendor: true,
sub_dir: "dump",
}
+
+cc_binary {
+ name: "dump_display",
+ srcs: ["dump_display.cpp"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libdump",
+ ],
+ vendor: true,
+ relative_install_path: "dump",
+}
+
diff --git a/display/dump.mk b/display/dump.mk
index a1519c3..2af14da 100644
--- a/display/dump.mk
+++ b/display/dump.mk
@@ -1,3 +1,4 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/display/sepolicy
PRODUCT_PACKAGES_DEBUG += dump_display_userdebug.sh
+PRODUCT_PACKAGES += dump_display
diff --git a/display/dump_display.cpp b/display/dump_display.cpp
new file mode 100644
index 0000000..d78a91a
--- /dev/null
+++ b/display/dump_display.cpp
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+#include <android-base/file.h>
+
+
+int main() {
+ setbuf(stdout, NULL);
+ dumpFileContent("DECON-0 counters /sys/class/drm/card0/device/decon0/counters", "/sys/class/drm/card0/device/decon0/counters");
+ dumpFileContent("CRTC-0 event log", "/sys/kernel/debug/dri/0/crtc-0/event");
+ runCommand("libdisplaycolor", "/vendor/bin/dumpsys displaycolor -v");
+ dumpFileContent("Primary panel name", "/sys/devices/platform/exynos-drm/primary-panel/panel_name");
+ dumpFileContent("Primary panel extra info", "/sys/devices/platform/exynos-drm/primary-panel/panel_extinfo");
+ return 0;
+}
+
diff --git a/display/sepolicy/dump_display.te b/display/sepolicy/dump_display.te
new file mode 100644
index 0000000..b8fd1b8
--- /dev/null
+++ b/display/sepolicy/dump_display.te
@@ -0,0 +1,14 @@
+pixel_bugreport(dump_display)
+
+allow dump_display sysfs_display:file r_file_perms;
+allow dump_display vendor_displaycolor_service:service_manager find;
+binder_call(dump_display, hal_graphics_composer_default)
+allow dump_display vendor_dumpsys:file execute_no_trans;
+allow dump_display vendor_shell_exec:file execute_no_trans;
+
+userdebug_or_eng(`
+ allow dump_display vendor_dri_debugfs:dir r_dir_perms;
+ allow dump_display vendor_dri_debugfs:file r_file_perms;
+')
+vndbinder_use(dump_display)
+
diff --git a/display/sepolicy/file.te b/display/sepolicy/file.te
index bc43f3a..e3f2382 100644
--- a/display/sepolicy/file.te
+++ b/display/sepolicy/file.te
@@ -1 +1,3 @@
type vendor_hwc_log_file, file_type, data_file_type;
+type vendor_dri_debugfs, fs_type, debugfs_type;
+
diff --git a/display/sepolicy/file_contexts b/display/sepolicy/file_contexts
index bd9bb34..66118d0 100644
--- a/display/sepolicy/file_contexts
+++ b/display/sepolicy/file_contexts
@@ -1,4 +1,5 @@
/vendor/bin/dump/dump_display_userdebug\.sh u:object_r:dump_display_userdebug_exec:s0
+/vendor/bin/dump/dump_display u:object_r:dump_display_exec:s0
/data/vendor/log/hwc(/.*)? u:object_r:vendor_hwc_log_file:s0
diff --git a/display/sepolicy/genfs_contexts b/display/sepolicy/genfs_contexts
new file mode 100644
index 0000000..9eaf5fb
--- /dev/null
+++ b/display/sepolicy/genfs_contexts
@@ -0,0 +1,3 @@
+
+genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0
+
diff --git a/display/sepolicy/hal_graphics_composer_default.te b/display/sepolicy/hal_graphics_composer_default.te
new file mode 100644
index 0000000..c644559
--- /dev/null
+++ b/display/sepolicy/hal_graphics_composer_default.te
@@ -0,0 +1,3 @@
+allow hal_graphics_composer_default dump_display:fifo_file { append write };
+allow hal_graphics_composer_default dump_display:fd use;
+
diff --git a/display/sepolicy/vndservice.te b/display/sepolicy/vndservice.te
new file mode 100644
index 0000000..5c3693b
--- /dev/null
+++ b/display/sepolicy/vndservice.te
@@ -0,0 +1,2 @@
+type vendor_displaycolor_service, vndservice_manager_type;
+
diff --git a/display/sepolicy/vndservice_contexts b/display/sepolicy/vndservice_contexts
new file mode 100644
index 0000000..9276f97
--- /dev/null
+++ b/display/sepolicy/vndservice_contexts
@@ -0,0 +1,2 @@
+displaycolor u:object_r:vendor_displaycolor_service:s0
+
diff --git a/mediacodec/common/mediacodec_common.mk b/mediacodec/common/mediacodec_common.mk
new file mode 100644
index 0000000..7f57785
--- /dev/null
+++ b/mediacodec/common/mediacodec_common.mk
@@ -0,0 +1,4 @@
+# mediacodec_common for all build configs and sepolicy shared among different Codec HAL
+# example 1: shared among multiple HALs on the same device
+# example 2: shared among different Hals on different devices
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/mediacodec/common/sepolicy
diff --git a/mediacodec/common/sepolicy/file.te b/mediacodec/common/sepolicy/file.te
new file mode 100644
index 0000000..921cc69
--- /dev/null
+++ b/mediacodec/common/sepolicy/file.te
@@ -0,0 +1 @@
+type vendor_media_data_file, file_type, data_file_type;
diff --git a/mediacodec/common/sepolicy/file_contexts b/mediacodec/common/sepolicy/file_contexts
new file mode 100644
index 0000000..e92274f
--- /dev/null
+++ b/mediacodec/common/sepolicy/file_contexts
@@ -0,0 +1 @@
+/data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0
diff --git a/mediacodec/common/sepolicy/vndservice.te b/mediacodec/common/sepolicy/vndservice.te
new file mode 100644
index 0000000..0784fe3
--- /dev/null
+++ b/mediacodec/common/sepolicy/vndservice.te
@@ -0,0 +1 @@
+type eco_service, vndservice_manager_type;
diff --git a/mediacodec/common/sepolicy/vndservice_contexts b/mediacodec/common/sepolicy/vndservice_contexts
new file mode 100644
index 0000000..87800a3
--- /dev/null
+++ b/mediacodec/common/sepolicy/vndservice_contexts
@@ -0,0 +1 @@
+media.ecoservice u:object_r:eco_service:s0
diff --git a/mediacodec/samsung/mediacodec_samsung.mk b/mediacodec/samsung/mediacodec_samsung.mk
new file mode 100644
index 0000000..96ffac4
--- /dev/null
+++ b/mediacodec/samsung/mediacodec_samsung.mk
@@ -0,0 +1,21 @@
+PRODUCT_SOONG_NAMESPACES += vendor/samsung_slsi/codec2
+
+PRODUCT_PACKAGES += \
+ samsung.hardware.media.c2@1.2-service \
+ codec2.vendor.base.policy \
+ codec2.vendor.ext.policy \
+ libExynosC2ComponentStore \
+ libExynosC2H264Dec \
+ libExynosC2H264Enc \
+ libExynosC2HevcDec \
+ libExynosC2HevcEnc \
+ libExynosC2Mpeg4Dec \
+ libExynosC2Mpeg4Enc \
+ libExynosC2H263Dec \
+ libExynosC2H263Enc \
+ libExynosC2Vp8Dec \
+ libExynosC2Vp8Enc \
+ libExynosC2Vp9Dec \
+ libExynosC2Vp9Enc
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/mediacodec/samsung/sepolicy
diff --git a/mediacodec/samsung/sepolicy/file.te b/mediacodec/samsung/sepolicy/file.te
new file mode 100644
index 0000000..99c3b66
--- /dev/null
+++ b/mediacodec/samsung/sepolicy/file.te
@@ -0,0 +1 @@
+type sysfs_mfc, sysfs_type, fs_type;
diff --git a/mediacodec/samsung/sepolicy/file_contexts b/mediacodec/samsung/sepolicy/file_contexts
new file mode 100644
index 0000000..6f4f29b
--- /dev/null
+++ b/mediacodec/samsung/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+# MFC
+/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.2-service u:object_r:mediacodec_samsung_exec:s0
diff --git a/mediacodec/samsung/sepolicy/genfs_contexts b/mediacodec/samsung/sepolicy/genfs_contexts
new file mode 100644
index 0000000..d44d760
--- /dev/null
+++ b/mediacodec/samsung/sepolicy/genfs_contexts
@@ -0,0 +1 @@
+genfscon sysfs /devices/platform/mfc/video4linux/video u:object_r:sysfs_mfc:s0
diff --git a/mediacodec/samsung/sepolicy/mediacodec_samsung.te b/mediacodec/samsung/sepolicy/mediacodec_samsung.te
new file mode 100644
index 0000000..efc83d7
--- /dev/null
+++ b/mediacodec/samsung/sepolicy/mediacodec_samsung.te
@@ -0,0 +1,37 @@
+type mediacodec_samsung, domain;
+type mediacodec_samsung_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(mediacodec_samsung)
+
+hal_server_domain(mediacodec_samsung, hal_codec2)
+add_service(mediacodec_samsung, eco_service)
+
+vndbinder_use(mediacodec_samsung)
+
+allow mediacodec_samsung video_device:chr_file rw_file_perms;
+allow mediacodec_samsung dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediacodec_samsung gpu_device:chr_file rw_file_perms;
+
+allow mediacodec_samsung sysfs_mfc:file r_file_perms;
+allow mediacodec_samsung sysfs_mfc:dir r_dir_perms;
+
+# can use graphics allocator
+hal_client_domain(mediacodec_samsung, hal_graphics_allocator)
+
+binder_call(mediacodec_samsung, hal_camera_default)
+
+crash_dump_fallback(mediacodec_samsung)
+
+# mediacodec_samsung should never execute any executable without a domain transition
+neverallow mediacodec_samsung { file_type fs_type }:file execute_no_trans;
+
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediacodec_samsung domain:{ udp_socket rawip_socket } *;
+neverallow mediacodec_samsung { domain userdebug_or_eng(`-su') }:tcp_socket *;
+
+userdebug_or_eng(`
+ allow mediacodec_samsung vendor_media_data_file:dir rw_dir_perms;
+ allow mediacodec_samsung vendor_media_data_file:file create_file_perms;
+')
diff --git a/modem/Android.bp b/modem/Android.bp
index 0376ca6..2bf023c 100644
--- a/modem/Android.bp
+++ b/modem/Android.bp
@@ -8,3 +8,19 @@
vendor: true,
sub_dir: "dump",
}
+
+cc_binary {
+ name: "dump_modemlog",
+ srcs: ["dump_modemlog.cpp"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libdump",
+ ],
+ vendor: true,
+ relative_install_path: "dump",
+}
+
diff --git a/modem/dump_modemlog.cpp b/modem/dump_modemlog.cpp
new file mode 100644
index 0000000..216cffe
--- /dev/null
+++ b/modem/dump_modemlog.cpp
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+
+int main() {
+ dumpLogs("/data/vendor/radio/extended_logs", "/data/vendor/radio/logs/always-on/all_logs", 20, "extended_log_");
+ copyFile("/mnt/vendor/efs/nv_normal.bin", "/data/vendor/radio/logs/always-on/all_logs/nv_normal.bin");
+ copyFile("/mnt/vendor/efs/nv_protected.bin", "/data/vendor/radio/logs/always-on/all_logs/nv_protected.bin");
+ return 0;
+}
diff --git a/modem/modem.mk b/modem/modem.mk
index fe4633d..9cde048 100644
--- a/modem/modem.mk
+++ b/modem/modem.mk
@@ -1,3 +1,5 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/sepolicy
PRODUCT_PACKAGES += dump_modem.sh
+PRODUCT_PACKAGES_DEBUG += dump_modemlog
+
diff --git a/modem/sepolicy/dump_modemlog.te b/modem/sepolicy/dump_modemlog.te
new file mode 100644
index 0000000..c49bd5e
--- /dev/null
+++ b/modem/sepolicy/dump_modemlog.te
@@ -0,0 +1,9 @@
+pixel_bugreport(dump_modemlog)
+
+userdebug_or_eng(`
+ allow dump_modemlog mnt_vendor_file:dir search;
+ allow dump_modemlog modem_efs_file:dir search;
+ allow dump_modemlog modem_efs_file:file r_file_perms;
+ allow dump_modemlog radio_vendor_data_file:dir create_dir_perms;
+ allow dump_modemlog radio_vendor_data_file:file create_file_perms;
+')
diff --git a/modem/sepolicy/file_contexts b/modem/sepolicy/file_contexts
index d7f6be5..29315e9 100644
--- a/modem/sepolicy/file_contexts
+++ b/modem/sepolicy/file_contexts
@@ -1 +1,3 @@
/vendor/bin/dump/dump_modem\.sh u:object_r:dump_modem_exec:s0
+/vendor/bin/dump/dump_modemlog u:object_r:dump_modemlog_exec:s0
+