dump_gti: fix I/O error when touch fails to resume am: 476373ef30 am: 32535854cc am: 8e604aa761
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/24023803
Change-Id: I72a9f7dbe10e225eafbc921b5ecf7b62be07f86b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/dauntless/sepolicy/citadeld.te b/dauntless/sepolicy/citadeld.te
index 86cb61c..60c633c 100644
--- a/dauntless/sepolicy/citadeld.te
+++ b/dauntless/sepolicy/citadeld.te
@@ -11,3 +11,5 @@
allow citadeld citadel_device:chr_file rw_file_perms;
allow citadeld fwk_stats_service:service_manager find;
allow citadeld hal_power_stats_vendor_service:service_manager find;
+
+set_prop(citadeld, vendor_nos_citadel_version);
diff --git a/dauntless/sepolicy/property.te b/dauntless/sepolicy/property.te
new file mode 100644
index 0000000..2e1c4ec
--- /dev/null
+++ b/dauntless/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_nos_citadel_version)
diff --git a/dauntless/sepolicy/property_contexts b/dauntless/sepolicy/property_contexts
new file mode 100644
index 0000000..835de17
--- /dev/null
+++ b/dauntless/sepolicy/property_contexts
@@ -0,0 +1 @@
+vendor.nos.citadel.version u:object_r:vendor_nos_citadel_version:s0
diff --git a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
index 7d50bfc..f867528 100644
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@@ -7,7 +7,7 @@
# The TPU HAL looks for TPU instance in /dev/abrolhos
allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms;
-# Allow DawriNN service to use a client-provided fd residing in /vendor/etc/.
+# Allow DarwiNN service to use a client-provided fd residing in /vendor/etc/.
allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms;
# Allow DarwiNN service to access data files.
diff --git a/gear/dumpstate/Dumpstate.cpp b/gear/dumpstate/Dumpstate.cpp
index 9fe7c1a..31df2c7 100644
--- a/gear/dumpstate/Dumpstate.cpp
+++ b/gear/dumpstate/Dumpstate.cpp
@@ -74,21 +74,21 @@
void Dumpstate::dumpTextSection(int fd, const std::string §ionName) {
bool dumpAll = (sectionName == kAllSections);
std::string dumpFiles;
-
- // Execute all or designated programs under vendor/bin/dump/
- std::unique_ptr<DIR, decltype(&closedir)> dir(opendir("/vendor/bin/dump"), closedir);
- if (!dir) {
- ALOGE("Fail To Open Dir vendor/bin/dump/");
- ::android::base::WriteStringToFd("Fail To Open Dir vendor/bin/dump/\n", fd);
+ struct dirent **dirent_list = NULL;
+ int num_entries = scandir("/vendor/bin/dump", &dirent_list, 0, (int (*)(const struct dirent **, const struct dirent **)) alphasort);
+ if (!dirent_list) {
+ ALOGE("Unable to scan dir: /vendor/bin/dump\n");
+ return;
+ } else if (num_entries <= 0) {
+ ALOGE("No file is found.\n");
return;
}
- dirent *entry;
- while ((entry = readdir(dir.get())) != nullptr) {
- // Skip '.', '..'
- if (entry->d_name[0] == '.') {
+ // Execute all or designated programs under vendor/bin/dump/
+ for (int i = 0; i < num_entries; i++) {
+ if (dirent_list[i]->d_name[0] == '.') {
continue;
}
- std::string bin(entry->d_name);
+ std::string bin(dirent_list[i]->d_name);
dumpFiles = dumpFiles + " " + bin;
if (dumpAll || sectionName == bin) {
auto startTime = startSection(fd, bin);
@@ -111,6 +111,10 @@
::android::base::WriteStringToFd(dumpFiles, fd);
::android::base::WriteStringToFd("\nNote: sections with attachments (e.g. dump_soc) are"
"not available from the command line.\n", fd);
+ while (num_entries--) {
+ free(dirent_list[num_entries]);
+ }
+ free(dirent_list);
}
void Dumpstate::dumpLogSection(int fd, int fd_bin)
diff --git a/gpu/gpu.mk b/gpu/gpu.mk
new file mode 100644
index 0000000..67d1263
--- /dev/null
+++ b/gpu/gpu.mk
@@ -0,0 +1,4 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gpu/sepolicy
+
+PRODUCT_PACKAGES += gpu_probe
+PRODUCT_PACKAGES += android.hardware.neuralnetworks-shim-service-armnn
diff --git a/gpu/sepolicy/file_contexts b/gpu/sepolicy/file_contexts
new file mode 100644
index 0000000..7cadf04
--- /dev/null
+++ b/gpu/sepolicy/file_contexts
@@ -0,0 +1,3 @@
+/vendor/bin/gpu_probe u:object_r:gpu_probe_exec:s0
+
+/vendor/bin/hw/android\.hardware\.neuralnetworks-shim-service-armnn u:object_r:hal_neuralnetworks_armnn_exec:s0
diff --git a/gpu/sepolicy/gpu_probe.te b/gpu/sepolicy/gpu_probe.te
new file mode 100644
index 0000000..d8ffb78
--- /dev/null
+++ b/gpu/sepolicy/gpu_probe.te
@@ -0,0 +1,8 @@
+# gpu_probe
+type gpu_probe_exec, exec_type, vendor_file_type, file_type;
+type gpu_probe, domain;
+
+init_daemon_domain(gpu_probe)
+allow gpu_probe gpu_device:chr_file rw_file_perms;
+
+perfetto_producer(gpu_probe)
diff --git a/gpu/sepolicy/hal_neuralnetworks_armnn.te b/gpu/sepolicy/hal_neuralnetworks_armnn.te
new file mode 100644
index 0000000..62c3257
--- /dev/null
+++ b/gpu/sepolicy/hal_neuralnetworks_armnn.te
@@ -0,0 +1,17 @@
+type hal_neuralnetworks_armnn, domain;
+hal_server_domain(hal_neuralnetworks_armnn, hal_neuralnetworks)
+
+type hal_neuralnetworks_armnn_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_neuralnetworks_armnn)
+
+add_service(hal_neuralnetworks_armnn, armnn_nnapi_service);
+
+allow hal_neuralnetworks_armnn armnn_app_service:service_manager find;
+
+get_prop(hal_neuralnetworks_armnn, hwservicemanager_prop)
+
+allow isolated_app app_data_file:file setattr;
+
+allow hal_neuralnetworks_armnn fwk_stats_service:service_manager find;
+binder_call(hal_neuralnetworks_armnn, system_server);
+binder_use(hal_neuralnetworks_armnn)
diff --git a/gpu/sepolicy/priv_app.te b/gpu/sepolicy/priv_app.te
new file mode 100644
index 0000000..97eec7c
--- /dev/null
+++ b/gpu/sepolicy/priv_app.te
@@ -0,0 +1,2 @@
+allow priv_app armnn_app_service:service_manager find;
+allow priv_app armnn_nnapi_service:service_manager find;
diff --git a/gpu/sepolicy/service.te b/gpu/sepolicy/service.te
new file mode 100644
index 0000000..bf5f3ce
--- /dev/null
+++ b/gpu/sepolicy/service.te
@@ -0,0 +1,4 @@
+type armnn_nnapi_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
+type armnn_vendor_service, service_manager_type, hal_service_type;
+type armnn_dba_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
+type armnn_app_service, service_manager_type;
diff --git a/gpu/sepolicy/service_contexts b/gpu/sepolicy/service_contexts
new file mode 100644
index 0000000..a881130
--- /dev/null
+++ b/gpu/sepolicy/service_contexts
@@ -0,0 +1,3 @@
+com.google.armnn.IArmnnVendorService/default u:object_r:armnn_vendor_service:s0
+android.hardware.neuralnetworks.IDevice/google-armnn u:object_r:armnn_nnapi_service:s0
+com.google.armnn.IArmnnpAppService/default u:object_r:armnn_app_service:s0
diff --git a/gxp/dump.mk b/gxp/dump.mk
deleted file mode 100644
index c1f6300..0000000
--- a/gxp/dump.mk
+++ /dev/null
@@ -1,4 +0,0 @@
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gxp/sepolicy/
-
-PRODUCT_PACKAGES_DEBUG += dump_gxp
-
diff --git a/gxp/gxp.mk b/gxp/gxp.mk
new file mode 100644
index 0000000..45b0f08
--- /dev/null
+++ b/gxp/gxp.mk
@@ -0,0 +1,13 @@
+# GXP logging service
+PRODUCT_PACKAGES += \
+ android.hardware.gxp.logging@service-gxp-logging
+# GXP metrics logger library
+PRODUCT_PACKAGES += \
+ gxp_metrics_logger
+# GXP C-API library
+PRODUCT_PACKAGES += libgxp
+# GXP Debug dump.
+PRODUCT_PACKAGES_DEBUG += dump_gxp
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gxp/sepolicy
+
diff --git a/gxp/sepolicy/device.te b/gxp/sepolicy/device.te
new file mode 100644
index 0000000..382bc9d
--- /dev/null
+++ b/gxp/sepolicy/device.te
@@ -0,0 +1,2 @@
+# GXP device
+type gxp_device, dev_type, mlstrustedobject;
diff --git a/gxp/sepolicy/dump_gxp.te b/gxp/sepolicy/dump_gxp.te
index 61a0482..8d285c5 100644
--- a/gxp/sepolicy/dump_gxp.te
+++ b/gxp/sepolicy/dump_gxp.te
@@ -7,5 +7,7 @@
allow dump_gxp sscoredump_vendor_data_coredump_file:file r_file_perms;
allow dump_gxp sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
allow dump_gxp sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+ # Allow dump_gxp to access gxp properties.
+ get_prop(google_camera_app, vendor_gxp_prop)
')
diff --git a/gxp/sepolicy/file.te b/gxp/sepolicy/file.te
new file mode 100644
index 0000000..278cdd9
--- /dev/null
+++ b/gxp/sepolicy/file.te
@@ -0,0 +1,2 @@
+# Gxp sysfs file
+type sysfs_gxp, sysfs_type, fs_type;
diff --git a/gxp/sepolicy/file_contexts b/gxp/sepolicy/file_contexts
index 80420f4..08bef12 100644
--- a/gxp/sepolicy/file_contexts
+++ b/gxp/sepolicy/file_contexts
@@ -1,2 +1,12 @@
-/vendor/bin/dump/dump_gxp u:object_r:dump_gxp_exec:s0
+# GXP Vendor library
+/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0
+
+# GXP logging service
+/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
+
+# GXP Metrics Collection Library
+/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0
+
+# Allow collection of debug dump.
+/vendor/bin/dump/dump_gxp u:object_r:dump_gxp_exec:s0
diff --git a/gxp/sepolicy/gxp_logging.te b/gxp/sepolicy/gxp_logging.te
new file mode 100644
index 0000000..fd1af7f
--- /dev/null
+++ b/gxp/sepolicy/gxp_logging.te
@@ -0,0 +1,21 @@
+type gxp_logging, domain;
+type gxp_logging_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gxp_logging)
+
+# The logging service accesses /dev/gxp
+allow gxp_logging gxp_device:chr_file rw_file_perms;
+
+# Allow logging service to access /sys/class/gxp
+allow gxp_logging sysfs_gxp:dir search;
+allow gxp_logging sysfs_gxp:file rw_file_perms;
+
+# Allow logging service to log to stats service for reporting metrics.
+allow gxp_logging fwk_stats_service:service_manager find;
+binder_call(gxp_logging, system_server);
+binder_use(gxp_logging)
+
+# Allow logging service to read gxp properties.
+get_prop(gxp_logging, vendor_gxp_prop)
+
+# Allow gxp tracing service to send packets to Perfetto
+userdebug_or_eng(`perfetto_producer(gxp_logging)')
diff --git a/gxp/sepolicy/hal_camera_default.te b/gxp/sepolicy/hal_camera_default.te
new file mode 100644
index 0000000..5570a2e
--- /dev/null
+++ b/gxp/sepolicy/hal_camera_default.te
@@ -0,0 +1,3 @@
+# Allow the camera hal to access the GXP device and Properties.
+allow hal_camera_default gxp_device:chr_file rw_file_perms;
+get_prop(hal_camera_default, vendor_gxp_prop)
diff --git a/gxp/sepolicy/property.te b/gxp/sepolicy/property.te
new file mode 100644
index 0000000..b9741f0
--- /dev/null
+++ b/gxp/sepolicy/property.te
@@ -0,0 +1,3 @@
+# Gxp Android properties
+system_vendor_config_prop(vendor_gxp_prop)
+
diff --git a/gxp/sepolicy/property_contexts b/gxp/sepolicy/property_contexts
new file mode 100644
index 0000000..6093c7c
--- /dev/null
+++ b/gxp/sepolicy/property_contexts
@@ -0,0 +1,3 @@
+# GXP Android Property.
+vendor.gxp. u:object_r:vendor_gxp_prop:s0
+
diff --git a/gxp/sepolicy/vendor_init.te b/gxp/sepolicy/vendor_init.te
new file mode 100644
index 0000000..ec6ceab
--- /dev/null
+++ b/gxp/sepolicy/vendor_init.te
@@ -0,0 +1,3 @@
+# Gxp Android Properties.
+set_prop(vendor_init, vendor_gxp_prop)
+
diff --git a/pixelsystemservice/pixelsystemservice.mk b/pixelsystemservice/pixelsystemservice.mk
new file mode 100644
index 0000000..fcabe89
--- /dev/null
+++ b/pixelsystemservice/pixelsystemservice.mk
@@ -0,0 +1,5 @@
+PRODUCT_SOONG_NAMESPACES += vendor/google/apps/PersistentBackgroundServices
+PRODUCT_PACKAGES += \
+ PersistentBackgroundServices
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/pixelsystemservice/sepolicy
diff --git a/pixelsystemservice/sepolicy/pixelsystemservice_app.te b/pixelsystemservice/sepolicy/pixelsystemservice_app.te
new file mode 100644
index 0000000..f120058
--- /dev/null
+++ b/pixelsystemservice/sepolicy/pixelsystemservice_app.te
@@ -0,0 +1,6 @@
+type pixelsystemservice_app, domain, coredomain;
+
+app_domain(pixelsystemservice_app);
+
+# Standard system services
+allow pixelsystemservice_app app_api_service:service_manager find;
diff --git a/pixelsystemservice/sepolicy/seapp_contexts b/pixelsystemservice/sepolicy/seapp_contexts
new file mode 100644
index 0000000..f1c1262
--- /dev/null
+++ b/pixelsystemservice/sepolicy/seapp_contexts
@@ -0,0 +1,2 @@
+# Pixel System Service
+user=_app seinfo=platform name=com.google.android.pixelsystemservice domain=pixelsystemservice_app type=app_data_file levelFrom=all