Merge "Remove obsolete relfector HAL policy." into main
diff --git a/MK_OWNERS b/MK_OWNERS
new file mode 100644
index 0000000..67af9f7
--- /dev/null
+++ b/MK_OWNERS
@@ -0,0 +1,20 @@
+# NOTE: CHANGE THIS FILE WITH CAUTIOUS
+# - this file is referenced by other OWNERS file, e.g. device/google/*/OWNERS
+# - changing this file might break the function, check go/gerrit-code-owners-syntax first
+#
+# Makefile Review Guide for OWNERS: go/pixel-device-mk-owner-checklist
+
+aaronding@google.com
+rurumihong@google.com
+adamshih@google.com
+wilsonsung@google.com
+cyanhsieh@google.com
+cyuanjen@google.com
+robinpeng@google.com
+achant@google.com
+etam@google.com
+pattjin@google.com
+bkhalife@google.com
+lokeshgoel@google.com
+jainne@google.com
+pscovanner@google.com
diff --git a/OWNERS b/OWNERS
index 262b161..b715f13 100644
--- a/OWNERS
+++ b/OWNERS
@@ -2,5 +2,4 @@
per-file *.te,*_contexts,te_macros,global_macros=set noparent
per-file *.te,*_contexts,te_macros,global_macros=file:/sepolicy/OWNERS
per-file *.mk=set noparent
-per-file *.mk=aaronding@google.com,rurumihong@google.com,adamshih@google.com,wilsonsung@google.com,cyanhsieh@google.com,cyuanjen@google.com,robinpeng@google.com,achant@google.com,etam@google.com,pattjin@google.com,bkhalife@google.com,lokeshgoel@google.com,jainne@google.com,pscovanner@google.com
-
+per-file *.mk=file:MK_OWNERS
diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts
index ed8a6d6..73293f7 100644
--- a/aoc/sepolicy/file_contexts
+++ b/aoc/sepolicy/file_contexts
@@ -31,6 +31,9 @@
/dev/acd-aocx_inject[0-9]* u:object_r:aoc_device:s0
/dev/acd-aocx_tapout[0-9]* u:object_r:aoc_device:s0
/dev/acd-mc_headpos u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_ctl u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_tx u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_rx u:object_r:aoc_device:s0
# AoC vendor binaries
/vendor/bin/aocd u:object_r:aocd_exec:s0
diff --git a/aoc/sepolicy/service.te b/aoc/sepolicy/service.te
new file mode 100644
index 0000000..502b28d
--- /dev/null
+++ b/aoc/sepolicy/service.te
@@ -0,0 +1 @@
+type aocx, service_manager_type;
diff --git a/aoc/sepolicy/vndservice_contexts b/aoc/sepolicy/service_contexts
similarity index 100%
rename from aoc/sepolicy/vndservice_contexts
rename to aoc/sepolicy/service_contexts
diff --git a/aoc/sepolicy/vndservice.te b/aoc/sepolicy/vndservice.te
deleted file mode 100644
index 01c2436..0000000
--- a/aoc/sepolicy/vndservice.te
+++ /dev/null
@@ -1 +0,0 @@
-type aocx, vndservice_manager_type;
diff --git a/audio/sepolicy/common/property.te b/audio/sepolicy/common/property.te
index e2ffcd1..2287b84 100644
--- a/audio/sepolicy/common/property.te
+++ b/audio/sepolicy/common/property.te
@@ -1,2 +1,5 @@
# Audio
vendor_internal_prop(vendor_audio_prop)
+
+# The property for Audio App
+vendor_restricted_prop(vendor_audio_prop_restricted)
diff --git a/audio/sepolicy/common/property_contexts b/audio/sepolicy/common/property_contexts
index 1749ac8..96e678c 100644
--- a/audio/sepolicy/common/property_contexts
+++ b/audio/sepolicy/common/property_contexts
@@ -9,3 +9,6 @@
vendor.audiodump.log.cca.updated u:object_r:vendor_audio_prop:s0
vendor.audiodump.cca.config u:object_r:vendor_audio_prop:s0
vendor.audio_hal.aidl.enable u:object_r:vendor_audio_prop:s0
+
+# for audio app
+persist.vendor.app.audio. u:object_r:vendor_audio_prop_restricted:s0
diff --git a/audio/sepolicy/common/vendor_init.te b/audio/sepolicy/common/vendor_init.te
index 26f3fa8..1562d45 100644
--- a/audio/sepolicy/common/vendor_init.te
+++ b/audio/sepolicy/common/vendor_init.te
@@ -1,2 +1,5 @@
# Audio property
set_prop(vendor_init, vendor_audio_prop)
+
+# Audio App property
+set_prop(vendor_init, vendor_audio_prop_restricted)
diff --git a/bcmbt/bluetooth.mk b/bcmbt/bluetooth.mk
index af4cf99..18c066b 100644
--- a/bcmbt/bluetooth.mk
+++ b/bcmbt/bluetooth.mk
@@ -11,6 +11,7 @@
BOARD_SEPOLICY_DIRS += device/google/gs-common/bcmbt/sepolicy
+BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
DEVICE_MANIFEST_FILE += device/google/gs-common/bcmbt/manifest_bluetooth.xml
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/bcmbt/compatibility_matrix.xml
diff --git a/betterbug/betterbug.mk b/betterbug/betterbug.mk
index f3ae647..906933d 100644
--- a/betterbug/betterbug.mk
+++ b/betterbug/betterbug.mk
@@ -1,5 +1,8 @@
-PRODUCT_PACKAGES += BetterBugStub
-PRODUCT_PACKAGES_DEBUG += BetterBug
+# When neither AOSP nor factory targets
+ifeq (,$(filter aosp_% factory_%, $(TARGET_PRODUCT)))
+ PRODUCT_PACKAGES += BetterBugStub
+ PRODUCT_PACKAGES_DEBUG += BetterBug
+endif
PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/public
PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/private
diff --git a/camera/Android.bp b/camera/Android.bp
index d615e6a..e845678 100644
--- a/camera/Android.bp
+++ b/camera/Android.bp
@@ -12,8 +12,8 @@
],
shared_libs: [
"libbase",
- "libdump",
- "liblog",
+ "libdump",
+ "liblog",
],
vendor: true,
relative_install_path: "dump",
@@ -26,3 +26,11 @@
src: "vendor.android.hardware.camera.preview-dis.xml",
sub_dir: "permissions",
}
+
+prebuilt_etc {
+ name: "concurrent_foldable_dual_front_xml",
+ vendor: true,
+ filename: "com.google.pixel.camera.concurrent_foldable_dual_front.xml",
+ src: "com.google.pixel.camera.concurrent_foldable_dual_front.xml",
+ sub_dir: "permissions",
+}
diff --git a/camera/com.google.pixel.camera.concurrent_foldable_dual_front.xml b/camera/com.google.pixel.camera.concurrent_foldable_dual_front.xml
new file mode 100644
index 0000000..e2dda0e
--- /dev/null
+++ b/camera/com.google.pixel.camera.concurrent_foldable_dual_front.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!-- The feature on Pixel devices which supports concurrent foldable
+ dual front streaming -->
+<permissions>
+ <feature name="com.google.pixel.camera.concurrent_foldable_dual_front" />
+</permissions>
diff --git a/edgetpu/sepolicy/file_contexts b/edgetpu/sepolicy/file_contexts
index 06f0a89..6190fcf 100644
--- a/edgetpu/sepolicy/file_contexts
+++ b/edgetpu/sepolicy/file_contexts
@@ -17,6 +17,8 @@
# EdgeTPU runtime libraries
/vendor/lib64/com\.google\.edgetpu_app_service-V[1-4]-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
+# EdgeTPU Tachyon libraries
+/vendor/lib64/libedgetpu_tachyon\.google\.so u:object_r:same_process_hal_file:s0
# EdgeTPU data files
/data/vendor/hal_neuralnetworks_darwinn(/.*)? u:object_r:hal_neuralnetworks_darwinn_data_file:s0
@@ -27,3 +29,6 @@
# Tachyon service
/vendor/bin/hw/com\.google\.edgetpu.tachyon-service u:object_r:edgetpu_tachyon_server_exec:s0
+
+# libfmq.so is dynamically loaded by the Tachyon client-side library libedgetpu_tachyon.google.so
+/vendor/lib64/libfmq\.so u:object_r:same_process_hal_file:s0
diff --git a/edgetpu/sepolicy/hal_audio_default.te b/edgetpu/sepolicy/hal_audio_default.te
index 523770c..4d58e0b 100644
--- a/edgetpu/sepolicy/hal_audio_default.te
+++ b/edgetpu/sepolicy/hal_audio_default.te
@@ -12,7 +12,19 @@
# Allow audio HAL to read tflite Darwinn delegate properties
get_prop(hal_audio_default, vendor_tflite_delegate_prop)
+
+# Allow audio HAL to read DarwiNN runtime properties
get_prop(hal_audio_default, vendor_edgetpu_runtime_prop)
+# Allow audio HAL to read hetero runtime properties
+get_prop(hal_audio_default, vendor_hetero_runtime_prop)
+
# Allow DMA Buf access.
allow hal_audio_default dmabuf_system_heap_device:chr_file r_file_perms;
+
+# Allow audio HAL to connect to the stats service for logging EdgeTpu metrics.
+allow hal_audio_default fwk_stats_service:service_manager find;
+
+# Allow audio HAL to send EdgeTpu trace packets to Perfetto.
+# Enable for prod devices, see: go/darwinn-perfetto-critical-events
+perfetto_producer(hal_audio_default)
diff --git a/edgetpu/sepolicy/priv_app.te b/edgetpu/sepolicy/priv_app.te
index a9b49c3..579cc61 100644
--- a/edgetpu/sepolicy/priv_app.te
+++ b/edgetpu/sepolicy/priv_app.te
@@ -7,3 +7,6 @@
# Allows privileged applications to access the EdgeTPU device, except open,
# which is guarded by the EdgeTPU service.
allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+# Allows EdgeTPU Tachyon service to call the app.
+binder_call(edgetpu_tachyon_server, priv_app);
diff --git a/edgetpu/sepolicy/untrusted_app_all.te b/edgetpu/sepolicy/untrusted_app_all.te
index 9abec61..3c92900 100644
--- a/edgetpu/sepolicy/untrusted_app_all.te
+++ b/edgetpu/sepolicy/untrusted_app_all.te
@@ -5,3 +5,5 @@
# by the EdgeTPU service.
allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };
+# Allows EdgeTPU Tachyon service to call the app.
+binder_call(edgetpu_tachyon_server, untrusted_app_all);
diff --git a/gear/dumpstate_v3/Android.bp b/gear/dumpstate_v3/Android.bp
new file mode 100644
index 0000000..d1ab29c
--- /dev/null
+++ b/gear/dumpstate_v3/Android.bp
@@ -0,0 +1,29 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+ name: "android.hardware.dumpstate.3-service",
+ srcs: [
+ "Dumpstate.cpp",
+ "service.cpp",
+ ],
+ init_rc: ["android.hardware.dumpstate.3-service.rc"],
+ vintf_fragments: ["android.hardware.dumpstate.3-service.xml"],
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libbinder_ndk",
+ "libcutils",
+ "libdumpstateutil",
+ "liblog",
+ "libutils",
+ "libdump",
+ "android.hardware.dumpstate-V1-ndk",
+ ],
+ vendor: true,
+ relative_install_path: "hw",
+}
diff --git a/gear/dumpstate_v3/Dumpstate.cpp b/gear/dumpstate_v3/Dumpstate.cpp
new file mode 100644
index 0000000..31df2c7
--- /dev/null
+++ b/gear/dumpstate_v3/Dumpstate.cpp
@@ -0,0 +1,230 @@
+/*
+ * Copyright 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "dumpstate_device"
+#define ATRACE_TAG ATRACE_TAG_ALWAYS
+
+#include <inttypes.h>
+
+#include <android-base/file.h>
+#include <android-base/stringprintf.h>
+#include <android-base/properties.h>
+#include <android-base/unique_fd.h>
+#include <cutils/trace.h>
+#include <log/log.h>
+#include <sys/stat.h>
+#include <dump/pixel_dump.h>
+#include "Dumpstate.h"
+
+#include "DumpstateUtil.h"
+
+#define HW_REVISION "ro.boot.hardware.revision"
+
+using android::os::dumpstate::CommandOptions;
+using android::os::dumpstate::DumpFileToFd;
+using android::os::dumpstate::PropertiesHelper;
+using android::os::dumpstate::RunCommandToFd;
+
+namespace aidl {
+namespace android {
+namespace hardware {
+namespace dumpstate {
+
+typedef std::chrono::time_point<std::chrono::steady_clock> timepoint_t;
+
+const char kVerboseLoggingProperty[] = "persist.vendor.verbose_logging_enabled";
+
+timepoint_t startSection(int fd, const std::string §ionName) {
+ ATRACE_BEGIN(sectionName.c_str());
+ ::android::base::WriteStringToFd(
+ "\n"
+ "------ Section start: " + sectionName + " ------\n"
+ "\n", fd);
+ return std::chrono::steady_clock::now();
+}
+
+void endSection(int fd, const std::string §ionName, timepoint_t startTime) {
+ ATRACE_END();
+ auto endTime = std::chrono::steady_clock::now();
+ auto elapsedMsec = std::chrono::duration_cast<std::chrono::milliseconds>
+ (endTime - startTime).count();
+
+ ::android::base::WriteStringToFd(
+ "\n"
+ "------ Section end: " + sectionName + " ------\n"
+ "Elapsed msec: " + std::to_string(elapsedMsec) + "\n"
+ "\n", fd);
+}
+
+// Dump data requested by an argument to the "dump" interface, or help info
+// if the specified section is not supported.
+void Dumpstate::dumpTextSection(int fd, const std::string §ionName) {
+ bool dumpAll = (sectionName == kAllSections);
+ std::string dumpFiles;
+ struct dirent **dirent_list = NULL;
+ int num_entries = scandir("/vendor/bin/dump", &dirent_list, 0, (int (*)(const struct dirent **, const struct dirent **)) alphasort);
+ if (!dirent_list) {
+ ALOGE("Unable to scan dir: /vendor/bin/dump\n");
+ return;
+ } else if (num_entries <= 0) {
+ ALOGE("No file is found.\n");
+ return;
+ }
+ // Execute all or designated programs under vendor/bin/dump/
+ for (int i = 0; i < num_entries; i++) {
+ if (dirent_list[i]->d_name[0] == '.') {
+ continue;
+ }
+ std::string bin(dirent_list[i]->d_name);
+ dumpFiles = dumpFiles + " " + bin;
+ if (dumpAll || sectionName == bin) {
+ auto startTime = startSection(fd, bin);
+ RunCommandToFd(fd, "/vendor/bin/dump/"+bin, {"/vendor/bin/dump/"+bin}, CommandOptions::WithTimeout(15).Build());
+ endSection(fd, bin, startTime);
+ if (!dumpAll) {
+ return;
+ }
+ }
+ }
+
+ if (dumpAll) {
+ RunCommandToFd(fd, "VENDOR PROPERTIES", {"/vendor/bin/getprop"});
+ return;
+ }
+
+ // An unsupported section was requested on the command line
+ ::android::base::WriteStringToFd("Unrecognized text section: " + sectionName + "\n", fd);
+ ::android::base::WriteStringToFd("Try \"" + kAllSections + "\" or one of the following:", fd);
+ ::android::base::WriteStringToFd(dumpFiles, fd);
+ ::android::base::WriteStringToFd("\nNote: sections with attachments (e.g. dump_soc) are"
+ "not available from the command line.\n", fd);
+ while (num_entries--) {
+ free(dirent_list[num_entries]);
+ }
+ free(dirent_list);
+}
+
+void Dumpstate::dumpLogSection(int fd, int fd_bin)
+{
+ std::string logDir = MODEM_LOG_DIRECTORY;
+ const std::string logCombined = logDir + "/combined_logs.tar";
+ const std::string logAllDir = logDir + "/all_logs";
+
+ RunCommandToFd(fd, "MKDIR LOG", {"/vendor/bin/mkdir", "-p", logAllDir.c_str()}, CommandOptions::WithTimeout(2).Build());
+
+ dumpTextSection(fd, kAllSections);
+
+ RunCommandToFd(fd, "TAR LOG", {"/vendor/bin/tar", "cvf", logCombined.c_str(), "-C", logAllDir.c_str(), "."}, CommandOptions::WithTimeout(20).Build());
+ RunCommandToFd(fd, "CHG PERM", {"/vendor/bin/chmod", "a+w", logCombined.c_str()}, CommandOptions::WithTimeout(2).Build());
+
+ std::vector<uint8_t> buffer(65536);
+ ::android::base::unique_fd fdLog(TEMP_FAILURE_RETRY(open(logCombined.c_str(), O_RDONLY | O_CLOEXEC | O_NONBLOCK)));
+
+ if (fdLog >= 0) {
+ while (1) {
+ ssize_t bytes_read = TEMP_FAILURE_RETRY(read(fdLog, buffer.data(), buffer.size()));
+
+ if (bytes_read == 0) {
+ break;
+ } else if (bytes_read < 0) {
+ ALOGD("read(%s): %s\n", logCombined.c_str(), strerror(errno));
+ break;
+ }
+
+ ssize_t result = TEMP_FAILURE_RETRY(write(fd_bin, buffer.data(), bytes_read));
+
+ if (result != bytes_read) {
+ ALOGD("Failed to write %zd bytes, actually written: %zd", bytes_read, result);
+ break;
+ }
+ }
+ }
+
+ RunCommandToFd(fd, "RM LOG DIR", { "/vendor/bin/rm", "-r", logAllDir.c_str()}, CommandOptions::WithTimeout(2).Build());
+ RunCommandToFd(fd, "RM LOG", { "/vendor/bin/rm", logCombined.c_str()}, CommandOptions::WithTimeout(2).Build());
+}
+
+ndk::ScopedAStatus Dumpstate::dumpstateBoard(const std::vector<::ndk::ScopedFileDescriptor>& in_fds,
+ IDumpstateDevice::DumpstateMode in_mode,
+ int64_t in_timeoutMillis) {
+ ATRACE_BEGIN("dumpstateBoard");
+ // Unused arguments.
+ (void) in_timeoutMillis;
+
+ if (in_mode < IDumpstateDevice::DumpstateMode::FULL || in_mode > IDumpstateDevice::DumpstateMode::PROTO) {
+ ALOGE("Invalid mode: %d\n", in_mode);
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT, "Invalid mode");
+ }
+
+ if (in_fds.size() < 1) {
+ ALOGE("no FDs\n");
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
+ "No file descriptor");
+ }
+
+ int fd = in_fds[0].get();
+ if (fd < 0) {
+ ALOGE("invalid FD: %d\n", fd);
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
+ "Invalid file descriptor");
+ }
+
+ if (in_fds.size() < 2) {
+ ALOGE("no FD for dumpstate_board binary\n");
+ dumpTextSection(fd, "");
+ } else {
+ int fd_bin = in_fds[1].get();
+ dumpLogSection(fd, fd_bin);
+ }
+
+ ATRACE_END();
+ return ndk::ScopedAStatus::ok();
+}
+
+ndk::ScopedAStatus Dumpstate::setVerboseLoggingEnabled(bool in_enable) {
+ ::android::base::SetProperty(kVerboseLoggingProperty, in_enable ? "true" : "false");
+ return ndk::ScopedAStatus::ok();
+}
+
+ndk::ScopedAStatus Dumpstate::getVerboseLoggingEnabled(bool* _aidl_return) {
+ *_aidl_return = ::android::base::GetBoolProperty(kVerboseLoggingProperty, false);
+ return ndk::ScopedAStatus::ok();
+}
+
+// Since AIDLs that support the dump() interface are automatically invoked during
+// bugreport generation and we don't want to generate a second copy of the same
+// data that will go into dumpstate_board.txt, this function will only do
+// something if it is called with an option, e.g.
+// dumpsys android.hardware.dumpstate.IDumpstateDevice/default all
+//
+// Also, note that sections which generate attachments and/or binary data when
+// included in a bugreport are not available through the dump() interface.
+binder_status_t Dumpstate::dump(int fd, const char** args, uint32_t numArgs) {
+
+ if (numArgs != 1) {
+ return STATUS_OK;
+ }
+
+ dumpTextSection(fd, static_cast<std::string>(args[0]));
+
+ fsync(fd);
+ return STATUS_OK;
+}
+
+} // namespace dumpstate
+} // namespace hardware
+} // namespace android
+} // namespace aidl
diff --git a/gear/dumpstate_v3/Dumpstate.h b/gear/dumpstate_v3/Dumpstate.h
new file mode 100644
index 0000000..787b774
--- /dev/null
+++ b/gear/dumpstate_v3/Dumpstate.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/dumpstate/BnDumpstateDevice.h>
+#include <aidl/android/hardware/dumpstate/IDumpstateDevice.h>
+#include <android/binder_status.h>
+
+namespace aidl {
+namespace android {
+namespace hardware {
+namespace dumpstate {
+
+class Dumpstate : public BnDumpstateDevice {
+ public:
+ ::ndk::ScopedAStatus dumpstateBoard(const std::vector<::ndk::ScopedFileDescriptor>& in_fds,
+ IDumpstateDevice::DumpstateMode in_mode,
+ int64_t in_timeoutMillis) override;
+
+ ::ndk::ScopedAStatus getVerboseLoggingEnabled(bool* _aidl_return) override;
+
+ ::ndk::ScopedAStatus setVerboseLoggingEnabled(bool in_enable) override;
+
+ binder_status_t dump(int fd, const char** args, uint32_t numArgs) override;
+
+ private:
+ const std::string kAllSections = "all";
+
+ void dumpTextSection(int fd, std::string const& sectionName);
+ void dumpLogSection(int fd, int fdModem);
+
+ //bool getVerboseLoggingEnabledImpl();
+ //::ndk::ScopedAStatus dumpstateBoardImpl(const int fd, const bool full);
+};
+
+} // namespace dumpstate
+} // namespace hardware
+} // namespace android
+} // namespace aidl
diff --git a/gear/dumpstate_v3/aidl.mk b/gear/dumpstate_v3/aidl.mk
new file mode 100644
index 0000000..bcecb78
--- /dev/null
+++ b/gear/dumpstate_v3/aidl.mk
@@ -0,0 +1,4 @@
+PRODUCT_SOONG_NAMESPACES += device/google/gs-common/gear/dumpstate_v3
+PRODUCT_PACKAGES += android.hardware.dumpstate.3-service
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gear/dumpstate_v3/sepolicy
+
diff --git a/gear/dumpstate_v3/android.hardware.dumpstate.3-service.rc b/gear/dumpstate_v3/android.hardware.dumpstate.3-service.rc
new file mode 100644
index 0000000..0a80e0c
--- /dev/null
+++ b/gear/dumpstate_v3/android.hardware.dumpstate.3-service.rc
@@ -0,0 +1,5 @@
+service vendor.dumpstate-default /vendor/bin/hw/android.hardware.dumpstate.3-service
+ class hal
+ user system
+ group system shell
+ interface aidl android.hardware.dumpstate.IDumpstateDevice/default
diff --git a/gear/dumpstate_v3/android.hardware.dumpstate.3-service.xml b/gear/dumpstate_v3/android.hardware.dumpstate.3-service.xml
new file mode 100644
index 0000000..5e51b28
--- /dev/null
+++ b/gear/dumpstate_v3/android.hardware.dumpstate.3-service.xml
@@ -0,0 +1,9 @@
+<manifest version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.hardware.dumpstate</name>
+ <interface>
+ <name>IDumpstateDevice</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</manifest>
diff --git a/gear/dumpstate_v3/sepolicy/file.te b/gear/dumpstate_v3/sepolicy/file.te
new file mode 100644
index 0000000..1777353
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/file.te
@@ -0,0 +1,6 @@
+# dumpstate packing directory
+type radio_vendor_data_file, file_type, data_file_type;
+userdebug_or_eng(`
+ typeattribute radio_vendor_data_file mlstrustedobject;
+')
+
diff --git a/gear/dumpstate_v3/sepolicy/file_contexts b/gear/dumpstate_v3/sepolicy/file_contexts
new file mode 100644
index 0000000..da10e76
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/file_contexts
@@ -0,0 +1,5 @@
+# generic dumpstate for pixel
+/vendor/bin/hw/android\.hardware\.dumpstate\.3-service u:object_r:hal_dumpstate_default_exec:s0
+
+/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
+
diff --git a/gear/dumpstate_v3/sepolicy/hal_dumpstate_default.te b/gear/dumpstate_v3/sepolicy/hal_dumpstate_default.te
new file mode 100644
index 0000000..06ebb75
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/hal_dumpstate_default.te
@@ -0,0 +1,7 @@
+# required permission to use tar to pack dumpsate_board.bin
+allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
+allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
+allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
+allow hal_dumpstate_default shell_data_file:file getattr;
+set_prop(hal_dumpstate_default, vendor_logger_prop)
+
diff --git a/gear/dumpstate_v3/sepolicy/property.te b/gear/dumpstate_v3/sepolicy/property.te
new file mode 100644
index 0000000..c6f5a4f
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/property.te
@@ -0,0 +1,3 @@
+# verbose property
+vendor_internal_prop(vendor_logger_prop)
+
diff --git a/gear/dumpstate_v3/sepolicy/property_contexts b/gear/dumpstate_v3/sepolicy/property_contexts
new file mode 100644
index 0000000..5ead16f
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/property_contexts
@@ -0,0 +1,3 @@
+# verbose property name
+persist.vendor.verbose_logging_enabled u:object_r:vendor_logger_prop:s0
+
diff --git a/gear/dumpstate_v3/service.cpp b/gear/dumpstate_v3/service.cpp
new file mode 100644
index 0000000..53dc8ac
--- /dev/null
+++ b/gear/dumpstate_v3/service.cpp
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#define LOG_TAG "android.hardware.dumpstate.3-service"
+
+#include "Dumpstate.h"
+
+#include <android-base/logging.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+
+using aidl::android::hardware::dumpstate::Dumpstate;
+
+int main() {
+ ABinderProcess_setThreadPoolMaxThreadCount(0);
+ std::shared_ptr<Dumpstate> dumpstate = ndk::SharedRefBase::make<Dumpstate>();
+
+ const std::string instance = std::string() + Dumpstate::descriptor + "/default";
+ binder_status_t status =
+ AServiceManager_addService(dumpstate->asBinder().get(), instance.c_str());
+ CHECK_EQ(status, STATUS_OK);
+
+ ABinderProcess_joinThreadPool();
+ return EXIT_FAILURE; // Unreachable
+}
diff --git a/gps/lsi/sepolicy/device.te b/gps/lsi/sepolicy/device.te
new file mode 100644
index 0000000..15d049f
--- /dev/null
+++ b/gps/lsi/sepolicy/device.te
@@ -0,0 +1 @@
+type vendor_gnss_device, dev_type;
diff --git a/gps/lsi/sepolicy/file.te b/gps/lsi/sepolicy/file.te
index af9582b..246700a 100644
--- a/gps/lsi/sepolicy/file.te
+++ b/gps/lsi/sepolicy/file.te
@@ -1 +1,5 @@
type vendor_gps_file, file_type, data_file_type;
+type sysfs_gps, sysfs_type, fs_type;
+userdebug_or_eng(`
+ typeattribute vendor_gps_file mlstrustedobject;
+')
diff --git a/gps/lsi/sepolicy/file_contexts b/gps/lsi/sepolicy/file_contexts
index 9840eab..e6af3b1 100644
--- a/gps/lsi/sepolicy/file_contexts
+++ b/gps/lsi/sepolicy/file_contexts
@@ -7,6 +7,4 @@
/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
/vendor/bin/hw/spad u:object_r:spad_exec:s0
/vendor/bin/hw/android.hardware.gnss-service u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
-# keep only one rule and use eGNSS one
-# /data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
+/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
diff --git a/gps/lsi/sepolicy/property.te b/gps/lsi/sepolicy/property.te
new file mode 100644
index 0000000..6b62560
--- /dev/null
+++ b/gps/lsi/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_gps_prop)
diff --git a/gps/lsi/sepolicy/property_contexts b/gps/lsi/sepolicy/property_contexts
new file mode 100644
index 0000000..4546116
--- /dev/null
+++ b/gps/lsi/sepolicy/property_contexts
@@ -0,0 +1,2 @@
+vendor.gps. u:object_r:vendor_gps_prop:s0
+persist.vendor.gps. u:object_r:vendor_gps_prop:s0
diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te
index 512ecc9..ecdfcd3 100644
--- a/gps/pixel/sepolicy/hal_gnss_pixel.te
+++ b/gps/pixel/sepolicy/hal_gnss_pixel.te
@@ -12,3 +12,14 @@
#Toggle coredump node
allow hal_gnss_pixel sysfs_gps:file rw_file_perms;
+
+# Allow access to CHRE multiclient HAL.
+get_prop(hal_gnss_pixel, vendor_chre_hal_prop)
+
+# Allow binder to CHRE.
+binder_call(hal_gnss_pixel, hal_contexthub_default)
+allow hal_gnss_pixel hal_contexthub_service:service_manager find;
+
+# Allow connect to gnss service
+allow hal_gnss_pixel vendor_gps_file:dir create_dir_perms;
+allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;
\ No newline at end of file
diff --git a/gxp/dump_gxp.cpp b/gxp/dump_gxp.cpp
index 518a44a..5d9f28a 100644
--- a/gxp/dump_gxp.cpp
+++ b/gxp/dump_gxp.cpp
@@ -17,7 +17,7 @@
#include <android-base/properties.h>
#include <android-base/file.h>
-#define maxGxpDebugDumps 3
+#define maxGxpDebugDumps 4
int main() {
/* TODO(b/277094681): Set default value to false around device beta milestone. */
diff --git a/gyotaku_app/fingerprint/gyotaku_app.te b/gyotaku_app/fingerprint/gyotaku_app.te
new file mode 100644
index 0000000..f6475f5
--- /dev/null
+++ b/gyotaku_app/fingerprint/gyotaku_app.te
@@ -0,0 +1,19 @@
+# Specific build for fingerprint
+type gyotaku_app, domain;
+
+app_domain(gyotaku_app)
+net_domain(gyotaku_app)
+
+# For Gyotaku app common use
+allow gyotaku_app app_api_service:service_manager find;
+allow gyotaku_app privapp_data_file:lnk_file read;
+allow gyotaku_app system_app_data_file:dir create_dir_perms;
+allow gyotaku_app system_app_data_file:file create_file_perms;
+
+# For getproperty isDebuggable use
+get_prop(gyotaku_app, userdebug_or_eng_prop)
+
+# For access /data/vendor/misc fingerprint use.
+allow gyotaku_app vendor_misc_data_file:dir search;
+allow gyotaku_app vendor_fingerprint_data_file:dir r_dir_perms;
+allow gyotaku_app vendor_fingerprint_data_file:file r_file_perms;
diff --git a/gyotaku_app/fingerprint/seapp_contexts b/gyotaku_app/fingerprint/seapp_contexts
new file mode 100644
index 0000000..b1c6248
--- /dev/null
+++ b/gyotaku_app/fingerprint/seapp_contexts
@@ -0,0 +1,2 @@
+# Gyotaku app
+user=system seinfo=platform name=com.google.android.apps.internal.gyotaku domain=gyotaku_app type=system_app_data_file levelFrom=all
diff --git a/gyotaku_app/gyotaku_fingerprint.mk b/gyotaku_app/gyotaku_fingerprint.mk
new file mode 100644
index 0000000..051b88e
--- /dev/null
+++ b/gyotaku_app/gyotaku_fingerprint.mk
@@ -0,0 +1,5 @@
+# Specific build for fingerprint
+PRODUCT_PACKAGES_DEBUG += \
+ Gyotaku
+
+BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/fingerprint
diff --git a/insmod/4k/insmod.sh b/insmod/4k/insmod.sh
old mode 100644
new mode 100755
diff --git a/insmod/insmod.sh b/insmod/insmod.sh
deleted file mode 100755
index 8cac37e..0000000
--- a/insmod/insmod.sh
+++ /dev/null
@@ -1,102 +0,0 @@
-#!/vendor/bin/sh
-
-#############################################################
-### init.insmod.cfg format: ###
-### ----------------------------------------------------- ###
-### [insmod|setprop|enable/moprobe|wait] [path|prop name] ###
-### ... ###
-#############################################################
-
-modules_dir=
-system_modules_dir=
-vendor_modules_dir=
-
-for dir in system vendor; do
- for f in /${dir}/lib/modules/*/modules.dep /${dir}/lib/modules/modules.dep; do
- if [[ -f "$f" ]]; then
- if [[ "${dir}" == "system" ]]; then
- system_modules_dir="$(dirname "$f")"
- else
- vendor_modules_dir="$(dirname "$f")"
- modules_dir=${vendor_modules_dir}
- fi
- break
- fi
- done
-done
-
-if [[ -z "${system_modules_dir}" ]]; then
- echo "Unable to locate system kernel modules directory" 2>&1
-fi
-
-if [[ -z "${vendor_modules_dir}" ]]; then
- echo "Unable to locate vendor kernel modules directory" 2>&1
- exit 1
-fi
-
-# imitates wait_for_file() in init
-wait_for_file()
-{
- filename="${1}"
- timeout="${2:-5}"
-
- expiry=$(($(date "+%s")+timeout))
- while [[ ! -e "${filename}" ]] && [[ "$(date "+%s")" -le "${expiry}" ]]
- do
- sleep 0.01
- done
-}
-
-if [ $# -eq 1 ]; then
- cfg_file=$1
-else
- # Set property even if there is no insmod config
- # to unblock early-boot trigger
- setprop vendor.common.modules.ready
- setprop vendor.device.modules.ready
- setprop vendor.all.modules.ready
- setprop vendor.all.devices.ready
- exit 1
-fi
-
-if [ -f $cfg_file ]; then
- while IFS="|" read -r action arg
- do
- case $action in
- "insmod") insmod $arg ;;
- "setprop") setprop $arg 1 ;;
- "enable") echo 1 > $arg ;;
- "condinsmod")
- prop=$(echo $arg | cut -d '|' -f 1)
- module1=$(echo $arg | cut -d '|' -f 2)
- module2=$(echo $arg | cut -d '|' -f 3)
- value=$(getprop $prop)
- if [[ ${value} == "true" ]]; then
- insmod ${vendor_modules_dir}/${module1}
- else
- insmod ${vendor_modules_dir}/${module2}
- fi
- ;;
- "modprobe")
- case ${arg} in
- "system -b *" | "system -b")
- modules_dir=${system_modules_dir}
- arg="-b --all=${system_modules_dir}/modules.load" ;;
- "system *" | "system")
- modules_dir=${system_modules_dir}
- arg="--all=${system_modules_dir}/modules.load" ;;
- "-b *" | "-b" | "vendor -b *" | "vendor -b")
- modules_dir=${vendor_modules_dir}
- arg="-b --all=${vendor_modules_dir}/modules.load" ;;
- "*" | "" | "vendor *" | "vendor")
- modules_dir=${vendor_modules_dir}
- arg="--all=${vendor_modules_dir}/modules.load" ;;
- esac
- if [[ -d "${modules_dir}" ]]; then
- modprobe -a -d "${modules_dir}" $arg
- fi
- ;;
- "wait") wait_for_file $arg ;;
- esac
- done < $cfg_file
-fi
diff --git a/performance/Android.bp b/performance/Android.bp
index c29b460..5c0e0b2 100644
--- a/performance/Android.bp
+++ b/performance/Android.bp
@@ -12,7 +12,7 @@
"-Werror",
],
shared_libs: [
- "libdump",
+ "libdump",
],
vendor: true,
relative_install_path: "dump",
diff --git a/performance/dump_perf.cpp b/performance/dump_perf.cpp
index aa742f1..d2989ad 100644
--- a/performance/dump_perf.cpp
+++ b/performance/dump_perf.cpp
@@ -18,5 +18,8 @@
int main() {
dumpFileContent("VENDOR PROC DUMP", "/proc/vendor_sched/dump_task");
+ dumpFileContent("BTS scenario", "/sys/kernel/debug/bts/scenario");
+ dumpFileContent("BTS vc", "/sys/kernel/debug/bts/vc");
+ dumpFileContent("BTS status", "/sys/kernel/debug/bts/status");
return 0;
}
diff --git a/performance/sepolicy/dump_perf.te b/performance/sepolicy/dump_perf.te
index 15c4f6e..befe9ba 100644
--- a/performance/sepolicy/dump_perf.te
+++ b/performance/sepolicy/dump_perf.te
@@ -1,3 +1,7 @@
pixel_bugreport(dump_perf)
allow dump_perf proc_vendor_sched:file r_file_perms;
+userdebug_or_eng(`
+ allow dump_perf vendor_bts_debugfs:dir r_dir_perms;
+ allow dump_perf vendor_bts_debugfs:file r_file_perms;
+')
diff --git a/performance/sepolicy/file.te b/performance/sepolicy/file.te
new file mode 100644
index 0000000..8e16bbf
--- /dev/null
+++ b/performance/sepolicy/file.te
@@ -0,0 +1,2 @@
+type sysfs_pakills, fs_type, sysfs_type;
+type vendor_bts_debugfs, fs_type, debugfs_type;
diff --git a/performance/sepolicy/genfs_contexts b/performance/sepolicy/genfs_contexts
index 000c41b..041021c 100644
--- a/performance/sepolicy/genfs_contexts
+++ b/performance/sepolicy/genfs_contexts
@@ -1 +1,3 @@
genfscon proc /sys/kernel/sched_pelt_multiplier u:object_r:proc_sched:s0
+genfscon sysfs /kernel/vendor_mm/pa_kill u:object_r:sysfs_pakills:s0
+genfscon debugfs /bts u:object_r:vendor_bts_debugfs:s0
diff --git a/performance/sepolicy/hal_power_default.te b/performance/sepolicy/hal_power_default.te
new file mode 100644
index 0000000..763862d
--- /dev/null
+++ b/performance/sepolicy/hal_power_default.te
@@ -0,0 +1,2 @@
+allow hal_power_default sysfs_pakills:file rw_file_perms;
+allow hal_power_default sysfs_pakills:dir r_dir_perms;
diff --git a/recorder/recorder.mk b/recorder/recorder.mk
new file mode 100644
index 0000000..87620da
--- /dev/null
+++ b/recorder/recorder.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/vendor
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/product/private
diff --git a/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem b/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem
new file mode 100644
index 0000000..833c86b
--- /dev/null
+++ b/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF+zCCA+OgAwIBAgIVAJFfB9eQ7J1w93C6aGBchm77ysA3MA0GCSqGSIb3DQEBCwUAMIGNMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
+MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxKTAnBgNVBAMMIGNvbV9nb29n
+bGVfYW5kcm9pZF9hcHBzX3JlY29yZGVyMB4XDTE5MDIxNTE1NDQxMloXDTQ5MDIxNTE1NDQxMlow
+gY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBW
+aWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEpMCcGA1UEAwwgY29t
+X2dvb2dsZV9hbmRyb2lkX2FwcHNfcmVjb3JkZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCFSs/DqyyRbMD2mEHxxv+DDnV7V8j/RUB43aZXC11kKbLAD/E8/WxV+e9frFoXlzXepK4m
+FliWHyLWNSUmFwVxl2JsrkxUJ4QWXIpw9azHkW9kO5r/VPTXCBAZn80qqaqHlzplHbflxLiQc+zv
+lWEg7HJPBMMMFC3yCYfhLbDrriZdMnT4mHMLUo24TzO2znv7c7SDBWQ57lAsdRB0OX+N4DfBXvUR
+QLUO9FazerGdcK58KHkxgo3ZHY3c2+efkfCkZUgu6HKLwA24O2e0/iYmC7vQTItGYCCyzbdlXDix
+t0YgpsdcsOtVSJLwv6movtAX9JGsrGkvZR9Ffa52Vfc+vW0yqahHxVFJ5VD6UrrQpkWjonrsIbHb
+RLQ05ZM735kd4NWrxgS0sDwdfvhmsj29Ag3q/cuIpG/+x37+vmTlMKggeqxSxoQ4RwGyZuvyb8PB
+/lCf6r6bAYyr88oAs03ATz3RqRH38rkHmFp5Cdf488tw2Wj6vB/JqnfPN8woslle0hUIkqH7Ezna
+0zF79yov7oePFdqr++khDHrrMQziwIk2PN+V0MLGQpmX5FF47Zmprtzvu52QN2f5rnKq2HSfBG0i
+FqZ8/iAEnUsCngVObHaASPxXq1AKiy3iEJaLDjFhGbQk9mbj9o/RHb0kyorI3d90PU8ss8xNsUnm
+pXa4sQIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRXxQfB1H79Hq56Ld1GUrRRfzWo
+ojAfBgNVHSMEGDAWgBRXxQfB1H79Hq56Ld1GUrRRfzWoojANBgkqhkiG9w0BAQsFAAOCAgEARATw
+47mgvvLpdLTPzjORUSLBWXS2WdH43o9tPBNOaLBVRWiua2OyMp8F+nbxm4y/3djGuXsn5S2F12jp
+7xQZcBU4c21vF/ttio/spnnkPBnf0nKndTLoKt4Tpcxq4vnyqyXlBJHIybh+bbc6HVTYM6n8k4vw
+KReUjEjCXAxZ8vWjTgSOAtDrHkaez3tOkACMFmRv+JP1zNG32chLG+8K0/pyLsnknloPAk02Btoc
+t7FI4XKtS/9Z9oipMHfWg8fjI4vRXqiiAR4ctf9EgxcwHY/KVX8RJxsAXMgl65e7qGagbfTWCbHl
+MnRnapjLKkvJKPiIbBx/xdgUoOxdugwL6XPfzg4THQzAiduCgxkDs/H3SQWem6VBZ57KSuudJsop
+s5hb7GS2Hqb5F3YHAlSGQxvj37mDTzbuTH3paqzPwSgnqw0jnkGl//f2osw/mqfD5msDLk4UcmpQ
+IeC10ofhF7hzaZOGwMg8VGzsMR5M154haxj6Y2NFEir6ylz/stPrelkwDvMIDgIororj2Bj7TkWu
++EABNAr8h9yTsJEvxayNMk96U+Rn2LKMZilJdf00SILpr6IFTD8uvRwLIHSCjSbd9C8kkAqbqKs4
+VCg5HPLHjxyXgWOAK1IeqqnryaFPjLqa2RsG6UL+UtIjC6eWMsWOfvRRrpTU21mo2Koc0MI=
+-----END CERTIFICATE-----
diff --git a/recorder/sepolicy/product/private/google_recorder_app.te b/recorder/sepolicy/product/private/google_recorder_app.te
new file mode 100644
index 0000000..ac308aa
--- /dev/null
+++ b/recorder/sepolicy/product/private/google_recorder_app.te
@@ -0,0 +1,16 @@
+app_domain(google_recorder_app)
+net_domain(google_recorder_app)
+
+get_prop(google_recorder_app, graphics_config_writable_prop)
+
+allow google_recorder_app app_api_service:service_manager find;
+allow google_recorder_app audioserver_service:service_manager find;
+allow google_recorder_app mediaextractor_service:service_manager find;
+allow google_recorder_app mediametrics_service:service_manager find;
+allow google_recorder_app mediaserver_service:service_manager find;
+
+allow google_recorder_app privapp_data_file:lnk_file r_file_perms;
+allow google_recorder_app privapp_data_file:file execute;
+
+# Library code may try to access default properties, but should be denied
+dontaudit google_recorder_app default_prop:file read;
diff --git a/recorder/sepolicy/product/private/keys.conf b/recorder/sepolicy/product/private/keys.conf
new file mode 100644
index 0000000..9dad2f5
--- /dev/null
+++ b/recorder/sepolicy/product/private/keys.conf
@@ -0,0 +1,2 @@
+[@GOOGLERECORDER]
+ALL : device/google/gs-common/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem
diff --git a/recorder/sepolicy/product/private/mac_permissions.xml b/recorder/sepolicy/product/private/mac_permissions.xml
new file mode 100644
index 0000000..b1d21bf
--- /dev/null
+++ b/recorder/sepolicy/product/private/mac_permissions.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+ * A signature is a hex encoded X.509 certificate or a tag defined in
+ keys.conf and is required for each signer tag.
+ * A signer tag may contain a seinfo tag and multiple package stanzas.
+ * A default tag is allowed that can contain policy for all apps not signed with a
+ previously listed cert. It may not contain any inner package stanzas.
+ * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
+ represents additional info that each app can use in setting a SELinux security
+ context on the eventual process.
+ * When a package is installed the following logic is used to determine what seinfo
+ value, if any, is assigned.
+ - All signatures used to sign the app are checked first.
+ - If a signer stanza has inner package stanzas, those stanza will be checked
+ to try and match the package name of the app. If the package name matches
+ then that seinfo tag is used. If no inner package matches then the outer
+ seinfo tag is assigned.
+ - The default tag is consulted last if needed.
+-->
+ <!-- Google Recorder app key -->
+ <signer signature="@GOOGLERECORDER" >
+ <seinfo value="GoogleRecorder" />
+ </signer>
+</policy>
diff --git a/recorder/sepolicy/product/private/seapp_contexts b/recorder/sepolicy/product/private/seapp_contexts
new file mode 100644
index 0000000..f264927
--- /dev/null
+++ b/recorder/sepolicy/product/private/seapp_contexts
@@ -0,0 +1,2 @@
+# Google Recorder
+user=_app isPrivApp=true seinfo=GoogleRecorder name=com.google.android.apps.recorder domain=google_recorder_app type=app_data_file levelFrom=all
diff --git a/recorder/sepolicy/product/public/google_recorder_app.te b/recorder/sepolicy/product/public/google_recorder_app.te
new file mode 100644
index 0000000..b718e12
--- /dev/null
+++ b/recorder/sepolicy/product/public/google_recorder_app.te
@@ -0,0 +1 @@
+type google_recorder_app, domain;
diff --git a/recorder/sepolicy/vendor/google_recorder_app.te b/recorder/sepolicy/vendor/google_recorder_app.te
new file mode 100644
index 0000000..e140678
--- /dev/null
+++ b/recorder/sepolicy/vendor/google_recorder_app.te
@@ -0,0 +1 @@
+get_prop(google_recorder_app, vendor_audio_prop_restricted)
diff --git a/storage/init.storage.rc b/storage/init.storage.rc
index 71fce43..9cad2ea 100644
--- a/storage/init.storage.rc
+++ b/storage/init.storage.rc
@@ -13,6 +13,7 @@
write /dev/sys/block/by-name/rootdisk/queue/iostats 1
write /dev/sys/block/by-name/rootdisk/queue/nr_requests 128
write /dev/sys/block/by-name/rootdisk/queue/rq_affinity 2
+ write /dev/sys/block/by-name/zoned_device/queue/rq_affinity 2
# UFS
write /dev/sys/block/bootdevice/clkgate_enable 1
diff --git a/storage/sepolicy/device.te b/storage/sepolicy/device.te
new file mode 100644
index 0000000..e0968f9
--- /dev/null
+++ b/storage/sepolicy/device.te
@@ -0,0 +1,2 @@
+# Userdata Exp block device.
+type userdata_exp_block_device, dev_type;
diff --git a/storage/sepolicy/e2fs.te b/storage/sepolicy/e2fs.te
new file mode 100644
index 0000000..c280cb7
--- /dev/null
+++ b/storage/sepolicy/e2fs.te
@@ -0,0 +1 @@
+allow e2fs userdata_exp_block_device:blk_file rw_file_perms;
diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts
index ecca954..ff863db 100644
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@@ -3,3 +3,4 @@
/dev/sg[0-9] u:object_r:sg_device:s0
/data/vendor/storage(/.*)? u:object_r:dump_storage_data_file:s0
/vendor/bin/sg_read_buffer u:object_r:sg_util_exec:s0
+/dev/block/by-name/userdata_exp.* u:object_r:userdata_exp_block_device:s0
diff --git a/storage/sepolicy/fsck.te b/storage/sepolicy/fsck.te
new file mode 100644
index 0000000..2043199
--- /dev/null
+++ b/storage/sepolicy/fsck.te
@@ -0,0 +1 @@
+allow fsck userdata_exp_block_device:blk_file rw_file_perms;
diff --git a/storage/sepolicy/vold.te b/storage/sepolicy/vold.te
index 1d743b5..3d35589 100644
--- a/storage/sepolicy/vold.te
+++ b/storage/sepolicy/vold.te
@@ -1,4 +1,8 @@
allow vold sysfs_scsi_devices_0000:file rw_file_perms;
+# Access userdata_exp block device.
+allow vold userdata_exp_block_device:blk_file rw_file_perms;
+allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
+
dontaudit vold dumpstate:fifo_file rw_file_perms;
dontaudit vold dumpstate:fd use ;
diff --git a/touch/gti/touch_gti_ical.cpp b/touch/gti/touch_gti_ical.cpp
index 0aabd9e..9b5eed5 100644
--- a/touch/gti/touch_gti_ical.cpp
+++ b/touch/gti/touch_gti_ical.cpp
@@ -34,6 +34,18 @@
char *line = NULL;
size_t len = 0;
FILE *ical_fd;
+ const char *ical_override_cmd_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.override.cmd",
+ [1] = "vendor.touch.gti1.ical.override.cmd",
+ };
+ const char *ical_override_result_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.override.result",
+ [1] = "vendor.touch.gti1.ical.override.result",
+ };
+ const char *ical_write_history_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.write.history",
+ [1] = "vendor.touch.gti1.ical.write.history",
+ };
const char *ical_state_prop[2] = {
[0] = "vendor.touch.gti0.ical.state",
[1] = "vendor.touch.gti1.ical.state",
@@ -46,9 +58,16 @@
[0] = "/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate",
[1] = "/sys/devices/virtual/goog_touch_interface/gti.1/interactive_calibrate",
};
+ const char *ical_override_cmd_prop_path = ical_override_cmd_prop[0];
+ const char *ical_override_result_prop_path = ical_override_result_prop[0];
+ const char *ical_write_history_prop_path = ical_write_history_prop[0];
const char *ical_state_prop_path = ical_state_prop[0];
const char *ical_result_prop_path = ical_result_prop[0];
const char *ical_sysfs_path = ical_sysfs[0];
+ const char ical_override_all_cmd_prop_val[PROPERTY_VALUE_MAX] = "xxx";
+ char ical_override_cmd_prop_val[PROPERTY_VALUE_MAX] = "\0";
+ char ical_override_result_prop_val[PROPERTY_VALUE_MAX] = "\0";
+ char ical_write_history_prop_val[PROPERTY_VALUE_MAX] = "\0";
if (argc < 3) {
ALOGW("No target dev or command for interactive_calibrate sysfs.\n");
@@ -60,11 +79,18 @@
if (strncmp(argv[1], "1", strlen(argv[1])) == 0 ||
strncmp(argv[1], "gti1", strlen(argv[1])) == 0 ||
strncmp(argv[1], "gti.1", strlen(argv[1])) == 0) {
+ ical_override_cmd_prop_path = ical_override_cmd_prop[1];
+ ical_override_result_prop_path = ical_override_result_prop[1];
+ ical_write_history_prop_path = ical_write_history_prop[1];
ical_state_prop_path = ical_state_prop[1];
ical_result_prop_path = ical_result_prop[1];
ical_sysfs_path = ical_sysfs[1];
}
+ property_get(ical_override_cmd_prop_path, ical_override_cmd_prop_val, NULL);
+ property_get(ical_override_result_prop_path, ical_override_result_prop_val, "0 - -2147483648");
+ property_get(ical_write_history_prop_path, ical_write_history_prop_val, NULL);
+
property_set(ical_result_prop_path, "na");
property_set(ical_state_prop_path, "running");
if (access(ical_sysfs_path, F_OK | R_OK | W_OK)) {
@@ -84,11 +110,25 @@
getline(&line, &len, ical_fd);
if (line != NULL) {
property_set(ical_state_prop_path, "read");
- property_set(ical_result_prop_path, line);
- ALOGI("read: %s => %s", ical_sysfs_path, line);
+ if (strncmp(ical_override_cmd_prop_val,
+ ical_write_history_prop_val,
+ strlen(ical_write_history_prop_path)) == 0 ||
+ strncasecmp(ical_override_cmd_prop_val,
+ ical_override_all_cmd_prop_val,
+ strlen(ical_override_all_cmd_prop_val)) == 0) {
+ property_set(ical_result_prop_path, ical_override_result_prop_val);
+ ALOGW("read(original): %s => %s",
+ ical_sysfs_path, line);
+ ALOGW("read(override): %s => %s",
+ ical_sysfs_path, ical_override_result_prop_val);
+ } else {
+ property_set(ical_result_prop_path, line);
+ ALOGI("read: %s => %s", ical_sysfs_path, line);
+ }
free(line);
}
} else {
+ property_set(ical_write_history_prop_path, argv[2]);
property_set(ical_state_prop_path, argv[2]);
fwrite(argv[2], 1, strlen(argv[2]), ical_fd);
ALOGI("write: %s => %s\n", argv[2], ical_sysfs_path);
diff --git a/wireless_charger/compatibility_matrix.xml b/wireless_charger/compatibility_matrix.xml
index 7d18cd9..b760b1d 100644
--- a/wireless_charger/compatibility_matrix.xml
+++ b/wireless_charger/compatibility_matrix.xml
@@ -7,4 +7,12 @@
<instance>default</instance>
</interface>
</hal>
+ <hal format="aidl" optional="true">
+ <name>vendor.google.wireless_charger.service</name>
+ <version>1</version>
+ <interface>
+ <name>IWlcService</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
</compatibility-matrix>
diff --git a/wireless_charger/sepolicy/dumpstate.te b/wireless_charger/sepolicy/dumpstate.te
new file mode 100644
index 0000000..3c5fac3
--- /dev/null
+++ b/wireless_charger/sepolicy/dumpstate.te
@@ -0,0 +1 @@
+binder_call(dumpstate, hal_wlcservice)
diff --git a/wireless_charger/sepolicy/file.te b/wireless_charger/sepolicy/file.te
new file mode 100644
index 0000000..6dd54c8
--- /dev/null
+++ b/wireless_charger/sepolicy/file.te
@@ -0,0 +1 @@
+type vendor_wlc_file, file_type, data_file_type;
diff --git a/wireless_charger/sepolicy/file_contexts b/wireless_charger/sepolicy/file_contexts
index 004c7a1..98796a9 100644
--- a/wireless_charger/sepolicy/file_contexts
+++ b/wireless_charger/sepolicy/file_contexts
@@ -1 +1,5 @@
/vendor/bin/hw/vendor\.google\.wireless_charger-default u:object_r:hal_wireless_charger_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger\.service-default u:object_r:hal_wlcservice_exec:s0
+
+# Data
+/data/vendor/wireless_charger(/.*)? u:object_r:vendor_wlc_file:s0
diff --git a/wireless_charger/sepolicy/hal_wireless_charger.te b/wireless_charger/sepolicy/hal_wireless_charger.te
index 7ab8d83..b5ed734 100644
--- a/wireless_charger/sepolicy/hal_wireless_charger.te
+++ b/wireless_charger/sepolicy/hal_wireless_charger.te
@@ -17,3 +17,4 @@
binder_call(hal_wireless_charger, platform_app)
binder_call(hal_wireless_charger, system_app)
+binder_call(hal_wireless_charger, hal_wlcservice)
diff --git a/wireless_charger/sepolicy/hal_wlcservice.te b/wireless_charger/sepolicy/hal_wlcservice.te
new file mode 100644
index 0000000..eadb593
--- /dev/null
+++ b/wireless_charger/sepolicy/hal_wlcservice.te
@@ -0,0 +1,18 @@
+type hal_wlcservice, domain;
+type hal_wlcservice_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_wlcservice)
+
+allow hal_wlcservice vendor_wlc_file:dir create_dir_perms;
+allow hal_wlcservice vendor_wlc_file:file create_file_perms;
+allow hal_wlcservice hal_wireless_charger_service:service_manager find;
+allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms };
+
+binder_call(hal_wlcservice, servicemanager)
+add_service(hal_wlcservice, hal_wlcservice_service)
+
+userdebug_or_eng(`
+ domain_auto_trans(shell, hal_wlcservice_exec, hal_wlcservice)
+')
+
+binder_call(hal_wlcservice, hal_wireless_charger)
diff --git a/wireless_charger/sepolicy/service.te b/wireless_charger/sepolicy/service.te
new file mode 100644
index 0000000..8f8d87b
--- /dev/null
+++ b/wireless_charger/sepolicy/service.te
@@ -0,0 +1 @@
+type hal_wlcservice_service, hal_service_type, protected_service, service_manager_type;
diff --git a/wireless_charger/sepolicy/service_contexts b/wireless_charger/sepolicy/service_contexts
index 5813e35..ed2faba 100644
--- a/wireless_charger/sepolicy/service_contexts
+++ b/wireless_charger/sepolicy/service_contexts
@@ -1 +1,2 @@
vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0
+vendor.google.wireless_charger.service.IWlcService/default u:object_r:hal_wlcservice_service:s0
diff --git a/wireless_charger/sepolicy/servicemanager.te b/wireless_charger/sepolicy/servicemanager.te
new file mode 100644
index 0000000..74d7244
--- /dev/null
+++ b/wireless_charger/sepolicy/servicemanager.te
@@ -0,0 +1 @@
+binder_call(servicemanager, hal_wlcservice)
diff --git a/wireless_charger/wireless_charger.mk b/wireless_charger/wireless_charger.mk
index acf5fc1..a2dc27c 100644
--- a/wireless_charger/wireless_charger.mk
+++ b/wireless_charger/wireless_charger.mk
@@ -1,5 +1,6 @@
PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces
PRODUCT_PACKAGES += vendor.google.wireless_charger-default
+PRODUCT_PACKAGES += vendor.google.wireless_charger.service-default
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/wireless_charger/compatibility_matrix.xml
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/wireless_charger/sepolicy