Merge "[mlock] Allow edgetpu_app_service to call mlock()" into 24D1-dev am: 7462c63bdf
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/26481028
Change-Id: I4db9f953995528712eb71d8a4cdf9549509b2e12
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/betterbug/betterbug.mk b/betterbug/betterbug.mk
deleted file mode 100644
index f3ae647..0000000
--- a/betterbug/betterbug.mk
+++ /dev/null
@@ -1,5 +0,0 @@
-PRODUCT_PACKAGES += BetterBugStub
-PRODUCT_PACKAGES_DEBUG += BetterBug
-
-PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/public
-PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/private
diff --git a/betterbug/sepolicy/product/private/better_bug_app.te b/betterbug/sepolicy/product/private/better_bug_app.te
deleted file mode 100644
index bb50612..0000000
--- a/betterbug/sepolicy/product/private/better_bug_app.te
+++ /dev/null
@@ -1,15 +0,0 @@
-typeattribute better_bug_app coredomain;
-
-app_domain(better_bug_app)
-net_domain(better_bug_app)
-
-allow better_bug_app shell_data_file:file read;
-allow better_bug_app privapp_data_file:file execute;
-
-allow better_bug_app app_api_service:service_manager find;
-allow better_bug_app system_api_service:service_manager find;
-allow better_bug_app mediaserver_service:service_manager find;
-
-set_prop(better_bug_app, ctl_start_prop)
-
-get_prop(better_bug_app, system_boot_reason_prop)
diff --git a/betterbug/sepolicy/product/private/seapp_contexts b/betterbug/sepolicy/product/private/seapp_contexts
deleted file mode 100644
index 261e710..0000000
--- a/betterbug/sepolicy/product/private/seapp_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# BetterBug
-user=_app isPrivApp=true name=com.google.android.apps.internal.betterbug domain=better_bug_app type=app_data_file levelFrom=all
diff --git a/betterbug/sepolicy/product/public/better_bug_app.te b/betterbug/sepolicy/product/public/better_bug_app.te
deleted file mode 100644
index 9a14782..0000000
--- a/betterbug/sepolicy/product/public/better_bug_app.te
+++ /dev/null
@@ -1 +0,0 @@
-type better_bug_app, domain;
diff --git a/gps/brcm/device.mk b/gps/brcm/device.mk
index 3065542..45b4eb0 100644
--- a/gps/brcm/device.mk
+++ b/gps/brcm/device.mk
@@ -1,14 +1,12 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/brcm/sepolicy
PRODUCT_SOONG_NAMESPACES += vendor/broadcom/gps/bcm47765
-
-SOONG_CONFIG_NAMESPACES += gpssdk
-SOONG_CONFIG_gpssdk += sdkv1
-SOONG_CONFIG_gpssdk_sdkv1 ?= false
-
-SOONG_CONFIG_NAMESPACES += gpssdk
-SOONG_CONFIG_gpssdk += gpsmcuversion
-SOONG_CONFIG_gpssdk_gpsmcuversion ?= gpsv2_$(TARGET_BUILD_VARIANT)
+ifeq (,$(call soong_config_get,gpssdk,sdkv1))
+ $(call soong_config_set,gpssdk,sdkv1,false)
+endif
+ifeq (,$(call soong_config_get,gpssdk,gpsmcuversion))
+ $(call soong_config_set,gpssdk,gpsmcuversion,gpsv2_$(TARGET_BUILD_VARIANT))
+endif
PRODUCT_PACKAGES += \
bcm47765_gps_package \
diff --git a/gps/lsi/s5400.mk b/gps/lsi/s5400.mk
deleted file mode 100644
index 1bfc88e..0000000
--- a/gps/lsi/s5400.mk
+++ /dev/null
@@ -1,19 +0,0 @@
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/lsi/sepolicy
-
-PRODUCT_SOONG_NAMESPACES += \
- vendor/samsung_slsi/gps/s5400
-
-PRODUCT_PACKAGES += \
- android.hardware.location.gps.prebuilt.xml \
- gnssd \
- android.hardware.gnss-service \
- ca.pem \
- gnss_check.sh \
- kepler.bin
-
-ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
- PRODUCT_VENDOR_PROPERTIES += vendor.gps.aol.enabled=true
-endif
-
-# Enable Pixel GNSS HAL
-include device/google/gs-common/gps/pixel/pixel_gnss_hal.mk
\ No newline at end of file
diff --git a/gps/pixel/device_framework_matrix_product.xml b/gps/pixel/device_framework_matrix_product.xml
deleted file mode 100644
index 2c93444..0000000
--- a/gps/pixel/device_framework_matrix_product.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<compatibility-matrix version="1.0" type="framework" level="8">
- <hal format="aidl" optional="true">
- <name>android.hardware.gnss</name>
- <version>3</version>
- <interface>
- <name>IGnss</name>
- <instance>vendor</instance>
- </interface>
- </hal>
-</compatibility-matrix>
diff --git a/gps/pixel/pixel_gnss_hal.mk b/gps/pixel/pixel_gnss_hal.mk
deleted file mode 100644
index b0edff7..0000000
--- a/gps/pixel/pixel_gnss_hal.mk
+++ /dev/null
@@ -1,15 +0,0 @@
-# Include this file to enable Pixel GNSS HAL
-
-$(call soong_config_set, pixel_gnss, enable_pixel_gnss_aidl_service, true)
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/pixel/sepolicy
-
-PRODUCT_PACKAGES += \
- android.hardware.gnss-service.pixel
-
-PRODUCT_VENDOR_PROPERTIES += \
- persist.vendor.gps.hal.service.name=vendor
-
-# Compatibility matrix
-DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += \
- device/google/gs-common/gps/pixel/device_framework_matrix_product.xml
diff --git a/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te
index a6430f1..df699fc 100644
--- a/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te
+++ b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te
@@ -9,5 +9,5 @@
allow pixel-thermal-control-sh sysfs_thermal:file rw_file_perms;
allow pixel-thermal-control-sh sysfs_thermal:lnk_file r_file_perms;
allow pixel-thermal-control-sh thermal_link_device:dir r_dir_perms;
- get_prop(pixel-thermal-control-sh, vendor_thermal_prop)
+ set_prop(pixel-thermal-control-sh, vendor_thermal_prop)
')
diff --git a/touch/twoshay/sepolicy/device.te b/touch/twoshay/sepolicy/device.te
new file mode 100644
index 0000000..d3ce622
--- /dev/null
+++ b/touch/twoshay/sepolicy/device.te
@@ -0,0 +1 @@
+type touch_offload_device, dev_type;
diff --git a/touch/twoshay/sepolicy/dumpstate.te b/touch/twoshay/sepolicy/dumpstate.te
new file mode 100644
index 0000000..90f14b8
--- /dev/null
+++ b/touch/twoshay/sepolicy/dumpstate.te
@@ -0,0 +1,2 @@
+allow dumpstate touch_context_service:service_manager find;
+binder_call(dumpstate, twoshay)
diff --git a/touch/twoshay/sepolicy/file_contexts b/touch/twoshay/sepolicy/file_contexts
new file mode 100644
index 0000000..09728be
--- /dev/null
+++ b/touch/twoshay/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/dev/touch_offload u:object_r:touch_offload_device:s0
+/vendor/bin/twoshay u:object_r:twoshay_exec:s0
diff --git a/touch/twoshay/sepolicy/hal_dumpstate_default.te b/touch/twoshay/sepolicy/hal_dumpstate_default.te
new file mode 100644
index 0000000..81edc36
--- /dev/null
+++ b/touch/twoshay/sepolicy/hal_dumpstate_default.te
@@ -0,0 +1,2 @@
+allow hal_dumpstate_default touch_context_service:service_manager find;
+binder_call(hal_dumpstate_default, twoshay)
diff --git a/touch/twoshay/sepolicy/platform_app.te b/touch/twoshay/sepolicy/platform_app.te
new file mode 100644
index 0000000..ac997a9
--- /dev/null
+++ b/touch/twoshay/sepolicy/platform_app.te
@@ -0,0 +1,4 @@
+allow platform_app gril_antenna_tuning_service:service_manager find;
+allow platform_app screen_protector_detector_service:service_manager find;
+allow platform_app touch_context_service:service_manager find;
+binder_call(platform_app, twoshay)
diff --git a/touch/twoshay/sepolicy/service.te b/touch/twoshay/sepolicy/service.te
new file mode 100644
index 0000000..4aa064d
--- /dev/null
+++ b/touch/twoshay/sepolicy/service.te
@@ -0,0 +1,3 @@
+type gril_antenna_tuning_service, service_manager_type, hal_service_type;
+type screen_protector_detector_service, service_manager_type, hal_service_type;
+type touch_context_service, service_manager_type, hal_service_type;
diff --git a/touch/twoshay/sepolicy/service_contexts b/touch/twoshay/sepolicy/service_contexts
new file mode 100644
index 0000000..f6aa1db
--- /dev/null
+++ b/touch/twoshay/sepolicy/service_contexts
@@ -0,0 +1,3 @@
+com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
+com.google.input.algos.gril.IGrilAntennaTuningService/default u:object_r:gril_antenna_tuning_service:s0
+com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0
diff --git a/touch/twoshay/sepolicy/touchflow_debug/file_contexts b/touch/twoshay/sepolicy/touchflow_debug/file_contexts
new file mode 100644
index 0000000..17dfe62
--- /dev/null
+++ b/touch/twoshay/sepolicy/touchflow_debug/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/hw/android\.hardware\.input\.processor-reflector u:object_r:hal_input_processor_default_exec:s0
+/vendor/bin/twoshay_touchflow u:object_r:twoshay_exec:s0
diff --git a/touch/twoshay/sepolicy/twoshay.te b/touch/twoshay/sepolicy/twoshay.te
new file mode 100644
index 0000000..cd317a0
--- /dev/null
+++ b/touch/twoshay/sepolicy/twoshay.te
@@ -0,0 +1,27 @@
+type twoshay, domain;
+type twoshay_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(twoshay)
+
+allow twoshay touch_offload_device:chr_file rw_file_perms;
+allow twoshay twoshay:capability sys_nice;
+
+binder_use(twoshay)
+add_service(twoshay, gril_antenna_tuning_service)
+add_service(twoshay, screen_protector_detector_service)
+add_service(twoshay, touch_context_service)
+
+binder_call(twoshay, platform_app)
+
+allow twoshay fwk_stats_service:service_manager find;
+binder_call(twoshay, stats_service_server)
+
+# Allow dumpsys output in bugreports.
+allow twoshay dumpstate:fd use;
+allow twoshay dumpstate:fifo_file write;
+
+# b/198755236
+dontaudit twoshay twoshay:capability dac_override;
+
+# b/226830650
+dontaudit twoshay boot_status_prop:file read;
diff --git a/touch/twoshay/twoshay.mk b/touch/twoshay/twoshay.mk
new file mode 100644
index 0000000..20bf1ba
--- /dev/null
+++ b/touch/twoshay/twoshay.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/twoshay/sepolicy
+PRODUCT_PACKAGES += twoshay
+PRODUCT_SOONG_NAMESPACES += vendor/google/input/twoshay