Merge "Revert "Move sepolicy files from hardware/google/pixel-sepolicy."" into main
diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts
index 617b7b9..c43bc75 100644
--- a/aoc/sepolicy/file_contexts
+++ b/aoc/sepolicy/file_contexts
@@ -28,6 +28,7 @@
/dev/acd-audio_ap_offload_tx u:object_r:aoc_device:s0
/dev/acd-mel_processor u:object_r:aoc_device:s0
/dev/acd-aocx_control u:object_r:aoc_device:s0
+/dev/acd-mc_headpos u:object_r:aoc_device:s0
# AoC vendor binaries
/vendor/bin/aocd u:object_r:aocd_exec:s0
diff --git a/audio/aidl.mk b/audio/aidl.mk
index 185e628..b8fd96b 100644
--- a/audio/aidl.mk
+++ b/audio/aidl.mk
@@ -26,5 +26,7 @@
PRODUCT_PROPERTY_OVERRIDES += \
vendor.audio_hal.aidl.enable=true
+PRODUCT_SYSTEM_EXT_PROPERTIES += \
+ ro.audio.ihaladaptervendorextension_enabled=true
$(call soong_config_set,pixel_audio_hal_type,aidl_build,true)
diff --git a/audio/hidl_zuma.mk b/audio/hidl_zuma.mk
index d671f46..41dd02a 100644
--- a/audio/hidl_zuma.mk
+++ b/audio/hidl_zuma.mk
@@ -31,6 +31,7 @@
audio.bluetooth.default \
audio.r_submix.default \
audio_spk_35l41 \
+ audio_spk_tas25xx \
audio_hdmi_aoc \
sound_trigger.primary.$(TARGET_BOARD_PLATFORM)
diff --git a/camera/sepolicy/product/private/vendor_pcs_app.te b/camera/sepolicy/product/private/vendor_pcs_app.te
index 6bf0451..55eeee7 100644
--- a/camera/sepolicy/product/private/vendor_pcs_app.te
+++ b/camera/sepolicy/product/private/vendor_pcs_app.te
@@ -1,12 +1,32 @@
typeattribute vendor_pcs_app coredomain;
app_domain(vendor_pcs_app);
+net_domain(vendor_pcs_app);
+bluetooth_domain(vendor_pcs_app);
allow vendor_pcs_app {
app_api_service
audioserver_service
cameraserver_service
+ drmserver_service
mediametrics_service
mediaserver_service
+ nfc_service
radio_service
}:service_manager find;
+
+# Following allowances were replicated from priv_app
+# Write to /cache.
+allow vendor_pcs_app { cache_file cache_recovery_file }:dir create_dir_perms;
+allow vendor_pcs_app { cache_file cache_recovery_file }:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow vendor_pcs_app cache_file:lnk_file r_file_perms;
+
+# Access to /data/media.
+allow vendor_pcs_app media_rw_data_file:dir create_dir_perms;
+allow vendor_pcs_app media_rw_data_file:file create_file_perms;
+
+# Access to /data/preloads
+r_dir_file(vendor_pcs_app, preloads_data_file)
+r_dir_file(vendor_pcs_app, preloads_media_file)
+
diff --git a/camera/sepolicy/vendor/vendor_pcs_app.te b/camera/sepolicy/vendor/vendor_pcs_app.te
index e269a2f..b4d71b5 100644
--- a/camera/sepolicy/vendor/vendor_pcs_app.te
+++ b/camera/sepolicy/vendor/vendor_pcs_app.te
@@ -1,14 +1,17 @@
-# Allow PCS to find the LyricConfigProvider service through ServiceManager.
-allow vendor_pcs_app vendor_camera_lyricconfigprovider_service:service_manager find;
-# Allow PCS to find the CameraIdRemapper service through ServiceManager.
-allow vendor_pcs_app vendor_camera_cameraidremapper_service:service_manager find;
+allow vendor_pcs_app {
+ vendor_camera_lyricconfigprovider_service
+ vendor_camera_cameraidremapper_service
+ edgetpu_app_service
+}:service_manager find;
allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);
-
binder_call(vendor_pcs_app, hal_camera_default);
+# Allow interacting with EdgeTpu.
+allow vendor_pcs_app edgetpu_device:chr_file { getattr read write ioctl map };
+
# Allow PCS to open socket connections for HTTP streaming support.
allow vendor_pcs_app vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
allow vendor_pcs_app fwmarkd_socket:sock_file write;
diff --git a/chre/sepolicy/hal_contexthub_default.te b/chre/sepolicy/hal_contexthub_default.te
index 542d383..87e3a42 100644
--- a/chre/sepolicy/hal_contexthub_default.te
+++ b/chre/sepolicy/hal_contexthub_default.te
@@ -32,3 +32,6 @@
# Allow context hub HAL to block suspend, which is required to use EPOLLWAKEUP
allow hal_contexthub_default self:global_capability2_class_set block_suspend;
+
+# Allow binder calls with clients
+binder_call(hal_contexthub_default, hal_sensors_default)
diff --git a/gps/lsi/s5400.mk b/gps/lsi/s5400.mk
index de676ff..1bfc88e 100644
--- a/gps/lsi/s5400.mk
+++ b/gps/lsi/s5400.mk
@@ -14,3 +14,6 @@
ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
PRODUCT_VENDOR_PROPERTIES += vendor.gps.aol.enabled=true
endif
+
+# Enable Pixel GNSS HAL
+include device/google/gs-common/gps/pixel/pixel_gnss_hal.mk
\ No newline at end of file
diff --git a/gps/lsi/sepolicy/genfs_contexts b/gps/lsi/sepolicy/genfs_contexts
new file mode 100644
index 0000000..d19427c
--- /dev/null
+++ b/gps/lsi/sepolicy/genfs_contexts
@@ -0,0 +1,2 @@
+# gps coredump node
+genfscon sysfs /devices/platform/gnssif/coredump u:object_r:sysfs_gps:s0
diff --git a/gps/lsi/sepolicy/gnssd.te b/gps/lsi/sepolicy/gnssd.te
index 487bcbb..42c974e 100644
--- a/gps/lsi/sepolicy/gnssd.te
+++ b/gps/lsi/sepolicy/gnssd.te
@@ -24,3 +24,7 @@
get_prop(gnssd, bootanim_system_prop)
allow gnssd sysfs_soc:file r_file_perms;
+allow gnssd sysfs_gps:file rw_file_perms;
+
+# Allow gnssd to set GPS property
+set_prop(gnssd, vendor_gps_prop)
diff --git a/gps/lsi/sepolicy/hal_gnss_default.te b/gps/lsi/sepolicy/hal_gnss_default.te
index 515a923..7d363f0 100644
--- a/gps/lsi/sepolicy/hal_gnss_default.te
+++ b/gps/lsi/sepolicy/hal_gnss_default.te
@@ -3,7 +3,11 @@
allow hal_gnss_default vendor_gps_file:dir create_dir_perms;
allow hal_gnss_default vendor_gps_file:file create_file_perms;
allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms;
+allow hal_gnss_default sysfs_gps:file rw_file_perms;
binder_call(hal_gnss_default, gnssd);
#Read GPS property
get_prop(hal_gnss_default, vendor_gps_prop)
+
+#IPC between pixel and vendor HAL
+binder_call(hal_gnss_default, hal_gnss_pixel)
diff --git a/gps/pixel/device_framework_matrix_product.xml b/gps/pixel/device_framework_matrix_product.xml
new file mode 100644
index 0000000..2c93444
--- /dev/null
+++ b/gps/pixel/device_framework_matrix_product.xml
@@ -0,0 +1,10 @@
+<compatibility-matrix version="1.0" type="framework" level="8">
+ <hal format="aidl" optional="true">
+ <name>android.hardware.gnss</name>
+ <version>3</version>
+ <interface>
+ <name>IGnss</name>
+ <instance>vendor</instance>
+ </interface>
+ </hal>
+</compatibility-matrix>
diff --git a/gps/pixel/pixel_gnss_hal.mk b/gps/pixel/pixel_gnss_hal.mk
new file mode 100644
index 0000000..b0edff7
--- /dev/null
+++ b/gps/pixel/pixel_gnss_hal.mk
@@ -0,0 +1,15 @@
+# Include this file to enable Pixel GNSS HAL
+
+$(call soong_config_set, pixel_gnss, enable_pixel_gnss_aidl_service, true)
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/pixel/sepolicy
+
+PRODUCT_PACKAGES += \
+ android.hardware.gnss-service.pixel
+
+PRODUCT_VENDOR_PROPERTIES += \
+ persist.vendor.gps.hal.service.name=vendor
+
+# Compatibility matrix
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += \
+ device/google/gs-common/gps/pixel/device_framework_matrix_product.xml
diff --git a/gps/pixel/sepolicy/file.te b/gps/pixel/sepolicy/file.te
new file mode 100644
index 0000000..79e95ab
--- /dev/null
+++ b/gps/pixel/sepolicy/file.te
@@ -0,0 +1 @@
+type sysfs_modem_state, sysfs_type, fs_type;
diff --git a/gps/pixel/sepolicy/file_contexts b/gps/pixel/sepolicy/file_contexts
new file mode 100644
index 0000000..8bd8f92
--- /dev/null
+++ b/gps/pixel/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/hw/android\.hardware\.gnss-service\.pixel u:object_r:hal_gnss_pixel_exec:s0
+
diff --git a/gps/pixel/sepolicy/genfs_contexts b/gps/pixel/sepolicy/genfs_contexts
new file mode 100644
index 0000000..494aa97
--- /dev/null
+++ b/gps/pixel/sepolicy/genfs_contexts
@@ -0,0 +1,2 @@
+# modem state node
+genfscon sysfs /devices/platform/cpif/modem_state u:object_r:sysfs_modem_state:s0
diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te
new file mode 100644
index 0000000..512ecc9
--- /dev/null
+++ b/gps/pixel/sepolicy/hal_gnss_pixel.te
@@ -0,0 +1,14 @@
+type hal_gnss_pixel, domain;
+hal_server_domain(hal_gnss_pixel, hal_gnss)
+
+type hal_gnss_pixel_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_gnss_pixel)
+
+#IPC between pixel and vendor HAL
+binder_call(hal_gnss_pixel, hal_gnss_default)
+
+#Read modem state
+allow hal_gnss_pixel sysfs_modem_state:file r_file_perms;
+
+#Toggle coredump node
+allow hal_gnss_pixel sysfs_gps:file rw_file_perms;
diff --git a/gps/pixel/sepolicy/service_contexts b/gps/pixel/sepolicy/service_contexts
new file mode 100644
index 0000000..cc9871f
--- /dev/null
+++ b/gps/pixel/sepolicy/service_contexts
@@ -0,0 +1 @@
+android.hardware.gnss.IGnss/vendor u:object_r:hal_gnss_service:s0
\ No newline at end of file
diff --git a/gpu/gpu.mk b/gpu/gpu.mk
index d1c3a6d..b87e7ad 100644
--- a/gpu/gpu.mk
+++ b/gpu/gpu.mk
@@ -1,3 +1,16 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gpu/sepolicy
PRODUCT_PACKAGES += gpu_probe
+
+USE_MAPPER5 := false
+
+PRODUCT_PACKAGES += pixel_gralloc_allocator
+PRODUCT_PACKAGES += pixel_gralloc_mapper
+
+ifeq ($(USE_MAPPER5), true)
+$(call soong_config_set,arm_gralloc,mapper_version,mapper5)
+$(call soong_config_set,aion_buffer,mapper_version,mapper5)
+else
+$(call soong_config_set,arm_gralloc,mapper_version,mapper4)
+$(call soong_config_set,aion_buffer,mapper_version,mapper4)
+endif
diff --git a/gyotaku_app/dump/Android.bp b/gyotaku_app/dump/Android.bp
new file mode 100644
index 0000000..0f62d0a
--- /dev/null
+++ b/gyotaku_app/dump/Android.bp
@@ -0,0 +1,20 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+ name: "dump_gyotaku",
+ srcs: ["dump_gyotaku.cpp"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libdump",
+ "liblog",
+ ],
+ vendor: true,
+ relative_install_path: "dump",
+}
diff --git a/gyotaku_app/dump/dump_gyotaku.cpp b/gyotaku_app/dump/dump_gyotaku.cpp
new file mode 100644
index 0000000..62c2a57
--- /dev/null
+++ b/gyotaku_app/dump/dump_gyotaku.cpp
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <unistd.h>
+#include <dump/pixel_dump.h>
+#include <android-base/file.h>
+
+#define GYOTAKU_DIRECTORY "/data/vendor/gyotaku/andlog"
+#define GYOTAKU_ANDROID_LOG_PREFIX "android_"
+
+#define maxFileLogsNumber 30
+
+int main() {
+ std::string outputDir = concatenatePath(BUGREPORT_PACKING_DIR, "gyotaku");
+ if (mkdir(outputDir.c_str(), 0700) == -1) {
+ printf("Unable to create folder: %s\n", outputDir.c_str());
+ return 0;
+ }
+
+ dumpLogs(GYOTAKU_DIRECTORY, outputDir.c_str(), maxFileLogsNumber, GYOTAKU_ANDROID_LOG_PREFIX);
+ return 0;
+}
+
diff --git a/gyotaku_app/dump/dump_gyotaku.te b/gyotaku_app/dump/dump_gyotaku.te
new file mode 100644
index 0000000..8c1727f
--- /dev/null
+++ b/gyotaku_app/dump/dump_gyotaku.te
@@ -0,0 +1,11 @@
+pixel_bugreport(dump_gyotaku)
+
+userdebug_or_eng(`
+ # For access and collecting logs into vendor radio type folder.
+ allow dump_gyotaku radio_vendor_data_file:dir create_dir_perms;
+ allow dump_gyotaku radio_vendor_data_file:file create_file_perms;
+
+ # For access /data/vendor/ folder.
+ allow dump_gyotaku gyotaku_vendor_data_file:dir create_dir_perms;
+ allow dump_gyotaku gyotaku_vendor_data_file:file create_file_perms;
+')
diff --git a/gyotaku_app/dump/file.te b/gyotaku_app/dump/file.te
new file mode 100644
index 0000000..8035955
--- /dev/null
+++ b/gyotaku_app/dump/file.te
@@ -0,0 +1,5 @@
+# For /data/vendor use
+type gyotaku_vendor_data_file, file_type, data_file_type;
+userdebug_or_eng(`
+ typeattribute gyotaku_vendor_data_file mlstrustedobject;
+')
diff --git a/gyotaku_app/dump/file_contexts b/gyotaku_app/dump/file_contexts
new file mode 100644
index 0000000..3a16a00
--- /dev/null
+++ b/gyotaku_app/dump/file_contexts
@@ -0,0 +1,4 @@
+/data/vendor/gyotaku(/.*)? u:object_r:gyotaku_vendor_data_file:s0
+
+# Pixel dump for Gyotaku
+/vendor/bin/dump/dump_gyotaku u:object_r:dump_gyotaku_exec:s0
diff --git a/gyotaku_app/dump/gyotaku_app.te b/gyotaku_app/dump/gyotaku_app.te
new file mode 100644
index 0000000..6816080
--- /dev/null
+++ b/gyotaku_app/dump/gyotaku_app.te
@@ -0,0 +1,5 @@
+userdebug_or_eng(`
+ # For access /data/vendor/gyotaku folder
+ allow gyotaku_app gyotaku_vendor_data_file:dir create_dir_perms;
+ allow gyotaku_app gyotaku_vendor_data_file:file create_file_perms;
+')
diff --git a/gyotaku_app/gyotaku.mk b/gyotaku_app/gyotaku.mk
index fa58556..c6c41d5 100644
--- a/gyotaku_app/gyotaku.mk
+++ b/gyotaku_app/gyotaku.mk
@@ -4,5 +4,11 @@
Gyotaku
BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/sepolicy/
+
+ # Pixel 5a (barbet) does not support Pixel dump
+ ifneq ($(TARGET_PRODUCT), barbet)
+ PRODUCT_PACKAGES_DEBUG += dump_gyotaku
+ BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/dump
+ endif
endif
endif
diff --git a/mediacodec/common/sepolicy/service.te b/mediacodec/common/sepolicy/service.te
new file mode 100644
index 0000000..3f0130b
--- /dev/null
+++ b/mediacodec/common/sepolicy/service.te
@@ -0,0 +1 @@
+type eco_service, service_manager_type;
diff --git a/mediacodec/common/sepolicy/vndservice_contexts b/mediacodec/common/sepolicy/service_contexts
similarity index 100%
rename from mediacodec/common/sepolicy/vndservice_contexts
rename to mediacodec/common/sepolicy/service_contexts
diff --git a/mediacodec/common/sepolicy/vndservice.te b/mediacodec/common/sepolicy/vndservice.te
deleted file mode 100644
index 0784fe3..0000000
--- a/mediacodec/common/sepolicy/vndservice.te
+++ /dev/null
@@ -1 +0,0 @@
-type eco_service, vndservice_manager_type;
diff --git a/mediacodec/samsung/sepolicy/mediacodec_samsung.te b/mediacodec/samsung/sepolicy/mediacodec_samsung.te
index b5bd996..8d5c52c 100644
--- a/mediacodec/samsung/sepolicy/mediacodec_samsung.te
+++ b/mediacodec/samsung/sepolicy/mediacodec_samsung.te
@@ -5,6 +5,7 @@
hal_server_domain(mediacodec_samsung, hal_codec2)
add_service(mediacodec_samsung, eco_service)
+binder_use(mediacodec_samsung)
vndbinder_use(mediacodec_samsung)
allow mediacodec_samsung video_device:chr_file rw_file_perms;
diff --git a/mte/fullmte-pixel.mk b/mte/fullmte-pixel.mk
index 96120fb..da4e7b9 100644
--- a/mte/fullmte-pixel.mk
+++ b/mte/fullmte-pixel.mk
@@ -1,2 +1,5 @@
include build/make/target/product/fullmte.mk
BOARD_KERNEL_CMDLINE += bootloader.pixel.MTE_FORCE_ON
+# TODO(b/324412910): Remove this when the stack-buffer-overflow is fixed.
+PRODUCT_PRODUCT_PROPERTIES += \
+ arm64.memtag.process.android.hardware.composer.hwc3-service.pixel=off
\ No newline at end of file
diff --git a/sensors/sepolicy/hal_sensors_default.te b/sensors/sepolicy/hal_sensors_default.te
index 85a8262..846b016 100644
--- a/sensors/sepolicy/hal_sensors_default.te
+++ b/sensors/sepolicy/hal_sensors_default.te
@@ -63,6 +63,11 @@
## TODO(b/248615564): Remove above rule after CHRE multiclient HAL is launched.
unix_socket_connect(hal_sensors_default, chre, hal_contexthub_default)
+# Allow access to CHRE multiclient HAL.
+get_prop(hal_sensors_default, vendor_chre_hal_prop)
+binder_call(hal_sensors_default, hal_contexthub_default)
+allow hal_sensors_default hal_contexthub_service:service_manager find;
+
# Allow access to the power supply files for MagCC.
r_dir_file(hal_sensors_default, sysfs_batteryinfo)
diff --git a/thermal/OWNERS b/thermal/OWNERS
new file mode 100644
index 0000000..5538b5f
--- /dev/null
+++ b/thermal/OWNERS
@@ -0,0 +1 @@
+include platform/hardware/google/pixel:/thermal/OWNERS