Merge "Add missing SEPolicy for audio HAL to use EdgeTpu lib" into main
diff --git a/edgetpu/sepolicy/file_contexts b/edgetpu/sepolicy/file_contexts
index 06f0a89..6190fcf 100644
--- a/edgetpu/sepolicy/file_contexts
+++ b/edgetpu/sepolicy/file_contexts
@@ -17,6 +17,8 @@
# EdgeTPU runtime libraries
/vendor/lib64/com\.google\.edgetpu_app_service-V[1-4]-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
+# EdgeTPU Tachyon libraries
+/vendor/lib64/libedgetpu_tachyon\.google\.so u:object_r:same_process_hal_file:s0
# EdgeTPU data files
/data/vendor/hal_neuralnetworks_darwinn(/.*)? u:object_r:hal_neuralnetworks_darwinn_data_file:s0
@@ -27,3 +29,6 @@
# Tachyon service
/vendor/bin/hw/com\.google\.edgetpu.tachyon-service u:object_r:edgetpu_tachyon_server_exec:s0
+
+# libfmq.so is dynamically loaded by the Tachyon client-side library libedgetpu_tachyon.google.so
+/vendor/lib64/libfmq\.so u:object_r:same_process_hal_file:s0
diff --git a/edgetpu/sepolicy/priv_app.te b/edgetpu/sepolicy/priv_app.te
index a9b49c3..579cc61 100644
--- a/edgetpu/sepolicy/priv_app.te
+++ b/edgetpu/sepolicy/priv_app.te
@@ -7,3 +7,6 @@
# Allows privileged applications to access the EdgeTPU device, except open,
# which is guarded by the EdgeTPU service.
allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+# Allows EdgeTPU Tachyon service to call the app.
+binder_call(edgetpu_tachyon_server, priv_app);
diff --git a/edgetpu/sepolicy/untrusted_app_all.te b/edgetpu/sepolicy/untrusted_app_all.te
index 9abec61..3c92900 100644
--- a/edgetpu/sepolicy/untrusted_app_all.te
+++ b/edgetpu/sepolicy/untrusted_app_all.te
@@ -5,3 +5,5 @@
# by the EdgeTPU service.
allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };
+# Allows EdgeTPU Tachyon service to call the app.
+binder_call(edgetpu_tachyon_server, untrusted_app_all);
diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te
index 512ecc9..ecdfcd3 100644
--- a/gps/pixel/sepolicy/hal_gnss_pixel.te
+++ b/gps/pixel/sepolicy/hal_gnss_pixel.te
@@ -12,3 +12,14 @@
#Toggle coredump node
allow hal_gnss_pixel sysfs_gps:file rw_file_perms;
+
+# Allow access to CHRE multiclient HAL.
+get_prop(hal_gnss_pixel, vendor_chre_hal_prop)
+
+# Allow binder to CHRE.
+binder_call(hal_gnss_pixel, hal_contexthub_default)
+allow hal_gnss_pixel hal_contexthub_service:service_manager find;
+
+# Allow connect to gnss service
+allow hal_gnss_pixel vendor_gps_file:dir create_dir_perms;
+allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;
\ No newline at end of file
diff --git a/gxp/dump_gxp.cpp b/gxp/dump_gxp.cpp
index 518a44a..5d9f28a 100644
--- a/gxp/dump_gxp.cpp
+++ b/gxp/dump_gxp.cpp
@@ -17,7 +17,7 @@
#include <android-base/properties.h>
#include <android-base/file.h>
-#define maxGxpDebugDumps 3
+#define maxGxpDebugDumps 4
int main() {
/* TODO(b/277094681): Set default value to false around device beta milestone. */
diff --git a/insmod/16k/Android.bp b/insmod/16k/Android.bp
new file mode 100644
index 0000000..975c5dc
--- /dev/null
+++ b/insmod/16k/Android.bp
@@ -0,0 +1,14 @@
+
+soong_namespace {
+}
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+sh_binary {
+ name: "insmod.sh",
+ src: "insmod.sh",
+ init_rc: ["init.module.rc"],
+ vendor: true,
+}
diff --git a/insmod/init.module.rc b/insmod/16k/init.module.rc
similarity index 100%
copy from insmod/init.module.rc
copy to insmod/16k/init.module.rc
diff --git a/insmod/16k/insmod.sh b/insmod/16k/insmod.sh
new file mode 100644
index 0000000..8ec8199
--- /dev/null
+++ b/insmod/16k/insmod.sh
@@ -0,0 +1,119 @@
+#!/vendor/bin/sh
+
+#############################################################
+### init.insmod.cfg format: ###
+### ----------------------------------------------------- ###
+### [insmod|setprop|enable/moprobe|wait] [path|prop name] ###
+### ... ###
+#############################################################
+
+modules_dir=
+system_modules_dir=
+vendor_modules_dir=
+
+
+pagesize=$(getconf PAGESIZE)
+# bootoption=$(getprop ro.product.build.16k_page.enabled)
+# We do not need to check ro.product.build.16k_page.enabled , because this
+# version of insmod.sh will only be used if PRODUCT_16K_DEVELOPER_OPTION
+# is set to true
+
+if [ "$pagesize" != "4096" ] ; then
+ echo "Device has page size $pagesize , skip loading modules from vendor_dlkm/system_dlkm because all modules are stored on vendor_boot"
+ setprop vendor.common.modules.ready 1
+ setprop vendor.device.modules.ready 1
+ setprop vendor.all.modules.ready 1
+ setprop vendor.all.devices.ready 1
+ return 0
+fi
+
+
+for dir in system vendor; do
+ for f in /${dir}/lib/modules/*/modules.dep /${dir}/lib/modules/modules.dep; do
+ if [[ -f "$f" ]]; then
+ if [[ "${dir}" == "system" ]]; then
+ system_modules_dir="$(dirname "$f")"
+ else
+ vendor_modules_dir="$(dirname "$f")"
+ modules_dir=${vendor_modules_dir}
+ fi
+ break
+ fi
+ done
+done
+
+if [[ -z "${system_modules_dir}" ]]; then
+ echo "Unable to locate system kernel modules directory" 2>&1
+fi
+
+if [[ -z "${vendor_modules_dir}" ]]; then
+ echo "Unable to locate vendor kernel modules directory" 2>&1
+ exit 1
+fi
+
+# imitates wait_for_file() in init
+wait_for_file()
+{
+ filename="${1}"
+ timeout="${2:-5}"
+
+ expiry=$(($(date "+%s")+timeout))
+ while [[ ! -e "${filename}" ]] && [[ "$(date "+%s")" -le "${expiry}" ]]
+ do
+ sleep 0.01
+ done
+}
+
+if [ $# -eq 1 ]; then
+ cfg_file=$1
+else
+ # Set property even if there is no insmod config
+ # to unblock early-boot trigger
+ setprop vendor.common.modules.ready 1
+ setprop vendor.device.modules.ready 1
+ setprop vendor.all.modules.ready 1
+ setprop vendor.all.devices.ready 1
+ exit 1
+fi
+
+if [ -f $cfg_file ]; then
+ while IFS="|" read -r action arg
+ do
+ case $action in
+ "insmod") insmod $arg ;;
+ "setprop") setprop $arg 1 ;;
+ "enable") echo 1 > $arg ;;
+ "condinsmod")
+ prop=$(echo $arg | cut -d '|' -f 1)
+ module1=$(echo $arg | cut -d '|' -f 2)
+ module2=$(echo $arg | cut -d '|' -f 3)
+ value=$(getprop $prop)
+ if [[ ${value} == "true" ]]; then
+ insmod ${vendor_modules_dir}/${module1}
+ else
+ insmod ${vendor_modules_dir}/${module2}
+ fi
+ ;;
+ "modprobe")
+ case ${arg} in
+ "system -b *" | "system -b")
+ modules_dir=${system_modules_dir}
+ arg="-b --all=${system_modules_dir}/modules.load" ;;
+ "system *" | "system")
+ modules_dir=${system_modules_dir}
+ arg="--all=${system_modules_dir}/modules.load" ;;
+ "-b *" | "-b" | "vendor -b *" | "vendor -b")
+ modules_dir=${vendor_modules_dir}
+ arg="-b --all=${vendor_modules_dir}/modules.load" ;;
+ "*" | "" | "vendor *" | "vendor")
+ modules_dir=${vendor_modules_dir}
+ arg="--all=${vendor_modules_dir}/modules.load" ;;
+ esac
+ if [[ -d "${modules_dir}" ]]; then
+ modprobe -a -d "${modules_dir}" $arg
+ fi
+ ;;
+ "wait") wait_for_file $arg ;;
+ esac
+ done < $cfg_file
+fi
diff --git a/insmod/4k/Android.bp b/insmod/4k/Android.bp
new file mode 100644
index 0000000..ddfec40
--- /dev/null
+++ b/insmod/4k/Android.bp
@@ -0,0 +1,13 @@
+
+soong_namespace {
+}
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+sh_binary {
+ name: "insmod.sh",
+ src: "insmod.sh",
+ init_rc: ["init.module.rc"],
+ vendor: true,
+}
diff --git a/insmod/init.module.rc b/insmod/4k/init.module.rc
similarity index 100%
rename from insmod/init.module.rc
rename to insmod/4k/init.module.rc
diff --git a/insmod/insmod.sh b/insmod/4k/insmod.sh
similarity index 100%
rename from insmod/insmod.sh
rename to insmod/4k/insmod.sh
diff --git a/insmod/Android.bp b/insmod/Android.bp
index eed35ec..143e777 100644
--- a/insmod/Android.bp
+++ b/insmod/Android.bp
@@ -2,13 +2,6 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-sh_binary {
- name: "insmod.sh",
- src: "insmod.sh",
- init_rc: ["init.module.rc"],
- vendor: true,
-}
-
prebuilt_etc {
name: "init.common.cfg",
src: "init.common.cfg",
diff --git a/insmod/insmod.mk b/insmod/insmod.mk
index aa2261a..0d8da9e 100644
--- a/insmod/insmod.mk
+++ b/insmod/insmod.mk
@@ -1,3 +1,9 @@
+ifeq (true,$(PRODUCT_16K_DEVELOPER_OPTION))
+PRODUCT_SOONG_NAMESPACES += device/google/gs-common/insmod/16k
+else
+PRODUCT_SOONG_NAMESPACES += device/google/gs-common/insmod/4k
+endif
+
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/insmod/sepolicy
PRODUCT_PACKAGES += \
insmod.sh \
diff --git a/performance/Android.bp b/performance/Android.bp
index c29b460..5c0e0b2 100644
--- a/performance/Android.bp
+++ b/performance/Android.bp
@@ -12,7 +12,7 @@
"-Werror",
],
shared_libs: [
- "libdump",
+ "libdump",
],
vendor: true,
relative_install_path: "dump",
diff --git a/performance/dump_perf.cpp b/performance/dump_perf.cpp
index aa742f1..d2989ad 100644
--- a/performance/dump_perf.cpp
+++ b/performance/dump_perf.cpp
@@ -18,5 +18,8 @@
int main() {
dumpFileContent("VENDOR PROC DUMP", "/proc/vendor_sched/dump_task");
+ dumpFileContent("BTS scenario", "/sys/kernel/debug/bts/scenario");
+ dumpFileContent("BTS vc", "/sys/kernel/debug/bts/vc");
+ dumpFileContent("BTS status", "/sys/kernel/debug/bts/status");
return 0;
}
diff --git a/performance/sepolicy/dump_perf.te b/performance/sepolicy/dump_perf.te
index 15c4f6e..befe9ba 100644
--- a/performance/sepolicy/dump_perf.te
+++ b/performance/sepolicy/dump_perf.te
@@ -1,3 +1,7 @@
pixel_bugreport(dump_perf)
allow dump_perf proc_vendor_sched:file r_file_perms;
+userdebug_or_eng(`
+ allow dump_perf vendor_bts_debugfs:dir r_dir_perms;
+ allow dump_perf vendor_bts_debugfs:file r_file_perms;
+')
diff --git a/performance/sepolicy/file.te b/performance/sepolicy/file.te
new file mode 100644
index 0000000..8e16bbf
--- /dev/null
+++ b/performance/sepolicy/file.te
@@ -0,0 +1,2 @@
+type sysfs_pakills, fs_type, sysfs_type;
+type vendor_bts_debugfs, fs_type, debugfs_type;
diff --git a/performance/sepolicy/genfs_contexts b/performance/sepolicy/genfs_contexts
index 000c41b..041021c 100644
--- a/performance/sepolicy/genfs_contexts
+++ b/performance/sepolicy/genfs_contexts
@@ -1 +1,3 @@
genfscon proc /sys/kernel/sched_pelt_multiplier u:object_r:proc_sched:s0
+genfscon sysfs /kernel/vendor_mm/pa_kill u:object_r:sysfs_pakills:s0
+genfscon debugfs /bts u:object_r:vendor_bts_debugfs:s0
diff --git a/performance/sepolicy/hal_power_default.te b/performance/sepolicy/hal_power_default.te
new file mode 100644
index 0000000..763862d
--- /dev/null
+++ b/performance/sepolicy/hal_power_default.te
@@ -0,0 +1,2 @@
+allow hal_power_default sysfs_pakills:file rw_file_perms;
+allow hal_power_default sysfs_pakills:dir r_dir_perms;