Merge "Add SePolicy allowances for ICameraIdRemapper" into udc-qpr-dev am: 8be8295748 am: d6d12b773d
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/24344518
Change-Id: I6e34580adf1e6d60f1dd5359060e12cc2af5da05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/OWNERS b/OWNERS
index b807c00..2f454e4 100644
--- a/OWNERS
+++ b/OWNERS
@@ -4,7 +4,6 @@
wilsonsung@google.com
lucaswei@google.com
cyanhsieh@google.com
-rogerliao@google.com
cyuanjen@google.com
robinpeng@google.com
achant@google.com
@@ -13,4 +12,8 @@
bkhalife@google.com
lokeshgoel@google.com
jainne@google.com
-pscovanner@google.com
\ No newline at end of file
+pscovanner@google.com
+
+per-file *.te,*_contexts,te_macros,global_macros=set noparent
+per-file *.te,*_contexts,te_macros,global_macros=file:/sepolicy/OWNERS
+
diff --git a/dauntless/sepolicy/citadeld.te b/dauntless/sepolicy/citadeld.te
index 86cb61c..60c633c 100644
--- a/dauntless/sepolicy/citadeld.te
+++ b/dauntless/sepolicy/citadeld.te
@@ -11,3 +11,5 @@
allow citadeld citadel_device:chr_file rw_file_perms;
allow citadeld fwk_stats_service:service_manager find;
allow citadeld hal_power_stats_vendor_service:service_manager find;
+
+set_prop(citadeld, vendor_nos_citadel_version);
diff --git a/dauntless/sepolicy/property.te b/dauntless/sepolicy/property.te
new file mode 100644
index 0000000..2e1c4ec
--- /dev/null
+++ b/dauntless/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_nos_citadel_version)
diff --git a/dauntless/sepolicy/property_contexts b/dauntless/sepolicy/property_contexts
new file mode 100644
index 0000000..835de17
--- /dev/null
+++ b/dauntless/sepolicy/property_contexts
@@ -0,0 +1 @@
+vendor.nos.citadel.version u:object_r:vendor_nos_citadel_version:s0
diff --git a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
index 7d50bfc..f867528 100644
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@@ -7,7 +7,7 @@
# The TPU HAL looks for TPU instance in /dev/abrolhos
allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms;
-# Allow DawriNN service to use a client-provided fd residing in /vendor/etc/.
+# Allow DarwiNN service to use a client-provided fd residing in /vendor/etc/.
allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms;
# Allow DarwiNN service to access data files.
diff --git a/gear/dumpstate/Dumpstate.cpp b/gear/dumpstate/Dumpstate.cpp
index 9fe7c1a..31df2c7 100644
--- a/gear/dumpstate/Dumpstate.cpp
+++ b/gear/dumpstate/Dumpstate.cpp
@@ -74,21 +74,21 @@
void Dumpstate::dumpTextSection(int fd, const std::string §ionName) {
bool dumpAll = (sectionName == kAllSections);
std::string dumpFiles;
-
- // Execute all or designated programs under vendor/bin/dump/
- std::unique_ptr<DIR, decltype(&closedir)> dir(opendir("/vendor/bin/dump"), closedir);
- if (!dir) {
- ALOGE("Fail To Open Dir vendor/bin/dump/");
- ::android::base::WriteStringToFd("Fail To Open Dir vendor/bin/dump/\n", fd);
+ struct dirent **dirent_list = NULL;
+ int num_entries = scandir("/vendor/bin/dump", &dirent_list, 0, (int (*)(const struct dirent **, const struct dirent **)) alphasort);
+ if (!dirent_list) {
+ ALOGE("Unable to scan dir: /vendor/bin/dump\n");
+ return;
+ } else if (num_entries <= 0) {
+ ALOGE("No file is found.\n");
return;
}
- dirent *entry;
- while ((entry = readdir(dir.get())) != nullptr) {
- // Skip '.', '..'
- if (entry->d_name[0] == '.') {
+ // Execute all or designated programs under vendor/bin/dump/
+ for (int i = 0; i < num_entries; i++) {
+ if (dirent_list[i]->d_name[0] == '.') {
continue;
}
- std::string bin(entry->d_name);
+ std::string bin(dirent_list[i]->d_name);
dumpFiles = dumpFiles + " " + bin;
if (dumpAll || sectionName == bin) {
auto startTime = startSection(fd, bin);
@@ -111,6 +111,10 @@
::android::base::WriteStringToFd(dumpFiles, fd);
::android::base::WriteStringToFd("\nNote: sections with attachments (e.g. dump_soc) are"
"not available from the command line.\n", fd);
+ while (num_entries--) {
+ free(dirent_list[num_entries]);
+ }
+ free(dirent_list);
}
void Dumpstate::dumpLogSection(int fd, int fd_bin)
diff --git a/gpu/gpu.mk b/gpu/gpu.mk
new file mode 100644
index 0000000..d1c3a6d
--- /dev/null
+++ b/gpu/gpu.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gpu/sepolicy
+
+PRODUCT_PACKAGES += gpu_probe
diff --git a/gpu/sepolicy/file_contexts b/gpu/sepolicy/file_contexts
new file mode 100644
index 0000000..764cb67
--- /dev/null
+++ b/gpu/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/gpu_probe u:object_r:gpu_probe_exec:s0
+
diff --git a/gpu/sepolicy/gpu_probe.te b/gpu/sepolicy/gpu_probe.te
new file mode 100644
index 0000000..d8ffb78
--- /dev/null
+++ b/gpu/sepolicy/gpu_probe.te
@@ -0,0 +1,8 @@
+# gpu_probe
+type gpu_probe_exec, exec_type, vendor_file_type, file_type;
+type gpu_probe, domain;
+
+init_daemon_domain(gpu_probe)
+allow gpu_probe gpu_device:chr_file rw_file_perms;
+
+perfetto_producer(gpu_probe)
diff --git a/gxp/dump.mk b/gxp/dump.mk
deleted file mode 100644
index c1f6300..0000000
--- a/gxp/dump.mk
+++ /dev/null
@@ -1,4 +0,0 @@
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gxp/sepolicy/
-
-PRODUCT_PACKAGES_DEBUG += dump_gxp
-
diff --git a/gxp/gxp.mk b/gxp/gxp.mk
new file mode 100644
index 0000000..45b0f08
--- /dev/null
+++ b/gxp/gxp.mk
@@ -0,0 +1,13 @@
+# GXP logging service
+PRODUCT_PACKAGES += \
+ android.hardware.gxp.logging@service-gxp-logging
+# GXP metrics logger library
+PRODUCT_PACKAGES += \
+ gxp_metrics_logger
+# GXP C-API library
+PRODUCT_PACKAGES += libgxp
+# GXP Debug dump.
+PRODUCT_PACKAGES_DEBUG += dump_gxp
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gxp/sepolicy
+
diff --git a/gxp/sepolicy/device.te b/gxp/sepolicy/device.te
new file mode 100644
index 0000000..382bc9d
--- /dev/null
+++ b/gxp/sepolicy/device.te
@@ -0,0 +1,2 @@
+# GXP device
+type gxp_device, dev_type, mlstrustedobject;
diff --git a/gxp/sepolicy/dump_gxp.te b/gxp/sepolicy/dump_gxp.te
index 61a0482..8d285c5 100644
--- a/gxp/sepolicy/dump_gxp.te
+++ b/gxp/sepolicy/dump_gxp.te
@@ -7,5 +7,7 @@
allow dump_gxp sscoredump_vendor_data_coredump_file:file r_file_perms;
allow dump_gxp sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
allow dump_gxp sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+ # Allow dump_gxp to access gxp properties.
+ get_prop(google_camera_app, vendor_gxp_prop)
')
diff --git a/gxp/sepolicy/file.te b/gxp/sepolicy/file.te
new file mode 100644
index 0000000..278cdd9
--- /dev/null
+++ b/gxp/sepolicy/file.te
@@ -0,0 +1,2 @@
+# Gxp sysfs file
+type sysfs_gxp, sysfs_type, fs_type;
diff --git a/gxp/sepolicy/file_contexts b/gxp/sepolicy/file_contexts
index 80420f4..08bef12 100644
--- a/gxp/sepolicy/file_contexts
+++ b/gxp/sepolicy/file_contexts
@@ -1,2 +1,12 @@
-/vendor/bin/dump/dump_gxp u:object_r:dump_gxp_exec:s0
+# GXP Vendor library
+/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0
+
+# GXP logging service
+/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
+
+# GXP Metrics Collection Library
+/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0
+
+# Allow collection of debug dump.
+/vendor/bin/dump/dump_gxp u:object_r:dump_gxp_exec:s0
diff --git a/gxp/sepolicy/gxp_logging.te b/gxp/sepolicy/gxp_logging.te
new file mode 100644
index 0000000..fd1af7f
--- /dev/null
+++ b/gxp/sepolicy/gxp_logging.te
@@ -0,0 +1,21 @@
+type gxp_logging, domain;
+type gxp_logging_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gxp_logging)
+
+# The logging service accesses /dev/gxp
+allow gxp_logging gxp_device:chr_file rw_file_perms;
+
+# Allow logging service to access /sys/class/gxp
+allow gxp_logging sysfs_gxp:dir search;
+allow gxp_logging sysfs_gxp:file rw_file_perms;
+
+# Allow logging service to log to stats service for reporting metrics.
+allow gxp_logging fwk_stats_service:service_manager find;
+binder_call(gxp_logging, system_server);
+binder_use(gxp_logging)
+
+# Allow logging service to read gxp properties.
+get_prop(gxp_logging, vendor_gxp_prop)
+
+# Allow gxp tracing service to send packets to Perfetto
+userdebug_or_eng(`perfetto_producer(gxp_logging)')
diff --git a/gxp/sepolicy/hal_camera_default.te b/gxp/sepolicy/hal_camera_default.te
new file mode 100644
index 0000000..5570a2e
--- /dev/null
+++ b/gxp/sepolicy/hal_camera_default.te
@@ -0,0 +1,3 @@
+# Allow the camera hal to access the GXP device and Properties.
+allow hal_camera_default gxp_device:chr_file rw_file_perms;
+get_prop(hal_camera_default, vendor_gxp_prop)
diff --git a/gxp/sepolicy/property.te b/gxp/sepolicy/property.te
new file mode 100644
index 0000000..b9741f0
--- /dev/null
+++ b/gxp/sepolicy/property.te
@@ -0,0 +1,3 @@
+# Gxp Android properties
+system_vendor_config_prop(vendor_gxp_prop)
+
diff --git a/gxp/sepolicy/property_contexts b/gxp/sepolicy/property_contexts
new file mode 100644
index 0000000..6093c7c
--- /dev/null
+++ b/gxp/sepolicy/property_contexts
@@ -0,0 +1,3 @@
+# GXP Android Property.
+vendor.gxp. u:object_r:vendor_gxp_prop:s0
+
diff --git a/gxp/sepolicy/vendor_init.te b/gxp/sepolicy/vendor_init.te
new file mode 100644
index 0000000..ec6ceab
--- /dev/null
+++ b/gxp/sepolicy/vendor_init.te
@@ -0,0 +1,3 @@
+# Gxp Android Properties.
+set_prop(vendor_init, vendor_gxp_prop)
+
diff --git a/pixelsystemservice/pixelsystemservice.mk b/pixelsystemservice/pixelsystemservice.mk
new file mode 100644
index 0000000..4a27110
--- /dev/null
+++ b/pixelsystemservice/pixelsystemservice.mk
@@ -0,0 +1,5 @@
+PRODUCT_SOONG_NAMESPACES += vendor/google/apps/PersistentBackgroundServices
+PRODUCT_PACKAGES += \
+ PersistentBackgroundServices
+
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/pixelsystemservice/sepolicy
diff --git a/pixelsystemservice/sepolicy/pixelsystemservice_app.te b/pixelsystemservice/sepolicy/pixelsystemservice_app.te
new file mode 100644
index 0000000..f120058
--- /dev/null
+++ b/pixelsystemservice/sepolicy/pixelsystemservice_app.te
@@ -0,0 +1,6 @@
+type pixelsystemservice_app, domain, coredomain;
+
+app_domain(pixelsystemservice_app);
+
+# Standard system services
+allow pixelsystemservice_app app_api_service:service_manager find;
diff --git a/pixelsystemservice/sepolicy/seapp_contexts b/pixelsystemservice/sepolicy/seapp_contexts
new file mode 100644
index 0000000..f1c1262
--- /dev/null
+++ b/pixelsystemservice/sepolicy/seapp_contexts
@@ -0,0 +1,2 @@
+# Pixel System Service
+user=_app seinfo=platform name=com.google.android.pixelsystemservice domain=pixelsystemservice_app type=app_data_file levelFrom=all
diff --git a/soc/Android.bp b/soc/Android.bp
index e913154..43e9202 100644
--- a/soc/Android.bp
+++ b/soc/Android.bp
@@ -2,11 +2,21 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-sh_binary {
- name: "dump_memory.sh",
- src: "dump_memory.sh",
+cc_binary {
+ name: "dump_memory",
+ srcs: ["dump_memory.cpp"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libdump",
+ "liblog",
+ ],
vendor: true,
- sub_dir: "dump",
+ relative_install_path: "dump",
}
cc_binary {
diff --git a/soc/dump_memory.cpp b/soc/dump_memory.cpp
new file mode 100644
index 0000000..1528f73
--- /dev/null
+++ b/soc/dump_memory.cpp
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+
+#include <android-base/file.h>
+#include <stdio.h>
+#include <log/log.h>
+
+char* concat(char* result, const char* one, const char* two){
+ strcpy(result, one);
+ strcat(result, two);
+ return result;
+}
+
+void iterate(const char* path){
+ dirent *entry, *entry2;
+ char result[100], base[100];
+
+ std::unique_ptr<DIR, decltype(&closedir)> ion(opendir(path), closedir);
+ if (!ion) {
+ ALOGE("Fail To Open Dir %s", path);
+ return;
+ }
+ while ((entry = readdir(ion.get())) != nullptr) {
+ if(entry->d_name[0] == '.') {
+ continue;
+ }
+ strcpy(base, path);
+ strcat(base, entry->d_name);
+ strcat(base, "/");
+ std::unique_ptr<DIR, decltype(&closedir)> ion2(opendir(base), closedir);
+ if (!ion2) {
+ ALOGE("Fail To Open Dir %s\n", base);
+ return;
+ }
+ while ((entry2 = readdir(ion2.get())) != nullptr) {
+ if(entry2->d_name[0] == '.') {
+ continue;
+ }
+ dumpFileContent(entry2->d_name, concat(result, base, entry2->d_name));
+ }
+ }
+ return;
+}
+
+// Dump memory.
+int main() {
+ dirent *entry;
+ char result[100];
+
+ printf("------ ION HEAPS ------\n");
+ iterate("/d/ion/");
+
+ dumpFileContent("dmabuf info", "/d/dma_buf/bufinfo");
+ dumpFileContent("Page Pinner - longterm pin", "/sys/kernel/debug/page_pinner/buffer");
+
+ printf("------ CMA info ------\n");
+ std::unique_ptr<DIR, decltype(&closedir)> cmadebug(opendir("/sys/kernel/debug/cma/"), closedir);
+ if (!cmadebug) {
+ ALOGE("Fail To Open Dir /sys/kernel/debug/cma/");
+ } else {
+ while ((entry = readdir(cmadebug.get())) != nullptr) {
+ if(entry->d_name[0] == '.') {
+ continue;
+ }
+ dumpFileContent("count", concat(result, concat(result, "/sys/kernel/debug/cma/", entry->d_name), "/count"));
+ dumpFileContent("used", concat(result, concat(result, "/sys/kernel/debug/cma/", entry->d_name), "/used"));
+ dumpFileContent("bitmap", concat(result, concat(result, "/sys/kernel/debug/cma/", entry->d_name), "/bitmap"));
+ }
+ }
+
+ printf("------ Pixel CMA stat ------\n");
+ iterate("/sys/kernel/pixel_stat/mm/cma/");
+
+ dumpFileContent("Pixel Trace", "/sys/kernel/tracing/instances/pixel/trace");
+ return 0;
+}
+
diff --git a/soc/dump_memory.sh b/soc/dump_memory.sh
deleted file mode 100644
index 6135dea..0000000
--- a/soc/dump_memory.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/vendor/bin/sh
-echo "------ ION HEAPS ------"
-for d in $(ls -d /d/ion/*)
-do
- if [ -f $d ]; then
- echo --- $d
- cat $d
- else
- for f in $(ls $d)
- do
- echo --- $d/$f
- cat $d/$f
- done
- fi
-done
-
-echo "------ dmabuf info ------"
-cat "/d/dma_buf/bufinfo"
-
-echo "------ Page Pinner - longterm pin ------"
-cat "/sys/kernel/debug/page_pinner/buffer"
-
-echo "------ CMA info ------"
-for d in $(ls -d /sys/kernel/debug/cma/*)
-do
- echo --- $d
- echo --- count; cat $d/count;
- echo --- used; cat $d/used;
- echo --- bitmap; cat $d/bitmap;
-done
-
-echo "------ Pixel CMA stat ------"
-for d in $(ls -d /sys/kernel/pixel_stat/mm/cma/*); do
- if [ -f $d ]; then
- echo --- $d
- cat $d
- else
- for f in $(ls $d); do
- echo --- $d/$f
- cat $d/$f
- done
- fi
-done
-
-echo "------ Pixel Trace ------"
-cat "/sys/kernel/tracing/instances/pixel/trace"
diff --git a/soc/sepolicy/soc/file_contexts b/soc/sepolicy/soc/file_contexts
index 23a91e5..5adc605 100644
--- a/soc/sepolicy/soc/file_contexts
+++ b/soc/sepolicy/soc/file_contexts
@@ -1,3 +1,3 @@
/vendor/bin/dump/dump_soc u:object_r:dump_soc_exec:s0
-/vendor/bin/dump/dump_memory\.sh u:object_r:dump_memory_exec:s0
+/vendor/bin/dump/dump_memory u:object_r:dump_memory_exec:s0
diff --git a/soc/soc.mk b/soc/soc.mk
index d08d99d..8ec9412 100644
--- a/soc/soc.mk
+++ b/soc/soc.mk
@@ -1,5 +1,5 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/soc/sepolicy/soc
PRODUCT_PACKAGES += dump_soc
-PRODUCT_PACKAGES_DEBUG += dump_memory.sh
+PRODUCT_PACKAGES_DEBUG += dump_memory
diff --git a/storage/Android.bp b/storage/Android.bp
index c8671d1..3a06113 100644
--- a/storage/Android.bp
+++ b/storage/Android.bp
@@ -2,10 +2,20 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-sh_binary {
- name: "dump_storage.sh",
- src: "dump_storage.sh",
+cc_binary {
+ name: "dump_storage",
+ srcs: ["dump_storage.cpp"],
init_rc: ["init.storage.rc"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libdump",
+ "liblog",
+ ],
vendor: true,
- sub_dir: "dump",
+ relative_install_path: "dump",
}
diff --git a/storage/dump_storage.cpp b/storage/dump_storage.cpp
new file mode 100644
index 0000000..bba1071
--- /dev/null
+++ b/storage/dump_storage.cpp
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <dump/pixel_dump.h>
+#include <android-base/file.h>
+#include <android-base/properties.h>
+#include <string.h>
+#include <stdio.h>
+#include <log/log.h>
+#include <regex>
+#include <fstream>
+
+#define F2FS_FSCK_TIME_PROPERTY "ro.boottime.init.fsck.data"
+#define F2FS_MNT_TIME_PROPERTY "ro.boottime.init.mount.data"
+#define BOOTDEVICE_PROPERTY "ro.boot.bootdevice"
+
+int main() {
+ //F2FS
+ dumpFileContent("F2FS status", "/sys/kernel/debug/f2fs/status");
+ dumpFileContent("F2FS fsck", "/dev/fscklogs/fsck");
+
+ int fsck_time = android::base::GetIntProperty(F2FS_FSCK_TIME_PROPERTY, 0);
+ printf("--- F2FS - fsck time (ms) ---\n%d\n\n", fsck_time);
+ int mnt_time = android::base::GetIntProperty(F2FS_MNT_TIME_PROPERTY, 0);
+ printf("--- F2FS - checkpoint=disable time (ms) ---\n%d\n\n", mnt_time);
+
+ //UFS
+ dumpFileContent("UFS model", "/sys/block/sda/device/model");
+ dumpFileContent("UFS rev", "/sys/block/sda/device/rev");
+ dumpFileContent("UFS size", "/sys/block/sda/size");
+
+ dumpFileContent("UFS Slow IO Read",
+ "/dev/sys/block/bootdevice/slowio_read_cnt");
+ dumpFileContent("UFS Slow IO Write",
+ "/dev/sys/block/bootdevice/slowio_write_cnt");
+ dumpFileContent("UFS Slow IO Unmap",
+ "/dev/sys/block/bootdevice/slowio_unmap_cnt");
+ dumpFileContent("UFS Slow IO Sync",
+ "/dev/sys/block/bootdevice/slowio_sync_cnt");
+
+ printf("------ UFS err_stats ------\n");
+ const std::string ufs_err_stats_path(
+ "/dev/sys/block/bootdevice/err_stats/");
+ std::unique_ptr<DIR, decltype(&closedir)> statdir(
+ opendir(ufs_err_stats_path.c_str()), closedir);
+ if (statdir) {
+ dirent *stat_entry;
+ while ((stat_entry = readdir(statdir.get())) != nullptr) {
+ std::string ufs_err_stats_path(stat_entry->d_name);
+ if (!strcmp(ufs_err_stats_path.c_str(), ".")
+ || !strcmp(ufs_err_stats_path.c_str(), ".."))
+ continue;
+ std::string bootdevice = android::base::GetProperty(
+ BOOTDEVICE_PROPERTY, "");
+ std::string err_stat_path = "/sys/devices/platform/";
+ err_stat_path.append(bootdevice.c_str());
+ err_stat_path.append("/err_stats/");
+ err_stat_path.append(ufs_err_stats_path.c_str());
+ std::ifstream err_stat_file(err_stat_path);
+ if (err_stat_file.is_open()) {
+ std::string err_stat_atom;
+ err_stat_file >> err_stat_atom;
+ printf("%s:%s\n", ufs_err_stats_path.c_str(),
+ err_stat_atom.c_str());
+ err_stat_file.close();
+ }
+ }
+ }
+
+ printf("\n------ UFS io_stats ------\n");
+ printf("\t\t%-12s %-12s %-12s %-12s %-12s %-12s\n", "ReadCnt", "ReadBytes",
+ "WriteCnt", "WriteBytes", "RWCnt", "RWBytes");
+ const std::string ufs_io_stats = "/dev/sys/block/bootdevice/io_stats/";
+ const std::string iostats_seq[3] = {"_start", "_complete", "_maxdiff"};
+ const std::string iostats[6] = {"rcnt", "rbyte", "wcnt", "wbyte", "rwcnt",
+ "rwbyte"};
+
+ for (int i = 0; i < 3; i++) {
+ const std::string header[3] = {"Started: \t", "Completed: \t",
+ "MaxDiff: \t"};
+ printf("%s", header[i].c_str());
+ for (int j = 0; j < 6; j++) {
+ std::string iostat_path = ufs_io_stats.c_str();
+ iostat_path.append(iostats[j].c_str());
+ iostat_path.append(iostats_seq[i].c_str());
+ std::ifstream io_stats_file(iostat_path.c_str());
+ unsigned long io_stat_atom = 0;
+ if (io_stats_file.is_open()) {
+ io_stats_file >> io_stat_atom;
+ printf("%-12lu ", io_stat_atom);
+ io_stats_file.close();
+ }
+ }
+ printf("\n");
+ }
+
+ printf("\n------ UFS req_stats ------\n");
+ printf("\t%-12s %-12s %-12s %-12s %-12s %-12s\n", "All", "Write", "Read",
+ "Security", "Flush", "Discard");
+ const std::string ufs_req_stats = "/dev/sys/block/bootdevice/req_stats/";
+ const std::string reqstats_seq[4] = {"_min", "_max", "_avg", "_sum"};
+ const std::string reqstats[6] = {"all", "write", "read", "security",
+ "flush", "discard"};
+
+ for (int i = 0; i < 4; i++) {
+ const std::string header[4] = {"Min:\t", "Max: \t", "Avg: \t",
+ "Count: \t"};
+ printf("%s", header[i].c_str());
+ for (int j = 0; j < 6; j++) {
+ std::string reqstat_path = ufs_req_stats.c_str();
+ reqstat_path.append(reqstats[j].c_str());
+ reqstat_path.append(reqstats_seq[i].c_str());
+ std::ifstream req_stats_file(reqstat_path.c_str());
+ unsigned long req_stat_atom = 0;
+ if (req_stats_file.is_open()) {
+ req_stats_file >> req_stat_atom;
+ printf("%-12lu ", req_stat_atom);
+ req_stats_file.close();
+ }
+ }
+ printf("\n");
+ }
+
+ printf("\n------ UFS health ------\n");
+ dumpFileContent(
+ "",
+ "/dev/sys/block/bootdevice/health_descriptor/life_time_estimation_a");
+ dumpFileContent(
+ "",
+ "/dev/sys/block/bootdevice/health_descriptor/life_time_estimation_b");
+ dumpFileContent("", "/dev/sys/block/bootdevice/health_descriptor/eol_info");
+ dumpFileContent(
+ "",
+ "/dev/sys/block/bootdevice/health_descriptor/life_time_estimation_c");
+
+ return 0;
+}
diff --git a/storage/dump_storage.sh b/storage/dump_storage.sh
deleted file mode 100644
index 5f08fc1..0000000
--- a/storage/dump_storage.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/vendor/bin/sh
-# F2FS
-echo "--- F2FS status---"
-cat "/sys/kernel/debug/f2fs/status"
-echo "\n--- F2FS fsck ---"
-cat "/dev/fscklogs/fsck"
-echo "\n--- F2FS - fsck time (ms) ---"
-getprop ro.boottime.init.fsck.data
-echo "\n--- F2FS - checkpoint=disable time (ms) ---"
-getprop ro.boottime.init.mount.data
-
-# UFS
-echo "\n------ UFS model (/sys/block/sda/device/model) ------"
-cat "/sys/block/sda/device/model"
-echo "\n------ UFS rev (/sys/block/sda/device/rev) ------"
-cat "/sys/block/sda/device/rev"
-echo "\n------ UFS size (/sys/block/sda/size) ------"
-cat "/sys/block/sda/size"
-
-echo "\n------ UFS Slow IO Read (/dev/sys/block/bootdevice/slowio_read_cnt) ------"
-cat "/dev/sys/block/bootdevice/slowio_read_cnt"
-echo "\n------ UFS Slow IO Write (/dev/sys/block/bootdevice/slowio_write_cnt) ------"
-cat "/dev/sys/block/bootdevice/slowio_write_cnt"
-echo "\n------ UFS Slow IO Unmap (/dev/sys/block/bootdevice/slowio_unmap_cnt) ------"
-cat "/dev/sys/block/bootdevice/slowio_unmap_cnt"
-echo "\n------ UFS Slow IO Sync (/dev/sys/block/bootdevice/slowio_sync_cnt) ------"
-cat "/dev/sys/block/bootdevice/slowio_sync_cnt"
-
-echo "\n------ UFS err_stats ------"
-path="/dev/sys/block/bootdevice/err_stats";
-for node in `ls $path/* | grep -v reset_err_status`
-do
- printf "%s:%d\n" $(basename $node) $(cat $node)
-done
-
-
-echo "\n------ UFS io_stats ------"
-path="/dev/sys/block/bootdevice/io_stats"
-printf "\t\t%-12s %-12s %-12s %-12s %-12s %-12s\n" ReadCnt ReadBytes WriteCnt WriteBytes RWCnt RWBytes
-str=$(cat $path/*_start); arr=($str);
-printf "Started: \t%-12s %-12s %-12s %-12s %-12s %-12s\n" ${arr[1]} ${arr[0]} ${arr[5]} ${arr[4]} ${arr[3]} ${arr[2]}
-str=$(cat $path/*_complete); arr=($str);
-printf "Completed: \t%-12s %-12s %-12s %-12s %-12s %-12s\n" ${arr[1]} ${arr[0]} ${arr[5]} ${arr[4]} ${arr[3]} ${arr[2]}
-str=$(cat $path/*_maxdiff); arr=($str);
-printf "MaxDiff: \t%-12s %-12s %-12s %-12s %-12s %-12s\n\n" ${arr[1]} ${arr[0]} ${arr[5]} ${arr[4]} ${arr[3]} ${arr[2]}
-
-echo "\n------ UFS req_stats ------"
-path="/dev/sys/block/bootdevice/req_stats"
-printf "\t%-12s %-12s %-12s %-12s %-12s %-12s\n" All Write Read Security Flush Discard
-str=$(cat $path/*_min); arr=($str);
-printf "Min:\t%-12s %-12s %-12s %-12s %-12s %-12s\n" ${arr[0]} ${arr[5]} ${arr[3]} ${arr[4]} ${arr[2]} ${arr[1]}
-str=$(cat $path/*_max); arr=($str);
-printf "Max:\t%-12s %-12s %-12s %-12s %-12s %-12s\n" ${arr[0]} ${arr[5]} ${arr[3]} ${arr[4]} ${arr[2]} ${arr[1]}
-str=$(cat $path/*_avg); arr=($str);
-printf "Avg.:\t%-12s %-12s %-12s %-12s %-12s %-12s\n" ${arr[0]} ${arr[5]} ${arr[3]} ${arr[4]} ${arr[2]} ${arr[1]}
-str=$(cat $path/*_sum); arr=($str);
-printf "Count:\t%-12s %-12s %-12s %-12s %-12s %-12s\n\n" ${arr[0]} ${arr[5]} ${arr[3]} ${arr[4]} ${arr[2]} ${arr[1]}
-
-echo "\n------ UFS health ------"
-for f in $(find /dev/sys/block/bootdevice/health_descriptor -type f)
-do
- if [[ -r $f && -f $f ]]; then
- echo --- $f
- cat $f
- echo ''
- fi
-done
-
diff --git a/storage/sepolicy/dump_storage.te b/storage/sepolicy/dump_storage.te
index 9411f8e..a404ee2 100644
--- a/storage/sepolicy/dump_storage.te
+++ b/storage/sepolicy/dump_storage.te
@@ -1,6 +1,5 @@
pixel_bugreport(dump_storage)
-allow dump_storage vendor_toolbox_exec:file execute_no_trans;
allow dump_storage sysfs_scsi_devices_0000:dir r_dir_perms;
allow dump_storage sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts
index a0efd28..bc10bc8 100644
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@@ -1,2 +1,2 @@
-/vendor/bin/dump/dump_storage\.sh u:object_r:dump_storage_exec:s0
+/vendor/bin/dump/dump_storage u:object_r:dump_storage_exec:s0
/sys/devices/platform/[0-9]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0
diff --git a/storage/storage.mk b/storage/storage.mk
index cd0556d..ee7110c 100644
--- a/storage/storage.mk
+++ b/storage/storage.mk
@@ -1,6 +1,6 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/storage/sepolicy
-PRODUCT_PACKAGES += dump_storage.sh
+PRODUCT_PACKAGES += dump_storage
# Pixel storage tool
PRODUCT_PACKAGES_DEBUG += \
diff --git a/thermal/Android.bp b/thermal/dump/Android.bp
similarity index 100%
rename from thermal/Android.bp
rename to thermal/dump/Android.bp
diff --git a/thermal/dump_thermal.sh b/thermal/dump/dump_thermal.sh
similarity index 100%
rename from thermal/dump_thermal.sh
rename to thermal/dump/dump_thermal.sh
diff --git a/thermal/dump/thermal.mk b/thermal/dump/thermal.mk
new file mode 100644
index 0000000..03b1dfa
--- /dev/null
+++ b/thermal/dump/thermal.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/thermal/sepolicy/dump
+
+PRODUCT_PACKAGES += dump/dump_thermal.sh
diff --git a/thermal/sepolicy/dump_thermal.te b/thermal/sepolicy/dump/dump_thermal.te
similarity index 100%
rename from thermal/sepolicy/dump_thermal.te
rename to thermal/sepolicy/dump/dump_thermal.te
diff --git a/thermal/sepolicy/file_contexts b/thermal/sepolicy/dump/file_contexts
similarity index 100%
rename from thermal/sepolicy/file_contexts
rename to thermal/sepolicy/dump/file_contexts
diff --git a/thermal/sepolicy/genfs_contexts b/thermal/sepolicy/dump/genfs_contexts
similarity index 100%
rename from thermal/sepolicy/genfs_contexts
rename to thermal/sepolicy/dump/genfs_contexts
diff --git a/thermal/sepolicy/thermal_hal/file.te b/thermal/sepolicy/thermal_hal/file.te
new file mode 100644
index 0000000..a2b1ab8
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/file.te
@@ -0,0 +1,2 @@
+type thermal_link_device, dev_type;
+type debugfs_thermal, debugfs_type, fs_type;
diff --git a/thermal/sepolicy/thermal_hal/file_contexts b/thermal/sepolicy/thermal_hal/file_contexts
new file mode 100644
index 0000000..c3fb04f
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/file_contexts
@@ -0,0 +1,6 @@
+/vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.pixel u:object_r:hal_thermal_default_exec:s0
+/vendor/bin/hw/android\.hardware\.thermal-service\.pixel u:object_r:hal_thermal_default_exec:s0
+/vendor/bin/thermal_logd u:object_r:init-thermal-logging-sh_exec:s0
+/vendor/bin/thermal_controld u:object_r:pixel-thermal-control-sh_exec:s0
+/vendor/bin/thermal_symlinks u:object_r:init-thermal-symlinks-sh_exec:s0
+/dev/thermal(/.*)? u:object_r:thermal_link_device:s0
diff --git a/thermal/sepolicy/thermal_hal/genfs_contexts b/thermal/sepolicy/thermal_hal/genfs_contexts
new file mode 100644
index 0000000..3000fa0
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/genfs_contexts
@@ -0,0 +1,3 @@
+genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_thermal:s0
+genfscon sysfs /class/thermal u:object_r:sysfs_thermal:s0
+genfscon debugfs /gs101-thermal u:object_r:debugfs_thermal:s0
diff --git a/thermal/sepolicy/thermal_hal/hal_thermal_default.te b/thermal/sepolicy/thermal_hal/hal_thermal_default.te
new file mode 100644
index 0000000..45ccf3a
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/hal_thermal_default.te
@@ -0,0 +1,16 @@
+allow hal_thermal_default sysfs_thermal:dir r_dir_perms;
+allow hal_thermal_default sysfs_thermal:file rw_file_perms;
+allow hal_thermal_default sysfs_thermal:lnk_file r_file_perms;
+allow hal_thermal_default thermal_link_device:dir r_dir_perms;
+allow hal_thermal_default proc_stat:file r_file_perms;
+allow hal_thermal_default self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow hal_thermal_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+hal_client_domain(hal_thermal_default, hal_power);
+
+# read thermal_config
+get_prop(hal_thermal_default, vendor_thermal_prop)
+
+# Needed for reporting thermal stats event
+allow hal_thermal_default fwk_stats_service:service_manager find;
+binder_call(hal_thermal_default, servicemanager)
diff --git a/thermal/sepolicy/thermal_hal/init-thermal-logging.sh.te b/thermal/sepolicy/thermal_hal/init-thermal-logging.sh.te
new file mode 100644
index 0000000..3da540e
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/init-thermal-logging.sh.te
@@ -0,0 +1,10 @@
+type init-thermal-logging-sh, domain;
+type init-thermal-logging-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-thermal-logging-sh)
+
+userdebug_or_eng(`
+ allow init-thermal-logging-sh vendor_toolbox_exec:file rx_file_perms;
+ allow init-thermal-logging-sh sysfs_thermal:dir r_dir_perms;
+ allow init-thermal-logging-sh sysfs_thermal:file r_file_perms;
+')
diff --git a/thermal/sepolicy/thermal_hal/init-thermal-symlinks.sh.te b/thermal/sepolicy/thermal_hal/init-thermal-symlinks.sh.te
new file mode 100644
index 0000000..093512c
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/init-thermal-symlinks.sh.te
@@ -0,0 +1,12 @@
+type init-thermal-symlinks-sh, domain;
+type init-thermal-symlinks-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-thermal-symlinks-sh)
+
+allow init-thermal-symlinks-sh vendor_toolbox_exec:file rx_file_perms;
+allow init-thermal-symlinks-sh thermal_link_device:dir rw_dir_perms;
+allow init-thermal-symlinks-sh thermal_link_device:lnk_file create_file_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:dir r_dir_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:file r_file_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:lnk_file r_file_perms;
+set_prop(init-thermal-symlinks-sh, vendor_thermal_prop)
diff --git a/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te
new file mode 100644
index 0000000..a6430f1
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te
@@ -0,0 +1,13 @@
+type pixel-thermal-control-sh, domain;
+type pixel-thermal-control-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(pixel-thermal-control-sh)
+
+userdebug_or_eng(`
+ allow pixel-thermal-control-sh vendor_toolbox_exec:file execute_no_trans;
+ allow pixel-thermal-control-sh sysfs_thermal:dir r_dir_perms;
+ allow pixel-thermal-control-sh sysfs_thermal:file rw_file_perms;
+ allow pixel-thermal-control-sh sysfs_thermal:lnk_file r_file_perms;
+ allow pixel-thermal-control-sh thermal_link_device:dir r_dir_perms;
+ get_prop(pixel-thermal-control-sh, vendor_thermal_prop)
+')
diff --git a/thermal/sepolicy/thermal_hal/property.te b/thermal/sepolicy/thermal_hal/property.te
new file mode 100644
index 0000000..676c85a
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/property.te
@@ -0,0 +1,2 @@
+#thermal HAL
+vendor_internal_prop(vendor_thermal_prop)
diff --git a/thermal/sepolicy/thermal_hal/property_contexts b/thermal/sepolicy/thermal_hal/property_contexts
new file mode 100644
index 0000000..65a02ee
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/property_contexts
@@ -0,0 +1 @@
+vendor.thermal. u:object_r:vendor_thermal_prop:s0
diff --git a/thermal/sepolicy/thermal_hal/vendor_init.te b/thermal/sepolicy/thermal_hal/vendor_init.te
new file mode 100644
index 0000000..aaf6ac1
--- /dev/null
+++ b/thermal/sepolicy/thermal_hal/vendor_init.te
@@ -0,0 +1,3 @@
+allow vendor_init thermal_link_device:dir r_dir_perms;
+allow vendor_init thermal_link_device:lnk_file r_file_perms;
+set_prop(vendor_init, vendor_thermal_prop)
diff --git a/thermal/thermal.mk b/thermal/thermal.mk
index 3b3dede..03b1dfa 100644
--- a/thermal/thermal.mk
+++ b/thermal/thermal.mk
@@ -1,3 +1,3 @@
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/thermal/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/thermal/sepolicy/dump
-PRODUCT_PACKAGES += dump_thermal.sh
+PRODUCT_PACKAGES += dump/dump_thermal.sh
diff --git a/thermal/thermal_hal/device.mk b/thermal/thermal_hal/device.mk
new file mode 100644
index 0000000..260b59f
--- /dev/null
+++ b/thermal/thermal_hal/device.mk
@@ -0,0 +1,10 @@
+PRODUCT_PACKAGES += android.hardware.thermal-service.pixel
+
+# Thermal utils
+PRODUCT_PACKAGES += thermal_symlinks
+
+# Thermal logd
+PRODUCT_PACKAGES_DEBUG += thermal_logd
+PRODUCT_PACKAGES_ENG += thermal_logd
+
+BOARD_SEPOLICY_DIRS += device/google/gs-common/thermal/sepolicy/thermal_hal