Gitiles
Code Review Sign In
gerrit.omnirom.org / android_device_google_gs-common / d5028db7e3c53961a6f4c7d12d123e3c57466f2f^2..d5028db7e3c53961a6f4c7d12d123e3c57466f2f / .
commitd5028db7e3c53961a6f4c7d12d123e3c57466f2f[log] [tgz]
authorBinhao Lin <linbinhao@google.com>Fri Apr 19 21:13:45 2024 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Fri Apr 19 21:13:45 2024 +0000
tree5672e80017613e589b825af120ffa755c5474849
parent67c14e6e01201b33c40feae1193b6912c3ff5352 [diff]
parent278620120f1ba40479a9a9d36394d7bab3caad74 [diff]
Merge "Attach multicam CPA to the bug report" into 24D1-dev am: 278620120f

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/27030061

Change-Id: I9266fb1b07fbf7a396e37834dc25d1a2084fb192
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/bcmbt/bluetooth.mk b/bcmbt/bluetooth.mk
index eb6a29b..af4cf99 100644
--- a/bcmbt/bluetooth.mk
+++ b/bcmbt/bluetooth.mk

@@ -1,6 +1,8 @@
 PRODUCT_SOONG_NAMESPACES += vendor/broadcom/bluetooth
 PRODUCT_PACKAGES += \
        android.hardware.bluetooth-V1-ndk.so \
+       android.hardware.bluetooth.finder-V1-ndk.so \
+       android.hardware.bluetooth.ranging-V1-ndk.so \
        android.hardware.bluetooth-service.bcmbtlinux \
        vendor.google.bluetooth_ext-V1-ndk.so \
        bt_vendor.conf \

diff --git a/bcmbt/compatibility_matrix.xml b/bcmbt/compatibility_matrix.xml
index 1a63ccf..65b0c6d 100644
--- a/bcmbt/compatibility_matrix.xml
+++ b/bcmbt/compatibility_matrix.xml

@@ -6,7 +6,6 @@
             <name>IBluetoothFinder</name>
             <instance>default</instance>
         </interface>
-        <fqname>IBluetoothFinder/default</fqname>
         <interface>
             <name>IBluetoothCcc</name>
             <instance>default</instance>

diff --git a/bcmbt/manifest_bluetooth.xml b/bcmbt/manifest_bluetooth.xml
index f14112c..a72f1c9 100644
--- a/bcmbt/manifest_bluetooth.xml
+++ b/bcmbt/manifest_bluetooth.xml

@@ -5,6 +5,16 @@
         <fqname>IBluetoothHci/default</fqname>
     </hal>
     <hal format="aidl">
+        <name>android.hardware.bluetooth.finder</name>
+        <version>1</version>
+        <fqname>IBluetoothFinder/default</fqname>
+    </hal>
+    <hal format="aidl">
+        <name>android.hardware.bluetooth.ranging</name>
+        <version>1</version>
+        <fqname>IBluetoothChannelSounding/default</fqname>
+    </hal>
+    <hal format="aidl">
         <name>vendor.google.bluetooth_ext</name>
         <version>1</version>
         <fqname>IBTChannelAvoidance/default</fqname>

diff --git a/edgetpu/sepolicy/device.te b/edgetpu/sepolicy/device.te
index 9296ba5..78e918a 100644
--- a/edgetpu/sepolicy/device.te
+++ b/edgetpu/sepolicy/device.te

@@ -1,2 +1,2 @@
 # EdgeTPU device (DarwiNN)
-type edgetpu_device, dev_type, mlstrustedobject;
+type edgetpu_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;

diff --git a/edgetpu/sepolicy/service.te b/edgetpu/sepolicy/service.te
index b1a5409..5ea2006 100644
--- a/edgetpu/sepolicy/service.te
+++ b/edgetpu/sepolicy/service.te

@@ -4,4 +4,4 @@
 type edgetpu_tachyon_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
 
 # EdgeTPU binder service type declaration.
-type edgetpu_app_service, service_manager_type;
+type edgetpu_app_service, service_manager_type, isolated_compute_allowed_service;

diff --git a/gps/brcm/device.mk b/gps/brcm/device.mk
index 3065542..45b4eb0 100644
--- a/gps/brcm/device.mk
+++ b/gps/brcm/device.mk

@@ -1,14 +1,12 @@
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/brcm/sepolicy
 
 PRODUCT_SOONG_NAMESPACES += vendor/broadcom/gps/bcm47765
-
-SOONG_CONFIG_NAMESPACES += gpssdk
-SOONG_CONFIG_gpssdk += sdkv1
-SOONG_CONFIG_gpssdk_sdkv1 ?= false
-
-SOONG_CONFIG_NAMESPACES += gpssdk
-SOONG_CONFIG_gpssdk += gpsmcuversion
-SOONG_CONFIG_gpssdk_gpsmcuversion ?= gpsv2_$(TARGET_BUILD_VARIANT)
+ifeq (,$(call soong_config_get,gpssdk,sdkv1))
+    $(call soong_config_set,gpssdk,sdkv1,false)
+endif
+ifeq (,$(call soong_config_get,gpssdk,gpsmcuversion))
+    $(call soong_config_set,gpssdk,gpsmcuversion,gpsv2_$(TARGET_BUILD_VARIANT))
+endif
 
 PRODUCT_PACKAGES += \
 	bcm47765_gps_package \

diff --git a/gps/lsi/s5400.mk b/gps/lsi/s5400.mk
deleted file mode 100644
index 1bfc88e..0000000
--- a/gps/lsi/s5400.mk
+++ /dev/null

@@ -1,19 +0,0 @@
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/lsi/sepolicy
-
-PRODUCT_SOONG_NAMESPACES += \
-    vendor/samsung_slsi/gps/s5400
-
-PRODUCT_PACKAGES += \
-    android.hardware.location.gps.prebuilt.xml \
-    gnssd \
-    android.hardware.gnss-service \
-    ca.pem \
-    gnss_check.sh \
-    kepler.bin
-
-ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
-    PRODUCT_VENDOR_PROPERTIES += vendor.gps.aol.enabled=true
-endif
-
-# Enable Pixel GNSS HAL
-include device/google/gs-common/gps/pixel/pixel_gnss_hal.mk
\ No newline at end of file

diff --git a/gps/pixel/device_framework_matrix_product.xml b/gps/pixel/device_framework_matrix_product.xml
deleted file mode 100644
index 2c93444..0000000
--- a/gps/pixel/device_framework_matrix_product.xml
+++ /dev/null

@@ -1,10 +0,0 @@
-<compatibility-matrix version="1.0" type="framework" level="8">
-    <hal format="aidl" optional="true">
-        <name>android.hardware.gnss</name>
-        <version>3</version>
-        <interface>
-            <name>IGnss</name>
-            <instance>vendor</instance>
-        </interface>
-    </hal>
-</compatibility-matrix>

diff --git a/gps/pixel/pixel_gnss_hal.mk b/gps/pixel/pixel_gnss_hal.mk
deleted file mode 100644
index b0edff7..0000000
--- a/gps/pixel/pixel_gnss_hal.mk
+++ /dev/null

@@ -1,15 +0,0 @@
-# Include this file to enable Pixel GNSS HAL
-
-$(call soong_config_set, pixel_gnss, enable_pixel_gnss_aidl_service, true)
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/pixel/sepolicy
-
-PRODUCT_PACKAGES += \
-    android.hardware.gnss-service.pixel
-
-PRODUCT_VENDOR_PROPERTIES += \
-    persist.vendor.gps.hal.service.name=vendor
-
-# Compatibility matrix
-DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += \
-    device/google/gs-common/gps/pixel/device_framework_matrix_product.xml

diff --git a/gps/pixel/sepolicy/file.te b/gps/pixel/sepolicy/file.te
deleted file mode 100644
index 79e95ab..0000000
--- a/gps/pixel/sepolicy/file.te
+++ /dev/null

@@ -1 +0,0 @@
-type sysfs_modem_state, sysfs_type, fs_type;

diff --git a/gpu/sepolicy/service_contexts b/gpu/sepolicy/service_contexts
new file mode 100644
index 0000000..88ee08c
--- /dev/null
+++ b/gpu/sepolicy/service_contexts

@@ -0,0 +1,4 @@
+# Note that native/passthrough HALs use the "{type}/{instance}" pattern from
+# SEPolicy perspective and are looked up via the corresponding filename
+# "{type}.{instance}.so".
+mapper/pixel u:object_r:hal_graphics_mapper_service:s0

diff --git a/gs_watchdogd/gs_watchdogd.cpp b/gs_watchdogd/gs_watchdogd.cpp
index 59b089c..82e01d0 100644
--- a/gs_watchdogd/gs_watchdogd.cpp
+++ b/gs_watchdogd/gs_watchdogd.cpp

@@ -14,9 +14,11 @@
  * limitations under the License.
  */
 
+#include <android-base/chrono_utils.h>
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/stringprintf.h>
+#include <android-base/unique_fd.h>
 
 #include <errno.h>
 #include <fcntl.h>
@@ -26,21 +28,28 @@
 #include <string.h>
 #include <unistd.h>
 
-#define DEV_GLOB "/sys/devices/platform/*.watchdog_cl0/watchdog/watchdog*"
+#include <chrono>
+#include <vector>
+
+#define DEV_GLOB "/sys/devices/platform/*.watchdog_cl*/watchdog/watchdog*"
+
+#define DEFAULT_INTERVAL 10s
+#define DEFAULT_MARGIN 10s
 
 using android::base::Basename;
 using android::base::StringPrintf;
+using std::literals::chrono_literals::operator""s;
 
 int main(int argc, char** argv) {
     android::base::InitLogging(argv, &android::base::KernelLogger);
 
-    int interval = 10;
-    if (argc >= 2) interval = atoi(argv[1]);
+    std::chrono::seconds interval = argc >= 2
+        ? std::chrono::seconds(atoi(argv[1])) : DEFAULT_INTERVAL;
+    std::chrono::seconds margin = argc >= 3
+        ? std::chrono::seconds(atoi(argv[2])) : DEFAULT_MARGIN;
 
-    int margin = 10;
-    if (argc >= 3) margin = atoi(argv[2]);
-
-    LOG(INFO) << "gs_watchdogd started (interval " << interval << ", margin " << margin << ")!";
+    LOG(INFO) << "gs_watchdogd started (interval " << interval.count()
+              << ", margin " << margin.count() << ")!";
 
     glob_t globbuf;
     int ret = glob(DEV_GLOB, GLOB_MARK, nullptr, &globbuf);
@@ -49,40 +58,42 @@
         return 1;
     }
 
-    if (globbuf.gl_pathc > 1) {
-        PLOG(WARNING) << "Multiple watchdog dev path found by " << DEV_GLOB;
-    }
+    std::vector<android::base::unique_fd> wdt_dev_fds;
 
-    std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[0]).c_str());
-    globfree(&globbuf);
+    for (size_t i = 0; i < globbuf.gl_pathc; i++) {
+        std::chrono::seconds timeout = interval + margin;
+        int timeout_secs = timeout.count();
+        std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[i]).c_str());
 
-    int fd = open(dev_path.c_str(), O_RDWR | O_CLOEXEC);
-    if (fd == -1) {
-        PLOG(ERROR) << "Failed to open " << dev_path;
-        return 1;
-    }
+        int fd = TEMP_FAILURE_RETRY(open(dev_path.c_str(), O_RDWR | O_CLOEXEC));
+        if (fd == -1) {
+            PLOG(ERROR) << "Failed to open " << dev_path;
+            return 1;
+        }
 
-    int timeout = interval + margin;
-    ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout);
-    if (ret) {
-        PLOG(ERROR) << "Failed to set timeout to " << timeout;
-        ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout);
+        wdt_dev_fds.emplace_back(fd);
+        ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout_secs);
         if (ret) {
-            PLOG(ERROR) << "Failed to get timeout";
-        } else {
-            if (timeout > margin) {
-                interval = timeout - margin;
+            PLOG(ERROR) << "Failed to set timeout to " << timeout_secs;
+            ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout_secs);
+            if (ret) {
+                PLOG(ERROR) << "Failed to get timeout";
             } else {
-                interval = 1;
+                interval = timeout > margin ? timeout - margin : 1s;
+                LOG(WARNING) << "Adjusted interval to timeout returned by driver: "
+                             << "timeout " << timeout_secs
+                             << ", interval " << interval.count()
+                             << ", margin " << margin.count();
             }
-            LOG(WARNING) << "Adjusted interval to timeout returned by driver: "
-                         << "timeout " << timeout << ", interval " << interval << ", margin "
-                         << margin;
         }
     }
 
+    globfree(&globbuf);
+
     while (true) {
-        write(fd, "", 1);
-        sleep(interval);
+        for (const auto& fd : wdt_dev_fds) {
+            TEMP_FAILURE_RETRY(write(fd, "", 1));
+        }
+        sleep(interval.count());
     }
 }

diff --git a/insmod/insmod.sh b/insmod/insmod.sh
index 03843f5..8cac37e 100755
--- a/insmod/insmod.sh
+++ b/insmod/insmod.sh

@@ -66,6 +66,17 @@
       "insmod") insmod $arg ;;
       "setprop") setprop $arg 1 ;;
       "enable") echo 1 > $arg ;;
+      "condinsmod")
+        prop=$(echo $arg | cut -d '|' -f 1)
+        module1=$(echo $arg | cut -d '|' -f 2)
+        module2=$(echo $arg | cut -d '|' -f 3)
+        value=$(getprop $prop)
+        if [[ ${value} == "true" ]]; then
+          insmod ${vendor_modules_dir}/${module1}
+        else
+          insmod ${vendor_modules_dir}/${module2}
+        fi
+        ;;
       "modprobe")
         case ${arg} in
           "system -b *" | "system -b")

diff --git a/modem/shared_modem_platform/compatibility_matrix.xml b/modem/shared_modem_platform/compatibility_matrix.xml
new file mode 100644
index 0000000..5019c3e
--- /dev/null
+++ b/modem/shared_modem_platform/compatibility_matrix.xml

@@ -0,0 +1,11 @@
+<compatibility-matrix version="1.0" type="framework">
+    <!-- Optional since older devices will not register any services. -->
+    <hal format="aidl" optional="true">
+        <name>com.google.pixel.shared_modem_platform</name>
+        <version>1</version>
+        <interface>
+            <name>ISharedModemPlatform</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
+</compatibility-matrix>

diff --git a/modem/shared_modem_platform/sepolicy/attributes b/modem/shared_modem_platform/sepolicy/attributes
new file mode 100644
index 0000000..2cc802d
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/attributes

@@ -0,0 +1 @@
+hal_attribute(shared_modem_platform)

diff --git a/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te b/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te
new file mode 100644
index 0000000..8771563
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te

@@ -0,0 +1,8 @@
+# Allow binder connection from client to server
+binder_call(hal_shared_modem_platform_client, hal_shared_modem_platform_server)
+
+# Allow client to find the service, server to register the service
+hal_attribute_service(hal_shared_modem_platform, hal_shared_modem_platform_service)
+
+# Allow binder communication from server to service_manager
+binder_use(hal_shared_modem_platform_server)

diff --git a/modem/shared_modem_platform/sepolicy/service.te b/modem/shared_modem_platform/sepolicy/service.te
new file mode 100644
index 0000000..390fde6
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/service.te

@@ -0,0 +1 @@
+type hal_shared_modem_platform_service, hal_service_type, service_manager_type;

diff --git a/modem/shared_modem_platform/sepolicy/service_contexts b/modem/shared_modem_platform/sepolicy/service_contexts
new file mode 100644
index 0000000..58232f7
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/service_contexts

@@ -0,0 +1,2 @@
+# Bind Shared Modem Platform AIDL service name to the SELinux type.
+com.google.pixel.shared_modem_platform.ISharedModemPlatform/default u:object_r:hal_shared_modem_platform_service:s0

diff --git a/modem/shared_modem_platform/shared_modem_platform.mk b/modem/shared_modem_platform/shared_modem_platform.mk
new file mode 100644
index 0000000..3f50c37
--- /dev/null
+++ b/modem/shared_modem_platform/shared_modem_platform.mk

@@ -0,0 +1,11 @@
+# This file is not included in `modem.mk` since this is included at the
+# beginning of each `device.mk` file, and so will be called before
+# `SHARED_MODEM_PLATFORM_VENDOR` is defined later in the file.
+SOONG_CONFIG_NAMESPACES += shared_modem_platform
+SOONG_CONFIG_shared_modem_platform += \
+       vendor
+SOONG_CONFIG_shared_modem_platform_vendor := $(SHARED_MODEM_PLATFORM_VENDOR)
+
+PRODUCT_PACKAGES += shared_modem_platform
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/shared_modem_platform/compatibility_matrix.xml
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy

diff --git a/mte/fullmte-pixel.mk b/mte/fullmte-pixel.mk
index 6cc525d..ac2aba8 100644
--- a/mte/fullmte-pixel.mk
+++ b/mte/fullmte-pixel.mk

@@ -3,6 +3,3 @@
 PRODUCT_MODULE_BUILD_FROM_SOURCE := true
 
 BOARD_KERNEL_CMDLINE += bootloader.pixel.MTE_FORCE_ON
-# TODO(b/324412910): Remove this when the stack-buffer-overflow is fixed.
-PRODUCT_PRODUCT_PROPERTIES += \
-  arm64.memtag.process.android.hardware.composer.hwc3-service.pixel=off
\ No newline at end of file

diff --git a/performance/Android.bp b/performance/Android.bp
index 6eee7c4..c29b460 100644
--- a/performance/Android.bp
+++ b/performance/Android.bp

@@ -5,6 +5,7 @@
 cc_binary {
     name: "dump_perf",
     srcs: ["dump_perf.cpp"],
+    init_rc: ["init.pixel-mm-gs.rc"],
     cflags: [
         "-Wall",
         "-Wextra",

diff --git a/performance/init.pixel-mm-gs.rc b/performance/init.pixel-mm-gs.rc
new file mode 100644
index 0000000..9bc12e9
--- /dev/null
+++ b/performance/init.pixel-mm-gs.rc

@@ -0,0 +1,20 @@
+# Copyright (C) 2024 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+on init
+    # adjust PCP high level
+    write /proc/sys/vm/percpu_pagelist_high_fraction 430
+
+    # disable proactive compaction
+    write /proc/sys/vm/compaction_proactiveness 0

diff --git a/performance/sepolicy/vendor_init.te b/performance/sepolicy/vendor_init.te
new file mode 100644
index 0000000..6b4ef15
--- /dev/null
+++ b/performance/sepolicy/vendor_init.te

@@ -0,0 +1,4 @@
+# MM
+allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms;
+allow vendor_init proc_compaction_proactiveness:file w_file_perms;
+

diff --git a/radio/sepolicy/file.te b/radio/sepolicy/file.te
index 02d0209..95b24c0 100644
--- a/radio/sepolicy/file.te
+++ b/radio/sepolicy/file.te

@@ -1,6 +1,9 @@
 # Data
 type tcpdump_vendor_data_file, file_type, data_file_type;
 
+# Modem
+type sysfs_modem_state, sysfs_type, fs_type;
+
 userdebug_or_eng(`
   typeattribute tcpdump_vendor_data_file mlstrustedobject;
 ')

diff --git a/gps/pixel/sepolicy/genfs_contexts b/radio/sepolicy/genfs_contexts
similarity index 98%
rename from gps/pixel/sepolicy/genfs_contexts
rename to radio/sepolicy/genfs_contexts
index 494aa97..039f329 100644
--- a/gps/pixel/sepolicy/genfs_contexts
+++ b/radio/sepolicy/genfs_contexts

@@ -1,2 +1,3 @@
 # modem state node
 genfscon sysfs /devices/platform/cpif/modem_state       u:object_r:sysfs_modem_state:s0
+

diff --git a/ramdump/ramdump.mk b/ramdump/ramdump.mk
deleted file mode 100644
index 5b34a67..0000000
--- a/ramdump/ramdump.mk
+++ /dev/null

@@ -1,3 +0,0 @@
-PRODUCT_PACKAGES_DEBUG += dump_ramdump
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/ramdump/sepolicy

diff --git a/ramdump/sepolicy/file_contexts b/ramdump/sepolicy/file_contexts
deleted file mode 100644
index 726f69d..0000000
--- a/ramdump/sepolicy/file_contexts
+++ /dev/null

@@ -1,2 +0,0 @@
-# dumpstate
-/vendor/bin/dump/dump_ramdump           u:object_r:dump_ramdump_exec:s0

diff --git a/ramdump/Android.bp b/ramdump_and_coredump/Android.bp
similarity index 100%
rename from ramdump/Android.bp
rename to ramdump_and_coredump/Android.bp

diff --git a/ramdump/dump_ramdump.cpp b/ramdump_and_coredump/dump_ramdump.cpp
similarity index 100%
rename from ramdump/dump_ramdump.cpp
rename to ramdump_and_coredump/dump_ramdump.cpp

diff --git a/ramdump_and_coredump/ramdump_and_coredump.mk b/ramdump_and_coredump/ramdump_and_coredump.mk
new file mode 100644
index 0000000..5c76bf8
--- /dev/null
+++ b/ramdump_and_coredump/ramdump_and_coredump.mk

@@ -0,0 +1,12 @@
+PRODUCT_PACKAGES += \
+  sscoredump \
+
+PRODUCT_PACKAGES_DEBUG += \
+    dump_ramdump \
+    ramdump \
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/ramdump_and_coredump/sepolicy
+
+# sscoredump
+PRODUCT_PROPERTY_OVERRIDES += vendor.debug.ssrdump.type=sscoredump
+PRODUCT_SOONG_NAMESPACES += vendor/google/tools/subsystem-coredump

diff --git a/ramdump_and_coredump/sepolicy/bug_map b/ramdump_and_coredump/sepolicy/bug_map
new file mode 100644
index 0000000..0554746
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/bug_map

@@ -0,0 +1,3 @@
+ramdump vendor_hw_plat_prop file b/161103878
+ramdump public_vendor_default_prop file b/161103878
+ramdump proc_bootconfig file b/181615626

diff --git a/ramdump_and_coredump/sepolicy/device.te b/ramdump_and_coredump/sepolicy/device.te
new file mode 100644
index 0000000..7614dd4
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/device.te

@@ -0,0 +1 @@
+type sscoredump_device, dev_type;

diff --git a/ramdump/sepolicy/dump_ramdump.te b/ramdump_and_coredump/sepolicy/dump_ramdump.te
similarity index 100%
rename from ramdump/sepolicy/dump_ramdump.te
rename to ramdump_and_coredump/sepolicy/dump_ramdump.te

diff --git a/ramdump_and_coredump/sepolicy/file.te b/ramdump_and_coredump/sepolicy/file.te
new file mode 100644
index 0000000..10c3171
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/file.te

@@ -0,0 +1,15 @@
+# ramdump: file
+type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_fs, fusefs_type, data_file_type, mlstrustedobject;
+
+# sscoredump: file
+type sscoredump_vendor_data_coredump_file, file_type, data_file_type, mlstrustedobject;
+type sscoredump_vendor_data_crashinfo_file, file_type, data_file_type, mlstrustedobject;
+
+# sscoredump: sysfs
+type sysfs_sscoredump_level, sysfs_type, fs_type;                  # sscoredump level
+type sysfs_sscoredump_subsystem_report_count, sysfs_type, fs_type; # subsystem report_count: per device explicit path
+
+# ssr_detector_app
+type sscoredump_vendor_data_logcat_file, file_type, data_file_type, mlstrustedobject;

diff --git a/ramdump_and_coredump/sepolicy/file_contexts b/ramdump_and_coredump/sepolicy/file_contexts
new file mode 100644
index 0000000..747fc02
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/file_contexts

@@ -0,0 +1,17 @@
+# dump_ramdump
+/vendor/bin/dump/dump_ramdump           u:object_r:dump_ramdump_exec:s0
+
+# ramdump
+/data/vendor/ramdump(/.*)?                u:object_r:ramdump_vendor_data_file:s0
+/mnt/vendor/ramdump(/.*)?                 u:object_r:ramdump_vendor_mnt_file:s0
+/vendor/bin/ramdump                       u:object_r:ramdump_exec:s0
+/vendor/bin/ramdump32                     u:object_r:ramdump_exec:s0
+
+# sscoredump
+/data/vendor/ssrdump(/.*)?             u:object_r:sscoredump_vendor_data_crashinfo_file:s0
+/data/vendor/ssrdump/coredump(/.*)?    u:object_r:sscoredump_vendor_data_coredump_file:s0
+/dev/sscd_.*                           u:object_r:sscoredump_device:s0
+/vendor/bin/sscoredump                 u:object_r:sscoredump_exec:s0
+
+# ssr_detector_app
+/data/vendor/ssrdump/logcat(/.*)?      u:object_r:sscoredump_vendor_data_logcat_file:s0

diff --git a/ramdump_and_coredump/sepolicy/genfs_contexts b/ramdump_and_coredump/sepolicy/genfs_contexts
new file mode 100644
index 0000000..5a6e494
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/genfs_contexts

@@ -0,0 +1 @@
+genfscon sysfs /class/sscoredump/level u:object_r:sysfs_sscoredump_level:s0

diff --git a/ramdump_and_coredump/sepolicy/property.te b/ramdump_and_coredump/sepolicy/property.te
new file mode 100644
index 0000000..e708b5a
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/property.te

@@ -0,0 +1,2 @@
+# ramdump
+vendor_internal_prop(vendor_ramdump_prop)

diff --git a/ramdump_and_coredump/sepolicy/property_contexts b/ramdump_and_coredump/sepolicy/property_contexts
new file mode 100644
index 0000000..a50f5a9
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/property_contexts

@@ -0,0 +1,3 @@
+# ramdump
+ro.boot.ramdump                           u:object_r:vendor_ramdump_prop:s0
+vendor.debug.ramdump.                     u:object_r:vendor_ramdump_prop:s0

diff --git a/ramdump_and_coredump/sepolicy/ramdump.te b/ramdump_and_coredump/sepolicy/ramdump.te
new file mode 100644
index 0000000..d66139f
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/ramdump.te

@@ -0,0 +1,48 @@
+type ramdump_exec, exec_type, vendor_file_type, file_type;
+type ramdump, domain;
+
+userdebug_or_eng(`
+  init_daemon_domain(ramdump)
+
+  set_prop(ramdump, vendor_ramdump_prop)
+
+  # f2fs set pin file requires sys_admin
+  allow ramdump self:capability { sys_admin sys_rawio };
+
+  allow ramdump ramdump_vendor_data_file:dir create_dir_perms;
+  allow ramdump ramdump_vendor_data_file:file create_file_perms;
+  allow ramdump proc_cmdline:file r_file_perms;
+
+  allow ramdump block_device:dir search;
+  allow ramdump misc_block_device:blk_file rw_file_perms;
+  allow ramdump userdata_block_device:blk_file rw_file_perms;
+
+  # Allow ReadDefaultFstab().
+  read_fstab(ramdump)
+
+  # read /fstab.${ro.hardware}
+  allow ramdump rootfs:file r_file_perms;
+
+  r_dir_file(ramdump, sysfs_type)
+
+  # To access statsd.
+  hwbinder_use(ramdump)
+  get_prop(ramdump, hwservicemanager_prop)
+  get_prop(ramdump, boot_status_prop)
+  allow ramdump fwk_stats_hwservice:hwservice_manager find;
+  binder_call(ramdump, stats_service_server)
+  allow ramdump fwk_stats_service:service_manager find;
+  binder_use(ramdump)
+
+  # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump.
+  allow ramdump fuse:filesystem relabelfrom;
+  allow ramdump fuse_device:chr_file rw_file_perms;
+  allow ramdump mnt_vendor_file:dir r_dir_perms;
+  allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
+  allow ramdump ramdump_vendor_fs:filesystem { mount unmount relabelfrom relabelto };
+  allow ramdump_vendor_mnt_file ramdump_vendor_fs:filesystem associate;
+
+  # Access new Stats AIDL APIs (ag/13714907).
+  allow ramdump fwk_stats_service:service_manager find;
+  binder_call(ramdump, servicemanager)
+')

diff --git a/ramdump_and_coredump/sepolicy/ramdump_app.te b/ramdump_and_coredump/sepolicy/ramdump_app.te
new file mode 100644
index 0000000..85d4bfd
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/ramdump_app.te

@@ -0,0 +1,26 @@
+type ramdump_app, domain;
+
+userdebug_or_eng(`
+  app_domain(ramdump_app)
+
+  allow ramdump_app app_api_service:service_manager find;
+
+  allow ramdump_app ramdump_vendor_data_file:file create_file_perms;
+  allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms;
+
+  set_prop(ramdump_app, vendor_ramdump_prop)
+  get_prop(ramdump_app, system_boot_reason_prop)
+
+  # To access ramdumpfs.
+  allow ramdump_app mnt_vendor_file:dir search;
+  allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms;
+  allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms;
+
+  # To access subsystem ramdump files and dirs.
+  allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+  allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+  allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+  allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms;
+  allow ramdump_app sscoredump_vendor_data_logcat_file:dir r_dir_perms;
+  allow ramdump_app sscoredump_vendor_data_logcat_file:file r_file_perms;
+')

diff --git a/ramdump_and_coredump/sepolicy/seapp_contexts b/ramdump_and_coredump/sepolicy/seapp_contexts
new file mode 100644
index 0000000..2618216
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/seapp_contexts

@@ -0,0 +1,5 @@
+# ramdump_app
+user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
+
+# ssr_detector_app
+user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user

diff --git a/ramdump_and_coredump/sepolicy/sscoredump.te b/ramdump_and_coredump/sepolicy/sscoredump.te
new file mode 100644
index 0000000..70d6e1b
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/sscoredump.te

@@ -0,0 +1,18 @@
+type sscoredump, domain;
+type sscoredump_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(sscoredump)
+
+set_prop(sscoredump, vendor_ssrdump_prop)
+
+allow sscoredump device:dir r_dir_perms;
+allow sscoredump sscoredump_device:chr_file rw_file_perms;
+allow sscoredump sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
+allow sscoredump sscoredump_vendor_data_crashinfo_file:file create_file_perms;
+allow sscoredump sysfs_sscoredump_subsystem_report_count:file r_file_perms;
+
+userdebug_or_eng(`
+  allow sscoredump sysfs_sscoredump_level:file rw_file_perms;
+  allow sscoredump sscoredump_vendor_data_coredump_file:dir create_dir_perms;
+  allow sscoredump sscoredump_vendor_data_coredump_file:file create_file_perms;
+')

diff --git a/ramdump_and_coredump/sepolicy/ssr_detector_app.te b/ramdump_and_coredump/sepolicy/ssr_detector_app.te
new file mode 100644
index 0000000..ffd612a
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/ssr_detector_app.te

@@ -0,0 +1,27 @@
+type ssr_detector_app, domain;
+
+app_domain(ssr_detector_app)
+allow ssr_detector_app app_api_service:service_manager find;
+allow ssr_detector_app radio_service:service_manager find;
+
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:file create_file_perms;
+
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+
+userdebug_or_eng(`
+  allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+  allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms;
+  allow ssr_detector_app sscoredump_vendor_data_logcat_file:dir create_dir_perms;
+  allow ssr_detector_app sscoredump_vendor_data_logcat_file:file create_file_perms;
+  get_prop(ssr_detector_app, vendor_aoc_prop)
+  allow ssr_detector_app sysfs_sjtag:dir r_dir_perms;
+  allow ssr_detector_app sysfs_sjtag:file rw_file_perms;
+  allow ssr_detector_app proc_vendor_sched:dir search;
+  allow ssr_detector_app proc_vendor_sched:file rw_file_perms;
+  allow ssr_detector_app cgroup:file write;
+')
+
+get_prop(ssr_detector_app, vendor_ssrdump_prop)
+get_prop(ssr_detector_app, vendor_wifi_version)

diff --git a/sota_app/factoryota-watch.mk b/sota_app/factoryota-watch.mk
new file mode 100644
index 0000000..3107a1c
--- /dev/null
+++ b/sota_app/factoryota-watch.mk

@@ -0,0 +1,4 @@
+PRODUCT_PACKAGES += \
+    FactoryOtaWearPrebuilt
+
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/sota_app/sepolicy/system_ext

diff --git a/touch/twoshay/sepolicy/device.te b/touch/twoshay/sepolicy/device.te
new file mode 100644
index 0000000..d3ce622
--- /dev/null
+++ b/touch/twoshay/sepolicy/device.te

@@ -0,0 +1 @@
+type touch_offload_device, dev_type;

diff --git a/touch/twoshay/sepolicy/dumpstate.te b/touch/twoshay/sepolicy/dumpstate.te
new file mode 100644
index 0000000..90f14b8
--- /dev/null
+++ b/touch/twoshay/sepolicy/dumpstate.te

@@ -0,0 +1,2 @@
+allow dumpstate touch_context_service:service_manager find;
+binder_call(dumpstate, twoshay)

diff --git a/touch/twoshay/sepolicy/file_contexts b/touch/twoshay/sepolicy/file_contexts
new file mode 100644
index 0000000..09728be
--- /dev/null
+++ b/touch/twoshay/sepolicy/file_contexts

@@ -0,0 +1,2 @@
+/dev/touch_offload                                                               u:object_r:touch_offload_device:s0
+/vendor/bin/twoshay                                                              u:object_r:twoshay_exec:s0

diff --git a/touch/twoshay/sepolicy/hal_dumpstate_default.te b/touch/twoshay/sepolicy/hal_dumpstate_default.te
new file mode 100644
index 0000000..81edc36
--- /dev/null
+++ b/touch/twoshay/sepolicy/hal_dumpstate_default.te

@@ -0,0 +1,2 @@
+allow hal_dumpstate_default touch_context_service:service_manager find;
+binder_call(hal_dumpstate_default, twoshay)

diff --git a/touch/twoshay/sepolicy/platform_app.te b/touch/twoshay/sepolicy/platform_app.te
new file mode 100644
index 0000000..ac997a9
--- /dev/null
+++ b/touch/twoshay/sepolicy/platform_app.te

@@ -0,0 +1,4 @@
+allow platform_app gril_antenna_tuning_service:service_manager find;
+allow platform_app screen_protector_detector_service:service_manager find;
+allow platform_app touch_context_service:service_manager find;
+binder_call(platform_app, twoshay)

diff --git a/touch/twoshay/sepolicy/service.te b/touch/twoshay/sepolicy/service.te
new file mode 100644
index 0000000..4aa064d
--- /dev/null
+++ b/touch/twoshay/sepolicy/service.te

@@ -0,0 +1,3 @@
+type gril_antenna_tuning_service, service_manager_type, hal_service_type;
+type screen_protector_detector_service, service_manager_type, hal_service_type;
+type touch_context_service, service_manager_type, hal_service_type;

diff --git a/touch/twoshay/sepolicy/service_contexts b/touch/twoshay/sepolicy/service_contexts
new file mode 100644
index 0000000..f6aa1db
--- /dev/null
+++ b/touch/twoshay/sepolicy/service_contexts

@@ -0,0 +1,3 @@
+com.google.input.ITouchContextService/default              u:object_r:touch_context_service:s0
+com.google.input.algos.gril.IGrilAntennaTuningService/default              u:object_r:gril_antenna_tuning_service:s0
+com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0

diff --git a/touch/twoshay/sepolicy/touchflow_debug/file_contexts b/touch/twoshay/sepolicy/touchflow_debug/file_contexts
new file mode 100644
index 0000000..17dfe62
--- /dev/null
+++ b/touch/twoshay/sepolicy/touchflow_debug/file_contexts

@@ -0,0 +1,2 @@
+/vendor/bin/hw/android\.hardware\.input\.processor-reflector     u:object_r:hal_input_processor_default_exec:s0
+/vendor/bin/twoshay_touchflow     u:object_r:twoshay_exec:s0

diff --git a/touch/twoshay/sepolicy/twoshay.te b/touch/twoshay/sepolicy/twoshay.te
new file mode 100644
index 0000000..cd317a0
--- /dev/null
+++ b/touch/twoshay/sepolicy/twoshay.te

@@ -0,0 +1,27 @@
+type twoshay, domain;
+type twoshay_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(twoshay)
+
+allow twoshay touch_offload_device:chr_file rw_file_perms;
+allow twoshay twoshay:capability sys_nice;
+
+binder_use(twoshay)
+add_service(twoshay, gril_antenna_tuning_service)
+add_service(twoshay, screen_protector_detector_service)
+add_service(twoshay, touch_context_service)
+
+binder_call(twoshay, platform_app)
+
+allow twoshay fwk_stats_service:service_manager find;
+binder_call(twoshay, stats_service_server)
+
+# Allow dumpsys output in bugreports.
+allow twoshay dumpstate:fd use;
+allow twoshay dumpstate:fifo_file write;
+
+# b/198755236
+dontaudit twoshay twoshay:capability dac_override;
+
+# b/226830650
+dontaudit twoshay boot_status_prop:file read;

diff --git a/touch/twoshay/twoshay.mk b/touch/twoshay/twoshay.mk
new file mode 100644
index 0000000..20bf1ba
--- /dev/null
+++ b/touch/twoshay/twoshay.mk

@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/twoshay/sepolicy
+PRODUCT_PACKAGES += twoshay
+PRODUCT_SOONG_NAMESPACES += vendor/google/input/twoshay

diff --git a/trusty/rpmb_dev/rpmb_dev.mk b/trusty/rpmb_dev/rpmb_dev.mk
new file mode 100644
index 0000000..31c68ef
--- /dev/null
+++ b/trusty/rpmb_dev/rpmb_dev.mk

@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/trusty/rpmb_dev/sepolicy
+
+PRODUCT_PACKAGES += rpmb_dev

diff --git a/trusty/rpmb_dev/sepolicy/file_contexts b/trusty/rpmb_dev/sepolicy/file_contexts
new file mode 100644
index 0000000..1a44f7d
--- /dev/null
+++ b/trusty/rpmb_dev/sepolicy/file_contexts

@@ -0,0 +1,2 @@
+# Binaries
+/vendor/bin/rpmb_dev     u:object_r:rpmb_dev_exec:s0

diff --git a/trusty/rpmb_dev/sepolicy/rpmb_dev.te b/trusty/rpmb_dev/sepolicy/rpmb_dev.te
new file mode 100644
index 0000000..0f46e03
--- /dev/null
+++ b/trusty/rpmb_dev/sepolicy/rpmb_dev.te

@@ -0,0 +1,4 @@
+type rpmb_dev, domain;
+type rpmb_dev_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(rpmb_dev)