From d36b2b709b90c1113c9ddf58b06fafe37c11e9fe Mon Sep 17 00:00:00 2001 From: Ravi Jain Date: Mon, 30 Sep 2024 08:35:31 +0000 Subject: [PATCH 1/5] vibrator: Add vibrator HAL flags Move the HAL vibrator Flags temporarily from hardware/google/pixel. Bug: 362659323 Test: Build Pass Flag: EXEMPT refactor Change-Id: Id51defdb09c1d912b991cada5c413b66c8501df7 --- vibrator/flags/Android.bp | 43 ++++++++++++++++++++++++++++ vibrator/flags/VibratorFlags.aconfig | 10 +++++++ 2 files changed, 53 insertions(+) create mode 100644 vibrator/flags/Android.bp create mode 100644 vibrator/flags/VibratorFlags.aconfig diff --git a/vibrator/flags/Android.bp b/vibrator/flags/Android.bp new file mode 100644 index 0000000..0b36aee --- /dev/null +++ b/vibrator/flags/Android.bp @@ -0,0 +1,43 @@ +// +// Copyright (C) 2024 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +aconfig_declarations { + name: "VibratorFlagsL26", + package: "vendor.vibrator.hal.flags", + container: "vendor", + exportable: true, + srcs: ["VibratorFlags.aconfig"], +} + +cc_aconfig_library { + name: "PixelVibratorFlagsL26", + aconfig_declarations: "VibratorFlagsL26", + vendor_available: true, + visibility: [ + "//vendor:__subpackages__", + "//device/google/felix:__subpackages__", + ], +} + +java_aconfig_library { + name: "PixelVibratorFlagsL26_java", + aconfig_declarations: "VibratorFlagsL26", + mode: "exported", + visibility: ["//vendor:__subpackages__"], +} diff --git a/vibrator/flags/VibratorFlags.aconfig b/vibrator/flags/VibratorFlags.aconfig new file mode 100644 index 0000000..ec6e2d4 --- /dev/null +++ b/vibrator/flags/VibratorFlags.aconfig @@ -0,0 +1,10 @@ +package: "vendor.vibrator.hal.flags" +container: "vendor" + +flag { + name: "remove_capo" + namespace: "vibrator" + is_exported: true + description: "This flag controls the removal of utilizing Capo at the HAL level" + bug: "290223630" +} From 3c88c195812e38e6535a5ccb42f39609200e2887 Mon Sep 17 00:00:00 2001 From: sienna Date: Tue, 3 Sep 2024 09:16:43 +0000 Subject: [PATCH 2/5] Update AIDL to v4. Bug: 361494448 Test: atest vts_treble_vintf_vendor_test Flag: EXEMPT update aidl Change-Id: I6883ad8fdb5cadc44e8e59fc50642fc24532cff9 --- audio/aidl/device_framework_matrix_product.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audio/aidl/device_framework_matrix_product.xml b/audio/aidl/device_framework_matrix_product.xml index 0e7e998..11f01c7 100644 --- a/audio/aidl/device_framework_matrix_product.xml +++ b/audio/aidl/device_framework_matrix_product.xml @@ -9,7 +9,7 @@ vendor.google.whitechapel.audio.extension - 3 + 4 IAudioExtension default From 1822201a0c6a91d84627c6b59fcd21b223285dac Mon Sep 17 00:00:00 2001 From: samou Date: Fri, 4 Oct 2024 08:41:51 +0000 Subject: [PATCH 3/5] sepolicy: remove irregular policy Flag: EXEMPT refactor Bug: 364989823 Change-Id: I4cced2ae29591425a5bfcb971be6bd2db6b19c66 Signed-off-by: samou --- .../sepolicy/vendor/dumpstate.te | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/battery_mitigation/sepolicy/vendor/dumpstate.te b/battery_mitigation/sepolicy/vendor/dumpstate.te index bb84ff2..b3bb1d4 100644 --- a/battery_mitigation/sepolicy/vendor/dumpstate.te +++ b/battery_mitigation/sepolicy/vendor/dumpstate.te @@ -1,21 +1,3 @@ # To call battery_mitigation hal allow dumpstate hal_battery_mitigation_service:service_manager find; binder_call(dumpstate, battery_mitigation); - -allow hal_dumpstate_default sysfs_acpm_stats:dir { read open search }; -allow hal_dumpstate_default sysfs_acpm_stats:file { read open getattr }; -allow hal_dumpstate_default sysfs_cpu:file { read open getattr }; -allow hal_dumpstate_default sysfs_batteryinfo:dir { read open search }; -allow hal_dumpstate_default sysfs_batteryinfo:file { read open getattr }; -allow hal_dumpstate_default logbuffer_device:chr_file { read open getattr }; -allow hal_dumpstate_default mitigation_vendor_data_file:file { read open getattr }; -allow hal_dumpstate_default mitigation_vendor_data_file:dir { search }; -allow hal_dumpstate_default sysfs_bcl:dir { read open search }; -allow hal_dumpstate_default sysfs_bcl:file { read open getattr }; -allow hal_dumpstate_default vendor_file:file { execute_no_trans }; -allow hal_dumpstate_default battery_history_device:chr_file { read }; - - -userdebug_or_eng(` - allow hal_dumpstate_default vendor_pm_genpd_debugfs:file { read open getattr }; -') From 0379e1a2b834867e10ddce54c2d6111a9a4ef242 Mon Sep 17 00:00:00 2001 From: Taylor Nelms Date: Fri, 27 Sep 2024 20:33:30 +0000 Subject: [PATCH 4/5] display: add pixel display trace to bugreport AVC error log justifications: [ 1198.907014] type=1400 audit(1728067746.876:2074): avc: denied { search } for comm="cat" name="instances" dev="tracefs" ino=4194 scontext=u:r:dump_display_userdebug:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1 [ 1198.908565] type=1400 audit(1728067746.876:2075): avc: denied { read } for comm="cat" name="trace" dev="tracefs" ino=167692 scontext=u:r:dump_display_userdebug:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1 [ 1198.909716] type=1400 audit(1728067746.876:2076): avc: denied { open } for comm="cat" path="/sys/kernel/tracing/instances/pixel-display/trace" dev="tracefs" ino=167692 scontext=u:r:dump_display_userdebug:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1 Bug: 369099258 Test: pixel display trace visible in bugreport Flag: EXEMPT bugfix Change-Id: I53f9340aee155d1ff0d0c0bc2db45e6bd77f342a Signed-off-by: Taylor Nelms --- display/dump_display_userdebug.sh | 4 ++++ display/sepolicy/dump_display.te | 1 + display/sepolicy/dump_display_userdebug.te | 3 +++ 3 files changed, 8 insertions(+) diff --git a/display/dump_display_userdebug.sh b/display/dump_display_userdebug.sh index b66a4fe..84b7311 100644 --- a/display/dump_display_userdebug.sh +++ b/display/dump_display_userdebug.sh @@ -1,4 +1,8 @@ #!/vendor/bin/sh +display_trace_path="/sys/kernel/tracing/instances/pixel-display/trace" +echo "------ Display Trace ($display_trace_path)------" +cat $display_trace_path + echo "------ HWC Fence States ------" for f in $(ls /data/vendor/log/hwc/*_hwc_fence_state*.txt) do diff --git a/display/sepolicy/dump_display.te b/display/sepolicy/dump_display.te index b8fd1b8..3e2cb69 100644 --- a/display/sepolicy/dump_display.te +++ b/display/sepolicy/dump_display.te @@ -1,3 +1,4 @@ +# Display (dump for bugreport) pixel_bugreport(dump_display) allow dump_display sysfs_display:file r_file_perms; diff --git a/display/sepolicy/dump_display_userdebug.te b/display/sepolicy/dump_display_userdebug.te index a3f83bb..c08fb29 100644 --- a/display/sepolicy/dump_display_userdebug.te +++ b/display/sepolicy/dump_display_userdebug.te @@ -1,3 +1,4 @@ +# Display eng/userdebug (dump for bugreport) pixel_bugreport(dump_display_userdebug) userdebug_or_eng(` @@ -5,4 +6,6 @@ userdebug_or_eng(` allow dump_display_userdebug vendor_log_file:dir search; allow dump_display_userdebug vendor_hwc_log_file:dir r_dir_perms; allow dump_display_userdebug vendor_hwc_log_file:file r_file_perms; + allow dump_display_userdebug debugfs_tracing_instances:dir search; + allow dump_display_userdebug debugfs_tracing_instances:file r_file_perms; ') From df68b9bc589a3a0af59155a442ad019be2b5ae2b Mon Sep 17 00:00:00 2001 From: timmyli Date: Mon, 7 Oct 2024 09:40:24 +0000 Subject: [PATCH 5/5] Add permission for mediacodec to bindercall camera hal Bug: 370903762 Test: local test to check permissions Flag: EXEMPT bug fix 10-07 01:54:59.328000 1046 768 768 I auditd : type=1400 audit(0.0:1920): avc: denied { call } for comm="binder:768_A" scontext=u:r:mediacodec_google:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=0 10-07 01:54:59.328000 1046 768 768 W binder:768_A: type=1400 audit(0.0:1920): avc: denied { call } for scontext=u:r:mediacodec_google:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=0 Change-Id: I437df92d99f0c31c0b5a1bdebc63f6bc7360ca90 --- mediacodec/vpu/sepolicy/mediacodec_google.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te index 8022675..99a3c8d 100644 --- a/mediacodec/vpu/sepolicy/mediacodec_google.te +++ b/mediacodec/vpu/sepolicy/mediacodec_google.te @@ -1,3 +1,4 @@ +# Google Mediacodec type mediacodec_google, domain; type mediacodec_google_exec, exec_type, vendor_file_type, file_type; @@ -8,6 +9,7 @@ hal_server_domain(mediacodec_google, hal_codec2) hal_client_domain(mediacodec_google, hal_graphics_allocator) add_service(mediacodec_google, eco_service) +binder_call(mediacodec_google, hal_camera_default) allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; allow mediacodec_google video_device:chr_file { read write open ioctl map };