Merge "[USB Audio] Fix SEPolicy issue" into main
diff --git a/FSTAB_OWNERS b/FSTAB_OWNERS
new file mode 100644
index 0000000..18093a0
--- /dev/null
+++ b/FSTAB_OWNERS
@@ -0,0 +1,11 @@
+# NOTE: CHANGE THIS FILE WITH CAUTIOUS
+# - this file is referenced by other OWNERS file, e.g. device/google/*/OWNERS
+# - changing this file might break the function, check go/gerrit-code-owners-syntax first
+
+jaegeuk@google.com
+huangrandall@google.com
+bvanassche@google.com
+daehojeong@google.com
+chullee@google.com
+vkon@google.com
+thomasyen@google.com
diff --git a/OWNERS b/OWNERS
index b715f13..57ca40f 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,5 +1,5 @@
per-file *.te,*_contexts,te_macros,global_macros=set noparent
per-file *.te,*_contexts,te_macros,global_macros=file:/sepolicy/OWNERS
-per-file *.mk=set noparent
-per-file *.mk=file:MK_OWNERS
+per-file *.mk,{**/,}Android.bp=set noparent
+per-file *.mk,{**/,}Android.bp=file:MK_OWNERS
diff --git a/aoc/aoc.mk b/aoc/aoc.mk
index 136bb42..9ee4517 100644
--- a/aoc/aoc.mk
+++ b/aoc/aoc.mk
@@ -4,12 +4,6 @@
aocd \
aocxd
-ifeq (,$(filter aosp_%,$(TARGET_PRODUCT)))
-# IAudioMetricExt HIDL
-PRODUCT_PACKAGES += \
- vendor.google.audiometricext@1.0-service-vendor
-endif
-
# If AoC Daemon is not present on this build, load firmware at boot via rc
ifeq ($(wildcard vendor/google/whitechapel/aoc/aocd),)
PRODUCT_COPY_FILES += \
diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts
index 73293f7..778de0c 100644
--- a/aoc/sepolicy/file_contexts
+++ b/aoc/sepolicy/file_contexts
@@ -34,6 +34,9 @@
/dev/acd-chre_bt_offload_ctl u:object_r:aoc_device:s0
/dev/acd-chre_bt_offload_data_tx u:object_r:aoc_device:s0
/dev/acd-chre_bt_offload_data_rx u:object_r:aoc_device:s0
+/dev/acd-chre_ctl u:object_r:aoc_device:s0
+/dev/acd-chre_data_tx u:object_r:aoc_device:s0
+/dev/acd-chre_data_rx u:object_r:aoc_device:s0
# AoC vendor binaries
/vendor/bin/aocd u:object_r:aocd_exec:s0
diff --git a/audio/aidl.mk b/audio/aidl.mk
index e06ac0b..7dd56bc 100644
--- a/audio/aidl.mk
+++ b/audio/aidl.mk
@@ -27,4 +27,11 @@
PRODUCT_SYSTEM_EXT_PROPERTIES += \
ro.audio.ihaladaptervendorextension_enabled=true
+ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+$(call soong_config_set,aoc_audio_func,dump_usecase_data,true)
+$(call soong_config_set,aoc_audio_func,hal_socket_control,true)
+$(call soong_config_set,aoc_audio_func,record_tuning_keys,true)
+$(call soong_config_set,aoc_audio_func,aidl_command_interface,true)
+endif
+
$(call soong_config_set,pixel_audio_hal_type,aidl_build,true)
diff --git a/audio/aidl/device_framework_matrix_product.xml b/audio/aidl/device_framework_matrix_product.xml
index 3079aab..570c5d4 100644
--- a/audio/aidl/device_framework_matrix_product.xml
+++ b/audio/aidl/device_framework_matrix_product.xml
@@ -1,15 +1,7 @@
<compatibility-matrix version="1.0" type="framework">
- <hal format="hidl">
- <name>vendor.google.audiometricext</name>
- <version>1.0</version>
- <interface>
- <name>IAudioMetricExt</name>
- <instance>default</instance>
- </interface>
- </hal>
<hal format="aidl">
<name>vendor.google.whitechapel.audio.extension</name>
- <version>2</version>
+ <version>4</version>
<interface>
<name>IAudioExtension</name>
<instance>default</instance>
diff --git a/audio/aidl/manifest.xml b/audio/aidl/manifest.xml
index 237aa4a..daeb1c4 100644
--- a/audio/aidl/manifest.xml
+++ b/audio/aidl/manifest.xml
@@ -1,11 +1,2 @@
<manifest version="1.0" type="device">
- <hal format="hidl">
- <name>vendor.google.audiometricext</name>
- <transport>hwbinder</transport>
- <version>1.0</version>
- <interface>
- <name>IAudioMetricExt</name>
- <instance>default</instance>
- </interface>
- </hal>
</manifest>
diff --git a/audio/common.mk b/audio/common.mk
index edf7b6a..a691f0a 100644
--- a/audio/common.mk
+++ b/audio/common.mk
@@ -3,8 +3,15 @@
#Audio Vendor libraries
PRODUCT_PACKAGES += \
libfvsam_prm_parser \
- libmahalcontroller \
+ libmahalcontroller
+
+ifeq ($(USE_MAM_V4_ABOVE),true)
+PRODUCT_PACKAGES += \
+ libMAM_Google_Pixel_Android
+else
+PRODUCT_PACKAGES += \
libAlgFx_HiFi3z
+endif
ifneq ($(USE_AUDIO_HAL_AIDL),true)
## AudioHAL Configurations
diff --git a/audio/hidl_gs101.mk b/audio/hidl_gs101.mk
index f764e7a..4ccbbfb 100644
--- a/audio/hidl_gs101.mk
+++ b/audio/hidl_gs101.mk
@@ -32,8 +32,14 @@
libamcsextfile \
audio_amcs_ext \
+ifeq (,$(filter aosp_%,$(TARGET_PRODUCT)))
+# IAudioMetricExt HIDL
+PRODUCT_PACKAGES += \
+ vendor.google.audiometricext@1.0-service-vendor
+endif
+
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hidl
include device/google/gs-common/audio/common.mk
-DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/audio/hidl/device_framework_matrix_product_gs101.xml
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/audio/hidl/device_framework_matrix_product_gs101.xml
\ No newline at end of file
diff --git a/audio/hidl_gs201.mk b/audio/hidl_gs201.mk
index 1438b27..c183b9a 100644
--- a/audio/hidl_gs201.mk
+++ b/audio/hidl_gs201.mk
@@ -32,6 +32,12 @@
audio_spk_35l41 \
sound_trigger.primary.$(TARGET_BOARD_PLATFORM)
+ifeq (,$(filter aosp_%,$(TARGET_PRODUCT)))
+# IAudioMetricExt HIDL
+PRODUCT_PACKAGES += \
+ vendor.google.audiometricext@1.0-service-vendor
+endif
+
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hidl
include device/google/gs-common/audio/common.mk
diff --git a/audio/hidl_zuma.mk b/audio/hidl_zuma.mk
index 41dd02a..6fb3449 100644
--- a/audio/hidl_zuma.mk
+++ b/audio/hidl_zuma.mk
@@ -35,6 +35,12 @@
audio_hdmi_aoc \
sound_trigger.primary.$(TARGET_BOARD_PLATFORM)
+ifeq (,$(filter aosp_%,$(TARGET_PRODUCT)))
+# IAudioMetricExt HIDL
+PRODUCT_PACKAGES += \
+ vendor.google.audiometricext@1.0-service-vendor
+endif
+
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hidl
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hdmi_audio
diff --git a/audio/sepolicy/common/hal_audio_default.te b/audio/sepolicy/common/hal_audio_default.te
index 6637951..e917b73 100644
--- a/audio/sepolicy/common/hal_audio_default.te
+++ b/audio/sepolicy/common/hal_audio_default.te
@@ -1,3 +1,4 @@
+# allow access to folders
allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms;
allow hal_audio_default audio_vendor_data_file:file create_file_perms;
@@ -24,6 +25,7 @@
allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms;
set_prop(hal_audio_default, vendor_audio_prop);
+set_prop(hal_audio_default, vendor_audio_prop_restricted);
hal_client_domain(hal_audio_default, hal_health);
hal_client_domain(hal_audio_default, hal_thermal);
diff --git a/bluetooth/bluetooth.mk b/bluetooth/bluetooth.mk
new file mode 100644
index 0000000..29ddb9c
--- /dev/null
+++ b/bluetooth/bluetooth.mk
@@ -0,0 +1,16 @@
+PRODUCT_SOONG_NAMESPACES += vendor/google/connectivity/bluetooth/common
+PRODUCT_PACKAGES += \
+ android.hardware.bluetooth-V1-ndk.so \
+ android.hardware.bluetooth.finder-V1-ndk.so \
+ android.hardware.bluetooth.ranging-V1-ndk.so \
+ android.hardware.bluetooth-service.pixel \
+ vendor.google.bluetooth_ext-V1-ndk.so \
+ bt_vendor.conf \
+ android.hardware.bluetooth.prebuilt.xml \
+ android.hardware.bluetooth_le.prebuilt.xml
+
+BOARD_SEPOLICY_DIRS += device/google/gs-common/bluetooth/sepolicy
+BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
+
+DEVICE_MANIFEST_FILE += device/google/gs-common/bluetooth/manifest_bluetooth.xml
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/bluetooth/compatibility_matrix.xml
diff --git a/bluetooth/compatibility_matrix.xml b/bluetooth/compatibility_matrix.xml
new file mode 100644
index 0000000..65b0c6d
--- /dev/null
+++ b/bluetooth/compatibility_matrix.xml
@@ -0,0 +1,30 @@
+<compatibility-matrix version="1.0" type="framework">
+ <hal format="aidl" optional="true">
+ <name>vendor.google.bluetooth_ext</name>
+ <version>1</version>
+ <interface>
+ <name>IBluetoothFinder</name>
+ <instance>default</instance>
+ </interface>
+ <interface>
+ <name>IBluetoothCcc</name>
+ <instance>default</instance>
+ </interface>
+ <interface>
+ <name>IBTChannelAvoidance</name>
+ <instance>default</instance>
+ </interface>
+ <interface>
+ <name>IBluetoothSar</name>
+ <instance>default</instance>
+ </interface>
+ <interface>
+ <name>IBluetoothExt</name>
+ <instance>default</instance>
+ </interface>
+ <interface>
+ <name>IBluetoothEwp</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</compatibility-matrix>
diff --git a/bluetooth/dump/Android.bp b/bluetooth/dump/Android.bp
new file mode 100644
index 0000000..72e83b4
--- /dev/null
+++ b/bluetooth/dump/Android.bp
@@ -0,0 +1,20 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+ name: "dump_bt",
+ srcs: ["dump.cpp"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libdump",
+ "liblog",
+ ],
+ vendor: true,
+ relative_install_path: "dump",
+}
diff --git a/bluetooth/dump/dump.cpp b/bluetooth/dump/dump.cpp
new file mode 100644
index 0000000..db92c3c
--- /dev/null
+++ b/bluetooth/dump/dump.cpp
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+#include <android-base/file.h>
+
+#define PIXELBT_ACTIVITY_LOG_DIRECTORY "/data/vendor/bluetooth"
+#define PIXELBT_SNOOP_LOG_DIRECTORY "/data/vendor/bluetooth"
+#define PIXELBT_FW_LOG_DIRECTORY "/data/vendor/ssrdump/coredump"
+#define PIXELBT_SNOOP_LOG_PREFIX "btsnoop_hci_vnd"
+#define PIXELBT_BACKUP_SNOOP_LOG_PREFIX "backup_btsnoop_hci_vnd"
+#define PIXELBT_FW_DUMP_LOG_PREFIX "coredump_bt_socdump_"
+#define PIXELBT_CHRE_DUMP_LOG_PREFIX "coredump_bt_chredump_"
+#define PIXELBT_HAL_DUMP_LOG_PREFIX "coredump_bt_"
+#define PIXELBT_ACTIVITY_LOG_PREFIX "bt_activity_"
+
+int main() {
+ std::string outputDir = concatenatePath(BUGREPORT_PACKING_DIR, "bt");
+ if (mkdir(outputDir.c_str(), 0777) == -1) {
+ printf("Unable to create folder: %s\n", outputDir.c_str());
+ return 0;
+ }
+
+ dumpLogs(PIXELBT_SNOOP_LOG_DIRECTORY, outputDir.c_str(), 4,
+ PIXELBT_SNOOP_LOG_PREFIX);
+ dumpLogs(PIXELBT_SNOOP_LOG_DIRECTORY, outputDir.c_str(), 2, PIXELBT_BACKUP_SNOOP_LOG_PREFIX);
+ dumpLogs(PIXELBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_FW_DUMP_LOG_PREFIX);
+ dumpLogs(PIXELBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_CHRE_DUMP_LOG_PREFIX);
+ dumpLogs(PIXELBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_HAL_DUMP_LOG_PREFIX);
+ dumpLogs(PIXELBT_ACTIVITY_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_ACTIVITY_LOG_PREFIX);
+ return 0;
+}
diff --git a/bluetooth/dump/dumplog.mk b/bluetooth/dump/dumplog.mk
new file mode 100644
index 0000000..51c3b3c
--- /dev/null
+++ b/bluetooth/dump/dumplog.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bluetooth/dump/sepolicy/
+
+PRODUCT_PACKAGES_DEBUG += dump_bt
diff --git a/bluetooth/dump/sepolicy/dump.te b/bluetooth/dump/sepolicy/dump.te
new file mode 100644
index 0000000..fdd123e
--- /dev/null
+++ b/bluetooth/dump/sepolicy/dump.te
@@ -0,0 +1,12 @@
+# pixel bluetooth common hal service
+pixel_bugreport(dump_bt)
+
+allow hal_dumpstate_default vendor_bt_data_file:dir { open read search };
+allow hal_dumpstate_default vendor_bt_data_file:file read;
+allow dump_bt radio_vendor_data_file:dir create_dir_perms;
+allow dump_bt radio_vendor_data_file:file create_file_perms;
+allow dump_bt vendor_bt_data_file:dir r_dir_perms;
+allow dump_bt vendor_bt_data_file:file r_file_perms;
+allow dump_bt sscoredump_vendor_data_crashinfo_file:dir search;
+allow dump_bt sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+allow dump_bt sscoredump_vendor_data_coredump_file:file r_file_perms;
diff --git a/bluetooth/dump/sepolicy/file_contexts b/bluetooth/dump/sepolicy/file_contexts
new file mode 100644
index 0000000..da28d10
--- /dev/null
+++ b/bluetooth/dump/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+# bt common hal dump_bt service
+/vendor/bin/dump/dump_bt u:object_r:dump_bt_exec:s0
diff --git a/bluetooth/manifest_bluetooth.xml b/bluetooth/manifest_bluetooth.xml
new file mode 100644
index 0000000..a72f1c9
--- /dev/null
+++ b/bluetooth/manifest_bluetooth.xml
@@ -0,0 +1,27 @@
+<manifest version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.hardware.bluetooth</name>
+ <version>1</version>
+ <fqname>IBluetoothHci/default</fqname>
+ </hal>
+ <hal format="aidl">
+ <name>android.hardware.bluetooth.finder</name>
+ <version>1</version>
+ <fqname>IBluetoothFinder/default</fqname>
+ </hal>
+ <hal format="aidl">
+ <name>android.hardware.bluetooth.ranging</name>
+ <version>1</version>
+ <fqname>IBluetoothChannelSounding/default</fqname>
+ </hal>
+ <hal format="aidl">
+ <name>vendor.google.bluetooth_ext</name>
+ <version>1</version>
+ <fqname>IBTChannelAvoidance/default</fqname>
+ <fqname>IBluetoothCcc/default</fqname>
+ <fqname>IBluetoothEwp/default</fqname>
+ <fqname>IBluetoothExt/default</fqname>
+ <fqname>IBluetoothFinder/default</fqname>
+ <fqname>IBluetoothSar/default</fqname>
+ </hal>
+</manifest>
diff --git a/bluetooth/sepolicy/device.te b/bluetooth/sepolicy/device.te
new file mode 100644
index 0000000..a256332
--- /dev/null
+++ b/bluetooth/sepolicy/device.te
@@ -0,0 +1,3 @@
+# Bt Wifi Coexistence device
+type wb_coexistence_dev, dev_type;
+
diff --git a/bluetooth/sepolicy/file_contexts b/bluetooth/sepolicy/file_contexts
new file mode 100644
index 0000000..e7c2617
--- /dev/null
+++ b/bluetooth/sepolicy/file_contexts
@@ -0,0 +1,6 @@
+# Bluetooth
+/vendor/bin/hw/android\.hardware\.bluetooth-service\.pixel u:object_r:hal_bluetooth_btlinux_exec:s0
+
+/dev/wbrc u:object_r:wb_coexistence_dev:s0
+/dev/ttySAC16 u:object_r:hci_attach_dev:s0
+
diff --git a/bluetooth/sepolicy/genfs_contexts b/bluetooth/sepolicy/genfs_contexts
new file mode 100644
index 0000000..899041b
--- /dev/null
+++ b/bluetooth/sepolicy/genfs_contexts
@@ -0,0 +1,8 @@
+# Bluetooth pin control device node
+genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0
+genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0
+genfscon proc /bluetooth/sleep/btwake u:object_r:proc_bluetooth_writable:s0
+genfscon proc /bluetooth/timesync u:object_r:proc_bluetooth_writable:s0
+
diff --git a/bluetooth/sepolicy/hal_bluetooth_btlinux.te b/bluetooth/sepolicy/hal_bluetooth_btlinux.te
new file mode 100644
index 0000000..0c85cb0
--- /dev/null
+++ b/bluetooth/sepolicy/hal_bluetooth_btlinux.te
@@ -0,0 +1,19 @@
+# coexistence device file node
+add_hwservice(hal_bluetooth_btlinux, hal_bluetooth_coexistence_hwservice);
+add_service(hal_bluetooth_btlinux, hal_bluetooth_coexistence_service);
+allow hal_bluetooth_btlinux wb_coexistence_dev:chr_file rw_file_perms;
+
+# power stats
+allow hal_bluetooth_btlinux hal_power_stats_vendor_service:service_manager find;
+binder_call(hal_bluetooth_btlinux, hal_power_stats_default)
+
+# bt firmware dump
+allow hal_bluetooth_btlinux aconfig_storage_metadata_file:dir search;
+allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir rw_dir_perms;
+allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:file rw_file_perms;
+
+userdebug_or_eng(`
+ allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:dir create_dir_perms;
+ allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:file create_file_perms;
+ allow hal_bluetooth_btlinux logbuffer_device:chr_file r_file_perms;
+')
diff --git a/bluetooth/sepolicy/hwservice.te b/bluetooth/sepolicy/hwservice.te
new file mode 100644
index 0000000..5e36cd0
--- /dev/null
+++ b/bluetooth/sepolicy/hwservice.te
@@ -0,0 +1,3 @@
+# Bluetooth HAL extension
+type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type;
+
diff --git a/bluetooth/sepolicy/hwservice_contexts b/bluetooth/sepolicy/hwservice_contexts
new file mode 100644
index 0000000..8480b4e
--- /dev/null
+++ b/bluetooth/sepolicy/hwservice_contexts
@@ -0,0 +1,6 @@
+# Bluetooth HAL extension
+hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0
+hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0
+hardware.google.bluetooth.ccc::IBluetoothCcc u:object_r:hal_bluetooth_coexistence_hwservice:s0
+hardware.google.bluetooth.ewp::IBluetoothEwp u:object_r:hal_bluetooth_coexistence_hwservice:s0
+hardware.google.bluetooth.ext::IBluetoothExt u:object_r:hal_bluetooth_coexistence_hwservice:s0
diff --git a/bluetooth/sepolicy/service.te b/bluetooth/sepolicy/service.te
new file mode 100644
index 0000000..b8403da
--- /dev/null
+++ b/bluetooth/sepolicy/service.te
@@ -0,0 +1,2 @@
+# Bluetooth HAL extension
+type hal_bluetooth_coexistence_service, hal_service_type, service_manager_type;
diff --git a/bluetooth/sepolicy/service_contexts b/bluetooth/sepolicy/service_contexts
new file mode 100644
index 0000000..4aecc90
--- /dev/null
+++ b/bluetooth/sepolicy/service_contexts
@@ -0,0 +1,7 @@
+# Bluetooth HAL extension
+vendor.google.bluetooth_ext.IBTChannelAvoidance/default u:object_r:hal_bluetooth_coexistence_service:s0
+vendor.google.bluetooth_ext.IBluetoothSar/default u:object_r:hal_bluetooth_coexistence_service:s0
+vendor.google.bluetooth_ext.IBluetoothCcc/default u:object_r:hal_bluetooth_coexistence_service:s0
+vendor.google.bluetooth_ext.IBluetoothEwp/default u:object_r:hal_bluetooth_coexistence_service:s0
+vendor.google.bluetooth_ext.IBluetoothExt/default u:object_r:hal_bluetooth_coexistence_service:s0
+vendor.google.bluetooth_ext.IBluetoothFinder/default u:object_r:hal_bluetooth_coexistence_service:s0
diff --git a/bootctrl/aidl/BootControl.cpp b/bootctrl/aidl/BootControl.cpp
index 83deb72..8655929 100644
--- a/bootctrl/aidl/BootControl.cpp
+++ b/bootctrl/aidl/BootControl.cpp
@@ -384,7 +384,7 @@
*_aidl_return = true;
return ScopedAStatus::ok();
}
- if (in_slot >= slots)
+ if (in_slot < 0 || in_slot >= slots)
return ScopedAStatus::fromServiceSpecificErrorWithMessage(
INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
diff --git a/camera/lyric.mk b/camera/lyric.mk
index 30e06d1..c886138 100644
--- a/camera/lyric.mk
+++ b/camera/lyric.mk
@@ -14,8 +14,13 @@
$(call soong_config_set,gch,hwl_library,lyric)
endif
-# Check if we're in the internal build
-ifneq ($(wildcard vendor/google/camera),)
+# Use build-time flag to select whether to build from source
+# or ingest prebuilt-apex. We would want the development teams
+# using release configuration: (trunk-staging) to build from source.
+# All shipping releases will switch to prebuilts (trunk+)
+# if this condition is not true, then build from source.
+
+ifneq ($(RELEASE_PIXEL_CAMERA_ENABLE_PREBUILT),true)
PRODUCT_SOONG_NAMESPACES += \
vendor/google/camera \
@@ -36,8 +41,7 @@
# Calibration tool for debug builds
PRODUCT_PACKAGES_DEBUG += tarasque_test
PRODUCT_PACKAGES_DEBUG += ProtoCalibGenerator
-
-endif # vendor/google/camera check
+endif # RELEASE_PIXEL_CAMERA_ENABLE_PREBUILT check
# Init-time log settings for Google 3A
PRODUCT_PACKAGES += libg3a_standalone_gabc_rc
diff --git a/check_current_prebuilt/check_current_prebuilt.mk b/check_current_prebuilt/check_current_prebuilt.mk
new file mode 100644
index 0000000..72e359f
--- /dev/null
+++ b/check_current_prebuilt/check_current_prebuilt.mk
@@ -0,0 +1,27 @@
+# Create symlink for bootloader
+$(shell rm -f "pixel_current_bootloader")
+ifdef BOOTLOADER_FILE_PATH
+$(shell ln -sf ${BOOTLOADER_FILE_PATH} "pixel_current_bootloader")
+else ifdef BOOTLOADER_RADIO_FILE_PATH
+$(shell ln -sf ${BOOTLOADER_RADIO_FILE_PATH} "pixel_current_bootloader")
+endif
+
+# Create symlink for kernel
+$(shell rm -f "pixel_current_kernel")
+ifdef TARGET_KERNEL_DIR
+$(shell ln -sf ${TARGET_KERNEL_DIR} "pixel_current_kernel")
+endif
+
+# Create symlink for radio
+$(shell rm -f "pixel_current_radio")
+ifdef RADIO_FILE_PATH
+$(shell ln -sf ${RADIO_FILE_PATH} "pixel_current_radio")
+else ifdef BOOTLOADER_RADIO_FILE_PATH
+$(shell ln -sf ${BOOTLOADER_RADIO_FILE_PATH} "pixel_current_radio")
+endif
+
+# Create symlink for radiocfg
+$(shell rm -f "pixel_current_radiocfg")
+ifdef SRC_MDM_CFG_DIR
+$(shell ln -sf ${SRC_MDM_CFG_DIR} "pixel_current_radiocfg")
+endif
diff --git a/dauntless/gsc.mk b/dauntless/gsc.mk
index 188d9f9..b563cc4 100644
--- a/dauntless/gsc.mk
+++ b/dauntless/gsc.mk
@@ -1,6 +1,6 @@
# Dauntless
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/dauntless/sepolicy
-ifneq ($(wildcard vendor),)
+ifneq ($(wildcard vendor/google_nos),)
PRODUCT_SOONG_NAMESPACES += vendor/google_nos/init/dauntless
PRODUCT_PACKAGES += \
@@ -20,4 +20,76 @@
nugget_targeted_tests \
CitadelProvision \
nugget_aidl_test_weaver
+
+# Assign default value for RELEASE_GOOGLE_DAUNTLESS_DIR if no trunk flags support
+RELEASE_GOOGLE_DAUNTLESS_DIR ?= vendor/google_nos/prebuilts/dauntless
+
+# The production Dauntless firmware will be of flavors evt and d3m2.
+# There are also several flavors of pre-release chips. Each flavor
+# (production and pre-release) requires the firmware to be signed differently.
+DAUNTLESS_FIRMWARE_SIZE := 1048576
+
+# The nearly-production Dauntless chips are "proto1.1"
+ifneq (,$(wildcard $(RELEASE_GOOGLE_DAUNTLESS_DIR)/proto11.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" $(RELEASE_GOOGLE_DAUNTLESS_DIR)/proto11.ec.bin))
+$(error GSC firmware size check fail)
endif
+PRODUCT_COPY_FILES += \
+ $(RELEASE_GOOGLE_DAUNTLESS_DIR)/proto11.ec.bin:$(TARGET_COPY_OUT_VENDOR)/firmware/dauntless/proto11.ec.bin
+$(call dist-for-goals,droid,$(RELEASE_GOOGLE_DAUNTLESS_DIR)/proto11.ec.bin)
+else
+$(error GSC firmware not found in $(RELEASE_GOOGLE_DAUNTLESS_DIR))
+endif
+
+# The production Dauntless chips are "evt"
+ifneq (,$(wildcard $(RELEASE_GOOGLE_DAUNTLESS_DIR)/evt.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" $(RELEASE_GOOGLE_DAUNTLESS_DIR)/evt.ec.bin))
+$(error GSC firmware size check fail)
+endif
+PRODUCT_COPY_FILES += \
+ $(RELEASE_GOOGLE_DAUNTLESS_DIR)/evt.ec.bin:$(TARGET_COPY_OUT_VENDOR)/firmware/dauntless/evt.ec.bin
+$(call dist-for-goals,droid,$(RELEASE_GOOGLE_DAUNTLESS_DIR)/evt.ec.bin)
+else
+$(error GSC firmware not found in $(RELEASE_GOOGLE_DAUNTLESS_DIR))
+endif
+
+# New 2023 production Dauntless chips are "d3m2"
+ifneq (,$(wildcard $(RELEASE_GOOGLE_DAUNTLESS_DIR)/d3m2.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" $(RELEASE_GOOGLE_DAUNTLESS_DIR)/d3m2.ec.bin))
+$(error GSC firmware size check fail)
+endif
+PRODUCT_COPY_FILES += \
+ $(RELEASE_GOOGLE_DAUNTLESS_DIR)/d3m2.ec.bin:$(TARGET_COPY_OUT_VENDOR)/firmware/dauntless/d3m2.ec.bin
+$(call dist-for-goals,droid,$(RELEASE_GOOGLE_DAUNTLESS_DIR)/d3m2.ec.bin)
+else
+$(error GSC firmware not found in $(RELEASE_GOOGLE_DAUNTLESS_DIR))
+endif
+
+# Intermediate image artifacts are published, but aren't included in /vendor/firmware/dauntless
+# in PRODUCT_COPY_FILES
+# This is because intermediate images aren't needed on user devices, but the published artifact
+# is useful for flashstation purposes.
+
+# proto11 chips need an intermediate image prior to upgrading to newever versions of the firmware
+ifneq (,$(wildcard vendor/google_nos/prebuilts/dauntless/intermediate_images/proto11_intermediate.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" vendor/google_nos/prebuilts/dauntless/intermediate_images/proto11_intermediate.ec.bin))
+$(error GSC firmware size check fail)
+endif
+$(call dist-for-goals,droid,vendor/google_nos/prebuilts/dauntless/intermediate_images/proto11_intermediate.ec.bin)
+endif
+# evt chips need an intermediate image prior to upgrading to newever versions of the firmware
+ifneq (,$(wildcard vendor/google_nos/prebuilts/dauntless/intermediate_images/evt_intermediate.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" vendor/google_nos/prebuilts/dauntless/intermediate_images/evt_intermediate.ec.bin))
+$(error GSC firmware size check fail)
+endif
+$(call dist-for-goals,droid,vendor/google_nos/prebuilts/dauntless/intermediate_images/evt_intermediate.ec.bin)
+endif
+# d3m2 chips need an intermediate image prior to upgrading to newever versions of the firmware
+ifneq (,$(wildcard vendor/google_nos/prebuilts/dauntless/intermediate_images/d3m2_intermediate.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" vendor/google_nos/prebuilts/dauntless/intermediate_images/d3m2_intermediate.ec.bin))
+$(error GSC firmware size check fail)
+endif
+$(call dist-for-goals,droid,vendor/google_nos/prebuilts/dauntless/intermediate_images/d3m2_intermediate.ec.bin)
+endif
+
+endif # $(wildcard vendor/google_nos)
diff --git a/display/dump_display.cpp b/display/dump_display.cpp
index b811889..f57a134 100644
--- a/display/dump_display.cpp
+++ b/display/dump_display.cpp
@@ -16,15 +16,15 @@
#include <dump/pixel_dump.h>
#include <android-base/file.h>
-
int main() {
setbuf(stdout, NULL);
dumpFileContent("DECON-0 counters /sys/class/drm/card0/device/decon0/counters", "/sys/class/drm/card0/device/decon0/counters");
dumpFileContent("CRTC-0 event log", "/sys/kernel/debug/dri/0/crtc-0/event");
runCommand("libdisplaycolor", "/vendor/bin/dumpsys displaycolor -v");
- dumpFileContent("Primary panel name", "/sys/devices/platform/exynos-drm/primary-panel/panel_name");
- dumpFileContent("Primary panel extra info", "/sys/devices/platform/exynos-drm/primary-panel/panel_extinfo");
- dumpFileContent("Primary panel power Vreg", "/sys/devices/platform/exynos-drm/primary-panel/panel_pwr_vreg");
+
+ dumpFileContent("Primary panel name", "/sys/class/drm/card0/device/primary-panel/panel_name");
+ dumpFileContent("Primary panel extra info", "/sys/class/drm/card0/device/primary-panel/panel_extinfo");
+ dumpFileContent("Primary panel power Vreg", "/sys/class/drm/card0/device/primary-panel/panel_pwr_vreg");
+ dumpFileContent("Primary panel power mode register", "/sys/class/drm/card0/device/primary-panel/power_mode");
return 0;
}
-
diff --git a/display/dump_display_userdebug.sh b/display/dump_display_userdebug.sh
index b66a4fe..84b7311 100644
--- a/display/dump_display_userdebug.sh
+++ b/display/dump_display_userdebug.sh
@@ -1,4 +1,8 @@
#!/vendor/bin/sh
+display_trace_path="/sys/kernel/tracing/instances/pixel-display/trace"
+echo "------ Display Trace ($display_trace_path)------"
+cat $display_trace_path
+
echo "------ HWC Fence States ------"
for f in $(ls /data/vendor/log/hwc/*_hwc_fence_state*.txt)
do
diff --git a/display/dump_second_display.cpp b/display/dump_second_display.cpp
index a6f2665..9590c7f 100644
--- a/display/dump_second_display.cpp
+++ b/display/dump_second_display.cpp
@@ -18,8 +18,9 @@
int main() {
dumpFileContent("DECON-1 counters /sys/class/drm/card0/device/decon1/counters", "/sys/class/drm/card0/device/decon1/counters");
dumpFileContent("CRTC-1 event log", "/sys/kernel/debug/dri/0/crtc-1/event");
- dumpFileContent("Secondary panel name", "/sys/devices/platform/exynos-drm/secondary-panel/panel_name");
- dumpFileContent("Secondary panel extra info", "/sys/devices/platform/exynos-drm/secondary-panel/panel_extinfo");
+
+ dumpFileContent("Secondary panel name", "/sys/class/drm/card0/device/secondary-panel/panel_name");
+ dumpFileContent("Secondary panel extra info", "/sys/class/drm/card0/device/secondary-panel/panel_extinfo");
+ dumpFileContent("Secondary panel power mode register", "/sys/class/drm/card0/device/secondary-panel/power_mode");
return 0;
}
-
diff --git a/display/sepolicy/dump_display.te b/display/sepolicy/dump_display.te
index b8fd1b8..3e2cb69 100644
--- a/display/sepolicy/dump_display.te
+++ b/display/sepolicy/dump_display.te
@@ -1,3 +1,4 @@
+# Display (dump for bugreport)
pixel_bugreport(dump_display)
allow dump_display sysfs_display:file r_file_perms;
diff --git a/display/sepolicy/dump_display_userdebug.te b/display/sepolicy/dump_display_userdebug.te
index a3f83bb..c08fb29 100644
--- a/display/sepolicy/dump_display_userdebug.te
+++ b/display/sepolicy/dump_display_userdebug.te
@@ -1,3 +1,4 @@
+# Display eng/userdebug (dump for bugreport)
pixel_bugreport(dump_display_userdebug)
userdebug_or_eng(`
@@ -5,4 +6,6 @@
allow dump_display_userdebug vendor_log_file:dir search;
allow dump_display_userdebug vendor_hwc_log_file:dir r_dir_perms;
allow dump_display_userdebug vendor_hwc_log_file:file r_file_perms;
+ allow dump_display_userdebug debugfs_tracing_instances:dir search;
+ allow dump_display_userdebug debugfs_tracing_instances:file r_file_perms;
')
diff --git a/dump_chip_info/Android.bp b/dump_chip_info/Android.bp
new file mode 100644
index 0000000..4a13160
--- /dev/null
+++ b/dump_chip_info/Android.bp
@@ -0,0 +1,20 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+ name: "dump_chip_info",
+ srcs: ["dump_chip_info.cpp"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libdump",
+ "liblog",
+ ],
+ vendor: true,
+ relative_install_path: "dump",
+}
diff --git a/dump_chip_info/chip_info.mk b/dump_chip_info/chip_info.mk
new file mode 100644
index 0000000..a0d8317
--- /dev/null
+++ b/dump_chip_info/chip_info.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/dump_chip_info/sepolicy
+
+PRODUCT_PACKAGES += dump_chip_info
diff --git a/dump_chip_info/dump_chip_info.cpp b/dump_chip_info/dump_chip_info.cpp
new file mode 100644
index 0000000..dd83743
--- /dev/null
+++ b/dump_chip_info/dump_chip_info.cpp
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+#include <android-base/file.h>
+
+int main() {
+ dumpFileContent("ap_rom_patch_ver", "/sys/devices/system/goog-chip-info/ap_rom_patch_ver");
+ dumpFileContent("gpcm_asic_id", "/sys/devices/system/goog-chip-info/gpcm_asic_id");
+
+ return 0;
+}
diff --git a/dump_chip_info/sepolicy/dump_chip_info.te b/dump_chip_info/sepolicy/dump_chip_info.te
new file mode 100644
index 0000000..936d425
--- /dev/null
+++ b/dump_chip_info/sepolicy/dump_chip_info.te
@@ -0,0 +1,3 @@
+#
+pixel_bugreport(dump_chip_info)
+allow dump_chip_info sysfs_chip_info:file r_file_perms;
diff --git a/dump_chip_info/sepolicy/file.te b/dump_chip_info/sepolicy/file.te
new file mode 100644
index 0000000..80900b0
--- /dev/null
+++ b/dump_chip_info/sepolicy/file.te
@@ -0,0 +1,2 @@
+#
+type sysfs_chip_info, sysfs_type, fs_type;
diff --git a/dump_chip_info/sepolicy/file_contexts b/dump_chip_info/sepolicy/file_contexts
new file mode 100644
index 0000000..b9f4b21
--- /dev/null
+++ b/dump_chip_info/sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/dump/dump_chip_info u:object_r:dump_chip_info_exec:s0
diff --git a/dump_chip_info/sepolicy/genfs_contexts b/dump_chip_info/sepolicy/genfs_contexts
new file mode 100644
index 0000000..3fda2de
--- /dev/null
+++ b/dump_chip_info/sepolicy/genfs_contexts
@@ -0,0 +1,2 @@
+genfscon sysfs /devices/system/goog-chip-info/ap_rom_patch_ver u:object_r:sysfs_chip_info:s0
+genfscon sysfs /devices/system/goog-chip-info/gpcm_asic_id u:object_r:sysfs_chip_info:s0
diff --git a/edgetpu/edgetpu.mk b/edgetpu/edgetpu.mk
index feb728f..9f7e1de 100644
--- a/edgetpu/edgetpu.mk
+++ b/edgetpu/edgetpu.mk
@@ -19,10 +19,6 @@
# TPU TFlite Delegate
PRODUCT_PACKAGES += \
libedgetpu_util
-# TPU DBA AIDL HAL service
-PRODUCT_PACKAGES += com.google.edgetpu.dba-service
-# TPU DBA C API library
-PRODUCT_PACKAGES += libedgetpu_dba.google
# TPU Tachyon HAL service
PRODUCT_PACKAGES += com.google.edgetpu.tachyon-service
# TPU Tachyon C API library
diff --git a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
index 3b2cd4f..abdbcd7 100644
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@@ -1,3 +1,4 @@
+# Sepolicies for EdgeTPU
type hal_neuralnetworks_darwinn, domain;
hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks)
@@ -62,3 +63,8 @@
# Allow DMA Buf access.
allow hal_neuralnetworks_darwinn dmabuf_system_heap_device:chr_file r_file_perms;
+# Allows the NNAPI HAL to access the graphics_allocator_service.
+# This is required for shared memory buffer allocation.
+# Context:- b/361711471.
+hal_client_domain(hal_neuralnetworks_darwinn, hal_graphics_allocator);
+allow hal_neuralnetworks_darwinn hal_graphics_allocator_service:service_manager find;
diff --git a/esim/Android.bp b/esim/Android.bp
new file mode 100644
index 0000000..a2427f1
--- /dev/null
+++ b/esim/Android.bp
@@ -0,0 +1,10 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+prebuilt_etc {
+ name: "init.esim-gs.rc",
+ src: "init.esim-gs.rc",
+ vendor: true,
+ sub_dir: "init",
+}
diff --git a/esim/OWNERS b/esim/OWNERS
new file mode 100644
index 0000000..157ecd6
--- /dev/null
+++ b/esim/OWNERS
@@ -0,0 +1,2 @@
+kiwonp@google.com
+mewan@google.com
\ No newline at end of file
diff --git a/esim/esim.mk b/esim/esim.mk
new file mode 100644
index 0000000..47e21b7
--- /dev/null
+++ b/esim/esim.mk
@@ -0,0 +1,5 @@
+PRODUCT_PACKAGES += init.esim-gs.rc
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/vendor
+# system_ext
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/system_ext/public
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/system_ext/private
diff --git a/esim/init.esim-gs.rc b/esim/init.esim-gs.rc
new file mode 100644
index 0000000..ce27334
--- /dev/null
+++ b/esim/init.esim-gs.rc
@@ -0,0 +1,11 @@
+# Disable bootstrap when bootloader is unlocked in user build
+on property:ro.build.type=user && property:ro.boot.flash.locked=0
+ setprop setupwizard.feature.provisioning_profile_mode false
+
+# Disable bootstrap for UGS devices
+on property:ro.boot.warranty.sku=UGS
+ setprop setupwizard.feature.provisioning_profile_mode false
+
+# Disable bootstrap for DVT devices shipping to non-US carriers
+on property:ro.boot.warranty.sku=BOF
+ setprop setupwizard.feature.provisioning_profile_mode false
diff --git a/esim/sepolicy/system_ext/private/gmscore_app.te b/esim/sepolicy/system_ext/private/gmscore_app.te
new file mode 100644
index 0000000..4dc1639
--- /dev/null
+++ b/esim/sepolicy/system_ext/private/gmscore_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(gmscore_app, setupwizard_feature_prop)
diff --git a/esim/sepolicy/system_ext/private/priv_app.te b/esim/sepolicy/system_ext/private/priv_app.te
new file mode 100644
index 0000000..90bc371
--- /dev/null
+++ b/esim/sepolicy/system_ext/private/priv_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(priv_app, setupwizard_feature_prop)
diff --git a/esim/sepolicy/system_ext/private/property_contexts b/esim/sepolicy/system_ext/private/property_contexts
new file mode 100644
index 0000000..464a289
--- /dev/null
+++ b/esim/sepolicy/system_ext/private/property_contexts
@@ -0,0 +1,2 @@
+# setupwizard
+setupwizard.feature.provisioning_profile_mode u:object_r:setupwizard_feature_prop:s0
diff --git a/esim/sepolicy/system_ext/public/property.te b/esim/sepolicy/system_ext/public/property.te
new file mode 100644
index 0000000..96cb3b3
--- /dev/null
+++ b/esim/sepolicy/system_ext/public/property.te
@@ -0,0 +1,2 @@
+# setupwizard
+system_public_prop(setupwizard_feature_prop)
diff --git a/esim/sepolicy/vendor/vendor_init.te b/esim/sepolicy/vendor/vendor_init.te
new file mode 100644
index 0000000..c9cb14e
--- /dev/null
+++ b/esim/sepolicy/vendor/vendor_init.te
@@ -0,0 +1,2 @@
+# setupwizard
+set_prop(vendor_init, setupwizard_feature_prop)
diff --git a/euiccpixel_app/euiccpixel_app_st54.mk b/euiccpixel_app/euiccpixel_app_st54.mk
new file mode 100644
index 0000000..e96d06c
--- /dev/null
+++ b/euiccpixel_app/euiccpixel_app_st54.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/euiccpixel_app/sepolicy/common
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/euiccpixel_app/sepolicy/st54
+PRODUCT_PACKAGES += EuiccSupportPixel-P23
diff --git a/euiccpixel_app/sepolicy/common/certs/EuiccSupportPixel.x509.pem b/euiccpixel_app/sepolicy/common/certs/EuiccSupportPixel.x509.pem
new file mode 100644
index 0000000..be303df
--- /dev/null
+++ b/euiccpixel_app/sepolicy/common/certs/EuiccSupportPixel.x509.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF2zCCA8OgAwIBAgIVAIFP2e+Gh4wn4YFsSI7fRB6AXjIsMA0GCSqGSIb3DQEBCwUAMH4xCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
+EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEaMBgGA1UEAxMRRXVpY2NTdXBw
+b3J0UGl4ZWwwHhcNMTkwMjI4MTkyMjE4WhcNNDkwMjI4MTkyMjE4WjB+MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29v
+Z2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxGjAYBgNVBAMTEUV1aWNjU3VwcG9ydFBpeGVsMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqklePqeltzqnyXVch9eJRXFBRQQIBIJWhcXb
+WIP/kZ28ISnQ2SrZisdxqtvRIeInxb7lU1rRQDfqCFSp/vMZ3l25Ryn6OVLFP4bxV1vO797t7Ef/
+amYA1mFKBsD4KLaIGj0/2RpGesneCOb0jWl2yRgIO2Ez7Y4YgWU/IoickZDLp1u6/7e7E/Qq9OXK
+aXvtBSzooGrYC7eyKn7O21FOfz5cQRo4BipjJqXG5Ez8Vi+m/dL1IFRZheYttEf3v390vBcb0oJ0
+oYPzLxmnb1LchjZC3yLAknRA0hNt8clvJ3tjXFjtzCGKsQsT4rnvvGFFABJTCf3EdEiwBNS5U4ho
++9+EtH7PpuoC+uVv2rLv/Gb7stlGQGx32KmK2CfKED3PdNqoT7WRx6nvVjCk3i7afdUcxQxcS9td
+5r80CB1bQEhS2sWLWB21PJrfMugWUJO5Bwz6u0es8dP+4FAHojIaF6iwB5ZYIuHGcEaOviHm4jOK
+rrGMlLqTwuEhq2aVIP55u7XRV98JLs2hlE5DJOWCIsPxybUDiddFvR+yzi/4FimsxJlEmaQAQcki
+uJ9DceVP03StPzFJSDRlqa4yF6xkZW5piNoANQ4MyI67V2Qf8g/L1UPYAi4hUMxQGo7Clw2hBRag
+ZTm65Xc7+ovBYxl5YaXAmNoJbss34Lw8tdrn4EECAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNV
+HQ4EFgQU+hQdFrOGuCDI+bbebssw9TL5FcYwHwYDVR0jBBgwFoAU+hQdFrOGuCDI+bbebssw9TL5
+FcYwDQYJKoZIhvcNAQELBQADggIBAGmyZHXddei/zUUMowiyi/MTtqXf9hKDEN4zhAXkuiuHxqA9
+Ii0J1Sxz2dd5NkqMmtePKYFSGA884yVm1KAne/uoCWj57IK3jswiRYnKhXa293DxA/K9wY27IGbp
+ulSuuxbpjjV2tqGUuoNQGKX7Oy6s0GcibyZFc+LpD7ttGk5QoLC9qQdpXZgUv/yG2B99ERSXLCaL
+EWMNP/oVZQOCQGfsFM1fPLn3X0ZuCOQg9bljxFf3jTl+H6PIAhpCjKeeUQYLc41eQkCyR/f67aRB
+GvO4YDpXLn9eH23B+26rjPyFiVtMJ/jJZ7UEPeJ3XBj1COS/X7p9gGRS5rtfr9z7XxuMxvG0JU9U
+XA+bMfOOfCqflvw6IyUg+oxjBFIhgiP4fxna51+BqpctvB0OeRwUm6y4nN06AwqtD8SteQrEn0b0
+IDWOKlVeh0lJWrDDEHr55dXSF+CbOPUDmMxmGoulOEOy/qSWIQi8BfvdX+e88CmracNRYVffLuQj
+pRYN3TeiCJd+6/X9/x1Q8VLW7vOAb6uRyE2lOjX40DYBxK3xSq6J7Vp38f6z0vtQm2sAAQ4xqqon
+A9tB5p+nJlYHgSxXOZx3C13Rs/eMmiGCKkSpCTnGCgBC7PfJDdMK6SLw5Gn4oyGoZo4fXbADuHrU
+0JD1T1qdCm3aUSEmFgEA4rOL/0K3
+-----END CERTIFICATE-----
diff --git a/euiccpixel_app/sepolicy/common/euiccpixel_app.te b/euiccpixel_app/sepolicy/common/euiccpixel_app.te
new file mode 100644
index 0000000..8093b49
--- /dev/null
+++ b/euiccpixel_app/sepolicy/common/euiccpixel_app.te
@@ -0,0 +1,27 @@
+# Euiccpixel_app
+type euiccpixel_app, domain;
+app_domain(euiccpixel_app)
+
+allow euiccpixel_app activity_service:service_manager find;
+allow euiccpixel_app netstats_service:service_manager find;
+allow euiccpixel_app content_capture_service:service_manager find;
+allow euiccpixel_app activity_task_service:service_manager find;
+allow euiccpixel_app gpu_service:service_manager find;
+allow euiccpixel_app voiceinteraction_service:service_manager find;
+allow euiccpixel_app autofill_service:service_manager find;
+allow euiccpixel_app sensitive_content_protection_service:service_manager find;
+allow euiccpixel_app hint_service:service_manager find;
+allow euiccpixel_app audio_service:service_manager find;
+allow euiccpixel_app batterystats_service:service_manager find;
+allow euiccpixel_app batteryproperties_service:service_manager find;
+allow euiccpixel_app permission_checker_service:service_manager find;
+allow euiccpixel_app radio_service:service_manager find;
+allow euiccpixel_app nfc_service:service_manager find;
+
+set_prop(euiccpixel_app, vendor_secure_element_prop)
+set_prop(euiccpixel_app, vendor_modem_prop)
+get_prop(euiccpixel_app, dck_prop)
+
+# b/265286368 framework UI rendering properties and file access
+dontaudit euiccpixel_app default_prop:file { read };
+dontaudit euiccpixel_app sysfs_gpu_uevent:file { read open getattr };
diff --git a/euiccpixel_app/sepolicy/common/file.te b/euiccpixel_app/sepolicy/common/file.te
new file mode 100644
index 0000000..e76ee79
--- /dev/null
+++ b/euiccpixel_app/sepolicy/common/file.te
@@ -0,0 +1,2 @@
+# type for gpu uevent
+type sysfs_gpu_uevent, sysfs_type, fs_type;
diff --git a/euiccpixel_app/sepolicy/common/genfs_contexts b/euiccpixel_app/sepolicy/common/genfs_contexts
new file mode 100644
index 0000000..fc146df
--- /dev/null
+++ b/euiccpixel_app/sepolicy/common/genfs_contexts
@@ -0,0 +1 @@
+genfscon sysfs /devices/platform/34f00000.gpu0/uevent u:object_r:sysfs_gpu_uevent:s0
diff --git a/euiccpixel_app/sepolicy/common/keys.conf b/euiccpixel_app/sepolicy/common/keys.conf
new file mode 100644
index 0000000..7071a2a
--- /dev/null
+++ b/euiccpixel_app/sepolicy/common/keys.conf
@@ -0,0 +1,2 @@
+[@EUICCSUPPORTPIXEL]
+ALL : device/google/gs-common/euiccpixel_app/sepolicy/common/certs/EuiccSupportPixel.x509.pem
diff --git a/euiccpixel_app/sepolicy/common/mac_permissions.xml b/euiccpixel_app/sepolicy/common/mac_permissions.xml
new file mode 100644
index 0000000..0eab982
--- /dev/null
+++ b/euiccpixel_app/sepolicy/common/mac_permissions.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+ * A signature is a hex encoded X.509 certificate or a tag defined in
+ keys.conf and is required for each signer tag.
+ * A signer tag may contain a seinfo tag and multiple package stanzas.
+ * A default tag is allowed that can contain policy for all apps not signed with a
+ previously listed cert. It may not contain any inner package stanzas.
+ * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
+ represents additional info that each app can use in setting a SELinux security
+ context on the eventual process.
+ * When a package is installed the following logic is used to determine what seinfo
+ value, if any, is assigned.
+ - All signatures used to sign the app are checked first.
+ - If a signer stanza has inner package stanzas, those stanza will be checked
+ to try and match the package name of the app. If the package name matches
+ then that seinfo tag is used. If no inner package matches then the outer
+ seinfo tag is assigned.
+ - The default tag is consulted last if needed.
+-->
+ <!-- google apps key -->
+ <signer signature="@EUICCSUPPORTPIXEL" >
+ <seinfo value="EuiccSupportPixel" />
+ </signer>
+</policy>
diff --git a/euiccpixel_app/sepolicy/common/seapp_contexts b/euiccpixel_app/sepolicy/common/seapp_contexts
new file mode 100644
index 0000000..9501a3a
--- /dev/null
+++ b/euiccpixel_app/sepolicy/common/seapp_contexts
@@ -0,0 +1,2 @@
+# Domain for EuiccSupportPixel
+user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
diff --git a/euiccpixel_app/sepolicy/st54/euiccpixel_app.te b/euiccpixel_app/sepolicy/st54/euiccpixel_app.te
new file mode 100644
index 0000000..3d81a57
--- /dev/null
+++ b/euiccpixel_app/sepolicy/st54/euiccpixel_app.te
@@ -0,0 +1,8 @@
+# euiccpixel requires st54spi for firmware upgrade
+userdebug_or_eng(`
+ net_domain(euiccpixel_app)
+
+ # Access to directly upgrade firmware on st54spi_device used for engineering devices
+ typeattribute st54spi_device mlstrustedobject;
+ allow euiccpixel_app st54spi_device:chr_file rw_file_perms;
+')
diff --git a/gcam_app/gcam.mk b/gcam_app/gcam.mk
new file mode 100644
index 0000000..38c7b69
--- /dev/null
+++ b/gcam_app/gcam.mk
@@ -0,0 +1,8 @@
+# vendor
+BOARD_SEPOLICY_DIRS += device/google/gs-common/gcam_app/sepolicy/vendor
+
+# product
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/gcam_app/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/gcam_app/sepolicy//product/private
+
+PRODUCT_PACKAGES += GoogleCamera
diff --git a/gcam_app/sepolicy/product/private/debug_camera_app.te b/gcam_app/sepolicy/product/private/debug_camera_app.te
new file mode 100644
index 0000000..4402e55
--- /dev/null
+++ b/gcam_app/sepolicy/product/private/debug_camera_app.te
@@ -0,0 +1,29 @@
+# GCANext and GCAEng.
+# b/363018500
+typeattribute debug_camera_app coredomain;
+
+userdebug_or_eng(`
+ app_domain(debug_camera_app)
+ net_domain(debug_camera_app)
+
+ allow debug_camera_app activity_service:service_manager find;
+ allow debug_camera_app activity_task_service:service_manager find;
+ allow debug_camera_app audioserver_service:service_manager find;
+ allow debug_camera_app batterystats_service:service_manager find;
+ allow debug_camera_app cameraserver_service:service_manager find;
+ allow debug_camera_app device_policy_service:service_manager find;
+ allow debug_camera_app device_state_service:service_manager find;
+ allow debug_camera_app gpu_service:service_manager find;
+ allow debug_camera_app mediaextractor_service:service_manager find;
+ allow debug_camera_app mediametrics_service:service_manager find;
+ allow debug_camera_app mediaserver_service:service_manager find;
+ allow debug_camera_app powerstats_service:service_manager find;
+ allow debug_camera_app sensorservice_service:service_manager find;
+ allow debug_camera_app thermal_service:service_manager find;
+ allow debug_camera_app trust_service:service_manager find;
+ allow debug_camera_app vibrator_manager_service:service_manager find;
+ allow debug_camera_app virtual_device_native_service:service_manager find;
+
+ # Allows GCA_Eng & GCA-Next to access the PowerHAL.
+ hal_client_domain(debug_camera_app, hal_power)
+')
diff --git a/gcam_app/sepolicy/product/private/google_camera_app.te b/gcam_app/sepolicy/product/private/google_camera_app.te
new file mode 100644
index 0000000..a4c7a79
--- /dev/null
+++ b/gcam_app/sepolicy/product/private/google_camera_app.te
@@ -0,0 +1,17 @@
+# GCARelease and GCADogfood.
+typeattribute google_camera_app coredomain;
+app_domain(google_camera_app)
+net_domain(google_camera_app)
+
+#allow google_camera_app app_api_service:service_manager find;
+#allow google_camera_app audioserver_service:service_manager find;
+#allow google_camera_app cameraserver_service:service_manager find;
+#allow google_camera_app mediaextractor_service:service_manager find;
+#allow google_camera_app mediametrics_service:service_manager find;
+#allow google_camera_app mediaserver_service:service_manager find;
+
+# Allows GCA to access the PowerHAL.
+hal_client_domain(google_camera_app, hal_power)
+
+# Library code may try to access vendor properties, but should be denied
+dontaudit google_camera_app vendor_default_prop:file { getattr map open };
diff --git a/gcam_app/sepolicy/product/private/seapp_contexts b/gcam_app/sepolicy/product/private/seapp_contexts
new file mode 100644
index 0000000..9ba54b7
--- /dev/null
+++ b/gcam_app/sepolicy/product/private/seapp_contexts
@@ -0,0 +1,12 @@
+# Google Camera
+user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
+
+# Google Camera Eng
+user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all
+
+# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera
+user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all
+
+# Also label GoogleCameraNext, built with debug keys as debug_camera_app.
+user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all
+
diff --git a/gcam_app/sepolicy/vendor/certs/app.x509.pem b/gcam_app/sepolicy/vendor/certs/app.x509.pem
new file mode 100644
index 0000000..8e3e627
--- /dev/null
+++ b/gcam_app/sepolicy/vendor/certs/app.x509.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIJANWFuGx90071MA0GCSqGSIb3DQEBBAUAMIGUMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g
+VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE
+AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
+Fw0wODA0MTUyMzM2NTZaFw0zNTA5MDEyMzM2NTZaMIGUMQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G
+A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p
+ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI
+hvcNAQEBBQADggENADCCAQgCggEBANbOLggKv+IxTdGNs8/TGFy0PTP6DHThvbbR
+24kT9ixcOd9W+EaBPWW+wPPKQmsHxajtWjmQwWfna8mZuSeJS48LIgAZlKkpFeVy
+xW0qMBujb8X8ETrWy550NaFtI6t9+u7hZeTfHwqNvacKhp1RbE6dBRGWynwMVX8X
+W8N1+UjFaq6GCJukT4qmpN2afb8sCjUigq0GuMwYXrFVee74bQgLHWGJwPmvmLHC
+69EH6kWr22ijx4OKXlSIx2xT1AsSHee70w5iDBiK4aph27yH3TxkXy9V89TDdexA
+cKk/cVHYNnDBapcavl7y0RiQ4biu8ymM8Ga/nmzhRKya6G0cGw8CAQOjgfwwgfkw
+HQYDVR0OBBYEFI0cxb6VTEM8YYY6FbBMvAPyT+CyMIHJBgNVHSMEgcEwgb6AFI0c
+xb6VTEM8YYY6FbBMvAPyT+CyoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE
+CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH
+QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG
+CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJANWFuGx90071MAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBABnTDPEF+3iSP0wNfdIjIz1AlnrP
+zgAIHVvXxunW7SBrDhEglQZBbKJEk5kT0mtKoOD1JMrSu1xuTKEBahWRbqHsXcla
+XjoBADb0kkjVEJu/Lh5hgYZnOjvlba8Ld7HCKePCVePoTJBdI4fvugnL8TsgK05a
+IskyY0hKI9L8KfqfGTl1lzOv2KoWD0KWwtAWPoGChZxmQ+nBli+gwYMzM1vAkP+a
+ayLe0a1EQimlOalO762r0GXO0ks+UeXde2Z4e+8S/pf7pITEI/tP+MxJTALw9QUW
+Ev9lKTk+jkbqxbsh8nfBUapfKqYn0eidpwq2AzVp3juYl7//fKnaPhJD9gs=
+-----END CERTIFICATE-----
diff --git a/gcam_app/sepolicy/vendor/certs/camera_eng.x509.pem b/gcam_app/sepolicy/vendor/certs/camera_eng.x509.pem
new file mode 100644
index 0000000..011a9ec
--- /dev/null
+++ b/gcam_app/sepolicy/vendor/certs/camera_eng.x509.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw
+NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE
+ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO
+OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
++1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
++DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
+UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
+TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
+rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
+TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK
+pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY
+DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG
+ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4
+rscXTxYEf4Tqovc=
+-----END CERTIFICATE-----
diff --git a/gcam_app/sepolicy/vendor/certs/camera_fishfood.x509.pem b/gcam_app/sepolicy/vendor/certs/camera_fishfood.x509.pem
new file mode 100644
index 0000000..fb11572
--- /dev/null
+++ b/gcam_app/sepolicy/vendor/certs/camera_fishfood.x509.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n
+bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w
+HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv
+b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93
+bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/
+jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B
+IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe
+tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td
+0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg
+Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b
+aIOMFB0Km9HbEZHLKg33kOoMsS2zpA==
+-----END CERTIFICATE-----
diff --git a/gcam_app/sepolicy/vendor/debug_camera_app.te b/gcam_app/sepolicy/vendor/debug_camera_app.te
new file mode 100644
index 0000000..8cac086
--- /dev/null
+++ b/gcam_app/sepolicy/vendor/debug_camera_app.te
@@ -0,0 +1,16 @@
+# GCANext and GCAEng.
+userdebug_or_eng(`
+ # Allows GCA-Eng & GCA-Next access the GXP device and properties.
+ allow debug_camera_app gxp_device:chr_file rw_file_perms;
+ get_prop(debug_camera_app, vendor_gxp_prop)
+
+ # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU.
+ allow debug_camera_app edgetpu_app_service:service_manager find;
+ allow debug_camera_app edgetpu_device:chr_file { read write ioctl };
+ # Cannot find avc evidence for below.
+ # allow debug_camera_app edgetpu_device:chr_file { getattr map };
+
+ # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12.
+ # allow debug_camera_app hw_jpg_device:chr_file rw_file_perms;
+')
+
diff --git a/gcam_app/sepolicy/vendor/google_camera_app.te b/gcam_app/sepolicy/vendor/google_camera_app.te
new file mode 100644
index 0000000..81f91ac
--- /dev/null
+++ b/gcam_app/sepolicy/vendor/google_camera_app.te
@@ -0,0 +1,13 @@
+# GCARelease and GCADogfood.
+
+# Allows GCA to acccess the GXP device & properties.
+#allow google_camera_app gxp_device:chr_file rw_file_perms;
+get_prop(google_camera_app, vendor_gxp_prop)
+
+# Allows GCA to find and access the EdgeTPU.
+#allow google_camera_app edgetpu_app_service:service_manager find;
+#allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+# Allows GCA to access the hw_jpeg /dev/video12.
+#allow google_camera_app hw_jpg_device:chr_file rw_file_perms;
+
diff --git a/gcam_app/sepolicy/vendor/keys.conf b/gcam_app/sepolicy/vendor/keys.conf
new file mode 100644
index 0000000..92e5ae2
--- /dev/null
+++ b/gcam_app/sepolicy/vendor/keys.conf
@@ -0,0 +1,8 @@
+[@GOOGLE]
+ALL : device/google/gs-common/gcam_app/sepolicy/vendor/certs/app.x509.pem
+
+[@CAMERAENG]
+ALL : device/google/gs-common/gcam_app/sepolicy/vendor/certs/camera_eng.x509.pem
+
+[@CAMERAFISHFOOD]
+ALL : device/google/gs-common/gcam_app/sepolicy/vendor/certs/camera_fishfood.x509.pem
diff --git a/gcam_app/sepolicy/vendor/mac_permissions.xml b/gcam_app/sepolicy/vendor/mac_permissions.xml
new file mode 100644
index 0000000..12d9b1a
--- /dev/null
+++ b/gcam_app/sepolicy/vendor/mac_permissions.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+ * A signature is a hex encoded X.509 certificate or a tag defined in
+ keys.conf and is required for each signer tag.
+ * A signer tag may contain a seinfo tag and multiple package stanzas.
+ * A default tag is allowed that can contain policy for all apps not signed with a
+ previously listed cert. It may not contain any inner package stanzas.
+ * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
+ represents additional info that each app can use in setting a SELinux security
+ context on the eventual process.
+ * When a package is installed the following logic is used to determine what seinfo
+ value, if any, is assigned.
+ - All signatures used to sign the app are checked first.
+ - If a signer stanza has inner package stanzas, those stanza will be checked
+ to try and match the package name of the app. If the package name matches
+ then that seinfo tag is used. If no inner package matches then the outer
+ seinfo tag is assigned.
+ - The default tag is consulted last if needed.
+-->
+ <!-- google apps key -->
+ <signer signature="@GOOGLE" >
+ <seinfo value="google" />
+ </signer>
+ <signer signature="@CAMERAENG" >
+ <seinfo value="CameraEng" />
+ </signer>
+ <signer signature="@CAMERAFISHFOOD" >
+ <seinfo value="CameraFishFood" />
+ </signer>
+
+</policy>
diff --git a/gear/dumpstate/sepolicy/hal_dumpstate_default.te b/gear/dumpstate/sepolicy/hal_dumpstate_default.te
index 06ebb75..e0f0b09 100644
--- a/gear/dumpstate/sepolicy/hal_dumpstate_default.te
+++ b/gear/dumpstate/sepolicy/hal_dumpstate_default.te
@@ -5,3 +5,8 @@
allow hal_dumpstate_default shell_data_file:file getattr;
set_prop(hal_dumpstate_default, vendor_logger_prop)
+# All dumps that are executed via hal_dumpstate_default should use their
+# own domain to request their permissions to achieve compartmentalization.
+# go/pixel-bugreport has examples on how to do that.
+neverallow hal_dumpstate_default { vendor_file_type -vendor_toolbox_exec }:file execute_no_trans;
+
diff --git a/gps/dump/dump_gps.cpp b/gps/dump/dump_gps.cpp
index 62f69f8..e073732 100644
--- a/gps/dump/dump_gps.cpp
+++ b/gps/dump/dump_gps.cpp
@@ -13,13 +13,16 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#include <unistd.h>
-#include <dump/pixel_dump.h>
-#include <android-base/properties.h>
#include <android-base/file.h>
+#include <android-base/properties.h>
+#include <dirent.h>
+#include <dump/pixel_dump.h>
+#include <sys/stat.h>
+#include <unistd.h>
#define GPS_LOG_NUMBER_PROPERTY "persist.vendor.gps.aol.log_num"
#define GPS_LOG_DIRECTORY "/data/vendor/gps/logs"
+#define GPS_RESOURCE_DIRECTORY "/data/vendor/gps/resource"
#define GPS_TMP_LOG_DIRECTORY "/data/vendor/gps/logs/.tmp"
#define GPS_LOG_PREFIX "gl-"
#define GPS_MCU_LOG_PREFIX "esw-"
@@ -29,6 +32,40 @@
#define GPS_RAWLOG_PREFIX "rawbin"
#define GPS_MEMDUMP_LOG_PREFIX "memdump_"
+static void copyDirectory(const std::string &source,
+ const std::string &outputDir) {
+ DIR *dir = opendir(source.c_str());
+ if (dir == nullptr) {
+ return;
+ }
+
+ if (mkdir(outputDir.c_str(), 0777) == -1) {
+ closedir(dir);
+ return;
+ }
+
+ struct dirent *entry;
+ while ((entry = readdir(dir)) != nullptr) {
+ std::string entryName = entry->d_name;
+ if (entryName == "." || entryName == "..") {
+ continue;
+ }
+
+ std::string sourcePath = source + "/" + entryName;
+ std::string destPath = outputDir + "/" + entryName;
+
+ struct stat st;
+ if (stat(sourcePath.c_str(), &st) == 0) {
+ if (S_ISDIR(st.st_mode))
+ copyDirectory(sourcePath, destPath);
+ else
+ copyFile(sourcePath.c_str(), destPath.c_str());
+ }
+ }
+ closedir(dir);
+ return;
+}
+
int main() {
if(!::android::base::GetBoolProperty("vendor.gps.aol.enabled", false)) {
printf("vendor.gps.aol.enabled is false. gps logging is not running.\n");
@@ -50,6 +87,7 @@
}
dumpLogs(GPS_LOG_DIRECTORY, outputDir.c_str(), maxFileNum, GPS_RAWLOG_PREFIX);
dumpLogs(GPS_LOG_DIRECTORY, outputDir.c_str(), 18, GPS_MEMDUMP_LOG_PREFIX);
+ copyDirectory(GPS_RESOURCE_DIRECTORY, concatenatePath(outputDir.c_str(), "resource"));
return 0;
}
diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te
index cc63702..e3e4d92 100644
--- a/gps/pixel/sepolicy/hal_gnss_pixel.te
+++ b/gps/pixel/sepolicy/hal_gnss_pixel.te
@@ -10,6 +10,9 @@
# Allow access to CHRE multiclient HAL.
get_prop(hal_gnss_pixel, vendor_chre_hal_prop)
+# Allow read vendor gps prop.
+get_prop(hal_gnss_pixel, vendor_gps_prop)
+
# Allow binder to CHRE.
binder_call(hal_gnss_pixel, hal_contexthub_default)
allow hal_gnss_pixel hal_contexthub_service:service_manager find;
diff --git a/gpu/MK_OWNERS b/gpu/MK_OWNERS
new file mode 100644
index 0000000..1d0be18
--- /dev/null
+++ b/gpu/MK_OWNERS
@@ -0,0 +1,4 @@
+jessehall@google.com
+spyffe@google.com
+jorwag@google.com
+jeremykemp@google.com
diff --git a/gpu/OWNERS b/gpu/OWNERS
new file mode 100644
index 0000000..259dd93
--- /dev/null
+++ b/gpu/OWNERS
@@ -0,0 +1,2 @@
+per-file gpu.mk=set noparent
+per-file gpu.mk=file:MK_OWNERS
diff --git a/gpu/gpu.mk b/gpu/gpu.mk
index b87e7ad..4b11e13 100644
--- a/gpu/gpu.mk
+++ b/gpu/gpu.mk
@@ -2,15 +2,15 @@
PRODUCT_PACKAGES += gpu_probe
-USE_MAPPER5 := false
+USE_MAPPER5 := true
PRODUCT_PACKAGES += pixel_gralloc_allocator
PRODUCT_PACKAGES += pixel_gralloc_mapper
ifeq ($(USE_MAPPER5), true)
-$(call soong_config_set,arm_gralloc,mapper_version,mapper5)
+$(call soong_config_set,pixel_gralloc,mapper_version,mapper5)
$(call soong_config_set,aion_buffer,mapper_version,mapper5)
else
-$(call soong_config_set,arm_gralloc,mapper_version,mapper4)
+$(call soong_config_set,pixel_gralloc,mapper_version,mapper4)
$(call soong_config_set,aion_buffer,mapper_version,mapper4)
endif
diff --git a/gril/aidl/2.0/compatibility_matrix.xml b/gril/aidl/2.0/compatibility_matrix.xml
new file mode 100644
index 0000000..8a4a776
--- /dev/null
+++ b/gril/aidl/2.0/compatibility_matrix.xml
@@ -0,0 +1,10 @@
+<compatibility-matrix version="1.0" type="framework">
+ <hal format="aidl" optional="true">
+ <name>vendor.google.radio_ext</name>
+ <version>2</version>
+ <interface>
+ <name>IRadioExt</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</compatibility-matrix>
diff --git a/gril/aidl/2.0/gril_aidl.mk b/gril/aidl/2.0/gril_aidl.mk
new file mode 100644
index 0000000..d4fa9e9
--- /dev/null
+++ b/gril/aidl/2.0/gril_aidl.mk
@@ -0,0 +1,4 @@
+PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/aidl/2.0/compatibility_matrix.xml
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/aidl/2.0/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
diff --git a/gril/aidl/2.0/sepolicy/file_contexts b/gril/aidl/2.0/sepolicy/file_contexts
new file mode 100644
index 0000000..9973b80
--- /dev/null
+++ b/gril/aidl/2.0/sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_aidl_radio_ext_exec:s0
diff --git a/gril/aidl/2.0/sepolicy/grilservice_app.te b/gril/aidl/2.0/sepolicy/grilservice_app.te
new file mode 100644
index 0000000..812c8a2
--- /dev/null
+++ b/gril/aidl/2.0/sepolicy/grilservice_app.te
@@ -0,0 +1,4 @@
+# allow grilservice_app to find hal_radio_ext_service
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_aidl_radio_ext)
+binder_call(grilservice_app, twoshay)
diff --git a/gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te b/gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te
new file mode 100644
index 0000000..68dd397
--- /dev/null
+++ b/gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te
@@ -0,0 +1,33 @@
+# hal_aidl_radio_ext domain
+type hal_aidl_radio_ext, domain;
+type hal_aidl_radio_ext_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(hal_aidl_radio_ext)
+
+get_prop(hal_aidl_radio_ext, hwservicemanager_prop)
+get_prop(hal_aidl_radio_ext, telephony_modemtype_prop)
+set_prop(hal_aidl_radio_ext, vendor_gril_prop)
+
+binder_call(hal_aidl_radio_ext, servicemanager)
+binder_call(hal_aidl_radio_ext, grilservice_app)
+binder_call(hal_aidl_radio_ext, hal_bluetooth_btlinux)
+
+add_service(hal_aidl_radio_ext, hal_radio_ext_service)
+
+# RW /dev/oem_ipc0
+allow hal_aidl_radio_ext radio_device:chr_file rw_file_perms;
+
+# RW MIPI Freq files
+allow hal_aidl_radio_ext radio_vendor_data_file:dir create_dir_perms;
+allow hal_aidl_radio_ext radio_vendor_data_file:file create_file_perms;
+
+# Bluetooth
+allow hal_aidl_radio_ext hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+allow hal_aidl_radio_ext hal_bluetooth_coexistence_service:service_manager find;
+
+# Allow access to the backlight driver to set ssc_mode
+allow hal_aidl_radio_ext sysfs_leds:dir search;
+allow hal_aidl_radio_ext sysfs_leds:file rw_file_perms;
+
+# legacy/zuma/vendor
+allow hal_aidl_radio_ext sysfs_display:file rw_file_perms;
diff --git a/gril/aidl/2.0/sepolicy/hal_camera_default.te b/gril/aidl/2.0/sepolicy/hal_camera_default.te
new file mode 100644
index 0000000..61f8001
--- /dev/null
+++ b/gril/aidl/2.0/sepolicy/hal_camera_default.te
@@ -0,0 +1,2 @@
+# allow hal_camera_default to binder call hal_aidl_radio_ext
+binder_call(hal_camera_default, hal_aidl_radio_ext);
diff --git a/gril/aidl/2.0/sepolicy/twoshay.te b/gril/aidl/2.0/sepolicy/twoshay.te
new file mode 100644
index 0000000..f7d3fe1
--- /dev/null
+++ b/gril/aidl/2.0/sepolicy/twoshay.te
@@ -0,0 +1,2 @@
+# allow twoshay to binder call hal_aidl_radio_ext
+binder_call(twoshay, hal_aidl_radio_ext)
diff --git a/modem/radio_ext/sepolicy/service.te b/gril/common/sepolicy/service.te
similarity index 68%
rename from modem/radio_ext/sepolicy/service.te
rename to gril/common/sepolicy/service.te
index 7288ef1..ee6fb77 100644
--- a/modem/radio_ext/sepolicy/service.te
+++ b/gril/common/sepolicy/service.te
@@ -1,2 +1,3 @@
# Radio Ext AIDL service
+# Shared definition so a single type is referenced
type hal_radio_ext_service, hal_service_type, protected_service, service_manager_type;
diff --git a/gril/common/sepolicy/service_contexts b/gril/common/sepolicy/service_contexts
new file mode 100644
index 0000000..7e50c2e
--- /dev/null
+++ b/gril/common/sepolicy/service_contexts
@@ -0,0 +1 @@
+vendor.google.radio_ext.IRadioExt/default u:object_r:hal_radio_ext_service:s0
diff --git a/gril/hidl/1.7/compatibility_matrix.xml b/gril/hidl/1.7/compatibility_matrix.xml
new file mode 100644
index 0000000..6129633
--- /dev/null
+++ b/gril/hidl/1.7/compatibility_matrix.xml
@@ -0,0 +1,10 @@
+<compatibility-matrix version="1.0" type="framework">
+ <hal format="hidl" optional="true">
+ <name>vendor.google.radioext</name>
+ <version>1.7</version>
+ <interface>
+ <name>IRadioExt</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</compatibility-matrix>
diff --git a/gril/hidl/1.7/gril_hidl.mk b/gril/hidl/1.7/gril_hidl.mk
new file mode 100644
index 0000000..0008a5d
--- /dev/null
+++ b/gril/hidl/1.7/gril_hidl.mk
@@ -0,0 +1,4 @@
+PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/hidl/1.7/compatibility_matrix.xml
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/hidl/1.7/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
diff --git a/gril/hidl/1.7/sepolicy/file_contexts b/gril/hidl/1.7/sepolicy/file_contexts
new file mode 100644
index 0000000..dea8592
--- /dev/null
+++ b/gril/hidl/1.7/sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
diff --git a/gril/hidl/1.7/sepolicy/grilservice_app.te b/gril/hidl/1.7/sepolicy/grilservice_app.te
new file mode 100644
index 0000000..3a170b8
--- /dev/null
+++ b/gril/hidl/1.7/sepolicy/grilservice_app.te
@@ -0,0 +1,4 @@
+# allow grilservice_app to find hal_radio_ext_service
+allow grilservice_app hal_radio_ext_service:service_manager find;
+# allow grilservice_app to binder call hal_radioext_default
+binder_call(grilservice_app, hal_radioext_default)
diff --git a/gril/hidl/1.7/sepolicy/hal_camera_default.te b/gril/hidl/1.7/sepolicy/hal_camera_default.te
new file mode 100644
index 0000000..36bdd7e
--- /dev/null
+++ b/gril/hidl/1.7/sepolicy/hal_camera_default.te
@@ -0,0 +1,2 @@
+# allow hal_camera_default to binder call hal_radioext_default
+binder_call(hal_camera_default, hal_radioext_default);
diff --git a/gril/hidl/1.7/sepolicy/hal_radioext_default.te b/gril/hidl/1.7/sepolicy/hal_radioext_default.te
new file mode 100644
index 0000000..6931fb7
--- /dev/null
+++ b/gril/hidl/1.7/sepolicy/hal_radioext_default.te
@@ -0,0 +1,28 @@
+# hal_radioext_default domain
+type hal_radioext_default, domain;
+type hal_radioext_default_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_radioext_default)
+
+hwbinder_use(hal_radioext_default)
+get_prop(hal_radioext_default, hwservicemanager_prop)
+get_prop(hal_radioext_default, telephony_modemtype_prop)
+set_prop(hal_radioext_default, vendor_gril_prop)
+add_hwservice(hal_radioext_default, hal_radioext_hwservice)
+
+binder_call(hal_radioext_default, servicemanager)
+binder_call(hal_radioext_default, grilservice_app)
+binder_call(hal_radioext_default, hal_bluetooth_btlinux)
+
+# RW /dev/oem_ipc0
+allow hal_radioext_default radio_device:chr_file rw_file_perms;
+
+# RW MIPI Freq files
+allow hal_radioext_default radio_vendor_data_file:dir create_dir_perms;
+allow hal_radioext_default radio_vendor_data_file:file create_file_perms;
+
+# Bluetooth
+allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find;
+
+# legacy/zuma/vendor
+allow hal_radioext_default sysfs_display:file rw_file_perms;
diff --git a/gril/hidl/1.7/sepolicy/hwservice_contexts b/gril/hidl/1.7/sepolicy/hwservice_contexts
new file mode 100644
index 0000000..5589c31
--- /dev/null
+++ b/gril/hidl/1.7/sepolicy/hwservice_contexts
@@ -0,0 +1,2 @@
+# GRIL HAL
+vendor.google.radioext::IRadioExt u:object_r:hal_radioext_hwservice:s0
diff --git a/gril/hidl/1.7/sepolicy/twoshay.te b/gril/hidl/1.7/sepolicy/twoshay.te
new file mode 100644
index 0000000..75c3b27
--- /dev/null
+++ b/gril/hidl/1.7/sepolicy/twoshay.te
@@ -0,0 +1,2 @@
+# allow twoshay to binder call hal_radioext_default
+binder_call(twoshay, hal_radioext_default)
diff --git a/gs_watchdogd/init.gs_watchdogd.rc b/gs_watchdogd/init.gs_watchdogd.rc
index 23d5fb2..ba3354f 100644
--- a/gs_watchdogd/init.gs_watchdogd.rc
+++ b/gs_watchdogd/init.gs_watchdogd.rc
@@ -1,5 +1,6 @@
# Pet watchdog timer every half of its timeout period.
service gs_watchdogd /system_ext/bin/gs_watchdogd
+ user root
class core
oneshot
seclabel u:r:gs_watchdogd:s0
diff --git a/gsa/Android.bp b/gsa/Android.bp
new file mode 100644
index 0000000..59e0369
--- /dev/null
+++ b/gsa/Android.bp
@@ -0,0 +1,20 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+ name: "dump_gsa",
+ srcs: ["dump_gsa.cpp"],
+ init_rc: ["init.gsa.rc"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ "-pedantic",
+ ],
+ shared_libs: [
+ "libdump",
+ ],
+ vendor: true,
+ relative_install_path: "dump",
+}
diff --git a/gsa/dump_gsa.cpp b/gsa/dump_gsa.cpp
new file mode 100644
index 0000000..6308036
--- /dev/null
+++ b/gsa/dump_gsa.cpp
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+#include <unistd.h>
+
+#define DIM(arr) (sizeof(arr) / sizeof(arr[0]))
+
+const char* paths[][2] = {{"GSA MAIN LOG", "/dev/gsa-log1"},
+ {"GSA INTERMEDIATE LOG", "/dev/gsa-bl1-log2"}};
+
+int main() {
+ for (size_t i = 0; i < DIM(paths); i++) {
+ if (!access(paths[i][1], R_OK)) {
+ dumpFileContent(paths[i][0], paths[i][1]);
+ }
+ }
+ return 0;
+}
diff --git a/gsa/gsa.mk b/gsa/gsa.mk
new file mode 100644
index 0000000..1938c66
--- /dev/null
+++ b/gsa/gsa.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gsa/sepolicy/gsa
+
+PRODUCT_PACKAGES += dump_gsa
diff --git a/gsa/init.gsa.rc b/gsa/init.gsa.rc
new file mode 100644
index 0000000..357144e
--- /dev/null
+++ b/gsa/init.gsa.rc
@@ -0,0 +1,6 @@
+on init
+ # Change GSA log group for dumpstate
+ chmod 660 /dev/gsa-log1
+ chmod 660 /dev/gsa-bl1-log2
+ chown root system /dev/gsa-log1
+ chown root system /dev/gsa-bl1-log2
diff --git a/gsa/sepolicy/gsa/dump_gsa.te b/gsa/sepolicy/gsa/dump_gsa.te
new file mode 100644
index 0000000..dcc3ef6
--- /dev/null
+++ b/gsa/sepolicy/gsa/dump_gsa.te
@@ -0,0 +1,6 @@
+# GSA
+pixel_bugreport(dump_gsa)
+
+userdebug_or_eng(`
+ allow dump_gsa gsa_log_device:chr_file r_file_perms;
+')
diff --git a/gsa/sepolicy/gsa/file.te b/gsa/sepolicy/gsa/file.te
new file mode 100644
index 0000000..46a1732
--- /dev/null
+++ b/gsa/sepolicy/gsa/file.te
@@ -0,0 +1,2 @@
+# GSA
+type gsa_log_device, dev_type;
diff --git a/gsa/sepolicy/gsa/file_contexts b/gsa/sepolicy/gsa/file_contexts
new file mode 100644
index 0000000..ad3a72d
--- /dev/null
+++ b/gsa/sepolicy/gsa/file_contexts
@@ -0,0 +1,4 @@
+# GSA
+/dev/gsa-log1 u:object_r:gsa_log_device:s0
+/dev/gsa-bl1-log2 u:object_r:gsa_log_device:s0
+/vendor/bin/dump/dump_gsa u:object_r:dump_gsa_exec:s0
diff --git a/gxp/sepolicy/dump_gxp.te b/gxp/sepolicy/dump_gxp.te
index 8d285c5..322a01f 100644
--- a/gxp/sepolicy/dump_gxp.te
+++ b/gxp/sepolicy/dump_gxp.te
@@ -1,3 +1,4 @@
+# Dump GXP logs to bugreport.
pixel_bugreport(dump_gxp)
userdebug_or_eng(`
@@ -7,7 +8,5 @@
allow dump_gxp sscoredump_vendor_data_coredump_file:file r_file_perms;
allow dump_gxp sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
allow dump_gxp sscoredump_vendor_data_crashinfo_file:file r_file_perms;
- # Allow dump_gxp to access gxp properties.
- get_prop(google_camera_app, vendor_gxp_prop)
')
diff --git a/insmod/insmod.sh b/insmod/insmod.sh
index 8cac37e..dfc4fdd 100755
--- a/insmod/insmod.sh
+++ b/insmod/insmod.sh
@@ -1,11 +1,11 @@
#!/vendor/bin/sh
-#############################################################
-### init.insmod.cfg format: ###
-### ----------------------------------------------------- ###
-### [insmod|setprop|enable/moprobe|wait] [path|prop name] ###
-### ... ###
-#############################################################
+###################################################################
+### init.insmod.cfg format: ###
+### ----------------------------------------------------------- ###
+### [insmod|setprop|enable|moprobe|rmmod|wait] [path|prop name] ###
+### ... ###
+###################################################################
modules_dir=
system_modules_dir=
@@ -96,6 +96,7 @@
modprobe -a -d "${modules_dir}" $arg
fi
;;
+ "rmmod") rmmod $arg ;;
"wait") wait_for_file $arg ;;
esac
done < $cfg_file
diff --git a/mediacodec/vpu/mediacodec_google.mk b/mediacodec/vpu/mediacodec_google.mk
index 8c1e974..3984501 100644
--- a/mediacodec/vpu/mediacodec_google.mk
+++ b/mediacodec/vpu/mediacodec_google.mk
@@ -7,10 +7,12 @@
libgc2_vdi_vpu \
libgc2_log \
libgc2_utils \
+ libgc2_dec \
libgc2_av1_dec \
libgc2_vp9_dec \
libgc2_hevc_dec \
libgc2_avc_dec \
+ libgc2_enc \
libgc2_av1_enc \
libgc2_hevc_enc \
libgc2_avc_enc \
diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te
index 2c5d1cb..99a3c8d 100644
--- a/mediacodec/vpu/sepolicy/mediacodec_google.te
+++ b/mediacodec/vpu/sepolicy/mediacodec_google.te
@@ -1,3 +1,4 @@
+# Google Mediacodec
type mediacodec_google, domain;
type mediacodec_google_exec, exec_type, vendor_file_type, file_type;
@@ -7,7 +8,11 @@
hal_client_domain(mediacodec_google, hal_graphics_allocator)
+add_service(mediacodec_google, eco_service)
+binder_call(mediacodec_google, hal_camera_default)
+
allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediacodec_google video_device:chr_file { read write open ioctl map };
# mediacodec_google should never execute any executable without a domain transition
neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
@@ -18,3 +23,11 @@
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;
+
+# Allow HAL to send trace packets to Perfetto
+userdebug_or_eng(`perfetto_producer(mediacodec_google)')
+
+userdebug_or_eng(`
+ allow mediacodec_google vendor_media_data_file:dir rw_dir_perms;
+ allow mediacodec_google vendor_media_data_file:file create_file_perms;
+')
diff --git a/modem/dump_modemlog/Android.bp b/modem/dump_modemlog/Android.bp
index aca7b20..f509320 100644
--- a/modem/dump_modemlog/Android.bp
+++ b/modem/dump_modemlog/Android.bp
@@ -1,12 +1,12 @@
package {
- default_applicable_licenses: [ "Android-Apache-2.0" ],
+ default_applicable_licenses: ["Android-Apache-2.0"],
}
-sh_binary {
- name: "dump_modem.sh",
- src: "dump_modem.sh",
+rust_binary {
+ name: "dump_modem",
+ srcs: ["dump_modem.rs"],
vendor: true,
- sub_dir: "dump",
+ relative_install_path: "dump",
}
// Modem Log Dumper
@@ -30,10 +30,10 @@
cc_library {
name: "modem_log_dumper",
- srcs: [ "modem_log_dumper.cpp" ],
- defaults: [ "modem_log_dumper_defaults" ],
+ srcs: ["modem_log_dumper.cpp"],
+ defaults: ["modem_log_dumper_defaults"],
export_shared_lib_headers: modem_log_dumper_public_deps,
- export_include_dirs: [ "include" ],
+ export_include_dirs: ["include"],
vendor_available: true,
}
@@ -41,7 +41,7 @@
cc_binary {
name: "dump_modemlog",
- srcs: [ "dump_modemlog.cpp" ],
+ srcs: ["dump_modemlog.cpp"],
cflags: [
"-Wall",
"-Wextra",
@@ -60,7 +60,7 @@
cc_test {
name: "dump_modemlog_test",
- srcs: [ "modem_log_dumper_test.cpp" ],
+ srcs: ["modem_log_dumper_test.cpp"],
defaults: [
"modem_log_dumper_defaults",
"modem_android_property_manager_fake_defaults",
diff --git a/modem/dump_modemlog/dump_modem.rs b/modem/dump_modemlog/dump_modem.rs
new file mode 100644
index 0000000..d9af7eb
--- /dev/null
+++ b/modem/dump_modemlog/dump_modem.rs
@@ -0,0 +1,109 @@
+// Copyright 2024 Google LLC
+
+//! The dump_modem binary is used to capture kernel/userspace logs in bugreport
+
+use std::fs;
+
+const MODEM_STAT: &str = "/data/vendor/modem_stat/debug.txt";
+const SSRDUMP_DIR: &str = "/data/vendor/ssrdump";
+const RFSD_ERR_LOG_DIR: &str = "/data/vendor/log/rfsd";
+const WAKEUP_EVENTS: &str = "/sys/devices/platform/cpif/wakeup_events";
+const CPIF_LOGBUFFER: &str = "/dev/logbuffer_cpif";
+const PCIE_EVENT_STATS: &str = "/sys/devices/platform/cpif/modem/pcie_event_stats";
+
+fn handle_io_error(file: &str, err: std::io::Error) {
+ match err.kind() {
+ std::io::ErrorKind::NotFound => println!("{file} not found!"),
+ std::io::ErrorKind::PermissionDenied => println!("Permission denied to access {file}"),
+ _ => println!("I/O error accessing {file}: {err}"),
+ }
+}
+
+fn print_file(file: &str) -> Result<(), std::io::Error> {
+ fs::metadata(file)?;
+
+ let data = fs::read_to_string(file)?;
+
+ if data.is_empty() {
+ println!("{file} is empty");
+ } else {
+ print!("{data}");
+ }
+
+ Ok(())
+}
+
+fn print_file_and_handle_error(file: &str) {
+ if let Err(err) = print_file(file) {
+ handle_io_error(file, err);
+ }
+}
+
+fn print_matching_files_in_dir(dir: &str, filename: &str) {
+ let Ok(entries) = fs::read_dir(dir) else {
+ return println!("Cannot open directory {dir}");
+ };
+
+ for entry in entries {
+ let Ok(entry) = entry else {
+ continue;
+ };
+ if entry.path().is_file() && entry.file_name().to_string_lossy().starts_with(filename) {
+ if let Some(path_str) = entry.path().to_str() {
+ println!("{}", path_str);
+ print_file_and_handle_error(path_str);
+ }
+ }
+ }
+}
+
+// Capture modem stat log if it exists
+fn modem_stat() {
+ println!("------ Modem Stat ------");
+ print_file_and_handle_error(MODEM_STAT);
+ println!();
+}
+
+// Capture crash signatures from all modem crashes
+fn modem_ssr_history() {
+ println!("------ Modem SSR history ------");
+ print_matching_files_in_dir(SSRDUMP_DIR, "crashinfo_modem");
+ println!();
+}
+
+// Capture rfsd error logs from all existing log files
+fn rfsd_error_log() {
+ println!("------ RFSD error log ------");
+ print_matching_files_in_dir(RFSD_ERR_LOG_DIR, "rfslog");
+ println!();
+}
+
+// Capture modem wakeup events if the sysfs attribute exists
+fn wakeup_events() {
+ println!("------ Wakeup event counts ------");
+ print_file_and_handle_error(WAKEUP_EVENTS);
+ println!();
+}
+
+// Capture kernel driver logbuffer if it exists
+fn cpif_logbuffer() {
+ println!("------ CPIF Logbuffer ------");
+ print_file_and_handle_error(CPIF_LOGBUFFER);
+ println!();
+}
+
+// Capture modem pcie stats if the sysfs attribute exists
+fn pcie_event_stats() {
+ println!("------ PCIe event stats ------");
+ print_file_and_handle_error(PCIE_EVENT_STATS);
+ println!();
+}
+
+fn main() {
+ modem_stat();
+ modem_ssr_history();
+ rfsd_error_log();
+ wakeup_events();
+ cpif_logbuffer();
+ pcie_event_stats();
+}
diff --git a/modem/dump_modemlog/dump_modem.sh b/modem/dump_modemlog/dump_modem.sh
deleted file mode 100644
index d1a535d..0000000
--- a/modem/dump_modemlog/dump_modem.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/vendor/bin/sh
-
-WAKEUP_EVENTS_FILE=/sys/devices/platform/cpif/wakeup_events
-CPIF_LOGBUFFER=/dev/logbuffer_cpif
-PCIE_EVENT_STATS=/sys/devices/platform/cpif/modem/pcie_event_stats
-
-echo "------ Modem Stat ------"
-cat /data/vendor/modem_stat/debug.txt
-
-echo "\n------ Modem SSR history ------"
-for f in $(ls /data/vendor/ssrdump/crashinfo_modem*); do
- echo $f
- cat $f
-done
-
-echo "\n------ RFSD error log ------"
-for f in $(ls /data/vendor/log/rfsd/rfslog_*); do
- echo $f
- cat $f
-done
-
-if [ -e $WAKEUP_EVENTS_FILE ]
-then
- echo "\n------ Wakeup event counts ------"
- echo $WAKEUP_EVENTS_FILE
- cat $WAKEUP_EVENTS_FILE
-fi
-
-if [ -e $CPIF_LOGBUFFER ]
-then
- echo "\n------ CPIF Logbuffer ------"
- echo $CPIF_LOGBUFFER
- cat $CPIF_LOGBUFFER
-fi
-
-if [ -e $PCIE_EVENT_STATS ]
-then
- echo "\n------ PCIe event stats ------"
- echo $PCIE_EVENT_STATS
- cat $PCIE_EVENT_STATS
-fi
diff --git a/modem/dump_modemlog/dump_modemlog.mk b/modem/dump_modemlog/dump_modemlog.mk
index 5e91ab7..c96e729 100644
--- a/modem/dump_modemlog/dump_modemlog.mk
+++ b/modem/dump_modemlog/dump_modemlog.mk
@@ -1,5 +1,5 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/dump_modemlog/sepolicy
-PRODUCT_PACKAGES += dump_modem.sh
+PRODUCT_PACKAGES += dump_modem
PRODUCT_PACKAGES += dump_modemlog
diff --git a/modem/dump_modemlog/sepolicy/file_contexts b/modem/dump_modemlog/sepolicy/file_contexts
index 29315e9..6d5c082 100644
--- a/modem/dump_modemlog/sepolicy/file_contexts
+++ b/modem/dump_modemlog/sepolicy/file_contexts
@@ -1,3 +1,3 @@
-/vendor/bin/dump/dump_modem\.sh u:object_r:dump_modem_exec:s0
+/vendor/bin/dump/dump_modem u:object_r:dump_modem_exec:s0
/vendor/bin/dump/dump_modemlog u:object_r:dump_modemlog_exec:s0
diff --git a/modem/radio_ext/radio_ext.mk b/modem/radio_ext/radio_ext.mk
index 6750fdd..1df3bcc 100644
--- a/modem/radio_ext/radio_ext.mk
+++ b/modem/radio_ext/radio_ext.mk
@@ -3,3 +3,4 @@
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/radio_ext/compatibility_matrix.xml
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/radio_ext/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
diff --git a/modem/radio_ext/sepolicy/grilservice_app.te b/modem/radio_ext/sepolicy/grilservice_app.te
new file mode 100644
index 0000000..9bd8c8e
--- /dev/null
+++ b/modem/radio_ext/sepolicy/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)
diff --git a/modem/shared_modem_platform/compatibility_matrix.xml b/modem/shared_modem_platform/compatibility_matrix.xml
index 5019c3e..14d987a 100644
--- a/modem/shared_modem_platform/compatibility_matrix.xml
+++ b/modem/shared_modem_platform/compatibility_matrix.xml
@@ -2,7 +2,7 @@
<!-- Optional since older devices will not register any services. -->
<hal format="aidl" optional="true">
<name>com.google.pixel.shared_modem_platform</name>
- <version>1</version>
+ <version>3</version>
<interface>
<name>ISharedModemPlatform</name>
<instance>default</instance>
diff --git a/mte/OWNERS b/mte/OWNERS
index 929e941..57da09d 100644
--- a/mte/OWNERS
+++ b/mte/OWNERS
@@ -1,4 +1,4 @@
eugenis@google.com
pcc@google.com
-mitchp@google.com
fmayer@google.com
+nnk@google.com
diff --git a/nfc/sepolicy_st21nfc/file_contexts b/nfc/sepolicy_st21nfc/file_contexts
new file mode 100644
index 0000000..a06842a
--- /dev/null
+++ b/nfc/sepolicy_st21nfc/file_contexts
@@ -0,0 +1,2 @@
+/dev/st21nfc u:object_r:nfc_device:s0
+/vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0
diff --git a/nfc/sepolicy_st54spi/file.te b/nfc/sepolicy_st54spi/file.te
new file mode 100644
index 0000000..5f9a80d
--- /dev/null
+++ b/nfc/sepolicy_st54spi/file.te
@@ -0,0 +1,3 @@
+# SecureElement SPI device
+type st54spi_device, dev_type;
+
diff --git a/nfc/sepolicy_st54spi/file_contexts b/nfc/sepolicy_st54spi/file_contexts
new file mode 100644
index 0000000..f2762f3
--- /dev/null
+++ b/nfc/sepolicy_st54spi/file_contexts
@@ -0,0 +1,3 @@
+/dev/st54spi u:object_r:st54spi_device:s0
+/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0
+
diff --git a/nfc/sepolicy_st54spi/hal_secure_element_st54spi_aidl.te b/nfc/sepolicy_st54spi/hal_secure_element_st54spi_aidl.te
new file mode 100644
index 0000000..f2051e0
--- /dev/null
+++ b/nfc/sepolicy_st54spi/hal_secure_element_st54spi_aidl.te
@@ -0,0 +1,9 @@
+# sepolicy for ST54L secure element
+type hal_secure_element_st54spi_aidl, domain;
+type hal_secure_element_st54spi_aidl_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_secure_element_st54spi_aidl)
+hal_server_domain(hal_secure_element_st54spi_aidl, hal_secure_element)
+allow hal_secure_element_st54spi_aidl st54spi_device:chr_file rw_file_perms;
+allow hal_secure_element_st54spi_aidl nfc_device:chr_file rw_file_perms;
+set_prop(hal_secure_element_st54spi_aidl, vendor_secure_element_prop)
+
diff --git a/nfc/sepolicy_st54spi/property.te b/nfc/sepolicy_st54spi/property.te
new file mode 100644
index 0000000..1ac5526
--- /dev/null
+++ b/nfc/sepolicy_st54spi/property.te
@@ -0,0 +1,3 @@
+# SecureElement vendor property
+vendor_internal_prop(vendor_secure_element_prop)
+
diff --git a/nfc/sepolicy_st54spi/property_contexts b/nfc/sepolicy_st54spi/property_contexts
new file mode 100644
index 0000000..2067a86
--- /dev/null
+++ b/nfc/sepolicy_st54spi/property_contexts
@@ -0,0 +1,2 @@
+# SecureElement vendor property
+persist.vendor.se. u:object_r:vendor_secure_element_prop:s0
diff --git a/nfc/sepolicy_st54spi/vendor_init.te b/nfc/sepolicy_st54spi/vendor_init.te
new file mode 100644
index 0000000..91e5cdb
--- /dev/null
+++ b/nfc/sepolicy_st54spi/vendor_init.te
@@ -0,0 +1,2 @@
+# SecureElement vendor property
+set_prop(vendor_init, vendor_secure_element_prop)
diff --git a/nfc/st21nfc.mk b/nfc/st21nfc.mk
new file mode 100644
index 0000000..c30ecce
--- /dev/null
+++ b/nfc/st21nfc.mk
@@ -0,0 +1,2 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/nfc/sepolicy_st21nfc
+PRODUCT_PACKAGES += android.hardware.nfc-service.st
diff --git a/nfc/st54spi.mk b/nfc/st54spi.mk
new file mode 100644
index 0000000..046de87
--- /dev/null
+++ b/nfc/st54spi.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/nfc/sepolicy_st54spi
+PRODUCT_PACKAGES += android.hardware.secure_element-service.thales
+
diff --git a/performance/OWNERS b/performance/OWNERS
new file mode 100644
index 0000000..7ee3645
--- /dev/null
+++ b/performance/OWNERS
@@ -0,0 +1,4 @@
+wvw@google.com
+paillon@google.com
+jenhaochen@google.com
+liumartin@google.com
diff --git a/performance/perf.mk b/performance/perf.mk
index dfbdb5b..ad4011a 100644
--- a/performance/perf.mk
+++ b/performance/perf.mk
@@ -1,3 +1,7 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/performance/sepolicy
PRODUCT_PACKAGES += dump_perf
+
+# Ensure enough free space to create zram backing device
+PRODUCT_PRODUCT_PROPERTIES += \
+ ro.zram_backing_device_min_free_mb=1536
diff --git a/performance/sepolicy/file.te b/performance/sepolicy/file.te
index 8e16bbf..e79f9b2 100644
--- a/performance/sepolicy/file.te
+++ b/performance/sepolicy/file.te
@@ -1,2 +1,8 @@
+# proactive kill
type sysfs_pakills, fs_type, sysfs_type;
+
+# bts dump
type vendor_bts_debugfs, fs_type, debugfs_type;
+
+# proc_compaction_proactiveness type
+type proc_compaction_proactiveness, fs_type, proc_type;
diff --git a/performance/sepolicy/genfs_contexts b/performance/sepolicy/genfs_contexts
index 041021c..57e3634 100644
--- a/performance/sepolicy/genfs_contexts
+++ b/performance/sepolicy/genfs_contexts
@@ -1,3 +1,4 @@
genfscon proc /sys/kernel/sched_pelt_multiplier u:object_r:proc_sched:s0
genfscon sysfs /kernel/vendor_mm/pa_kill u:object_r:sysfs_pakills:s0
genfscon debugfs /bts u:object_r:vendor_bts_debugfs:s0
+genfscon proc /sys/vm/compaction_proactiveness u:object_r:proc_compaction_proactiveness:s0
diff --git a/performance/sepolicy/vendor_init.te b/performance/sepolicy/vendor_init.te
index fefecb1..188984f 100644
--- a/performance/sepolicy/vendor_init.te
+++ b/performance/sepolicy/vendor_init.te
@@ -1,3 +1,3 @@
# MM
allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms;
-
+allow vendor_init proc_compaction_proactiveness:file w_file_perms;
diff --git a/sensors/dump_sensors.cpp b/sensors/dump_sensors.cpp
index 58d63e9..4c406ce 100644
--- a/sensors/dump_sensors.cpp
+++ b/sensors/dump_sensors.cpp
@@ -26,7 +26,8 @@
if (!::android::os::dumpstate::PropertiesHelper::IsUserBuild()) {
// Not a user build, if this is also not a production device dump the USF registry.
std::string hwRev = ::android::base::GetProperty("ro.boot.hardware.revision", "");
- if (hwRev.find("PROTO") != std::string::npos ||
+ if (hwRev.find("DEV") != std::string::npos ||
+ hwRev.find("PROTO") != std::string::npos ||
hwRev.find("EVT") != std::string::npos ||
hwRev.find("DVT") != std::string::npos ||
hwRev.find("PVT") != std::string::npos) {
diff --git a/sepolicy/Android.bp b/sepolicy/Android.bp
new file mode 100644
index 0000000..160e494
--- /dev/null
+++ b/sepolicy/Android.bp
@@ -0,0 +1,5 @@
+se_flags {
+ name: "usb_udc_sysfs_selinux_flags",
+ flags: ["RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED"],
+ export_to: ["all_selinux_flags"],
+}
diff --git a/storage/dump_storage.cpp b/storage/dump_storage.cpp
index e6b3e4c..272b1ee 100644
--- a/storage/dump_storage.cpp
+++ b/storage/dump_storage.cpp
@@ -221,14 +221,23 @@
read_buffer(18, 131072, "kioxia_12_ufs_err_history.dat");
break;
case 0x1AD: //SKhynix
- read_buffer(0, 4096, "hynix_00_ufs_err_history.dat");
- read_buffer(16, 131072, "skhynix_10_ufs_err_history.dat");
- read_buffer(17, 131072, "skhynix_11_ufs_err_history.dat");
- read_buffer(18, 131072, "skhynix_12_ufs_err_history.dat");
- read_buffer(19, 131072, "skhynix_13_ufs_err_history.dat");
+ if (!strcmp(ufs_ver.c_str(), "0x0310")) {
+ read_buffer(0, 4096, "skhynix_00_ufs_err_history.dat");
+ read_buffer(16, 131072, "skhynix_10_ufs_err_history.dat");
+ read_buffer(17, 131072, "skhynix_11_ufs_err_history.dat");
+ read_buffer(18, 131072, "skhynix_12_ufs_err_history.dat");
+ read_buffer(19, 131072, "skhynix_13_ufs_err_history.dat");
+ } else {
+ read_buffer(0, 4096, "skhynix_00_ufs_err_history.dat");
+ read_buffer(16, 8388608, "skhynix_10_ufs_err_history.dat");
+ read_buffer(17, 8388608, "skhynix_11_ufs_err_history.dat");
+ }
break;
case 0x1CE: //SAMSUNG
- read_buffer(16, 8404992, "samsung_10_ufs_err_history.dat");
+ if (!strcmp(ufs_ver.c_str(), "0x0310"))
+ read_buffer(16, 8404992, "samsung_10_ufs_err_history.dat");
+ else
+ read_buffer(16, 12599296, "samsung_10_ufs_err_history.dat");
break;
default:
break;
diff --git a/storage/init.storage.rc b/storage/init.storage.rc
index 9e4acd4..77057cd 100644
--- a/storage/init.storage.rc
+++ b/storage/init.storage.rc
@@ -1,11 +1,3 @@
-on init
- # Make foreground and background I/O priority different. none-to-rt was
- # introduced in kernel 5.14. promote-to-rt was introduced in kernel 6.5.
- # Write none-to-rt first and promote-to-rt next to support both older and
- # newer kernel versions.
- write /dev/blkio/blkio.prio.class none-to-rt
- write /dev/blkio/blkio.prio.class promote-to-rt
-
on property:ro.build.type=userdebug
write /dev/sys/block/bootdevice/pixel/enable_pixel_ufs_logging 1
chown system /dev/sg3
@@ -44,6 +36,13 @@
write /dev/sys/block/bootdevice/clkgate_enable 0
on property:sys.boot_completed=1
+ # Make foreground and background I/O priority different. none-to-rt was
+ # introduced in kernel 5.14. promote-to-rt was introduced in kernel 6.5.
+ # Write none-to-rt first and promote-to-rt next to support both older and
+ # newer kernel versions.
+ write /dev/blkio/blkio.prio.class none-to-rt
+ write /dev/blkio/blkio.prio.class promote-to-rt
+
# Health Storage HAL
chown system system /dev/sys/block/bootdevice/manual_gc
diff --git a/storage/sepolicy/charger_vendor.te b/storage/sepolicy/charger_vendor.te
new file mode 100644
index 0000000..62a7661
--- /dev/null
+++ b/storage/sepolicy/charger_vendor.te
@@ -0,0 +1,3 @@
+# fork from dcb05d13
+allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms;
+
diff --git a/storage/sepolicy/device.te b/storage/sepolicy/device.te
index e0968f9..1252ee0 100644
--- a/storage/sepolicy/device.te
+++ b/storage/sepolicy/device.te
@@ -1,2 +1,11 @@
# Userdata Exp block device.
type userdata_exp_block_device, dev_type;
+
+# Block Devices
+type persist_block_device, dev_type;
+type efs_block_device, dev_type;
+type modem_userdata_block_device, dev_type;
+
+# Storage firmware upgrade
+type ufs_internal_block_device, dev_type;
+
diff --git a/storage/sepolicy/dump_storage.te b/storage/sepolicy/dump_storage.te
index 5324c17..7a5f563 100644
--- a/storage/sepolicy/dump_storage.te
+++ b/storage/sepolicy/dump_storage.te
@@ -1,8 +1,11 @@
+# adb bugreport
pixel_bugreport(dump_storage)
+# adb bugreport
allow dump_storage sysfs_scsi_devices_0000:dir r_dir_perms;
allow dump_storage sysfs_scsi_devices_0000:file r_file_perms;
+# adb bugreport
userdebug_or_eng(`
allow dump_storage debugfs_f2fs:dir r_dir_perms;
allow dump_storage debugfs_f2fs:file r_file_perms;
@@ -17,7 +20,10 @@
allow dump_storage dump_storage_data_file:file create_file_perms;
')
+# adb bugreport
get_prop(dump_storage, boottime_public_prop)
+# adb bugreport
dontaudit dump_storage debugfs_f2fs:dir r_dir_perms;
dontaudit dump_storage debugfs_f2fs:file r_file_perms;
+
diff --git a/storage/sepolicy/dumpstate.te b/storage/sepolicy/dumpstate.te
index 2c01193..2220870 100644
--- a/storage/sepolicy/dumpstate.te
+++ b/storage/sepolicy/dumpstate.te
@@ -1 +1,7 @@
-allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
\ No newline at end of file
+# adb bugreport
+allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
+allow dumpstate persist_file:dir { getattr };
+allow dumpstate modem_efs_file:dir { getattr };
+allow dumpstate modem_userdata_file:dir { getattr };
+allow dumpstate vold:binder { call };
+
diff --git a/storage/sepolicy/e2fs.te b/storage/sepolicy/e2fs.te
index c280cb7..92ff839 100644
--- a/storage/sepolicy/e2fs.te
+++ b/storage/sepolicy/e2fs.te
@@ -1 +1,10 @@
+# fix mkfs
allow e2fs userdata_exp_block_device:blk_file rw_file_perms;
+allow e2fs efs_block_device:blk_file rw_file_perms;
+allow e2fs modem_userdata_block_device:blk_file rw_file_perms;
+allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl {
+ BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
+allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
+allow e2fs sysfs_scsi_devices_0000:file r_file_perms;
+
diff --git a/storage/sepolicy/fastbootd.te b/storage/sepolicy/fastbootd.te
index 35bac15..e571d0b 100644
--- a/storage/sepolicy/fastbootd.te
+++ b/storage/sepolicy/fastbootd.te
@@ -1 +1,3 @@
+# fastbootd
allow fastbootd devpts:chr_file rw_file_perms;
+
diff --git a/storage/sepolicy/file.te b/storage/sepolicy/file.te
index ed4f925..0fa9564 100644
--- a/storage/sepolicy/file.te
+++ b/storage/sepolicy/file.te
@@ -1,4 +1,6 @@
+# file.te
type debugfs_f2fs, debugfs_type, fs_type;
type dump_storage_data_file, file_type, data_file_type;
type sg_device, dev_type;
type sg_util_exec, exec_type, vendor_file_type, file_type;
+
diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts
index ff863db..1ef5a67 100644
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@@ -1,6 +1,9 @@
+# storage
/vendor/bin/dump/dump_storage u:object_r:dump_storage_exec:s0
-/sys/devices/platform/[0-9]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0
+/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0
/dev/sg[0-9] u:object_r:sg_device:s0
/data/vendor/storage(/.*)? u:object_r:dump_storage_data_file:s0
/vendor/bin/sg_read_buffer u:object_r:sg_util_exec:s0
/dev/block/by-name/userdata_exp.* u:object_r:userdata_exp_block_device:s0
+/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
+
diff --git a/storage/sepolicy/fsck.te b/storage/sepolicy/fsck.te
index 2043199..6502995 100644
--- a/storage/sepolicy/fsck.te
+++ b/storage/sepolicy/fsck.te
@@ -1 +1,8 @@
+# fix fsck
allow fsck userdata_exp_block_device:blk_file rw_file_perms;
+allow fsck efs_block_device:blk_file rw_file_perms;
+allow fsck modem_userdata_block_device:blk_file rw_file_perms;
+allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
+allow fsck sysfs_scsi_devices_0000:file r_file_perms;
+allow fsck persist_block_device:blk_file rw_file_perms;
+
diff --git a/storage/sepolicy/genfs_contexts b/storage/sepolicy/genfs_contexts
index 1a27ec4..69baae6 100644
--- a/storage/sepolicy/genfs_contexts
+++ b/storage/sepolicy/genfs_contexts
@@ -1 +1,3 @@
+# f2fs
genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0
+
diff --git a/storage/sepolicy/hal_health_default.te b/storage/sepolicy/hal_health_default.te
new file mode 100644
index 0000000..49bf50c
--- /dev/null
+++ b/storage/sepolicy/hal_health_default.te
@@ -0,0 +1,3 @@
+# dumpsys android.hardware.power.stats.IPowerStats/default
+r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
+
diff --git a/storage/sepolicy/hal_health_storage_default.te b/storage/sepolicy/hal_health_storage_default.te
index af6593a..20a3b7d 100644
--- a/storage/sepolicy/hal_health_storage_default.te
+++ b/storage/sepolicy/hal_health_storage_default.te
@@ -1,3 +1,4 @@
# Access to /sys/devices/platform/*ufs/*
allow hal_health_storage_default sysfs_scsi_devices_0000:dir r_dir_perms;
allow hal_health_storage_default sysfs_scsi_devices_0000:file rw_file_perms;
+
diff --git a/storage/sepolicy/hal_power_stats_default.te b/storage/sepolicy/hal_power_stats_default.te
new file mode 100644
index 0000000..edd286c
--- /dev/null
+++ b/storage/sepolicy/hal_power_stats_default.te
@@ -0,0 +1,3 @@
+# dumpsys android.hardware.power.stats.IPowerStats/default
+r_dir_file(hal_power_stats_default, sysfs_scsi_devices_0000)
+
diff --git a/storage/sepolicy/init.te b/storage/sepolicy/init.te
index 7070318..dc24247 100644
--- a/storage/sepolicy/init.te
+++ b/storage/sepolicy/init.te
@@ -1 +1,3 @@
+# init
allow init sysfs_scsi_devices_0000:file w_file_perms;
+
diff --git a/storage/sepolicy/recovery.te b/storage/sepolicy/recovery.te
new file mode 100644
index 0000000..8f5556c
--- /dev/null
+++ b/storage/sepolicy/recovery.te
@@ -0,0 +1,7 @@
+# factory data reset
+recovery_only(`
+ allow recovery sysfs_ota:file rw_file_perms;
+ allow recovery sysfs_scsi_devices_0000:file r_file_perms;
+ allow recovery sysfs_scsi_devices_0000:dir r_dir_perms;
+')
+
diff --git a/storage/sepolicy/ufs_firmware_update.te b/storage/sepolicy/ufs_firmware_update.te
new file mode 100644
index 0000000..2313121
--- /dev/null
+++ b/storage/sepolicy/ufs_firmware_update.te
@@ -0,0 +1,11 @@
+# support ufs ffu via ota
+init_daemon_domain(ufs_firmware_update)
+type ufs_firmware_update, domain;
+type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
+
+# support ufs ffu via ota
+allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
+allow ufs_firmware_update block_device:dir { search };
+allow ufs_firmware_update ufs_internal_block_device:blk_file rw_file_perms;
+allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
+
diff --git a/storage/sepolicy/vendor_init.te b/storage/sepolicy/vendor_init.te
index da4fcba..73eb527 100644
--- a/storage/sepolicy/vendor_init.te
+++ b/storage/sepolicy/vendor_init.te
@@ -1 +1,6 @@
+# vendor_init
allow vendor_init sg_device:chr_file r_file_perms;
+
+# dirty swappiness
+allow vendor_init proc_dirty:file w_file_perms;
+
diff --git a/storage/sepolicy/vold.te b/storage/sepolicy/vold.te
index 3d35589..b776c80 100644
--- a/storage/sepolicy/vold.te
+++ b/storage/sepolicy/vold.te
@@ -1,8 +1,17 @@
+# ufs hagc
allow vold sysfs_scsi_devices_0000:file rw_file_perms;
# Access userdata_exp block device.
allow vold userdata_exp_block_device:blk_file rw_file_perms;
allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
+# adb bugreport
dontaudit vold dumpstate:fifo_file rw_file_perms;
dontaudit vold dumpstate:fd use ;
+
+# fix idle-maint
+allow vold efs_block_device:blk_file { getattr };
+allow vold modem_userdata_block_device:blk_file { getattr };
+allow vold modem_efs_file:dir { read open ioctl };
+allow vold modem_userdata_file:dir { read open ioctl };
+
diff --git a/touch/focaltech/Android.bp b/touch/focaltech/Android.bp
index ebaa308..0b53132 100644
--- a/touch/focaltech/Android.bp
+++ b/touch/focaltech/Android.bp
@@ -9,3 +9,11 @@
vendor: true,
sub_dir: "dump",
}
+
+sh_binary {
+ name: "predump_focaltech.sh",
+ src: "dump_focaltech.sh",
+ init_rc: ["init.touch.rc"],
+ vendor: true,
+ sub_dir: "dump_touch",
+}
diff --git a/touch/focaltech/predump_focaltech.mk b/touch/focaltech/predump_focaltech.mk
new file mode 100644
index 0000000..aff76bc
--- /dev/null
+++ b/touch/focaltech/predump_focaltech.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/focaltech/predump_sepolicy
+
+PRODUCT_PACKAGES += predump_focaltech.sh
diff --git a/touch/focaltech/predump_sepolicy/file.te b/touch/focaltech/predump_sepolicy/file.te
new file mode 100644
index 0000000..696f244
--- /dev/null
+++ b/touch/focaltech/predump_sepolicy/file.te
@@ -0,0 +1,2 @@
+# touch predump script
+type proc_touch, proc_type, fs_type;
diff --git a/touch/focaltech/predump_sepolicy/file_contexts b/touch/focaltech/predump_sepolicy/file_contexts
new file mode 100644
index 0000000..517895b
--- /dev/null
+++ b/touch/focaltech/predump_sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/dump/predump_focaltech\.sh u:object_r:predump_touch_exec:s0
+
diff --git a/touch/focaltech/predump_sepolicy/genfs_contexts b/touch/focaltech/predump_sepolicy/genfs_contexts
new file mode 100644
index 0000000..2ac9314
--- /dev/null
+++ b/touch/focaltech/predump_sepolicy/genfs_contexts
@@ -0,0 +1,3 @@
+genfscon proc /focaltech_touch u:object_r:proc_touch:s0
+
+
diff --git a/touch/focaltech/predump_sepolicy/predump_touch.te b/touch/focaltech/predump_sepolicy/predump_touch.te
new file mode 100644
index 0000000..c34ba49
--- /dev/null
+++ b/touch/focaltech/predump_sepolicy/predump_touch.te
@@ -0,0 +1,3 @@
+# touch predump script
+allow predump_touch proc_touch:dir search;
+allow predump_touch proc_touch:file rw_file_perms;
diff --git a/touch/gti/dump_gti0.sh b/touch/gti/dump_gti0.sh
index a3af3d7..facb531 100644
--- a/touch/gti/dump_gti0.sh
+++ b/touch/gti/dump_gti0.sh
@@ -8,6 +8,11 @@
heatmap_path=$path
fi
+if [[ -f "${procfs_path}/dump" ]]; then
+ echo "------ Dump ------"
+ cat ${procfs_path}/dump
+fi
+
echo "------ Force Touch Active ------"
result=$( cat "$path/force_active" 2>&1 )
if [ $? -eq 0 ]; then
@@ -60,10 +65,5 @@
echo "------ Self Test ------"
cat $path/self_test
-if [[ -f "${procfs_path}/dump" ]]; then
- echo "------ Dump ------"
- cat ${procfs_path}/dump
-fi
-
echo "------ Disable Force Touch Active ------"
echo 0 > $path/force_active
diff --git a/touch/gti/dump_gti1.sh b/touch/gti/dump_gti1.sh
index 297ad44..eabd6d6 100644
--- a/touch/gti/dump_gti1.sh
+++ b/touch/gti/dump_gti1.sh
@@ -8,6 +8,11 @@
heatmap_path=$path
fi
+if [[ -f "${procfs_path}/dump" ]]; then
+ echo "------ Dump ------"
+ cat ${procfs_path}/dump
+fi
+
echo "------ Force Touch Active ------"
result=$( cat "$path/force_active" 2>&1 )
if [ $? -eq 0 ]; then
@@ -60,10 +65,5 @@
echo "------ Self Test ------"
cat $path/self_test
-if [[ -f "${procfs_path}/dump" ]]; then
- echo "------ Dump ------"
- cat ${procfs_path}/dump
-fi
-
echo "------ Disable Force Touch Active ------"
echo 0 > $path/force_active
diff --git a/touch/gti/ical/sepolicy/property.te b/touch/gti/ical/sepolicy/property.te
index 2a71d74..94fa3fc 100644
--- a/touch/gti/ical/sepolicy/property.te
+++ b/touch/gti/ical/sepolicy/property.te
@@ -1 +1,2 @@
system_public_prop(vendor_gti_prop)
+typeattribute vendor_gti_prop touch_property_type;
diff --git a/touch/gti/sepolicy/hal_sensors_default.te b/touch/gti/sepolicy/hal_sensors_default.te
new file mode 100644
index 0000000..37b93fd
--- /dev/null
+++ b/touch/gti/sepolicy/hal_sensors_default.te
@@ -0,0 +1,2 @@
+# Support SW_LID event from SensorHAL to configure touch input and gesture
+set_prop(hal_sensors_default, vendor_gti_prop)
diff --git a/touch/stm/Android.bp b/touch/stm/Android.bp
index 1727f07..0d64fd6 100644
--- a/touch/stm/Android.bp
+++ b/touch/stm/Android.bp
@@ -8,3 +8,10 @@
vendor: true,
sub_dir: "dump",
}
+
+sh_binary {
+ name: "predump_stm.sh",
+ src: "dump_stm.sh",
+ vendor: true,
+ sub_dir: "dump_touch",
+}
diff --git a/touch/stm/predump_sepolicy/file.te b/touch/stm/predump_sepolicy/file.te
new file mode 100644
index 0000000..7f298c3
--- /dev/null
+++ b/touch/stm/predump_sepolicy/file.te
@@ -0,0 +1,3 @@
+# touch predump script
+type proc_touch, proc_type, fs_type;
+type sysfs_touch, sysfs_type, fs_type;
diff --git a/touch/stm/predump_sepolicy/file_contexts b/touch/stm/predump_sepolicy/file_contexts
new file mode 100644
index 0000000..2667543
--- /dev/null
+++ b/touch/stm/predump_sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/dump_touch/predump_stm\.sh u:object_r:predump_touch_exec:s0
+
diff --git a/touch/stm/predump_sepolicy/genfs_contexts b/touch/stm/predump_sepolicy/genfs_contexts
new file mode 100644
index 0000000..2ed8978
--- /dev/null
+++ b/touch/stm/predump_sepolicy/genfs_contexts
@@ -0,0 +1,7 @@
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0 u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0 u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0
+
+genfscon proc /fts/driver_test u:object_r:proc_touch:s0
+genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0
+
diff --git a/touch/stm/predump_sepolicy/predump_touch.te b/touch/stm/predump_sepolicy/predump_touch.te
new file mode 100644
index 0000000..f0f458c
--- /dev/null
+++ b/touch/stm/predump_sepolicy/predump_touch.te
@@ -0,0 +1,6 @@
+# touch predump script
+allow predump_touch proc_touch:file rw_file_perms;
+allow predump_touch sysfs_touch:dir search;
+allow predump_touch sysfs_touch:file rw_file_perms;
+
+get_prop(predump_touch vendor_touch_dump_path_prop)
diff --git a/touch/stm/predump_sepolicy/property.te b/touch/stm/predump_sepolicy/property.te
new file mode 100644
index 0000000..612c855
--- /dev/null
+++ b/touch/stm/predump_sepolicy/property.te
@@ -0,0 +1,2 @@
+# touch predump script
+vendor_internal_prop(vendor_touch_dump_path_prop)
diff --git a/touch/stm/predump_sepolicy/property_contexts b/touch/stm/predump_sepolicy/property_contexts
new file mode 100644
index 0000000..db9fd5a
--- /dev/null
+++ b/touch/stm/predump_sepolicy/property_contexts
@@ -0,0 +1,2 @@
+ro.vendor.touch.dump. u:object_r:vendor_touch_dump_path_prop:s0
+
diff --git a/touch/stm/predump_sepolicy/vendor_init.te b/touch/stm/predump_sepolicy/vendor_init.te
new file mode 100644
index 0000000..9017c5b
--- /dev/null
+++ b/touch/stm/predump_sepolicy/vendor_init.te
@@ -0,0 +1,2 @@
+# touch predump script
+set_prop(vendor_init, vendor_touch_dump_path_prop)
diff --git a/touch/stm/predump_stm20.mk b/touch/stm/predump_stm20.mk
new file mode 100644
index 0000000..cdf3e35
--- /dev/null
+++ b/touch/stm/predump_stm20.mk
@@ -0,0 +1,6 @@
+PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.sys=/sys/class/spi_master/spi20/spi20.0
+PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.proc=/proc/fts/driver_test
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/stm/predump_sepolicy
+
+PRODUCT_PACKAGES += predump_stm.sh
diff --git a/touch/stm/predump_stm6.mk b/touch/stm/predump_stm6.mk
new file mode 100644
index 0000000..2cbde2c
--- /dev/null
+++ b/touch/stm/predump_stm6.mk
@@ -0,0 +1,6 @@
+PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.sys=/sys/class/spi_master/spi6/spi6.0
+PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.proc=/proc/fts_ext/driver_test
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/stm/predump_sepolicy
+
+PRODUCT_PACKAGES += predump_stm.sh
diff --git a/vibrator/flags/Android.bp b/vibrator/flags/Android.bp
new file mode 100644
index 0000000..0b36aee
--- /dev/null
+++ b/vibrator/flags/Android.bp
@@ -0,0 +1,43 @@
+//
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+aconfig_declarations {
+ name: "VibratorFlagsL26",
+ package: "vendor.vibrator.hal.flags",
+ container: "vendor",
+ exportable: true,
+ srcs: ["VibratorFlags.aconfig"],
+}
+
+cc_aconfig_library {
+ name: "PixelVibratorFlagsL26",
+ aconfig_declarations: "VibratorFlagsL26",
+ vendor_available: true,
+ visibility: [
+ "//vendor:__subpackages__",
+ "//device/google/felix:__subpackages__",
+ ],
+}
+
+java_aconfig_library {
+ name: "PixelVibratorFlagsL26_java",
+ aconfig_declarations: "VibratorFlagsL26",
+ mode: "exported",
+ visibility: ["//vendor:__subpackages__"],
+}
diff --git a/vibrator/flags/VibratorFlags.aconfig b/vibrator/flags/VibratorFlags.aconfig
new file mode 100644
index 0000000..3e0a6fd
--- /dev/null
+++ b/vibrator/flags/VibratorFlags.aconfig
@@ -0,0 +1,18 @@
+package: "vendor.vibrator.hal.flags"
+container: "vendor"
+
+flag {
+ name: "remove_capo"
+ namespace: "vibrator"
+ is_exported: true
+ description: "This flag controls the removal of utilizing Capo at the HAL level"
+ bug: "290223630"
+}
+
+flag {
+ name: "enable_pwle_v2"
+ namespace: "vibrator"
+ is_exported: true
+ description: "This flag enables the PWLE V2 APIs guarded by the CAP_COMPOSE_PWLE_EFFECTS_V2 compatability"
+ bug: "346570576"
+}
\ No newline at end of file
diff --git a/widevine/sepolicy/file.te b/widevine/sepolicy/file.te
new file mode 100644
index 0000000..a1e4e0e
--- /dev/null
+++ b/widevine/sepolicy/file.te
@@ -0,0 +1,3 @@
+# Widevine DRM
+type mediadrm_vendor_data_file, file_type, data_file_type;
+
diff --git a/widevine/sepolicy/file_contexts b/widevine/sepolicy/file_contexts
new file mode 100644
index 0000000..92aed3c
--- /dev/null
+++ b/widevine/sepolicy/file_contexts
@@ -0,0 +1,5 @@
+/vendor/bin/hw/android\.hardware\.drm-service\.widevine u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+
+# Data
+/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
diff --git a/widevine/sepolicy/hal_drm_clearkey.te b/widevine/sepolicy/hal_drm_clearkey.te
new file mode 100644
index 0000000..fff4f0d
--- /dev/null
+++ b/widevine/sepolicy/hal_drm_clearkey.te
@@ -0,0 +1,6 @@
+# sepolicy for DRM clearkey
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_drm_clearkey)
+
+hal_server_domain(hal_drm_clearkey, hal_drm)
diff --git a/widevine/sepolicy/hal_drm_widevine.te b/widevine/sepolicy/hal_drm_widevine.te
new file mode 100644
index 0000000..9b4792e
--- /dev/null
+++ b/widevine/sepolicy/hal_drm_widevine.te
@@ -0,0 +1,13 @@
+# sepolicy for DRM widevine
+type hal_drm_widevine, domain;
+type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_drm_widevine)
+
+hal_server_domain(hal_drm_widevine, hal_drm)
+
+# L3
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+
+#L1
+#TODO(snehalreddy@) : Add L1 permissions
diff --git a/widevine/sepolicy/service_contexts b/widevine/sepolicy/service_contexts
new file mode 100644
index 0000000..6989dde
--- /dev/null
+++ b/widevine/sepolicy/service_contexts
@@ -0,0 +1 @@
+android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0
diff --git a/widevine/widevine_v2.mk b/widevine/widevine_v2.mk
new file mode 100644
index 0000000..5cd914b
--- /dev/null
+++ b/widevine/widevine_v2.mk
@@ -0,0 +1,2 @@
+include device/google/gs-common/widevine/widevine.mk
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/widevine/sepolicy/
\ No newline at end of file
diff --git a/wireless_charger/compatibility_matrix.xml b/wireless_charger/compatibility_matrix.xml
index b760b1d..5185344 100644
--- a/wireless_charger/compatibility_matrix.xml
+++ b/wireless_charger/compatibility_matrix.xml
@@ -9,7 +9,7 @@
</hal>
<hal format="aidl" optional="true">
<name>vendor.google.wireless_charger.service</name>
- <version>1</version>
+ <version>1-2</version>
<interface>
<name>IWlcService</name>
<instance>default</instance>
diff --git a/wireless_charger/sepolicy/hal_wlcservice.te b/wireless_charger/sepolicy/hal_wlcservice.te
index eadb593..6eba2ef 100644
--- a/wireless_charger/sepolicy/hal_wlcservice.te
+++ b/wireless_charger/sepolicy/hal_wlcservice.te
@@ -8,6 +8,8 @@
allow hal_wlcservice hal_wireless_charger_service:service_manager find;
allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms };
+get_prop(hal_wlcservice, vendor_wlcservice_test_prop)
+
binder_call(hal_wlcservice, servicemanager)
add_service(hal_wlcservice, hal_wlcservice_service)
diff --git a/wireless_charger/sepolicy/property.te b/wireless_charger/sepolicy/property.te
new file mode 100644
index 0000000..b8ddbdf
--- /dev/null
+++ b/wireless_charger/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_wlcservice_test_prop)
diff --git a/wireless_charger/sepolicy/property_contexts b/wireless_charger/sepolicy/property_contexts
new file mode 100644
index 0000000..8cf8f70
--- /dev/null
+++ b/wireless_charger/sepolicy/property_contexts
@@ -0,0 +1 @@
+vendor.wlcservice.test.authentication u:object_r:vendor_wlcservice_test_prop:s0 exact bool