[automerger skipped] Move compaction_proactiveness to vendor sepolicy am: d1adbe0cb2 -s ours
am skip reason: Merged-In I14cff8dfe4e143995b9011cd34a1e7d74613ae33 with SHA-1 d6d4a779e5 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/29091424
Change-Id: Ied82c7da10415424f42bd7101bbe7c6ece892f0b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/audio/aidl/device_framework_matrix_product.xml b/audio/aidl/device_framework_matrix_product.xml
index 3079aab..0e7e998 100644
--- a/audio/aidl/device_framework_matrix_product.xml
+++ b/audio/aidl/device_framework_matrix_product.xml
@@ -9,7 +9,7 @@
</hal>
<hal format="aidl">
<name>vendor.google.whitechapel.audio.extension</name>
- <version>2</version>
+ <version>3</version>
<interface>
<name>IAudioExtension</name>
<instance>default</instance>
diff --git a/audio/common.mk b/audio/common.mk
index edf7b6a..a691f0a 100644
--- a/audio/common.mk
+++ b/audio/common.mk
@@ -3,8 +3,15 @@
#Audio Vendor libraries
PRODUCT_PACKAGES += \
libfvsam_prm_parser \
- libmahalcontroller \
+ libmahalcontroller
+
+ifeq ($(USE_MAM_V4_ABOVE),true)
+PRODUCT_PACKAGES += \
+ libMAM_Google_Pixel_Android
+else
+PRODUCT_PACKAGES += \
libAlgFx_HiFi3z
+endif
ifneq ($(USE_AUDIO_HAL_AIDL),true)
## AudioHAL Configurations
diff --git a/battery_mitigation/sepolicy/vendor/dumpstate.te b/battery_mitigation/sepolicy/vendor/dumpstate.te
index b3bb1d4..8248254 100644
--- a/battery_mitigation/sepolicy/vendor/dumpstate.te
+++ b/battery_mitigation/sepolicy/vendor/dumpstate.te
@@ -1,3 +1,20 @@
# To call battery_mitigation hal
allow dumpstate hal_battery_mitigation_service:service_manager find;
binder_call(dumpstate, battery_mitigation);
+
+allow hal_dumpstate_default sysfs_acpm_stats:dir { read open search };
+allow hal_dumpstate_default sysfs_acpm_stats:file { read open getattr };
+allow hal_dumpstate_default sysfs_cpu:file { read open getattr };
+allow hal_dumpstate_default sysfs_batteryinfo:dir { read open search };
+allow hal_dumpstate_default sysfs_batteryinfo:file { read open getattr };
+allow hal_dumpstate_default logbuffer_device:chr_file { read open getattr };
+allow hal_dumpstate_default mitigation_vendor_data_file:dir { search };
+allow hal_dumpstate_default sysfs_bcl:dir { read open search };
+allow hal_dumpstate_default sysfs_bcl:file { read open getattr };
+allow hal_dumpstate_default vendor_file:file { execute_no_trans };
+allow hal_dumpstate_default battery_history_device:chr_file { read };
+
+
+userdebug_or_eng(`
+ allow hal_dumpstate_default vendor_pm_genpd_debugfs:file { read open getattr };
+')
diff --git a/bcmbt/dump/dump_bcmbt.cpp b/bcmbt/dump/dump_bcmbt.cpp
index fde0ad0..22e2fcf 100644
--- a/bcmbt/dump/dump_bcmbt.cpp
+++ b/bcmbt/dump/dump_bcmbt.cpp
@@ -34,7 +34,8 @@
return 0;
}
- dumpLogs(BCMBT_SNOOP_LOG_DIRECTORY, outputDir.c_str(), 2, BCMBT_SNOOP_LOG_PREFIX);
+ dumpLogs(BCMBT_SNOOP_LOG_DIRECTORY, outputDir.c_str(), 4,
+ BCMBT_SNOOP_LOG_PREFIX);
dumpLogs(BCMBT_SNOOP_LOG_DIRECTORY, outputDir.c_str(), 2, BCMBT_BACKUP_SNOOP_LOG_PREFIX);
dumpLogs(BCMBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, BCMBT_FW_DUMP_LOG_PREFIX);
dumpLogs(BCMBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, BCMBT_CHRE_DUMP_LOG_PREFIX);
diff --git a/betterbug/betterbug.mk b/betterbug/betterbug.mk
index 906933d..2930362 100644
--- a/betterbug/betterbug.mk
+++ b/betterbug/betterbug.mk
@@ -1,7 +1,7 @@
# When neither AOSP nor factory targets
ifeq (,$(filter aosp_% factory_%, $(TARGET_PRODUCT)))
PRODUCT_PACKAGES += BetterBugStub
- PRODUCT_PACKAGES_DEBUG += BetterBug
+ PRODUCT_PACKAGES_DEBUG += $(RELEASE_PACKAGE_BETTER_BUG)
endif
PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/public
diff --git a/bootctrl/1.2/BootControl.cpp b/bootctrl/1.2/BootControl.cpp
index ff02013..54764a0 100644
--- a/bootctrl/1.2/BootControl.cpp
+++ b/bootctrl/1.2/BootControl.cpp
@@ -19,6 +19,7 @@
#include "BootControl.h"
#include <android-base/file.h>
+#include <android-base/properties.h>
#include <android-base/unique_fd.h>
#include <bootloader_message/bootloader_message.h>
#include <cutils/properties.h>
@@ -254,16 +255,15 @@
}
static bool blowAR() {
- char platform[PROPERTY_VALUE_MAX];
- property_get("ro.boot.hardware.platform", platform, "");
+ const auto& platform = ::android::base::GetProperty("ro.boot.hardware.platform", "");
- if (std::string(platform) == "gs101") {
+ if (platform == "gs101") {
return blowAR_gs101();
- } else if (std::string(platform) == "gs201" || std::string(platform) == "zuma") {
+ } else if (platform == "gs201" || platform == "zuma" || platform == "zumapro") {
return blowAR_zuma();
}
- return true;
+ return false;
}
} // namespace
diff --git a/bootctrl/aidl/BootControl.cpp b/bootctrl/aidl/BootControl.cpp
index e771845..8655929 100644
--- a/bootctrl/aidl/BootControl.cpp
+++ b/bootctrl/aidl/BootControl.cpp
@@ -20,6 +20,7 @@
#include <android-base/file.h>
#include <android-base/logging.h>
+#include <android-base/properties.h>
#include <android-base/unique_fd.h>
#include <bootloader_message/bootloader_message.h>
#include <cutils/properties.h>
@@ -251,16 +252,15 @@
}
static bool blowAR() {
- char platform[PROPERTY_VALUE_MAX];
- property_get("ro.boot.hardware.platform", platform, "");
+ const auto& platform = ::android::base::GetProperty("ro.boot.hardware.platform", "");
- if (std::string(platform) == "gs101") {
+ if (platform == "gs101") {
return blowAR_gs101();
- } else if (std::string(platform) == "gs201" || std::string(platform) == "zuma") {
+ } else if (platform == "gs201" || platform == "zuma" || platform == "zumapro") {
return blowAR_zuma();
}
- return true;
+ return false;
}
static constexpr MergeStatus ToAIDLMergeStatus(HIDLMergeStatus status) {
@@ -384,7 +384,7 @@
*_aidl_return = true;
return ScopedAStatus::ok();
}
- if (in_slot >= slots)
+ if (in_slot < 0 || in_slot >= slots)
return ScopedAStatus::fromServiceSpecificErrorWithMessage(
INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
diff --git a/camera/lyric.mk b/camera/lyric.mk
index 7762f4d..c886138 100644
--- a/camera/lyric.mk
+++ b/camera/lyric.mk
@@ -5,14 +5,22 @@
$(call soong_config_set,google3a_config,gcam_awb,true)
$(call soong_config_set,google3a_config,ghawb_truetone,true)
+# Flag controls whether Lyric apex can be located in the dist-directory.
+$(call soong_config_set, lyric, dist_lyric_apex, $(RELEASE_PIXEL_DIST_LYRIC_APEX))
+
# Select GCH backend.
# TODO(b/192681010): This dependency inversion should be removed.
ifneq ($(wildcard vendor/google/services/LyricCameraHAL/src),)
$(call soong_config_set,gch,hwl_library,lyric)
endif
-# Check if we're in the internal build
-ifneq ($(wildcard vendor/google/camera),)
+# Use build-time flag to select whether to build from source
+# or ingest prebuilt-apex. We would want the development teams
+# using release configuration: (trunk-staging) to build from source.
+# All shipping releases will switch to prebuilts (trunk+)
+# if this condition is not true, then build from source.
+
+ifneq ($(RELEASE_PIXEL_CAMERA_ENABLE_PREBUILT),true)
PRODUCT_SOONG_NAMESPACES += \
vendor/google/camera \
@@ -33,8 +41,7 @@
# Calibration tool for debug builds
PRODUCT_PACKAGES_DEBUG += tarasque_test
PRODUCT_PACKAGES_DEBUG += ProtoCalibGenerator
-
-endif # vendor/google/camera check
+endif # RELEASE_PIXEL_CAMERA_ENABLE_PREBUILT check
# Init-time log settings for Google 3A
PRODUCT_PACKAGES += libg3a_standalone_gabc_rc
diff --git a/camera/sepolicy/product/private/service_contexts b/camera/sepolicy/product/private/service_contexts
index fed03af..0cb84b4 100644
--- a/camera/sepolicy/product/private/service_contexts
+++ b/camera/sepolicy/product/private/service_contexts
@@ -1 +1,5 @@
-com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:camera_binder_service:s0
\ No newline at end of file
+com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:camera_binder_service:s0
+
+com.google.pixel.camera.services.cameraidremapper.ICameraIdRemapper/default u:object_r:camera_cameraidremapper_service:s0
+
+com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:camera_lyricconfigprovider_service:s0
diff --git a/camera/sepolicy/product/private/vendor_pbcs_app.te b/camera/sepolicy/product/private/vendor_pbcs_app.te
index 54bc0c0..b8a52d2 100644
--- a/camera/sepolicy/product/private/vendor_pbcs_app.te
+++ b/camera/sepolicy/product/private/vendor_pbcs_app.te
@@ -9,4 +9,10 @@
allow vendor_pbcs_app cameraserver_service:service_manager find;
# Allow PBCS to add the ServiceBinder service to ServiceManager.
-add_service(vendor_pbcs_app, camera_binder_service);
\ No newline at end of file
+add_service(vendor_pbcs_app, camera_binder_service);
+
+# Allow PBCS to add the CameraIdRemapper service to ServiceManager.
+add_service(vendor_pbcs_app, camera_cameraidremapper_service);
+
+# Allow PBCS to add the LyricConfigProvider service to ServiceManager.
+add_service(vendor_pbcs_app, camera_lyricconfigprovider_service);
diff --git a/camera/sepolicy/product/private/vendor_pcs_app.te b/camera/sepolicy/product/private/vendor_pcs_app.te
index 55eeee7..d41adb4 100644
--- a/camera/sepolicy/product/private/vendor_pcs_app.te
+++ b/camera/sepolicy/product/private/vendor_pcs_app.te
@@ -8,6 +8,8 @@
app_api_service
audioserver_service
cameraserver_service
+ camera_cameraidremapper_service
+ camera_lyricconfigprovider_service
drmserver_service
mediametrics_service
mediaserver_service
diff --git a/camera/sepolicy/product/public/service.te b/camera/sepolicy/product/public/service.te
index f94fd9f..2cdc125 100644
--- a/camera/sepolicy/product/public/service.te
+++ b/camera/sepolicy/product/public/service.te
@@ -1 +1,5 @@
-type camera_binder_service, hal_service_type, protected_service, service_manager_type;
\ No newline at end of file
+type camera_binder_service, hal_service_type, protected_service, service_manager_type;
+
+type camera_cameraidremapper_service, hal_service_type, protected_service, service_manager_type;
+
+type camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/vendor/hal_camera_default.te b/camera/sepolicy/vendor/hal_camera_default.te
index 9e7b105..ebb58b8 100644
--- a/camera/sepolicy/vendor/hal_camera_default.te
+++ b/camera/sepolicy/vendor/hal_camera_default.te
@@ -1,6 +1,6 @@
allow hal_camera_default camera_binder_service:service_manager find;
# Allow Lyric Hal to find the LyricConfigProvider service through ServiceManager.
-allow hal_camera_default vendor_camera_lyricconfigprovider_service:service_manager find;
+allow hal_camera_default camera_lyricconfigprovider_service:service_manager find;
allow hal_camera_default hal_pixel_remote_camera_service:service_manager find;
@@ -8,6 +8,5 @@
binder_call(hal_camera_default, vendor_pcs_app);
-# Allow Lyric HAL to start ISP Service and Image Processing HAL
-add_service(hal_camera_default, vendor_camera_isp_service)
+# Allow Lyric HAL to start Image Processing HAL
add_service(hal_camera_default, vendor_image_processing_hal_service)
diff --git a/camera/sepolicy/vendor/service.te b/camera/sepolicy/vendor/service.te
index 35887ba..757bf6d 100644
--- a/camera/sepolicy/vendor/service.te
+++ b/camera/sepolicy/vendor/service.te
@@ -1,9 +1,3 @@
type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type;
-type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type;
-
-type vendor_camera_isp_service, hal_service_type, protected_service, service_manager_type;
-
-type vendor_camera_cameraidremapper_service, hal_service_type, protected_service, service_manager_type;
-
type vendor_image_processing_hal_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/vendor/service_contexts b/camera/sepolicy/vendor/service_contexts
index 9f5e335..7a2d6ff 100644
--- a/camera/sepolicy/vendor/service_contexts
+++ b/camera/sepolicy/vendor/service_contexts
@@ -1,9 +1,3 @@
com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0
-com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:vendor_camera_lyricconfigprovider_service:s0
-
-com.google.pixel.camera.isp.IIspService/default u:object_r:vendor_camera_isp_service:s0
-
-com.google.pixel.camera.services.cameraidremapper.ICameraIdRemapper/default u:object_r:vendor_camera_cameraidremapper_service:s0
-
-com.google.android.imageprocessing.IImageProcessingHal u:object_r:vendor_image_processing_hal_service:s0
+com.google.android.imageprocessing.hal.IImageProcessingHal/default u:object_r:vendor_image_processing_hal_service:s0
diff --git a/camera/sepolicy/vendor/vendor_pbcs_app.te b/camera/sepolicy/vendor/vendor_pbcs_app.te
index b25c9a2..965ef54 100644
--- a/camera/sepolicy/vendor/vendor_pbcs_app.te
+++ b/camera/sepolicy/vendor/vendor_pbcs_app.te
@@ -1,9 +1,9 @@
# Allow PBCS to add the ServiceBinder service to ServiceManager.
add_service(vendor_pbcs_app, camera_binder_service);
# Allow PBCS to add the LyricConfigProvider service to ServiceManager.
-add_service(vendor_pbcs_app, vendor_camera_lyricconfigprovider_service);
+add_service(vendor_pbcs_app, camera_lyricconfigprovider_service);
# Allow PBCS to add the CameraIdRemapper service to ServiceManager.
-add_service(vendor_pbcs_app, vendor_camera_cameraidremapper_service);
+add_service(vendor_pbcs_app, camera_cameraidremapper_service);
# Allow PBCS to read debug system properties of the form vendor.camera.pbcs.debug.*
# and persist.vendor.camera.pbcs.debug.*
diff --git a/camera/sepolicy/vendor/vendor_pcs_app.te b/camera/sepolicy/vendor/vendor_pcs_app.te
index b4d71b5..068a0f7 100644
--- a/camera/sepolicy/vendor/vendor_pcs_app.te
+++ b/camera/sepolicy/vendor/vendor_pcs_app.te
@@ -1,6 +1,6 @@
allow vendor_pcs_app {
- vendor_camera_lyricconfigprovider_service
- vendor_camera_cameraidremapper_service
+ camera_lyricconfigprovider_service
+ camera_cameraidremapper_service
edgetpu_app_service
}:service_manager find;
diff --git a/dauntless/gsc.mk b/dauntless/gsc.mk
index 188d9f9..c1cf0e0 100644
--- a/dauntless/gsc.mk
+++ b/dauntless/gsc.mk
@@ -20,4 +20,76 @@
nugget_targeted_tests \
CitadelProvision \
nugget_aidl_test_weaver
+
+# Assign default value for RELEASE_GOOGLE_DAUNTLESS_DIR if no trunk flags support
+RELEASE_GOOGLE_DAUNTLESS_DIR ?= vendor/google_nos/prebuilts/dauntless
+
+# The production Dauntless firmware will be of flavors evt and d3m2.
+# There are also several flavors of pre-release chips. Each flavor
+# (production and pre-release) requires the firmware to be signed differently.
+DAUNTLESS_FIRMWARE_SIZE := 1048576
+
+# The nearly-production Dauntless chips are "proto1.1"
+ifneq (,$(wildcard $(RELEASE_GOOGLE_DAUNTLESS_DIR)/proto11.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" $(RELEASE_GOOGLE_DAUNTLESS_DIR)/proto11.ec.bin))
+$(error GSC firmware size check fail)
endif
+PRODUCT_COPY_FILES += \
+ $(RELEASE_GOOGLE_DAUNTLESS_DIR)/proto11.ec.bin:$(TARGET_COPY_OUT_VENDOR)/firmware/dauntless/proto11.ec.bin
+$(call dist-for-goals,droid,$(RELEASE_GOOGLE_DAUNTLESS_DIR)/proto11.ec.bin)
+else
+$(error GSC firmware not found in $(RELEASE_GOOGLE_DAUNTLESS_DIR))
+endif
+
+# The production Dauntless chips are "evt"
+ifneq (,$(wildcard $(RELEASE_GOOGLE_DAUNTLESS_DIR)/evt.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" $(RELEASE_GOOGLE_DAUNTLESS_DIR)/evt.ec.bin))
+$(error GSC firmware size check fail)
+endif
+PRODUCT_COPY_FILES += \
+ $(RELEASE_GOOGLE_DAUNTLESS_DIR)/evt.ec.bin:$(TARGET_COPY_OUT_VENDOR)/firmware/dauntless/evt.ec.bin
+$(call dist-for-goals,droid,$(RELEASE_GOOGLE_DAUNTLESS_DIR)/evt.ec.bin)
+else
+$(error GSC firmware not found in $(RELEASE_GOOGLE_DAUNTLESS_DIR))
+endif
+
+# New 2023 production Dauntless chips are "d3m2"
+ifneq (,$(wildcard $(RELEASE_GOOGLE_DAUNTLESS_DIR)/d3m2.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" $(RELEASE_GOOGLE_DAUNTLESS_DIR)/d3m2.ec.bin))
+$(error GSC firmware size check fail)
+endif
+PRODUCT_COPY_FILES += \
+ $(RELEASE_GOOGLE_DAUNTLESS_DIR)/d3m2.ec.bin:$(TARGET_COPY_OUT_VENDOR)/firmware/dauntless/d3m2.ec.bin
+$(call dist-for-goals,droid,$(RELEASE_GOOGLE_DAUNTLESS_DIR)/d3m2.ec.bin)
+else
+$(error GSC firmware not found in $(RELEASE_GOOGLE_DAUNTLESS_DIR))
+endif
+
+# Intermediate image artifacts are published, but aren't included in /vendor/firmware/dauntless
+# in PRODUCT_COPY_FILES
+# This is because intermediate images aren't needed on user devices, but the published artifact
+# is useful for flashstation purposes.
+
+# proto11 chips need an intermediate image prior to upgrading to newever versions of the firmware
+ifneq (,$(wildcard vendor/google_nos/prebuilts/dauntless/intermediate_images/proto11_intermediate.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" vendor/google_nos/prebuilts/dauntless/intermediate_images/proto11_intermediate.ec.bin))
+$(error GSC firmware size check fail)
+endif
+$(call dist-for-goals,droid,vendor/google_nos/prebuilts/dauntless/intermediate_images/proto11_intermediate.ec.bin)
+endif
+# evt chips need an intermediate image prior to upgrading to newever versions of the firmware
+ifneq (,$(wildcard vendor/google_nos/prebuilts/dauntless/intermediate_images/evt_intermediate.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" vendor/google_nos/prebuilts/dauntless/intermediate_images/evt_intermediate.ec.bin))
+$(error GSC firmware size check fail)
+endif
+$(call dist-for-goals,droid,vendor/google_nos/prebuilts/dauntless/intermediate_images/evt_intermediate.ec.bin)
+endif
+# d3m2 chips need an intermediate image prior to upgrading to newever versions of the firmware
+ifneq (,$(wildcard vendor/google_nos/prebuilts/dauntless/intermediate_images/d3m2_intermediate.ec.bin))
+ifneq ($(DAUNTLESS_FIRMWARE_SIZE), $(shell stat -c "%s" vendor/google_nos/prebuilts/dauntless/intermediate_images/d3m2_intermediate.ec.bin))
+$(error GSC firmware size check fail)
+endif
+$(call dist-for-goals,droid,vendor/google_nos/prebuilts/dauntless/intermediate_images/d3m2_intermediate.ec.bin)
+endif
+
+endif # $(wildcard vendor)
diff --git a/edgetpu/sepolicy/edgetpu_tachyon_service.te b/edgetpu/sepolicy/edgetpu_tachyon_service.te
index da34353..80db366 100644
--- a/edgetpu/sepolicy/edgetpu_tachyon_service.te
+++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te
@@ -27,6 +27,9 @@
allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
+# Allow Tachyon service to access camera hal via binder.
+binder_call(edgetpu_tachyon_server, hal_camera_default);
+
# Allow Tachyon service to access dmabuf sysytem.
allow edgetpu_tachyon_server dmabuf_system_heap_device:chr_file r_file_perms;
@@ -60,3 +63,8 @@
userdebug_or_eng(`
allow edgetpu_tachyon_server shell_data_file:file { map read};
')
+
+# For shell level testing
+userdebug_or_eng(`
+ binder_call(edgetpu_tachyon_server, shell);
+')
diff --git a/edgetpu/sepolicy/hal_camera_default.te b/edgetpu/sepolicy/hal_camera_default.te
index 624533a..e84f5dc 100644
--- a/edgetpu/sepolicy/hal_camera_default.te
+++ b/edgetpu/sepolicy/hal_camera_default.te
@@ -6,3 +6,10 @@
# Allow camera HAL to read hetero runtime properties
get_prop(hal_camera_default, vendor_hetero_runtime_prop)
+
+# Allow camera HAL to access tachyon HAL
+allow hal_camera_default edgetpu_tachyon_service:service_manager find;
+
+# Allow camera HAL to communicate with tachyon hal using binder calls
+binder_call(hal_camera_default, edgetpu_tachyon_server);
+
diff --git a/gps/brcm/sepolicy/genfs_contexts b/gps/brcm/sepolicy/genfs_contexts
index 446fc45..a551e96 100644
--- a/gps/brcm/sepolicy/genfs_contexts
+++ b/gps/brcm/sepolicy/genfs_contexts
@@ -1,3 +1,4 @@
# GPS
genfscon sysfs /devices/virtual/pps/pps0/assert_elapsed u:object_r:sysfs_gps_assert:s0
+genfscon sysfs /devices/platform/bbd_pps/pps_assert u:object_r:sysfs_gps_assert:s0
diff --git a/gps/lsi/sepolicy/gnssd.te b/gps/lsi/sepolicy/gnssd.te
index a293b95..29dfa2e 100644
--- a/gps/lsi/sepolicy/gnssd.te
+++ b/gps/lsi/sepolicy/gnssd.te
@@ -5,7 +5,9 @@
# Allow gnssd to access rild
binder_call(gnssd, rild);
binder_call(gnssd, hwservicemanager)
+binder_call(gnssd, servicemanager)
allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd hal_vendor_radio_external_service:service_manager find;
allow gnssd radio_device:chr_file rw_file_perms;
# Allow gnssd to acess gnss device
diff --git a/gpu/gpu.mk b/gpu/gpu.mk
index b87e7ad..4b11e13 100644
--- a/gpu/gpu.mk
+++ b/gpu/gpu.mk
@@ -2,15 +2,15 @@
PRODUCT_PACKAGES += gpu_probe
-USE_MAPPER5 := false
+USE_MAPPER5 := true
PRODUCT_PACKAGES += pixel_gralloc_allocator
PRODUCT_PACKAGES += pixel_gralloc_mapper
ifeq ($(USE_MAPPER5), true)
-$(call soong_config_set,arm_gralloc,mapper_version,mapper5)
+$(call soong_config_set,pixel_gralloc,mapper_version,mapper5)
$(call soong_config_set,aion_buffer,mapper_version,mapper5)
else
-$(call soong_config_set,arm_gralloc,mapper_version,mapper4)
+$(call soong_config_set,pixel_gralloc,mapper_version,mapper4)
$(call soong_config_set,aion_buffer,mapper_version,mapper4)
endif
diff --git a/gs_watchdogd/gs_watchdogd.cpp b/gs_watchdogd/gs_watchdogd.cpp
index 82e01d0..333e023 100644
--- a/gs_watchdogd/gs_watchdogd.cpp
+++ b/gs_watchdogd/gs_watchdogd.cpp
@@ -19,38 +19,31 @@
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <android-base/unique_fd.h>
+#include <log/log.h>
-#include <errno.h>
#include <fcntl.h>
#include <glob.h>
#include <linux/watchdog.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/cdefs.h>
#include <unistd.h>
-#include <chrono>
+#include <cstdlib>
#include <vector>
+#define NSEC_PER_SEC (1000LL * 1000LL * 1000LL)
+
#define DEV_GLOB "/sys/devices/platform/*.watchdog_cl*/watchdog/watchdog*"
-#define DEFAULT_INTERVAL 10s
-#define DEFAULT_MARGIN 10s
-
using android::base::Basename;
using android::base::StringPrintf;
-using std::literals::chrono_literals::operator""s;
-int main(int argc, char** argv) {
+int main(int __unused argc, char** argv) {
+ auto min_timeout_nsecs = std::numeric_limits<typeof(NSEC_PER_SEC)>::max();
+
android::base::InitLogging(argv, &android::base::KernelLogger);
- std::chrono::seconds interval = argc >= 2
- ? std::chrono::seconds(atoi(argv[1])) : DEFAULT_INTERVAL;
- std::chrono::seconds margin = argc >= 3
- ? std::chrono::seconds(atoi(argv[2])) : DEFAULT_MARGIN;
-
- LOG(INFO) << "gs_watchdogd started (interval " << interval.count()
- << ", margin " << margin.count() << ")!";
-
glob_t globbuf;
int ret = glob(DEV_GLOB, GLOB_MARK, nullptr, &globbuf);
if (ret) {
@@ -61,8 +54,7 @@
std::vector<android::base::unique_fd> wdt_dev_fds;
for (size_t i = 0; i < globbuf.gl_pathc; i++) {
- std::chrono::seconds timeout = interval + margin;
- int timeout_secs = timeout.count();
+ int timeout_secs;
std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[i]).c_str());
int fd = TEMP_FAILURE_RETRY(open(dev_path.c_str(), O_RDWR | O_CLOEXEC));
@@ -71,29 +63,39 @@
return 1;
}
- wdt_dev_fds.emplace_back(fd);
- ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout_secs);
+ ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout_secs);
if (ret) {
- PLOG(ERROR) << "Failed to set timeout to " << timeout_secs;
- ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout_secs);
- if (ret) {
- PLOG(ERROR) << "Failed to get timeout";
- } else {
- interval = timeout > margin ? timeout - margin : 1s;
- LOG(WARNING) << "Adjusted interval to timeout returned by driver: "
- << "timeout " << timeout_secs
- << ", interval " << interval.count()
- << ", margin " << margin.count();
- }
+ PLOG(ERROR) << "Failed to get timeout on " << dev_path;
+ continue;
+ } else {
+ min_timeout_nsecs = std::min(min_timeout_nsecs, NSEC_PER_SEC * timeout_secs);
}
+
+ wdt_dev_fds.emplace_back(fd);
}
globfree(&globbuf);
+ if (wdt_dev_fds.empty()) {
+ LOG(ERROR) << "no valid wdt dev found";
+ return 1;
+ }
+
+ timespec ts;
+ auto result = div(min_timeout_nsecs / 2, NSEC_PER_SEC);
+ ts.tv_sec = result.quot;
+ ts.tv_nsec = result.rem;
+
while (true) {
+ timespec rem = ts;
+
for (const auto& fd : wdt_dev_fds) {
TEMP_FAILURE_RETRY(write(fd, "", 1));
}
- sleep(interval.count());
+
+ if (TEMP_FAILURE_RETRY(nanosleep(&rem, &rem))) {
+ PLOG(ERROR) << "nanosleep failed";
+ return 1;
+ }
}
}
diff --git a/gs_watchdogd/init.gs_watchdogd.rc b/gs_watchdogd/init.gs_watchdogd.rc
index a7ef505..ba3354f 100644
--- a/gs_watchdogd/init.gs_watchdogd.rc
+++ b/gs_watchdogd/init.gs_watchdogd.rc
@@ -1,5 +1,5 @@
-# Set watchdog timer to 30 seconds and pet it every 10 seconds to get a 20 second margin
-service gs_watchdogd /system_ext/bin/gs_watchdogd 10 20
+# Pet watchdog timer every half of its timeout period.
+service gs_watchdogd /system_ext/bin/gs_watchdogd
user root
class core
oneshot
diff --git a/insmod/16k/Android.bp b/insmod/16k/Android.bp
deleted file mode 100644
index 975c5dc..0000000
--- a/insmod/16k/Android.bp
+++ /dev/null
@@ -1,14 +0,0 @@
-
-soong_namespace {
-}
-
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
-sh_binary {
- name: "insmod.sh",
- src: "insmod.sh",
- init_rc: ["init.module.rc"],
- vendor: true,
-}
diff --git a/insmod/16k/init.module.rc b/insmod/16k/init.module.rc
deleted file mode 100644
index de23b5b..0000000
--- a/insmod/16k/init.module.rc
+++ /dev/null
@@ -1,10 +0,0 @@
-on init
- # Loading common kernel modules in background
- start insmod_sh
-
-service insmod_sh /vendor/bin/insmod.sh /vendor/etc/init.common.cfg
- class main
- user root
- group root system
- disabled
- oneshot
diff --git a/insmod/16k/insmod.sh b/insmod/16k/insmod.sh
deleted file mode 100644
index 8ec8199..0000000
--- a/insmod/16k/insmod.sh
+++ /dev/null
@@ -1,119 +0,0 @@
-#!/vendor/bin/sh
-
-#############################################################
-### init.insmod.cfg format: ###
-### ----------------------------------------------------- ###
-### [insmod|setprop|enable/moprobe|wait] [path|prop name] ###
-### ... ###
-#############################################################
-
-modules_dir=
-system_modules_dir=
-vendor_modules_dir=
-
-
-pagesize=$(getconf PAGESIZE)
-# bootoption=$(getprop ro.product.build.16k_page.enabled)
-# We do not need to check ro.product.build.16k_page.enabled , because this
-# version of insmod.sh will only be used if PRODUCT_16K_DEVELOPER_OPTION
-# is set to true
-
-if [ "$pagesize" != "4096" ] ; then
- echo "Device has page size $pagesize , skip loading modules from vendor_dlkm/system_dlkm because all modules are stored on vendor_boot"
- setprop vendor.common.modules.ready 1
- setprop vendor.device.modules.ready 1
- setprop vendor.all.modules.ready 1
- setprop vendor.all.devices.ready 1
- return 0
-fi
-
-
-for dir in system vendor; do
- for f in /${dir}/lib/modules/*/modules.dep /${dir}/lib/modules/modules.dep; do
- if [[ -f "$f" ]]; then
- if [[ "${dir}" == "system" ]]; then
- system_modules_dir="$(dirname "$f")"
- else
- vendor_modules_dir="$(dirname "$f")"
- modules_dir=${vendor_modules_dir}
- fi
- break
- fi
- done
-done
-
-if [[ -z "${system_modules_dir}" ]]; then
- echo "Unable to locate system kernel modules directory" 2>&1
-fi
-
-if [[ -z "${vendor_modules_dir}" ]]; then
- echo "Unable to locate vendor kernel modules directory" 2>&1
- exit 1
-fi
-
-# imitates wait_for_file() in init
-wait_for_file()
-{
- filename="${1}"
- timeout="${2:-5}"
-
- expiry=$(($(date "+%s")+timeout))
- while [[ ! -e "${filename}" ]] && [[ "$(date "+%s")" -le "${expiry}" ]]
- do
- sleep 0.01
- done
-}
-
-if [ $# -eq 1 ]; then
- cfg_file=$1
-else
- # Set property even if there is no insmod config
- # to unblock early-boot trigger
- setprop vendor.common.modules.ready 1
- setprop vendor.device.modules.ready 1
- setprop vendor.all.modules.ready 1
- setprop vendor.all.devices.ready 1
- exit 1
-fi
-
-if [ -f $cfg_file ]; then
- while IFS="|" read -r action arg
- do
- case $action in
- "insmod") insmod $arg ;;
- "setprop") setprop $arg 1 ;;
- "enable") echo 1 > $arg ;;
- "condinsmod")
- prop=$(echo $arg | cut -d '|' -f 1)
- module1=$(echo $arg | cut -d '|' -f 2)
- module2=$(echo $arg | cut -d '|' -f 3)
- value=$(getprop $prop)
- if [[ ${value} == "true" ]]; then
- insmod ${vendor_modules_dir}/${module1}
- else
- insmod ${vendor_modules_dir}/${module2}
- fi
- ;;
- "modprobe")
- case ${arg} in
- "system -b *" | "system -b")
- modules_dir=${system_modules_dir}
- arg="-b --all=${system_modules_dir}/modules.load" ;;
- "system *" | "system")
- modules_dir=${system_modules_dir}
- arg="--all=${system_modules_dir}/modules.load" ;;
- "-b *" | "-b" | "vendor -b *" | "vendor -b")
- modules_dir=${vendor_modules_dir}
- arg="-b --all=${vendor_modules_dir}/modules.load" ;;
- "*" | "" | "vendor *" | "vendor")
- modules_dir=${vendor_modules_dir}
- arg="--all=${vendor_modules_dir}/modules.load" ;;
- esac
- if [[ -d "${modules_dir}" ]]; then
- modprobe -a -d "${modules_dir}" $arg
- fi
- ;;
- "wait") wait_for_file $arg ;;
- esac
- done < $cfg_file
-fi
diff --git a/insmod/4k/Android.bp b/insmod/4k/Android.bp
deleted file mode 100644
index ddfec40..0000000
--- a/insmod/4k/Android.bp
+++ /dev/null
@@ -1,13 +0,0 @@
-
-soong_namespace {
-}
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
-sh_binary {
- name: "insmod.sh",
- src: "insmod.sh",
- init_rc: ["init.module.rc"],
- vendor: true,
-}
diff --git a/insmod/Android.bp b/insmod/Android.bp
index 143e777..eed35ec 100644
--- a/insmod/Android.bp
+++ b/insmod/Android.bp
@@ -2,6 +2,13 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
+sh_binary {
+ name: "insmod.sh",
+ src: "insmod.sh",
+ init_rc: ["init.module.rc"],
+ vendor: true,
+}
+
prebuilt_etc {
name: "init.common.cfg",
src: "init.common.cfg",
diff --git a/insmod/4k/init.module.rc b/insmod/init.module.rc
similarity index 100%
rename from insmod/4k/init.module.rc
rename to insmod/init.module.rc
diff --git a/insmod/insmod.mk b/insmod/insmod.mk
index 0d8da9e..aa2261a 100644
--- a/insmod/insmod.mk
+++ b/insmod/insmod.mk
@@ -1,9 +1,3 @@
-ifeq (true,$(PRODUCT_16K_DEVELOPER_OPTION))
-PRODUCT_SOONG_NAMESPACES += device/google/gs-common/insmod/16k
-else
-PRODUCT_SOONG_NAMESPACES += device/google/gs-common/insmod/4k
-endif
-
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/insmod/sepolicy
PRODUCT_PACKAGES += \
insmod.sh \
diff --git a/insmod/4k/insmod.sh b/insmod/insmod.sh
similarity index 100%
rename from insmod/4k/insmod.sh
rename to insmod/insmod.sh
diff --git a/mediacodec/vpu/mediacodec_google.mk b/mediacodec/vpu/mediacodec_google.mk
new file mode 100644
index 0000000..8c1e974
--- /dev/null
+++ b/mediacodec/vpu/mediacodec_google.mk
@@ -0,0 +1,21 @@
+PRODUCT_SOONG_NAMESPACES += hardware/google/video/cnm
+
+PRODUCT_PACKAGES += \
+ google.hardware.media.c2@3.0-service \
+ libgc2_store \
+ libgc2_base \
+ libgc2_vdi_vpu \
+ libgc2_log \
+ libgc2_utils \
+ libgc2_av1_dec \
+ libgc2_vp9_dec \
+ libgc2_hevc_dec \
+ libgc2_avc_dec \
+ libgc2_av1_enc \
+ libgc2_hevc_enc \
+ libgc2_avc_enc \
+ vpu_firmware
+
+$(call soong_config_set,cnm,soc,$(TARGET_BOARD_PLATFORM))
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/mediacodec/vpu/sepolicy
diff --git a/mediacodec/vpu/sepolicy/file_contexts b/mediacodec/vpu/sepolicy/file_contexts
new file mode 100644
index 0000000..138e20e
--- /dev/null
+++ b/mediacodec/vpu/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/hw/google\.hardware\.media\.c2@3\.0-service u:object_r:mediacodec_google_exec:s0
+/dev/vpu u:object_r:video_device:s0
diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te
new file mode 100644
index 0000000..8022675
--- /dev/null
+++ b/mediacodec/vpu/sepolicy/mediacodec_google.te
@@ -0,0 +1,31 @@
+type mediacodec_google, domain;
+type mediacodec_google_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(mediacodec_google)
+
+hal_server_domain(mediacodec_google, hal_codec2)
+
+hal_client_domain(mediacodec_google, hal_graphics_allocator)
+
+add_service(mediacodec_google, eco_service)
+
+allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediacodec_google video_device:chr_file { read write open ioctl map };
+
+# mediacodec_google should never execute any executable without a domain transition
+neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
+
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
+neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;
+
+# Allow HAL to send trace packets to Perfetto
+userdebug_or_eng(`perfetto_producer(mediacodec_google)')
+
+userdebug_or_eng(`
+ allow mediacodec_google vendor_media_data_file:dir rw_dir_perms;
+ allow mediacodec_google vendor_media_data_file:file create_file_perms;
+')
diff --git a/modem/dump_modemlog/Android.bp b/modem/dump_modemlog/Android.bp
index aca7b20..f509320 100644
--- a/modem/dump_modemlog/Android.bp
+++ b/modem/dump_modemlog/Android.bp
@@ -1,12 +1,12 @@
package {
- default_applicable_licenses: [ "Android-Apache-2.0" ],
+ default_applicable_licenses: ["Android-Apache-2.0"],
}
-sh_binary {
- name: "dump_modem.sh",
- src: "dump_modem.sh",
+rust_binary {
+ name: "dump_modem",
+ srcs: ["dump_modem.rs"],
vendor: true,
- sub_dir: "dump",
+ relative_install_path: "dump",
}
// Modem Log Dumper
@@ -30,10 +30,10 @@
cc_library {
name: "modem_log_dumper",
- srcs: [ "modem_log_dumper.cpp" ],
- defaults: [ "modem_log_dumper_defaults" ],
+ srcs: ["modem_log_dumper.cpp"],
+ defaults: ["modem_log_dumper_defaults"],
export_shared_lib_headers: modem_log_dumper_public_deps,
- export_include_dirs: [ "include" ],
+ export_include_dirs: ["include"],
vendor_available: true,
}
@@ -41,7 +41,7 @@
cc_binary {
name: "dump_modemlog",
- srcs: [ "dump_modemlog.cpp" ],
+ srcs: ["dump_modemlog.cpp"],
cflags: [
"-Wall",
"-Wextra",
@@ -60,7 +60,7 @@
cc_test {
name: "dump_modemlog_test",
- srcs: [ "modem_log_dumper_test.cpp" ],
+ srcs: ["modem_log_dumper_test.cpp"],
defaults: [
"modem_log_dumper_defaults",
"modem_android_property_manager_fake_defaults",
diff --git a/modem/dump_modemlog/dump_modem.rs b/modem/dump_modemlog/dump_modem.rs
new file mode 100644
index 0000000..d9af7eb
--- /dev/null
+++ b/modem/dump_modemlog/dump_modem.rs
@@ -0,0 +1,109 @@
+// Copyright 2024 Google LLC
+
+//! The dump_modem binary is used to capture kernel/userspace logs in bugreport
+
+use std::fs;
+
+const MODEM_STAT: &str = "/data/vendor/modem_stat/debug.txt";
+const SSRDUMP_DIR: &str = "/data/vendor/ssrdump";
+const RFSD_ERR_LOG_DIR: &str = "/data/vendor/log/rfsd";
+const WAKEUP_EVENTS: &str = "/sys/devices/platform/cpif/wakeup_events";
+const CPIF_LOGBUFFER: &str = "/dev/logbuffer_cpif";
+const PCIE_EVENT_STATS: &str = "/sys/devices/platform/cpif/modem/pcie_event_stats";
+
+fn handle_io_error(file: &str, err: std::io::Error) {
+ match err.kind() {
+ std::io::ErrorKind::NotFound => println!("{file} not found!"),
+ std::io::ErrorKind::PermissionDenied => println!("Permission denied to access {file}"),
+ _ => println!("I/O error accessing {file}: {err}"),
+ }
+}
+
+fn print_file(file: &str) -> Result<(), std::io::Error> {
+ fs::metadata(file)?;
+
+ let data = fs::read_to_string(file)?;
+
+ if data.is_empty() {
+ println!("{file} is empty");
+ } else {
+ print!("{data}");
+ }
+
+ Ok(())
+}
+
+fn print_file_and_handle_error(file: &str) {
+ if let Err(err) = print_file(file) {
+ handle_io_error(file, err);
+ }
+}
+
+fn print_matching_files_in_dir(dir: &str, filename: &str) {
+ let Ok(entries) = fs::read_dir(dir) else {
+ return println!("Cannot open directory {dir}");
+ };
+
+ for entry in entries {
+ let Ok(entry) = entry else {
+ continue;
+ };
+ if entry.path().is_file() && entry.file_name().to_string_lossy().starts_with(filename) {
+ if let Some(path_str) = entry.path().to_str() {
+ println!("{}", path_str);
+ print_file_and_handle_error(path_str);
+ }
+ }
+ }
+}
+
+// Capture modem stat log if it exists
+fn modem_stat() {
+ println!("------ Modem Stat ------");
+ print_file_and_handle_error(MODEM_STAT);
+ println!();
+}
+
+// Capture crash signatures from all modem crashes
+fn modem_ssr_history() {
+ println!("------ Modem SSR history ------");
+ print_matching_files_in_dir(SSRDUMP_DIR, "crashinfo_modem");
+ println!();
+}
+
+// Capture rfsd error logs from all existing log files
+fn rfsd_error_log() {
+ println!("------ RFSD error log ------");
+ print_matching_files_in_dir(RFSD_ERR_LOG_DIR, "rfslog");
+ println!();
+}
+
+// Capture modem wakeup events if the sysfs attribute exists
+fn wakeup_events() {
+ println!("------ Wakeup event counts ------");
+ print_file_and_handle_error(WAKEUP_EVENTS);
+ println!();
+}
+
+// Capture kernel driver logbuffer if it exists
+fn cpif_logbuffer() {
+ println!("------ CPIF Logbuffer ------");
+ print_file_and_handle_error(CPIF_LOGBUFFER);
+ println!();
+}
+
+// Capture modem pcie stats if the sysfs attribute exists
+fn pcie_event_stats() {
+ println!("------ PCIe event stats ------");
+ print_file_and_handle_error(PCIE_EVENT_STATS);
+ println!();
+}
+
+fn main() {
+ modem_stat();
+ modem_ssr_history();
+ rfsd_error_log();
+ wakeup_events();
+ cpif_logbuffer();
+ pcie_event_stats();
+}
diff --git a/modem/dump_modemlog/dump_modem.sh b/modem/dump_modemlog/dump_modem.sh
deleted file mode 100644
index d1a535d..0000000
--- a/modem/dump_modemlog/dump_modem.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/vendor/bin/sh
-
-WAKEUP_EVENTS_FILE=/sys/devices/platform/cpif/wakeup_events
-CPIF_LOGBUFFER=/dev/logbuffer_cpif
-PCIE_EVENT_STATS=/sys/devices/platform/cpif/modem/pcie_event_stats
-
-echo "------ Modem Stat ------"
-cat /data/vendor/modem_stat/debug.txt
-
-echo "\n------ Modem SSR history ------"
-for f in $(ls /data/vendor/ssrdump/crashinfo_modem*); do
- echo $f
- cat $f
-done
-
-echo "\n------ RFSD error log ------"
-for f in $(ls /data/vendor/log/rfsd/rfslog_*); do
- echo $f
- cat $f
-done
-
-if [ -e $WAKEUP_EVENTS_FILE ]
-then
- echo "\n------ Wakeup event counts ------"
- echo $WAKEUP_EVENTS_FILE
- cat $WAKEUP_EVENTS_FILE
-fi
-
-if [ -e $CPIF_LOGBUFFER ]
-then
- echo "\n------ CPIF Logbuffer ------"
- echo $CPIF_LOGBUFFER
- cat $CPIF_LOGBUFFER
-fi
-
-if [ -e $PCIE_EVENT_STATS ]
-then
- echo "\n------ PCIe event stats ------"
- echo $PCIE_EVENT_STATS
- cat $PCIE_EVENT_STATS
-fi
diff --git a/modem/dump_modemlog/dump_modemlog.mk b/modem/dump_modemlog/dump_modemlog.mk
index 5e91ab7..c96e729 100644
--- a/modem/dump_modemlog/dump_modemlog.mk
+++ b/modem/dump_modemlog/dump_modemlog.mk
@@ -1,5 +1,5 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/dump_modemlog/sepolicy
-PRODUCT_PACKAGES += dump_modem.sh
+PRODUCT_PACKAGES += dump_modem
PRODUCT_PACKAGES += dump_modemlog
diff --git a/modem/dump_modemlog/sepolicy/file_contexts b/modem/dump_modemlog/sepolicy/file_contexts
index 29315e9..6d5c082 100644
--- a/modem/dump_modemlog/sepolicy/file_contexts
+++ b/modem/dump_modemlog/sepolicy/file_contexts
@@ -1,3 +1,3 @@
-/vendor/bin/dump/dump_modem\.sh u:object_r:dump_modem_exec:s0
+/vendor/bin/dump/dump_modem u:object_r:dump_modem_exec:s0
/vendor/bin/dump/dump_modemlog u:object_r:dump_modemlog_exec:s0
diff --git a/modem/radio_ext/sepolicy/grilservice_app.te b/modem/radio_ext/sepolicy/grilservice_app.te
new file mode 100644
index 0000000..9bd8c8e
--- /dev/null
+++ b/modem/radio_ext/sepolicy/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)
diff --git a/performance/perf.mk b/performance/perf.mk
index dfbdb5b..ad4011a 100644
--- a/performance/perf.mk
+++ b/performance/perf.mk
@@ -1,3 +1,7 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/performance/sepolicy
PRODUCT_PACKAGES += dump_perf
+
+# Ensure enough free space to create zram backing device
+PRODUCT_PRODUCT_PROPERTIES += \
+ ro.zram_backing_device_min_free_mb=1536
diff --git a/performance/sepolicy/hal_power_default.te b/performance/sepolicy/hal_power_default.te
index 763862d..309e8f7 100644
--- a/performance/sepolicy/hal_power_default.te
+++ b/performance/sepolicy/hal_power_default.te
@@ -1,2 +1,3 @@
allow hal_power_default sysfs_pakills:file rw_file_perms;
allow hal_power_default sysfs_pakills:dir r_dir_perms;
+r_dir_file(hal_power_default, sysfs_vendor_mm);
diff --git a/sensors/dump_sensors.cpp b/sensors/dump_sensors.cpp
index 58d63e9..4c406ce 100644
--- a/sensors/dump_sensors.cpp
+++ b/sensors/dump_sensors.cpp
@@ -26,7 +26,8 @@
if (!::android::os::dumpstate::PropertiesHelper::IsUserBuild()) {
// Not a user build, if this is also not a production device dump the USF registry.
std::string hwRev = ::android::base::GetProperty("ro.boot.hardware.revision", "");
- if (hwRev.find("PROTO") != std::string::npos ||
+ if (hwRev.find("DEV") != std::string::npos ||
+ hwRev.find("PROTO") != std::string::npos ||
hwRev.find("EVT") != std::string::npos ||
hwRev.find("DVT") != std::string::npos ||
hwRev.find("PVT") != std::string::npos) {
diff --git a/sepolicy/Android.bp b/sepolicy/Android.bp
new file mode 100644
index 0000000..160e494
--- /dev/null
+++ b/sepolicy/Android.bp
@@ -0,0 +1,5 @@
+se_flags {
+ name: "usb_udc_sysfs_selinux_flags",
+ flags: ["RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED"],
+ export_to: ["all_selinux_flags"],
+}
diff --git a/storage/sepolicy/e2fs.te b/storage/sepolicy/e2fs.te
index c280cb7..464b4ce 100644
--- a/storage/sepolicy/e2fs.te
+++ b/storage/sepolicy/e2fs.te
@@ -1 +1,9 @@
+# fix mkfs
allow e2fs userdata_exp_block_device:blk_file rw_file_perms;
+allow e2fs efs_block_device:blk_file rw_file_perms;
+allow e2fs modem_userdata_block_device:blk_file rw_file_perms;
+allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl {
+ BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
+allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
+allow e2fs sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts
index ff863db..30335eb 100644
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@@ -1,5 +1,5 @@
/vendor/bin/dump/dump_storage u:object_r:dump_storage_exec:s0
-/sys/devices/platform/[0-9]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0
+/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0
/dev/sg[0-9] u:object_r:sg_device:s0
/data/vendor/storage(/.*)? u:object_r:dump_storage_data_file:s0
/vendor/bin/sg_read_buffer u:object_r:sg_util_exec:s0
diff --git a/storage/sepolicy/fsck.te b/storage/sepolicy/fsck.te
index 2043199..88efb35 100644
--- a/storage/sepolicy/fsck.te
+++ b/storage/sepolicy/fsck.te
@@ -1 +1,6 @@
+# fix fsck
allow fsck userdata_exp_block_device:blk_file rw_file_perms;
+allow fsck efs_block_device:blk_file rw_file_perms;
+allow fsck modem_userdata_block_device:blk_file rw_file_perms;
+allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
+allow fsck sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/storage/sepolicy/vold.te b/storage/sepolicy/vold.te
index 3d35589..87387a7 100644
--- a/storage/sepolicy/vold.te
+++ b/storage/sepolicy/vold.te
@@ -1,3 +1,4 @@
+# ufs hagc
allow vold sysfs_scsi_devices_0000:file rw_file_perms;
# Access userdata_exp block device.
@@ -6,3 +7,7 @@
dontaudit vold dumpstate:fifo_file rw_file_perms;
dontaudit vold dumpstate:fd use ;
+
+# fix idle-maint
+allow vold efs_block_device:blk_file { getattr };
+allow vold modem_userdata_block_device:blk_file { getattr };
diff --git a/touch/gti/dump_gti0.sh b/touch/gti/dump_gti0.sh
index a3af3d7..facb531 100644
--- a/touch/gti/dump_gti0.sh
+++ b/touch/gti/dump_gti0.sh
@@ -8,6 +8,11 @@
heatmap_path=$path
fi
+if [[ -f "${procfs_path}/dump" ]]; then
+ echo "------ Dump ------"
+ cat ${procfs_path}/dump
+fi
+
echo "------ Force Touch Active ------"
result=$( cat "$path/force_active" 2>&1 )
if [ $? -eq 0 ]; then
@@ -60,10 +65,5 @@
echo "------ Self Test ------"
cat $path/self_test
-if [[ -f "${procfs_path}/dump" ]]; then
- echo "------ Dump ------"
- cat ${procfs_path}/dump
-fi
-
echo "------ Disable Force Touch Active ------"
echo 0 > $path/force_active
diff --git a/touch/gti/dump_gti1.sh b/touch/gti/dump_gti1.sh
index 297ad44..eabd6d6 100644
--- a/touch/gti/dump_gti1.sh
+++ b/touch/gti/dump_gti1.sh
@@ -8,6 +8,11 @@
heatmap_path=$path
fi
+if [[ -f "${procfs_path}/dump" ]]; then
+ echo "------ Dump ------"
+ cat ${procfs_path}/dump
+fi
+
echo "------ Force Touch Active ------"
result=$( cat "$path/force_active" 2>&1 )
if [ $? -eq 0 ]; then
@@ -60,10 +65,5 @@
echo "------ Self Test ------"
cat $path/self_test
-if [[ -f "${procfs_path}/dump" ]]; then
- echo "------ Dump ------"
- cat ${procfs_path}/dump
-fi
-
echo "------ Disable Force Touch Active ------"
echo 0 > $path/force_active
diff --git a/touch/gti/ical/sepolicy/property.te b/touch/gti/ical/sepolicy/property.te
index 2a71d74..94fa3fc 100644
--- a/touch/gti/ical/sepolicy/property.te
+++ b/touch/gti/ical/sepolicy/property.te
@@ -1 +1,2 @@
system_public_prop(vendor_gti_prop)
+typeattribute vendor_gti_prop touch_property_type;
diff --git a/touch/gti/predump_sepolicy/genfs_contexts b/touch/gti/predump_sepolicy/genfs_contexts
index 45d3b53..1dd4bad 100644
--- a/touch/gti/predump_sepolicy/genfs_contexts
+++ b/touch/gti/predump_sepolicy/genfs_contexts
@@ -1,4 +1,6 @@
# Touch
genfscon sysfs /devices/virtual/goog_touch_interface u:object_r:sysfs_touch_gti:s0
+genfscon sysfs /devices/virtual/goog_touch_interface/gti.0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/goog_touch_interface/gti.1/wakeup u:object_r:sysfs_wakeup:s0
genfscon proc /goog_touch_interface u:object_r:proc_touch_gti:s0
diff --git a/touch/gti/sepolicy/genfs_contexts b/touch/gti/sepolicy/genfs_contexts
index 45d3b53..1dd4bad 100644
--- a/touch/gti/sepolicy/genfs_contexts
+++ b/touch/gti/sepolicy/genfs_contexts
@@ -1,4 +1,6 @@
# Touch
genfscon sysfs /devices/virtual/goog_touch_interface u:object_r:sysfs_touch_gti:s0
+genfscon sysfs /devices/virtual/goog_touch_interface/gti.0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/goog_touch_interface/gti.1/wakeup u:object_r:sysfs_wakeup:s0
genfscon proc /goog_touch_interface u:object_r:proc_touch_gti:s0
diff --git a/touch/nvt/nvt-spi20.mk b/touch/nvt/nvt-spi20.mk
new file mode 100644
index 0000000..ad46fcc
--- /dev/null
+++ b/touch/nvt/nvt-spi20.mk
@@ -0,0 +1,2 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/nvt/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/nvt/sepolicy-spi20
diff --git a/touch/nvt/sepolicy-spi20/genfs_contexts b/touch/nvt/sepolicy-spi20/genfs_contexts
new file mode 100644
index 0000000..05467a3
--- /dev/null
+++ b/touch/nvt/sepolicy-spi20/genfs_contexts
@@ -0,0 +1,8 @@
+# Touch
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0 u:object_r:sysfs_touch:s0
+
+# System suspend wakeup files
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/power_supply/nvt-pen-battery/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/power_supply/USI_Stylus_Battery/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/input/input2/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/wakeup u:object_r:sysfs_wakeup:s0
diff --git a/touch/nvt/sepolicy/file.te b/touch/nvt/sepolicy/file.te
index e310df7..05a770b 100644
--- a/touch/nvt/sepolicy/file.te
+++ b/touch/nvt/sepolicy/file.te
@@ -1 +1,2 @@
type sysfs_touch, sysfs_type, fs_type;
+type proc_touch, proc_type, fs_type;
diff --git a/touch/nvt/sepolicy/genfs_contexts b/touch/nvt/sepolicy/genfs_contexts
new file mode 100644
index 0000000..b120511
--- /dev/null
+++ b/touch/nvt/sepolicy/genfs_contexts
@@ -0,0 +1,12 @@
+genfscon proc /nvt_baseline u:object_r:proc_touch:s0
+genfscon proc /nvt_cc_uniformity u:object_r:proc_touch:s0
+genfscon proc /nvt_diff u:object_r:proc_touch:s0
+genfscon proc /nvt_fw_update u:object_r:proc_touch:s0
+genfscon proc /nvt_fw_version u:object_r:proc_touch:s0
+genfscon proc /nvt_heatmap u:object_r:proc_touch:s0
+genfscon proc /nvt_pen_1d_diff u:object_r:proc_touch:s0
+genfscon proc /nvt_pen_2d_baseline u:object_r:proc_touch:s0
+genfscon proc /nvt_pen_2d_diff u:object_r:proc_touch:s0
+genfscon proc /nvt_pen_2d_raw u:object_r:proc_touch:s0
+genfscon proc /nvt_raw u:object_r:proc_touch:s0
+genfscon proc /nvt_selftest u:object_r:proc_touch:s0
diff --git a/touch/nvt/sepolicy/vendor_init.te b/touch/nvt/sepolicy/vendor_init.te
new file mode 100644
index 0000000..8b844dd
--- /dev/null
+++ b/touch/nvt/sepolicy/vendor_init.te
@@ -0,0 +1,5 @@
+allow vendor_init sysfs_touch:dir r_dir_perms;
+allow vendor_init sysfs_touch:file rw_file_perms;
+allow vendor_init proc_touch:dir r_dir_perms;
+allow vendor_init proc_touch:file rw_file_perms;
+set_prop(vendor_init, gesture_prop)
diff --git a/tts/de-de/de-de-x-multi-r51.zvoice b/tts/de-de/de-de-x-multi-r51.zvoice
deleted file mode 100644
index 8ca49a3..0000000
--- a/tts/de-de/de-de-x-multi-r51.zvoice
+++ /dev/null
Binary files differ
diff --git a/tts/de-de/de-de-x-multi-r53.zvoice b/tts/de-de/de-de-x-multi-r53.zvoice
new file mode 100644
index 0000000..87a9b04
--- /dev/null
+++ b/tts/de-de/de-de-x-multi-r53.zvoice
Binary files differ
diff --git a/tts/es-es/es-es-x-multi-r50.zvoice b/tts/es-es/es-es-x-multi-r50.zvoice
deleted file mode 100644
index b42cae9..0000000
--- a/tts/es-es/es-es-x-multi-r50.zvoice
+++ /dev/null
Binary files differ
diff --git a/tts/es-es/es-es-x-multi-r52.zvoice b/tts/es-es/es-es-x-multi-r52.zvoice
new file mode 100644
index 0000000..5f8c243
--- /dev/null
+++ b/tts/es-es/es-es-x-multi-r52.zvoice
Binary files differ
diff --git a/tts/fr-fr/fr-fr-x-multi-r51.zvoice b/tts/fr-fr/fr-fr-x-multi-r51.zvoice
deleted file mode 100644
index 2e3c160..0000000
--- a/tts/fr-fr/fr-fr-x-multi-r51.zvoice
+++ /dev/null
Binary files differ
diff --git a/tts/fr-fr/fr-fr-x-multi-r53.zvoice b/tts/fr-fr/fr-fr-x-multi-r53.zvoice
new file mode 100644
index 0000000..71ad1ca
--- /dev/null
+++ b/tts/fr-fr/fr-fr-x-multi-r53.zvoice
Binary files differ
diff --git a/tts/it-it/it-it-x-multi-r47.zvoice b/tts/it-it/it-it-x-multi-r47.zvoice
deleted file mode 100644
index 78dce63..0000000
--- a/tts/it-it/it-it-x-multi-r47.zvoice
+++ /dev/null
Binary files differ
diff --git a/tts/it-it/it-it-x-multi-r49.zvoice b/tts/it-it/it-it-x-multi-r49.zvoice
new file mode 100644
index 0000000..c1ecf15
--- /dev/null
+++ b/tts/it-it/it-it-x-multi-r49.zvoice
Binary files differ
diff --git a/tts/ja-jp/ja-jp-x-multi-r49.zvoice b/tts/ja-jp/ja-jp-x-multi-r49.zvoice
deleted file mode 100644
index c2f8c80..0000000
--- a/tts/ja-jp/ja-jp-x-multi-r49.zvoice
+++ /dev/null
Binary files differ
diff --git a/tts/ja-jp/ja-jp-x-multi-r51.zvoice b/tts/ja-jp/ja-jp-x-multi-r51.zvoice
new file mode 100644
index 0000000..d507720
--- /dev/null
+++ b/tts/ja-jp/ja-jp-x-multi-r51.zvoice
Binary files differ
diff --git a/tts/voice_packs.mk b/tts/voice_packs.mk
index 7b95af9..86e2590 100644
--- a/tts/voice_packs.mk
+++ b/tts/voice_packs.mk
@@ -15,8 +15,8 @@
# Voice packs for Text-To-Speech
PRODUCT_COPY_FILES += \
- device/google/gs-common/tts/ja-jp/ja-jp-x-multi-r49.zvoice:product/tts/google/ja-jp/ja-jp-x-multi-r49.zvoice\
- device/google/gs-common/tts/fr-fr/fr-fr-x-multi-r51.zvoice:product/tts/google/fr-fr/fr-fr-x-multi-r51.zvoice\
- device/google/gs-common/tts/de-de/de-de-x-multi-r51.zvoice:product/tts/google/de-de/de-de-x-multi-r51.zvoice\
- device/google/gs-common/tts/it-it/it-it-x-multi-r47.zvoice:product/tts/google/it-it/it-it-x-multi-r47.zvoice\
- device/google/gs-common/tts/es-es/es-es-x-multi-r50.zvoice:product/tts/google/es-es/es-es-x-multi-r50.zvoice
+ device/google/gs-common/tts/ja-jp/ja-jp-x-multi-r51.zvoice:product/tts/google/ja-jp/ja-jp-x-multi-r51.zvoice\
+ device/google/gs-common/tts/fr-fr/fr-fr-x-multi-r53.zvoice:product/tts/google/fr-fr/fr-fr-x-multi-r53.zvoice\
+ device/google/gs-common/tts/de-de/de-de-x-multi-r53.zvoice:product/tts/google/de-de/de-de-x-multi-r53.zvoice\
+ device/google/gs-common/tts/it-it/it-it-x-multi-r49.zvoice:product/tts/google/it-it/it-it-x-multi-r49.zvoice\
+ device/google/gs-common/tts/es-es/es-es-x-multi-r52.zvoice:product/tts/google/es-es/es-es-x-multi-r52.zvoice
diff --git a/widevine/sepolicy/file.te b/widevine/sepolicy/file.te
new file mode 100644
index 0000000..a1e4e0e
--- /dev/null
+++ b/widevine/sepolicy/file.te
@@ -0,0 +1,3 @@
+# Widevine DRM
+type mediadrm_vendor_data_file, file_type, data_file_type;
+
diff --git a/widevine/sepolicy/file_contexts b/widevine/sepolicy/file_contexts
new file mode 100644
index 0000000..92aed3c
--- /dev/null
+++ b/widevine/sepolicy/file_contexts
@@ -0,0 +1,5 @@
+/vendor/bin/hw/android\.hardware\.drm-service\.widevine u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+
+# Data
+/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
diff --git a/widevine/sepolicy/hal_drm_clearkey.te b/widevine/sepolicy/hal_drm_clearkey.te
new file mode 100644
index 0000000..81ecfb9
--- /dev/null
+++ b/widevine/sepolicy/hal_drm_clearkey.te
@@ -0,0 +1,5 @@
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_drm_clearkey)
+
+#TODO: snehalreddy@ add sepolicy
diff --git a/widevine/sepolicy/hal_drm_widevine.te b/widevine/sepolicy/hal_drm_widevine.te
new file mode 100644
index 0000000..41e395a
--- /dev/null
+++ b/widevine/sepolicy/hal_drm_widevine.te
@@ -0,0 +1,5 @@
+type hal_drm_widevine, domain;
+type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_drm_widevine)
+
+#TODO: snehalreddy@ add sepolicy
diff --git a/widevine/sepolicy/service_contexts b/widevine/sepolicy/service_contexts
new file mode 100644
index 0000000..6989dde
--- /dev/null
+++ b/widevine/sepolicy/service_contexts
@@ -0,0 +1 @@
+android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0
diff --git a/widevine/widevine_v2.mk b/widevine/widevine_v2.mk
new file mode 100644
index 0000000..5cd914b
--- /dev/null
+++ b/widevine/widevine_v2.mk
@@ -0,0 +1,2 @@
+include device/google/gs-common/widevine/widevine.mk
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/widevine/sepolicy/
\ No newline at end of file
diff --git a/wireless_charger/compatibility_matrix.xml b/wireless_charger/compatibility_matrix.xml
index b760b1d..5185344 100644
--- a/wireless_charger/compatibility_matrix.xml
+++ b/wireless_charger/compatibility_matrix.xml
@@ -9,7 +9,7 @@
</hal>
<hal format="aidl" optional="true">
<name>vendor.google.wireless_charger.service</name>
- <version>1</version>
+ <version>1-2</version>
<interface>
<name>IWlcService</name>
<instance>default</instance>
diff --git a/wireless_charger/sepolicy/hal_wlcservice.te b/wireless_charger/sepolicy/hal_wlcservice.te
index eadb593..6eba2ef 100644
--- a/wireless_charger/sepolicy/hal_wlcservice.te
+++ b/wireless_charger/sepolicy/hal_wlcservice.te
@@ -8,6 +8,8 @@
allow hal_wlcservice hal_wireless_charger_service:service_manager find;
allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms };
+get_prop(hal_wlcservice, vendor_wlcservice_test_prop)
+
binder_call(hal_wlcservice, servicemanager)
add_service(hal_wlcservice, hal_wlcservice_service)
diff --git a/wireless_charger/sepolicy/property.te b/wireless_charger/sepolicy/property.te
new file mode 100644
index 0000000..b8ddbdf
--- /dev/null
+++ b/wireless_charger/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_wlcservice_test_prop)
diff --git a/wireless_charger/sepolicy/property_contexts b/wireless_charger/sepolicy/property_contexts
new file mode 100644
index 0000000..8cf8f70
--- /dev/null
+++ b/wireless_charger/sepolicy/property_contexts
@@ -0,0 +1 @@
+vendor.wlcservice.test.authentication u:object_r:vendor_wlcservice_test_prop:s0 exact bool