Merge "Attach multicam CPA to the bug report" into 24D1-dev am: 278620120f
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/27030061
Change-Id: I9266fb1b07fbf7a396e37834dc25d1a2084fb192
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/bcmbt/bluetooth.mk b/bcmbt/bluetooth.mk
index eb6a29b..af4cf99 100644
--- a/bcmbt/bluetooth.mk
+++ b/bcmbt/bluetooth.mk
@@ -1,6 +1,8 @@
PRODUCT_SOONG_NAMESPACES += vendor/broadcom/bluetooth
PRODUCT_PACKAGES += \
android.hardware.bluetooth-V1-ndk.so \
+ android.hardware.bluetooth.finder-V1-ndk.so \
+ android.hardware.bluetooth.ranging-V1-ndk.so \
android.hardware.bluetooth-service.bcmbtlinux \
vendor.google.bluetooth_ext-V1-ndk.so \
bt_vendor.conf \
diff --git a/bcmbt/compatibility_matrix.xml b/bcmbt/compatibility_matrix.xml
index 1a63ccf..65b0c6d 100644
--- a/bcmbt/compatibility_matrix.xml
+++ b/bcmbt/compatibility_matrix.xml
@@ -6,7 +6,6 @@
<name>IBluetoothFinder</name>
<instance>default</instance>
</interface>
- <fqname>IBluetoothFinder/default</fqname>
<interface>
<name>IBluetoothCcc</name>
<instance>default</instance>
diff --git a/bcmbt/manifest_bluetooth.xml b/bcmbt/manifest_bluetooth.xml
index f14112c..a72f1c9 100644
--- a/bcmbt/manifest_bluetooth.xml
+++ b/bcmbt/manifest_bluetooth.xml
@@ -5,6 +5,16 @@
<fqname>IBluetoothHci/default</fqname>
</hal>
<hal format="aidl">
+ <name>android.hardware.bluetooth.finder</name>
+ <version>1</version>
+ <fqname>IBluetoothFinder/default</fqname>
+ </hal>
+ <hal format="aidl">
+ <name>android.hardware.bluetooth.ranging</name>
+ <version>1</version>
+ <fqname>IBluetoothChannelSounding/default</fqname>
+ </hal>
+ <hal format="aidl">
<name>vendor.google.bluetooth_ext</name>
<version>1</version>
<fqname>IBTChannelAvoidance/default</fqname>
diff --git a/edgetpu/sepolicy/device.te b/edgetpu/sepolicy/device.te
index 9296ba5..78e918a 100644
--- a/edgetpu/sepolicy/device.te
+++ b/edgetpu/sepolicy/device.te
@@ -1,2 +1,2 @@
# EdgeTPU device (DarwiNN)
-type edgetpu_device, dev_type, mlstrustedobject;
+type edgetpu_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
diff --git a/edgetpu/sepolicy/service.te b/edgetpu/sepolicy/service.te
index b1a5409..5ea2006 100644
--- a/edgetpu/sepolicy/service.te
+++ b/edgetpu/sepolicy/service.te
@@ -4,4 +4,4 @@
type edgetpu_tachyon_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
# EdgeTPU binder service type declaration.
-type edgetpu_app_service, service_manager_type;
+type edgetpu_app_service, service_manager_type, isolated_compute_allowed_service;
diff --git a/gps/brcm/device.mk b/gps/brcm/device.mk
index 3065542..45b4eb0 100644
--- a/gps/brcm/device.mk
+++ b/gps/brcm/device.mk
@@ -1,14 +1,12 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/brcm/sepolicy
PRODUCT_SOONG_NAMESPACES += vendor/broadcom/gps/bcm47765
-
-SOONG_CONFIG_NAMESPACES += gpssdk
-SOONG_CONFIG_gpssdk += sdkv1
-SOONG_CONFIG_gpssdk_sdkv1 ?= false
-
-SOONG_CONFIG_NAMESPACES += gpssdk
-SOONG_CONFIG_gpssdk += gpsmcuversion
-SOONG_CONFIG_gpssdk_gpsmcuversion ?= gpsv2_$(TARGET_BUILD_VARIANT)
+ifeq (,$(call soong_config_get,gpssdk,sdkv1))
+ $(call soong_config_set,gpssdk,sdkv1,false)
+endif
+ifeq (,$(call soong_config_get,gpssdk,gpsmcuversion))
+ $(call soong_config_set,gpssdk,gpsmcuversion,gpsv2_$(TARGET_BUILD_VARIANT))
+endif
PRODUCT_PACKAGES += \
bcm47765_gps_package \
diff --git a/gps/lsi/s5400.mk b/gps/lsi/s5400.mk
deleted file mode 100644
index 1bfc88e..0000000
--- a/gps/lsi/s5400.mk
+++ /dev/null
@@ -1,19 +0,0 @@
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/lsi/sepolicy
-
-PRODUCT_SOONG_NAMESPACES += \
- vendor/samsung_slsi/gps/s5400
-
-PRODUCT_PACKAGES += \
- android.hardware.location.gps.prebuilt.xml \
- gnssd \
- android.hardware.gnss-service \
- ca.pem \
- gnss_check.sh \
- kepler.bin
-
-ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
- PRODUCT_VENDOR_PROPERTIES += vendor.gps.aol.enabled=true
-endif
-
-# Enable Pixel GNSS HAL
-include device/google/gs-common/gps/pixel/pixel_gnss_hal.mk
\ No newline at end of file
diff --git a/gps/pixel/device_framework_matrix_product.xml b/gps/pixel/device_framework_matrix_product.xml
deleted file mode 100644
index 2c93444..0000000
--- a/gps/pixel/device_framework_matrix_product.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<compatibility-matrix version="1.0" type="framework" level="8">
- <hal format="aidl" optional="true">
- <name>android.hardware.gnss</name>
- <version>3</version>
- <interface>
- <name>IGnss</name>
- <instance>vendor</instance>
- </interface>
- </hal>
-</compatibility-matrix>
diff --git a/gps/pixel/pixel_gnss_hal.mk b/gps/pixel/pixel_gnss_hal.mk
deleted file mode 100644
index b0edff7..0000000
--- a/gps/pixel/pixel_gnss_hal.mk
+++ /dev/null
@@ -1,15 +0,0 @@
-# Include this file to enable Pixel GNSS HAL
-
-$(call soong_config_set, pixel_gnss, enable_pixel_gnss_aidl_service, true)
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/pixel/sepolicy
-
-PRODUCT_PACKAGES += \
- android.hardware.gnss-service.pixel
-
-PRODUCT_VENDOR_PROPERTIES += \
- persist.vendor.gps.hal.service.name=vendor
-
-# Compatibility matrix
-DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += \
- device/google/gs-common/gps/pixel/device_framework_matrix_product.xml
diff --git a/gps/pixel/sepolicy/file.te b/gps/pixel/sepolicy/file.te
deleted file mode 100644
index 79e95ab..0000000
--- a/gps/pixel/sepolicy/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type sysfs_modem_state, sysfs_type, fs_type;
diff --git a/gpu/sepolicy/service_contexts b/gpu/sepolicy/service_contexts
new file mode 100644
index 0000000..88ee08c
--- /dev/null
+++ b/gpu/sepolicy/service_contexts
@@ -0,0 +1,4 @@
+# Note that native/passthrough HALs use the "{type}/{instance}" pattern from
+# SEPolicy perspective and are looked up via the corresponding filename
+# "{type}.{instance}.so".
+mapper/pixel u:object_r:hal_graphics_mapper_service:s0
diff --git a/gs_watchdogd/gs_watchdogd.cpp b/gs_watchdogd/gs_watchdogd.cpp
index 59b089c..82e01d0 100644
--- a/gs_watchdogd/gs_watchdogd.cpp
+++ b/gs_watchdogd/gs_watchdogd.cpp
@@ -14,9 +14,11 @@
* limitations under the License.
*/
+#include <android-base/chrono_utils.h>
#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
+#include <android-base/unique_fd.h>
#include <errno.h>
#include <fcntl.h>
@@ -26,21 +28,28 @@
#include <string.h>
#include <unistd.h>
-#define DEV_GLOB "/sys/devices/platform/*.watchdog_cl0/watchdog/watchdog*"
+#include <chrono>
+#include <vector>
+
+#define DEV_GLOB "/sys/devices/platform/*.watchdog_cl*/watchdog/watchdog*"
+
+#define DEFAULT_INTERVAL 10s
+#define DEFAULT_MARGIN 10s
using android::base::Basename;
using android::base::StringPrintf;
+using std::literals::chrono_literals::operator""s;
int main(int argc, char** argv) {
android::base::InitLogging(argv, &android::base::KernelLogger);
- int interval = 10;
- if (argc >= 2) interval = atoi(argv[1]);
+ std::chrono::seconds interval = argc >= 2
+ ? std::chrono::seconds(atoi(argv[1])) : DEFAULT_INTERVAL;
+ std::chrono::seconds margin = argc >= 3
+ ? std::chrono::seconds(atoi(argv[2])) : DEFAULT_MARGIN;
- int margin = 10;
- if (argc >= 3) margin = atoi(argv[2]);
-
- LOG(INFO) << "gs_watchdogd started (interval " << interval << ", margin " << margin << ")!";
+ LOG(INFO) << "gs_watchdogd started (interval " << interval.count()
+ << ", margin " << margin.count() << ")!";
glob_t globbuf;
int ret = glob(DEV_GLOB, GLOB_MARK, nullptr, &globbuf);
@@ -49,40 +58,42 @@
return 1;
}
- if (globbuf.gl_pathc > 1) {
- PLOG(WARNING) << "Multiple watchdog dev path found by " << DEV_GLOB;
- }
+ std::vector<android::base::unique_fd> wdt_dev_fds;
- std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[0]).c_str());
- globfree(&globbuf);
+ for (size_t i = 0; i < globbuf.gl_pathc; i++) {
+ std::chrono::seconds timeout = interval + margin;
+ int timeout_secs = timeout.count();
+ std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[i]).c_str());
- int fd = open(dev_path.c_str(), O_RDWR | O_CLOEXEC);
- if (fd == -1) {
- PLOG(ERROR) << "Failed to open " << dev_path;
- return 1;
- }
+ int fd = TEMP_FAILURE_RETRY(open(dev_path.c_str(), O_RDWR | O_CLOEXEC));
+ if (fd == -1) {
+ PLOG(ERROR) << "Failed to open " << dev_path;
+ return 1;
+ }
- int timeout = interval + margin;
- ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout);
- if (ret) {
- PLOG(ERROR) << "Failed to set timeout to " << timeout;
- ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout);
+ wdt_dev_fds.emplace_back(fd);
+ ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout_secs);
if (ret) {
- PLOG(ERROR) << "Failed to get timeout";
- } else {
- if (timeout > margin) {
- interval = timeout - margin;
+ PLOG(ERROR) << "Failed to set timeout to " << timeout_secs;
+ ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout_secs);
+ if (ret) {
+ PLOG(ERROR) << "Failed to get timeout";
} else {
- interval = 1;
+ interval = timeout > margin ? timeout - margin : 1s;
+ LOG(WARNING) << "Adjusted interval to timeout returned by driver: "
+ << "timeout " << timeout_secs
+ << ", interval " << interval.count()
+ << ", margin " << margin.count();
}
- LOG(WARNING) << "Adjusted interval to timeout returned by driver: "
- << "timeout " << timeout << ", interval " << interval << ", margin "
- << margin;
}
}
+ globfree(&globbuf);
+
while (true) {
- write(fd, "", 1);
- sleep(interval);
+ for (const auto& fd : wdt_dev_fds) {
+ TEMP_FAILURE_RETRY(write(fd, "", 1));
+ }
+ sleep(interval.count());
}
}
diff --git a/insmod/insmod.sh b/insmod/insmod.sh
index 03843f5..8cac37e 100755
--- a/insmod/insmod.sh
+++ b/insmod/insmod.sh
@@ -66,6 +66,17 @@
"insmod") insmod $arg ;;
"setprop") setprop $arg 1 ;;
"enable") echo 1 > $arg ;;
+ "condinsmod")
+ prop=$(echo $arg | cut -d '|' -f 1)
+ module1=$(echo $arg | cut -d '|' -f 2)
+ module2=$(echo $arg | cut -d '|' -f 3)
+ value=$(getprop $prop)
+ if [[ ${value} == "true" ]]; then
+ insmod ${vendor_modules_dir}/${module1}
+ else
+ insmod ${vendor_modules_dir}/${module2}
+ fi
+ ;;
"modprobe")
case ${arg} in
"system -b *" | "system -b")
diff --git a/modem/shared_modem_platform/compatibility_matrix.xml b/modem/shared_modem_platform/compatibility_matrix.xml
new file mode 100644
index 0000000..5019c3e
--- /dev/null
+++ b/modem/shared_modem_platform/compatibility_matrix.xml
@@ -0,0 +1,11 @@
+<compatibility-matrix version="1.0" type="framework">
+ <!-- Optional since older devices will not register any services. -->
+ <hal format="aidl" optional="true">
+ <name>com.google.pixel.shared_modem_platform</name>
+ <version>1</version>
+ <interface>
+ <name>ISharedModemPlatform</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</compatibility-matrix>
diff --git a/modem/shared_modem_platform/sepolicy/attributes b/modem/shared_modem_platform/sepolicy/attributes
new file mode 100644
index 0000000..2cc802d
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/attributes
@@ -0,0 +1 @@
+hal_attribute(shared_modem_platform)
diff --git a/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te b/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te
new file mode 100644
index 0000000..8771563
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te
@@ -0,0 +1,8 @@
+# Allow binder connection from client to server
+binder_call(hal_shared_modem_platform_client, hal_shared_modem_platform_server)
+
+# Allow client to find the service, server to register the service
+hal_attribute_service(hal_shared_modem_platform, hal_shared_modem_platform_service)
+
+# Allow binder communication from server to service_manager
+binder_use(hal_shared_modem_platform_server)
diff --git a/modem/shared_modem_platform/sepolicy/service.te b/modem/shared_modem_platform/sepolicy/service.te
new file mode 100644
index 0000000..390fde6
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/service.te
@@ -0,0 +1 @@
+type hal_shared_modem_platform_service, hal_service_type, service_manager_type;
diff --git a/modem/shared_modem_platform/sepolicy/service_contexts b/modem/shared_modem_platform/sepolicy/service_contexts
new file mode 100644
index 0000000..58232f7
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/service_contexts
@@ -0,0 +1,2 @@
+# Bind Shared Modem Platform AIDL service name to the SELinux type.
+com.google.pixel.shared_modem_platform.ISharedModemPlatform/default u:object_r:hal_shared_modem_platform_service:s0
diff --git a/modem/shared_modem_platform/shared_modem_platform.mk b/modem/shared_modem_platform/shared_modem_platform.mk
new file mode 100644
index 0000000..3f50c37
--- /dev/null
+++ b/modem/shared_modem_platform/shared_modem_platform.mk
@@ -0,0 +1,11 @@
+# This file is not included in `modem.mk` since this is included at the
+# beginning of each `device.mk` file, and so will be called before
+# `SHARED_MODEM_PLATFORM_VENDOR` is defined later in the file.
+SOONG_CONFIG_NAMESPACES += shared_modem_platform
+SOONG_CONFIG_shared_modem_platform += \
+ vendor
+SOONG_CONFIG_shared_modem_platform_vendor := $(SHARED_MODEM_PLATFORM_VENDOR)
+
+PRODUCT_PACKAGES += shared_modem_platform
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/shared_modem_platform/compatibility_matrix.xml
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy
diff --git a/mte/fullmte-pixel.mk b/mte/fullmte-pixel.mk
index 6cc525d..ac2aba8 100644
--- a/mte/fullmte-pixel.mk
+++ b/mte/fullmte-pixel.mk
@@ -3,6 +3,3 @@
PRODUCT_MODULE_BUILD_FROM_SOURCE := true
BOARD_KERNEL_CMDLINE += bootloader.pixel.MTE_FORCE_ON
-# TODO(b/324412910): Remove this when the stack-buffer-overflow is fixed.
-PRODUCT_PRODUCT_PROPERTIES += \
- arm64.memtag.process.android.hardware.composer.hwc3-service.pixel=off
\ No newline at end of file
diff --git a/performance/Android.bp b/performance/Android.bp
index 6eee7c4..c29b460 100644
--- a/performance/Android.bp
+++ b/performance/Android.bp
@@ -5,6 +5,7 @@
cc_binary {
name: "dump_perf",
srcs: ["dump_perf.cpp"],
+ init_rc: ["init.pixel-mm-gs.rc"],
cflags: [
"-Wall",
"-Wextra",
diff --git a/performance/init.pixel-mm-gs.rc b/performance/init.pixel-mm-gs.rc
new file mode 100644
index 0000000..9bc12e9
--- /dev/null
+++ b/performance/init.pixel-mm-gs.rc
@@ -0,0 +1,20 @@
+# Copyright (C) 2024 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+on init
+ # adjust PCP high level
+ write /proc/sys/vm/percpu_pagelist_high_fraction 430
+
+ # disable proactive compaction
+ write /proc/sys/vm/compaction_proactiveness 0
diff --git a/performance/sepolicy/vendor_init.te b/performance/sepolicy/vendor_init.te
new file mode 100644
index 0000000..6b4ef15
--- /dev/null
+++ b/performance/sepolicy/vendor_init.te
@@ -0,0 +1,4 @@
+# MM
+allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms;
+allow vendor_init proc_compaction_proactiveness:file w_file_perms;
+
diff --git a/radio/sepolicy/file.te b/radio/sepolicy/file.te
index 02d0209..95b24c0 100644
--- a/radio/sepolicy/file.te
+++ b/radio/sepolicy/file.te
@@ -1,6 +1,9 @@
# Data
type tcpdump_vendor_data_file, file_type, data_file_type;
+# Modem
+type sysfs_modem_state, sysfs_type, fs_type;
+
userdebug_or_eng(`
typeattribute tcpdump_vendor_data_file mlstrustedobject;
')
diff --git a/gps/pixel/sepolicy/genfs_contexts b/radio/sepolicy/genfs_contexts
similarity index 98%
rename from gps/pixel/sepolicy/genfs_contexts
rename to radio/sepolicy/genfs_contexts
index 494aa97..039f329 100644
--- a/gps/pixel/sepolicy/genfs_contexts
+++ b/radio/sepolicy/genfs_contexts
@@ -1,2 +1,3 @@
# modem state node
genfscon sysfs /devices/platform/cpif/modem_state u:object_r:sysfs_modem_state:s0
+
diff --git a/ramdump/ramdump.mk b/ramdump/ramdump.mk
deleted file mode 100644
index 5b34a67..0000000
--- a/ramdump/ramdump.mk
+++ /dev/null
@@ -1,3 +0,0 @@
-PRODUCT_PACKAGES_DEBUG += dump_ramdump
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/ramdump/sepolicy
diff --git a/ramdump/sepolicy/file_contexts b/ramdump/sepolicy/file_contexts
deleted file mode 100644
index 726f69d..0000000
--- a/ramdump/sepolicy/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# dumpstate
-/vendor/bin/dump/dump_ramdump u:object_r:dump_ramdump_exec:s0
diff --git a/ramdump/Android.bp b/ramdump_and_coredump/Android.bp
similarity index 100%
rename from ramdump/Android.bp
rename to ramdump_and_coredump/Android.bp
diff --git a/ramdump/dump_ramdump.cpp b/ramdump_and_coredump/dump_ramdump.cpp
similarity index 100%
rename from ramdump/dump_ramdump.cpp
rename to ramdump_and_coredump/dump_ramdump.cpp
diff --git a/ramdump_and_coredump/ramdump_and_coredump.mk b/ramdump_and_coredump/ramdump_and_coredump.mk
new file mode 100644
index 0000000..5c76bf8
--- /dev/null
+++ b/ramdump_and_coredump/ramdump_and_coredump.mk
@@ -0,0 +1,12 @@
+PRODUCT_PACKAGES += \
+ sscoredump \
+
+PRODUCT_PACKAGES_DEBUG += \
+ dump_ramdump \
+ ramdump \
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/ramdump_and_coredump/sepolicy
+
+# sscoredump
+PRODUCT_PROPERTY_OVERRIDES += vendor.debug.ssrdump.type=sscoredump
+PRODUCT_SOONG_NAMESPACES += vendor/google/tools/subsystem-coredump
diff --git a/ramdump_and_coredump/sepolicy/bug_map b/ramdump_and_coredump/sepolicy/bug_map
new file mode 100644
index 0000000..0554746
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/bug_map
@@ -0,0 +1,3 @@
+ramdump vendor_hw_plat_prop file b/161103878
+ramdump public_vendor_default_prop file b/161103878
+ramdump proc_bootconfig file b/181615626
diff --git a/ramdump_and_coredump/sepolicy/device.te b/ramdump_and_coredump/sepolicy/device.te
new file mode 100644
index 0000000..7614dd4
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/device.te
@@ -0,0 +1 @@
+type sscoredump_device, dev_type;
diff --git a/ramdump/sepolicy/dump_ramdump.te b/ramdump_and_coredump/sepolicy/dump_ramdump.te
similarity index 100%
rename from ramdump/sepolicy/dump_ramdump.te
rename to ramdump_and_coredump/sepolicy/dump_ramdump.te
diff --git a/ramdump_and_coredump/sepolicy/file.te b/ramdump_and_coredump/sepolicy/file.te
new file mode 100644
index 0000000..10c3171
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/file.te
@@ -0,0 +1,15 @@
+# ramdump: file
+type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_fs, fusefs_type, data_file_type, mlstrustedobject;
+
+# sscoredump: file
+type sscoredump_vendor_data_coredump_file, file_type, data_file_type, mlstrustedobject;
+type sscoredump_vendor_data_crashinfo_file, file_type, data_file_type, mlstrustedobject;
+
+# sscoredump: sysfs
+type sysfs_sscoredump_level, sysfs_type, fs_type; # sscoredump level
+type sysfs_sscoredump_subsystem_report_count, sysfs_type, fs_type; # subsystem report_count: per device explicit path
+
+# ssr_detector_app
+type sscoredump_vendor_data_logcat_file, file_type, data_file_type, mlstrustedobject;
diff --git a/ramdump_and_coredump/sepolicy/file_contexts b/ramdump_and_coredump/sepolicy/file_contexts
new file mode 100644
index 0000000..747fc02
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/file_contexts
@@ -0,0 +1,17 @@
+# dump_ramdump
+/vendor/bin/dump/dump_ramdump u:object_r:dump_ramdump_exec:s0
+
+# ramdump
+/data/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
+/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
+/vendor/bin/ramdump u:object_r:ramdump_exec:s0
+/vendor/bin/ramdump32 u:object_r:ramdump_exec:s0
+
+# sscoredump
+/data/vendor/ssrdump(/.*)? u:object_r:sscoredump_vendor_data_crashinfo_file:s0
+/data/vendor/ssrdump/coredump(/.*)? u:object_r:sscoredump_vendor_data_coredump_file:s0
+/dev/sscd_.* u:object_r:sscoredump_device:s0
+/vendor/bin/sscoredump u:object_r:sscoredump_exec:s0
+
+# ssr_detector_app
+/data/vendor/ssrdump/logcat(/.*)? u:object_r:sscoredump_vendor_data_logcat_file:s0
diff --git a/ramdump_and_coredump/sepolicy/genfs_contexts b/ramdump_and_coredump/sepolicy/genfs_contexts
new file mode 100644
index 0000000..5a6e494
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/genfs_contexts
@@ -0,0 +1 @@
+genfscon sysfs /class/sscoredump/level u:object_r:sysfs_sscoredump_level:s0
diff --git a/ramdump_and_coredump/sepolicy/property.te b/ramdump_and_coredump/sepolicy/property.te
new file mode 100644
index 0000000..e708b5a
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/property.te
@@ -0,0 +1,2 @@
+# ramdump
+vendor_internal_prop(vendor_ramdump_prop)
diff --git a/ramdump_and_coredump/sepolicy/property_contexts b/ramdump_and_coredump/sepolicy/property_contexts
new file mode 100644
index 0000000..a50f5a9
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/property_contexts
@@ -0,0 +1,3 @@
+# ramdump
+ro.boot.ramdump u:object_r:vendor_ramdump_prop:s0
+vendor.debug.ramdump. u:object_r:vendor_ramdump_prop:s0
diff --git a/ramdump_and_coredump/sepolicy/ramdump.te b/ramdump_and_coredump/sepolicy/ramdump.te
new file mode 100644
index 0000000..d66139f
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/ramdump.te
@@ -0,0 +1,48 @@
+type ramdump_exec, exec_type, vendor_file_type, file_type;
+type ramdump, domain;
+
+userdebug_or_eng(`
+ init_daemon_domain(ramdump)
+
+ set_prop(ramdump, vendor_ramdump_prop)
+
+ # f2fs set pin file requires sys_admin
+ allow ramdump self:capability { sys_admin sys_rawio };
+
+ allow ramdump ramdump_vendor_data_file:dir create_dir_perms;
+ allow ramdump ramdump_vendor_data_file:file create_file_perms;
+ allow ramdump proc_cmdline:file r_file_perms;
+
+ allow ramdump block_device:dir search;
+ allow ramdump misc_block_device:blk_file rw_file_perms;
+ allow ramdump userdata_block_device:blk_file rw_file_perms;
+
+ # Allow ReadDefaultFstab().
+ read_fstab(ramdump)
+
+ # read /fstab.${ro.hardware}
+ allow ramdump rootfs:file r_file_perms;
+
+ r_dir_file(ramdump, sysfs_type)
+
+ # To access statsd.
+ hwbinder_use(ramdump)
+ get_prop(ramdump, hwservicemanager_prop)
+ get_prop(ramdump, boot_status_prop)
+ allow ramdump fwk_stats_hwservice:hwservice_manager find;
+ binder_call(ramdump, stats_service_server)
+ allow ramdump fwk_stats_service:service_manager find;
+ binder_use(ramdump)
+
+ # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump.
+ allow ramdump fuse:filesystem relabelfrom;
+ allow ramdump fuse_device:chr_file rw_file_perms;
+ allow ramdump mnt_vendor_file:dir r_dir_perms;
+ allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
+ allow ramdump ramdump_vendor_fs:filesystem { mount unmount relabelfrom relabelto };
+ allow ramdump_vendor_mnt_file ramdump_vendor_fs:filesystem associate;
+
+ # Access new Stats AIDL APIs (ag/13714907).
+ allow ramdump fwk_stats_service:service_manager find;
+ binder_call(ramdump, servicemanager)
+')
diff --git a/ramdump_and_coredump/sepolicy/ramdump_app.te b/ramdump_and_coredump/sepolicy/ramdump_app.te
new file mode 100644
index 0000000..85d4bfd
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/ramdump_app.te
@@ -0,0 +1,26 @@
+type ramdump_app, domain;
+
+userdebug_or_eng(`
+ app_domain(ramdump_app)
+
+ allow ramdump_app app_api_service:service_manager find;
+
+ allow ramdump_app ramdump_vendor_data_file:file create_file_perms;
+ allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms;
+
+ set_prop(ramdump_app, vendor_ramdump_prop)
+ get_prop(ramdump_app, system_boot_reason_prop)
+
+ # To access ramdumpfs.
+ allow ramdump_app mnt_vendor_file:dir search;
+ allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms;
+ allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms;
+
+ # To access subsystem ramdump files and dirs.
+ allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+ allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+ allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+ allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms;
+ allow ramdump_app sscoredump_vendor_data_logcat_file:dir r_dir_perms;
+ allow ramdump_app sscoredump_vendor_data_logcat_file:file r_file_perms;
+')
diff --git a/ramdump_and_coredump/sepolicy/seapp_contexts b/ramdump_and_coredump/sepolicy/seapp_contexts
new file mode 100644
index 0000000..2618216
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/seapp_contexts
@@ -0,0 +1,5 @@
+# ramdump_app
+user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
+
+# ssr_detector_app
+user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user
diff --git a/ramdump_and_coredump/sepolicy/sscoredump.te b/ramdump_and_coredump/sepolicy/sscoredump.te
new file mode 100644
index 0000000..70d6e1b
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/sscoredump.te
@@ -0,0 +1,18 @@
+type sscoredump, domain;
+type sscoredump_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(sscoredump)
+
+set_prop(sscoredump, vendor_ssrdump_prop)
+
+allow sscoredump device:dir r_dir_perms;
+allow sscoredump sscoredump_device:chr_file rw_file_perms;
+allow sscoredump sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
+allow sscoredump sscoredump_vendor_data_crashinfo_file:file create_file_perms;
+allow sscoredump sysfs_sscoredump_subsystem_report_count:file r_file_perms;
+
+userdebug_or_eng(`
+ allow sscoredump sysfs_sscoredump_level:file rw_file_perms;
+ allow sscoredump sscoredump_vendor_data_coredump_file:dir create_dir_perms;
+ allow sscoredump sscoredump_vendor_data_coredump_file:file create_file_perms;
+')
diff --git a/ramdump_and_coredump/sepolicy/ssr_detector_app.te b/ramdump_and_coredump/sepolicy/ssr_detector_app.te
new file mode 100644
index 0000000..ffd612a
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/ssr_detector_app.te
@@ -0,0 +1,27 @@
+type ssr_detector_app, domain;
+
+app_domain(ssr_detector_app)
+allow ssr_detector_app app_api_service:service_manager find;
+allow ssr_detector_app radio_service:service_manager find;
+
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:file create_file_perms;
+
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+
+userdebug_or_eng(`
+ allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+ allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms;
+ allow ssr_detector_app sscoredump_vendor_data_logcat_file:dir create_dir_perms;
+ allow ssr_detector_app sscoredump_vendor_data_logcat_file:file create_file_perms;
+ get_prop(ssr_detector_app, vendor_aoc_prop)
+ allow ssr_detector_app sysfs_sjtag:dir r_dir_perms;
+ allow ssr_detector_app sysfs_sjtag:file rw_file_perms;
+ allow ssr_detector_app proc_vendor_sched:dir search;
+ allow ssr_detector_app proc_vendor_sched:file rw_file_perms;
+ allow ssr_detector_app cgroup:file write;
+')
+
+get_prop(ssr_detector_app, vendor_ssrdump_prop)
+get_prop(ssr_detector_app, vendor_wifi_version)
diff --git a/sota_app/factoryota-watch.mk b/sota_app/factoryota-watch.mk
new file mode 100644
index 0000000..3107a1c
--- /dev/null
+++ b/sota_app/factoryota-watch.mk
@@ -0,0 +1,4 @@
+PRODUCT_PACKAGES += \
+ FactoryOtaWearPrebuilt
+
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/sota_app/sepolicy/system_ext
diff --git a/touch/twoshay/sepolicy/device.te b/touch/twoshay/sepolicy/device.te
new file mode 100644
index 0000000..d3ce622
--- /dev/null
+++ b/touch/twoshay/sepolicy/device.te
@@ -0,0 +1 @@
+type touch_offload_device, dev_type;
diff --git a/touch/twoshay/sepolicy/dumpstate.te b/touch/twoshay/sepolicy/dumpstate.te
new file mode 100644
index 0000000..90f14b8
--- /dev/null
+++ b/touch/twoshay/sepolicy/dumpstate.te
@@ -0,0 +1,2 @@
+allow dumpstate touch_context_service:service_manager find;
+binder_call(dumpstate, twoshay)
diff --git a/touch/twoshay/sepolicy/file_contexts b/touch/twoshay/sepolicy/file_contexts
new file mode 100644
index 0000000..09728be
--- /dev/null
+++ b/touch/twoshay/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/dev/touch_offload u:object_r:touch_offload_device:s0
+/vendor/bin/twoshay u:object_r:twoshay_exec:s0
diff --git a/touch/twoshay/sepolicy/hal_dumpstate_default.te b/touch/twoshay/sepolicy/hal_dumpstate_default.te
new file mode 100644
index 0000000..81edc36
--- /dev/null
+++ b/touch/twoshay/sepolicy/hal_dumpstate_default.te
@@ -0,0 +1,2 @@
+allow hal_dumpstate_default touch_context_service:service_manager find;
+binder_call(hal_dumpstate_default, twoshay)
diff --git a/touch/twoshay/sepolicy/platform_app.te b/touch/twoshay/sepolicy/platform_app.te
new file mode 100644
index 0000000..ac997a9
--- /dev/null
+++ b/touch/twoshay/sepolicy/platform_app.te
@@ -0,0 +1,4 @@
+allow platform_app gril_antenna_tuning_service:service_manager find;
+allow platform_app screen_protector_detector_service:service_manager find;
+allow platform_app touch_context_service:service_manager find;
+binder_call(platform_app, twoshay)
diff --git a/touch/twoshay/sepolicy/service.te b/touch/twoshay/sepolicy/service.te
new file mode 100644
index 0000000..4aa064d
--- /dev/null
+++ b/touch/twoshay/sepolicy/service.te
@@ -0,0 +1,3 @@
+type gril_antenna_tuning_service, service_manager_type, hal_service_type;
+type screen_protector_detector_service, service_manager_type, hal_service_type;
+type touch_context_service, service_manager_type, hal_service_type;
diff --git a/touch/twoshay/sepolicy/service_contexts b/touch/twoshay/sepolicy/service_contexts
new file mode 100644
index 0000000..f6aa1db
--- /dev/null
+++ b/touch/twoshay/sepolicy/service_contexts
@@ -0,0 +1,3 @@
+com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
+com.google.input.algos.gril.IGrilAntennaTuningService/default u:object_r:gril_antenna_tuning_service:s0
+com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0
diff --git a/touch/twoshay/sepolicy/touchflow_debug/file_contexts b/touch/twoshay/sepolicy/touchflow_debug/file_contexts
new file mode 100644
index 0000000..17dfe62
--- /dev/null
+++ b/touch/twoshay/sepolicy/touchflow_debug/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/hw/android\.hardware\.input\.processor-reflector u:object_r:hal_input_processor_default_exec:s0
+/vendor/bin/twoshay_touchflow u:object_r:twoshay_exec:s0
diff --git a/touch/twoshay/sepolicy/twoshay.te b/touch/twoshay/sepolicy/twoshay.te
new file mode 100644
index 0000000..cd317a0
--- /dev/null
+++ b/touch/twoshay/sepolicy/twoshay.te
@@ -0,0 +1,27 @@
+type twoshay, domain;
+type twoshay_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(twoshay)
+
+allow twoshay touch_offload_device:chr_file rw_file_perms;
+allow twoshay twoshay:capability sys_nice;
+
+binder_use(twoshay)
+add_service(twoshay, gril_antenna_tuning_service)
+add_service(twoshay, screen_protector_detector_service)
+add_service(twoshay, touch_context_service)
+
+binder_call(twoshay, platform_app)
+
+allow twoshay fwk_stats_service:service_manager find;
+binder_call(twoshay, stats_service_server)
+
+# Allow dumpsys output in bugreports.
+allow twoshay dumpstate:fd use;
+allow twoshay dumpstate:fifo_file write;
+
+# b/198755236
+dontaudit twoshay twoshay:capability dac_override;
+
+# b/226830650
+dontaudit twoshay boot_status_prop:file read;
diff --git a/touch/twoshay/twoshay.mk b/touch/twoshay/twoshay.mk
new file mode 100644
index 0000000..20bf1ba
--- /dev/null
+++ b/touch/twoshay/twoshay.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/twoshay/sepolicy
+PRODUCT_PACKAGES += twoshay
+PRODUCT_SOONG_NAMESPACES += vendor/google/input/twoshay
diff --git a/trusty/rpmb_dev/rpmb_dev.mk b/trusty/rpmb_dev/rpmb_dev.mk
new file mode 100644
index 0000000..31c68ef
--- /dev/null
+++ b/trusty/rpmb_dev/rpmb_dev.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/trusty/rpmb_dev/sepolicy
+
+PRODUCT_PACKAGES += rpmb_dev
diff --git a/trusty/rpmb_dev/sepolicy/file_contexts b/trusty/rpmb_dev/sepolicy/file_contexts
new file mode 100644
index 0000000..1a44f7d
--- /dev/null
+++ b/trusty/rpmb_dev/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+# Binaries
+/vendor/bin/rpmb_dev u:object_r:rpmb_dev_exec:s0
diff --git a/trusty/rpmb_dev/sepolicy/rpmb_dev.te b/trusty/rpmb_dev/sepolicy/rpmb_dev.te
new file mode 100644
index 0000000..0f46e03
--- /dev/null
+++ b/trusty/rpmb_dev/sepolicy/rpmb_dev.te
@@ -0,0 +1,4 @@
+type rpmb_dev, domain;
+type rpmb_dev_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(rpmb_dev)