Merge "vendor: Allow devices to set the GMS client id" into android-4.4

commit: 3ecb8fde6b8eaef334e3f0f4e4f96e8c3fc289d2 [log] [tgz]
author: Lalit Maganti <lalitmaganti@gmail.com> Thu Jan 23 10:29:43 2014 +0100
committer: Gerrit Code Review <gerrit2@gerrit> Thu Jan 23 10:29:43 2014 +0100
tree: e2e472127ac10d4e3a1467d8a15fad327f369635
parent: 2d5a9ba50bd635c5dbd051563db2f9857b086ef3 [diff]
parent: 31b15b7a899666e9afada73774c4051689b3465c [diff]
diff --git a/prebuilt/etc/init.local.rc b/prebuilt/etc/init.local.rc
index 203a358..3fbb314 100644
--- a/prebuilt/etc/init.local.rc
+++ b/prebuilt/etc/init.local.rc

@@ -17,10 +17,14 @@
     # interactive governor
     chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
+    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
+    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
     chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
     chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
+    chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
+    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
     chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
     chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
@@ -70,12 +74,13 @@
 
     # Assume SMP uses shared cpufreq policy for all CPUs
     chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
-    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
+    chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
     chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
-    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
+    chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
     chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
-    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
+    chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
 
+    # I/O scheduler
     chown system system /sys/block/mmcblk0/queue/scheduler
     chmod 0664 /sys/block/mmcblk0/queue/scheduler
 

diff --git a/sepolicy/file.te b/sepolicy/file.te
new file mode 100644
index 0000000..c8abd2e
--- /dev/null
+++ b/sepolicy/file.te

@@ -0,0 +1,6 @@
+###########################
+# OmniROM common sepolicy
+#
+
+# Support asec containers getting mounted
+allow file_type rootfs:filesystem associate;

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
new file mode 100644
index 0000000..122c980
--- /dev/null
+++ b/sepolicy/file_contexts

@@ -0,0 +1,11 @@
+###########################
+# OmniROM common sepolicy
+#
+
+# cache
+/cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
+
+# performance-related sysfs files
+/sys/kernel/mm/ksm(/.*)?       --          u:object_r:sysfs_writable:s0
+/sys/devices/system/cpu.*/cpufreq(/.*)? --  u:object_r:sysfs_writable:s0
+/sys/block/mmcblk0/queue/scheduler  --    u:object_r:sysfs_writable:s0

diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
new file mode 100644
index 0000000..31e1956
--- /dev/null
+++ b/sepolicy/genfs_contexts

@@ -0,0 +1,5 @@
+###########################
+# OmniROM common sepolicy
+#
+
+genfscon fuseblk / u:object_r:sdcard_external:s0

diff --git a/sepolicy/installd.te b/sepolicy/installd.te
new file mode 100644
index 0000000..abbd0e0
--- /dev/null
+++ b/sepolicy/installd.te

@@ -0,0 +1,7 @@
+###########################
+# OmniROM common sepolicy
+#
+
+# Allow querying of asec size on SD card
+allow installd sdcard_external:dir { search };
+allow installd sdcard_external:file { getattr };

diff --git a/sepolicy/mac_permissions.xml b/sepolicy/mac_permissions.xml
new file mode 100644
index 0000000..e91c6f4
--- /dev/null
+++ b/sepolicy/mac_permissions.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!-- Most Google-authored apps -->
+  <signer signature="308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a" >
+    <!-- This should probably be refined, but it's a ton of them -->
+    <allow-all />
+    <!-- We should only add the exact key + package name, rather then giving this to all gapps -->
+    <seinfo value="release" />
+  </signer>
+
+  <!-- Youtube -->
+  <signer signature="30820252308201bb02044934987e300d06092a864886f70d01010405003070310b3009060355040613025553310b3009060355040813024341311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c652c20496e6331143012060355040b130b476f6f676c652c20496e633110300e06035504031307556e6b6e6f776e301e170d3038313230323032303735385a170d3336303431393032303735385a3070310b3009060355040613025553310b3009060355040813024341311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c652c20496e6331143012060355040b130b476f6f676c652c20496e633110300e06035504031307556e6b6e6f776e30819f300d06092a864886f70d010101050003818d00308189028181009f48031990f9b14726384e0453d18f8c0bbf8dc77b2504a4b1207c4c6c44babc00adc6610fa6b6ab2da80e33f2eef16b26a3f6b85b9afaca909ffbbeb3f4c94f7e8122a798e0eba75ced3dd229fa7365f41516415aa9c1617dd583ce19bae8a0bbd885fc17a9b4bd2640805121aadb9377deb40013381418882ec52282fc580d0203010001300d06092a864886f70d0101040500038181004086669ed631da4384ddd061d226e073b98cc4b99df8b5e4be9e3cbe97501e83df1c6fa959c0ce605c4fd2ac6d1c84cede20476cbab19be8f2203aff7717ad652d8fcc890708d1216da84457592649e0e9d3c4bb4cf58da19db1d4fc41bcb9584f64e65f410d0529fd5b68838c141d0a9bd1db1191cb2a0df790ea0cb12db3a4" >
+    <allow-all />
+    <seinfo value="release" />
+  </signer>
+</policy>

diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
new file mode 100644
index 0000000..72b99ab
--- /dev/null
+++ b/sepolicy/sepolicy.mk

@@ -0,0 +1,15 @@
+#
+# This policy configuration will be used by all products that
+# inherit from Omni
+#
+
+BOARD_SEPOLICY_DIRS += \
+    vendor/omni/sepolicy
+
+BOARD_SEPOLICY_UNION += \
+    file_contexts \
+    file.te \
+    genfs_contexts \
+    installd.te \
+    mac_permissions.xml \
+	vold.te

diff --git a/sepolicy/vold.te b/sepolicy/vold.te
new file mode 100644
index 0000000..516bf29
--- /dev/null
+++ b/sepolicy/vold.te

@@ -0,0 +1,21 @@
+###########################
+# OmniROM common sepolicy
+#
+
+# Allow vold to access fuse for fuse-based fs
+allow vold fuse_device:chr_file rw_file_perms;
+
+# NTFS-3g wants to drop permission
+allow vold self:capability { setgid setuid };
+
+# Allow vold to relabel sdcard fs mounts
+allow vold unlabeled:filesystem { relabelfrom };
+allow vold sdcard_external:filesystem { relabelfrom relabelto };
+
+# Allow vold to manage ASEC
+allow vold sdcard_external:file create_file_perms;
+
+# Allow vold to change context for mounted ext4 sdcard
+relabelto_domain(vold)
+allow vold labeledfs:filesystem { relabelfrom };
+allow vold sdcard_external:filesystem { relabelfrom relabelto };

diff --git a/utils/fork_github.sh b/utils/fork_github.sh
index 4e60ec0..711be6c 100755
--- a/utils/fork_github.sh
+++ b/utils/fork_github.sh

@@ -66,7 +66,7 @@
 	echo "Unable to push!"
 	read -p "Try with -f? [y/n]: " forcepush
 	if [ "$forcepush" = "y" ]; then
-		git psuh -f ssh://gerrit.omnirom.org:29418/$repo_name $BRANCH
+		git push -f ssh://gerrit.omnirom.org:29418/$repo_name $BRANCH
 	fi
 fi
commit	3ecb8fde6b8eaef334e3f0f4e4f96e8c3fc289d2	[log] [tgz]
author	Lalit Maganti <lalitmaganti@gmail.com>	Thu Jan 23 10:29:43 2014 +0100
committer	Gerrit Code Review <gerrit2@gerrit>	Thu Jan 23 10:29:43 2014 +0100
tree	e2e472127ac10d4e3a1467d8a15fad327f369635
parent	2d5a9ba50bd635c5dbd051563db2f9857b086ef3 [diff]
parent	31b15b7a899666e9afada73774c4051689b3465c [diff]