Merge "Recorder: add sepolicy for Google Recorder app" into main

commit: 8b602f29a6dc269f65c7cb495883abca8b61a312 [log] [tgz]
author: Richard Chou <richardchou@google.com> Tue Jun 04 07:55:02 2024 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Tue Jun 04 07:55:02 2024 +0000
tree: 78caed336317859e11af631d33d15896d383e043
parent: 2ced5f695853268695b66ee3124cbcc929e69b84 [diff]
parent: 7d60dc41df882544150197ae499bb7718be36e79 [diff]
diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts
index ed8a6d6..73293f7 100644
--- a/aoc/sepolicy/file_contexts
+++ b/aoc/sepolicy/file_contexts

@@ -31,6 +31,9 @@
 /dev/acd-aocx_inject[0-9]*          u:object_r:aoc_device:s0
 /dev/acd-aocx_tapout[0-9]*          u:object_r:aoc_device:s0
 /dev/acd-mc_headpos                 u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_ctl        u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_tx    u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_rx    u:object_r:aoc_device:s0
 
 # AoC vendor binaries
 /vendor/bin/aocd                    u:object_r:aocd_exec:s0

diff --git a/gps/lsi/sepolicy/device.te b/gps/lsi/sepolicy/device.te
new file mode 100644
index 0000000..15d049f
--- /dev/null
+++ b/gps/lsi/sepolicy/device.te

@@ -0,0 +1 @@
+type vendor_gnss_device, dev_type;

diff --git a/gps/lsi/sepolicy/file.te b/gps/lsi/sepolicy/file.te
index af9582b..246700a 100644
--- a/gps/lsi/sepolicy/file.te
+++ b/gps/lsi/sepolicy/file.te

@@ -1 +1,5 @@
 type vendor_gps_file, file_type, data_file_type;
+type sysfs_gps, sysfs_type, fs_type;
+userdebug_or_eng(`
+  typeattribute vendor_gps_file mlstrustedobject;
+')

diff --git a/gps/lsi/sepolicy/file_contexts b/gps/lsi/sepolicy/file_contexts
index 9840eab..e6af3b1 100644
--- a/gps/lsi/sepolicy/file_contexts
+++ b/gps/lsi/sepolicy/file_contexts

@@ -7,6 +7,4 @@
 /vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
 /vendor/bin/hw/spad             u:object_r:spad_exec:s0
 /vendor/bin/hw/android.hardware.gnss-service           u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
-# keep only one rule and use eGNSS one
-# /data/vendor/gps(/.*)?             u:object_r:vendor_gps_file:s0
+/data/vendor/gps(/.*)?             u:object_r:vendor_gps_file:s0

diff --git a/gps/lsi/sepolicy/property.te b/gps/lsi/sepolicy/property.te
new file mode 100644
index 0000000..6b62560
--- /dev/null
+++ b/gps/lsi/sepolicy/property.te

@@ -0,0 +1 @@
+vendor_internal_prop(vendor_gps_prop)

diff --git a/gps/lsi/sepolicy/property_contexts b/gps/lsi/sepolicy/property_contexts
new file mode 100644
index 0000000..4546116
--- /dev/null
+++ b/gps/lsi/sepolicy/property_contexts

@@ -0,0 +1,2 @@
+vendor.gps.                                u:object_r:vendor_gps_prop:s0
+persist.vendor.gps.                        u:object_r:vendor_gps_prop:s0

diff --git a/gyotaku_app/fingerprint/gyotaku_app.te b/gyotaku_app/fingerprint/gyotaku_app.te
new file mode 100644
index 0000000..f6475f5
--- /dev/null
+++ b/gyotaku_app/fingerprint/gyotaku_app.te

@@ -0,0 +1,19 @@
+# Specific build for fingerprint
+type gyotaku_app, domain;
+
+app_domain(gyotaku_app)
+net_domain(gyotaku_app)
+
+# For Gyotaku app common use
+allow gyotaku_app app_api_service:service_manager find;
+allow gyotaku_app privapp_data_file:lnk_file read;
+allow gyotaku_app system_app_data_file:dir create_dir_perms;
+allow gyotaku_app system_app_data_file:file create_file_perms;
+
+# For getproperty isDebuggable use
+get_prop(gyotaku_app, userdebug_or_eng_prop)
+
+# For access /data/vendor/misc fingerprint use.
+allow gyotaku_app vendor_misc_data_file:dir search;
+allow gyotaku_app vendor_fingerprint_data_file:dir r_dir_perms;
+allow gyotaku_app vendor_fingerprint_data_file:file r_file_perms;

diff --git a/gyotaku_app/fingerprint/seapp_contexts b/gyotaku_app/fingerprint/seapp_contexts
new file mode 100644
index 0000000..b1c6248
--- /dev/null
+++ b/gyotaku_app/fingerprint/seapp_contexts

@@ -0,0 +1,2 @@
+# Gyotaku app
+user=system seinfo=platform name=com.google.android.apps.internal.gyotaku domain=gyotaku_app type=system_app_data_file levelFrom=all

diff --git a/gyotaku_app/gyotaku_fingerprint.mk b/gyotaku_app/gyotaku_fingerprint.mk
new file mode 100644
index 0000000..051b88e
--- /dev/null
+++ b/gyotaku_app/gyotaku_fingerprint.mk

@@ -0,0 +1,5 @@
+# Specific build for fingerprint
+PRODUCT_PACKAGES_DEBUG += \
+   Gyotaku
+
+BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/fingerprint

diff --git a/storage/init.storage.rc b/storage/init.storage.rc
index 71fce43..9cad2ea 100644
--- a/storage/init.storage.rc
+++ b/storage/init.storage.rc

@@ -13,6 +13,7 @@
     write /dev/sys/block/by-name/rootdisk/queue/iostats 1
     write /dev/sys/block/by-name/rootdisk/queue/nr_requests 128
     write /dev/sys/block/by-name/rootdisk/queue/rq_affinity 2
+    write /dev/sys/block/by-name/zoned_device/queue/rq_affinity 2
 
     # UFS
     write /dev/sys/block/bootdevice/clkgate_enable 1
commit	8b602f29a6dc269f65c7cb495883abca8b61a312	[log] [tgz]
author	Richard Chou <richardchou@google.com>	Tue Jun 04 07:55:02 2024 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Tue Jun 04 07:55:02 2024 +0000
tree	78caed336317859e11af631d33d15896d383e043
parent	2ced5f695853268695b66ee3124cbcc929e69b84 [diff]
parent	7d60dc41df882544150197ae499bb7718be36e79 [diff]