Merge "Limit maxGxpDebugDumps to 4" into main
diff --git a/edgetpu/sepolicy/file_contexts b/edgetpu/sepolicy/file_contexts
index 06f0a89..6190fcf 100644
--- a/edgetpu/sepolicy/file_contexts
+++ b/edgetpu/sepolicy/file_contexts
@@ -17,6 +17,8 @@
# EdgeTPU runtime libraries
/vendor/lib64/com\.google\.edgetpu_app_service-V[1-4]-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
+# EdgeTPU Tachyon libraries
+/vendor/lib64/libedgetpu_tachyon\.google\.so u:object_r:same_process_hal_file:s0
# EdgeTPU data files
/data/vendor/hal_neuralnetworks_darwinn(/.*)? u:object_r:hal_neuralnetworks_darwinn_data_file:s0
@@ -27,3 +29,6 @@
# Tachyon service
/vendor/bin/hw/com\.google\.edgetpu.tachyon-service u:object_r:edgetpu_tachyon_server_exec:s0
+
+# libfmq.so is dynamically loaded by the Tachyon client-side library libedgetpu_tachyon.google.so
+/vendor/lib64/libfmq\.so u:object_r:same_process_hal_file:s0
diff --git a/edgetpu/sepolicy/priv_app.te b/edgetpu/sepolicy/priv_app.te
index a9b49c3..579cc61 100644
--- a/edgetpu/sepolicy/priv_app.te
+++ b/edgetpu/sepolicy/priv_app.te
@@ -7,3 +7,6 @@
# Allows privileged applications to access the EdgeTPU device, except open,
# which is guarded by the EdgeTPU service.
allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+# Allows EdgeTPU Tachyon service to call the app.
+binder_call(edgetpu_tachyon_server, priv_app);
diff --git a/edgetpu/sepolicy/untrusted_app_all.te b/edgetpu/sepolicy/untrusted_app_all.te
index 9abec61..3c92900 100644
--- a/edgetpu/sepolicy/untrusted_app_all.te
+++ b/edgetpu/sepolicy/untrusted_app_all.te
@@ -5,3 +5,5 @@
# by the EdgeTPU service.
allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };
+# Allows EdgeTPU Tachyon service to call the app.
+binder_call(edgetpu_tachyon_server, untrusted_app_all);
diff --git a/insmod/4k/insmod.sh b/insmod/4k/insmod.sh
old mode 100644
new mode 100755
diff --git a/insmod/insmod.sh b/insmod/insmod.sh
deleted file mode 100755
index 8cac37e..0000000
--- a/insmod/insmod.sh
+++ /dev/null
@@ -1,102 +0,0 @@
-#!/vendor/bin/sh
-
-#############################################################
-### init.insmod.cfg format: ###
-### ----------------------------------------------------- ###
-### [insmod|setprop|enable/moprobe|wait] [path|prop name] ###
-### ... ###
-#############################################################
-
-modules_dir=
-system_modules_dir=
-vendor_modules_dir=
-
-for dir in system vendor; do
- for f in /${dir}/lib/modules/*/modules.dep /${dir}/lib/modules/modules.dep; do
- if [[ -f "$f" ]]; then
- if [[ "${dir}" == "system" ]]; then
- system_modules_dir="$(dirname "$f")"
- else
- vendor_modules_dir="$(dirname "$f")"
- modules_dir=${vendor_modules_dir}
- fi
- break
- fi
- done
-done
-
-if [[ -z "${system_modules_dir}" ]]; then
- echo "Unable to locate system kernel modules directory" 2>&1
-fi
-
-if [[ -z "${vendor_modules_dir}" ]]; then
- echo "Unable to locate vendor kernel modules directory" 2>&1
- exit 1
-fi
-
-# imitates wait_for_file() in init
-wait_for_file()
-{
- filename="${1}"
- timeout="${2:-5}"
-
- expiry=$(($(date "+%s")+timeout))
- while [[ ! -e "${filename}" ]] && [[ "$(date "+%s")" -le "${expiry}" ]]
- do
- sleep 0.01
- done
-}
-
-if [ $# -eq 1 ]; then
- cfg_file=$1
-else
- # Set property even if there is no insmod config
- # to unblock early-boot trigger
- setprop vendor.common.modules.ready
- setprop vendor.device.modules.ready
- setprop vendor.all.modules.ready
- setprop vendor.all.devices.ready
- exit 1
-fi
-
-if [ -f $cfg_file ]; then
- while IFS="|" read -r action arg
- do
- case $action in
- "insmod") insmod $arg ;;
- "setprop") setprop $arg 1 ;;
- "enable") echo 1 > $arg ;;
- "condinsmod")
- prop=$(echo $arg | cut -d '|' -f 1)
- module1=$(echo $arg | cut -d '|' -f 2)
- module2=$(echo $arg | cut -d '|' -f 3)
- value=$(getprop $prop)
- if [[ ${value} == "true" ]]; then
- insmod ${vendor_modules_dir}/${module1}
- else
- insmod ${vendor_modules_dir}/${module2}
- fi
- ;;
- "modprobe")
- case ${arg} in
- "system -b *" | "system -b")
- modules_dir=${system_modules_dir}
- arg="-b --all=${system_modules_dir}/modules.load" ;;
- "system *" | "system")
- modules_dir=${system_modules_dir}
- arg="--all=${system_modules_dir}/modules.load" ;;
- "-b *" | "-b" | "vendor -b *" | "vendor -b")
- modules_dir=${vendor_modules_dir}
- arg="-b --all=${vendor_modules_dir}/modules.load" ;;
- "*" | "" | "vendor *" | "vendor")
- modules_dir=${vendor_modules_dir}
- arg="--all=${vendor_modules_dir}/modules.load" ;;
- esac
- if [[ -d "${modules_dir}" ]]; then
- modprobe -a -d "${modules_dir}" $arg
- fi
- ;;
- "wait") wait_for_file $arg ;;
- esac
- done < $cfg_file
-fi
diff --git a/performance/sepolicy/file.te b/performance/sepolicy/file.te
new file mode 100644
index 0000000..0357d51
--- /dev/null
+++ b/performance/sepolicy/file.te
@@ -0,0 +1 @@
+type sysfs_pakills, fs_type, sysfs_type;
diff --git a/performance/sepolicy/genfs_contexts b/performance/sepolicy/genfs_contexts
index 000c41b..07bcff9 100644
--- a/performance/sepolicy/genfs_contexts
+++ b/performance/sepolicy/genfs_contexts
@@ -1 +1,2 @@
genfscon proc /sys/kernel/sched_pelt_multiplier u:object_r:proc_sched:s0
+genfscon sysfs /kernel/vendor_mm/pa_kill u:object_r:sysfs_pakills:s0
diff --git a/performance/sepolicy/hal_power_default.te b/performance/sepolicy/hal_power_default.te
new file mode 100644
index 0000000..763862d
--- /dev/null
+++ b/performance/sepolicy/hal_power_default.te
@@ -0,0 +1,2 @@
+allow hal_power_default sysfs_pakills:file rw_file_perms;
+allow hal_power_default sysfs_pakills:dir r_dir_perms;