From 0f1433b2c8edc9b0a981dbe06a1264427df16b2a Mon Sep 17 00:00:00 2001
From: feiyuchen <feiyuchen@google.com>
Date: Fri, 24 Mar 2023 07:06:08 +0000
Subject: [PATCH 1/3] Allow EdgeTPU DBA service to access the
 edgetpu_app_service

EdgeTpu DBA service calls edgetpu_app_service's UserIsAuthorized API in order to know whether its clients are authorized to use priviledge features, see code: https://source.corp.google.com/android-internal/vendor/google/darwinn2/dba/service/edgetpu_device.cpp;l=73;rcl=1c57b54efe12cdb408cb21a992155a04d151e3ce

It looks like the SELinux rule is missing today. Though I'm not sure why DBA service doesn't crash today.


Bug: 237103652
Change-Id: I8c5da7413eb6f9efc527c9f9f1d1242f0cb4dea8
---
 edgetpu/sepolicy/edgetpu_dba_service.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/edgetpu/sepolicy/edgetpu_dba_service.te b/edgetpu/sepolicy/edgetpu_dba_service.te
index ce1f200..3717e20 100644
--- a/edgetpu/sepolicy/edgetpu_dba_service.te
+++ b/edgetpu/sepolicy/edgetpu_dba_service.te
@@ -12,6 +12,10 @@ binder_service(edgetpu_dba_server);
 # EdgeTPU DBA service to register the service to service_manager.
 add_service(edgetpu_dba_server, edgetpu_dba_service);
 
+# Allow EdgeTPU DBA service to access the edgetpu_app_service.
+allow edgetpu_dba_server edgetpu_app_service:service_manager find;
+binder_call(edgetpu_dba_server, edgetpu_app_server);
+
 # Allow EdgeTPU DBA service to look for TPU instance in /dev/edgetpu or /dev/edgetpu-soc.
 allow edgetpu_dba_server edgetpu_device:chr_file rw_file_perms;
 

From a8053e022b0225bce878e5422fe33859eb409f88 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 27 Mar 2023 11:42:16 +0800
Subject: [PATCH 2/3] comply with VTS requirements

Bug: 275036679
Bug: 275034315
Test:
atest VtsHalDumpstateTargetTest:PerInstanceAndMode/DumpstateAidlPerModeTest#TestOk/0_android_hardware_dumpstate_IDumpstateDevice_default_FULL
atest VtsHalDumpstateTargetTest:PerInstance/DumpstateAidlGeneralTest#TestInvalidModeArgument_Negative/0_android_hardware_dumpstate_IDumpstateDevice_default

Change-Id: I105f59f4c3e89e952cd89cb4ad28a5dfcc9c147f
---
 gear/dumpstate/Dumpstate.cpp                     | 7 +++++--
 gear/dumpstate/sepolicy/hal_dumpstate_default.te | 1 +
 gear/dumpstate/sepolicy/property.te              | 2 ++
 gear/dumpstate/sepolicy/property_contexts        | 2 ++
 4 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 gear/dumpstate/sepolicy/property.te
 create mode 100644 gear/dumpstate/sepolicy/property_contexts

diff --git a/gear/dumpstate/Dumpstate.cpp b/gear/dumpstate/Dumpstate.cpp
index 1e4d982..842e67d 100644
--- a/gear/dumpstate/Dumpstate.cpp
+++ b/gear/dumpstate/Dumpstate.cpp
@@ -154,8 +154,10 @@ ndk::ScopedAStatus Dumpstate::dumpstateBoard(const std::vector<::ndk::ScopedFile
                                              int64_t in_timeoutMillis) {
     // Unused arguments.
     (void) in_timeoutMillis;
-    (void) in_mode;
-
+    if (in_mode < IDumpstateDevice::DumpstateMode::FULL || in_mode > IDumpstateDevice::DumpstateMode::PROTO) {
+        ALOGE("Invalid mode: %d\n", in_mode);
+        return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT, "Invalid mode");
+    }
     if (in_fds.size() < 1) {
         ALOGE("no FDs\n");
         return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
@@ -171,6 +173,7 @@ ndk::ScopedAStatus Dumpstate::dumpstateBoard(const std::vector<::ndk::ScopedFile
 
     if (in_fds.size() < 2) {
           ALOGE("no FD for dumpstate_board binary\n");
+          dumpTextSection(fd, "");
     } else {
           int fd_bin = in_fds[1].get();
           dumpLogSection(fd, fd_bin);
diff --git a/gear/dumpstate/sepolicy/hal_dumpstate_default.te b/gear/dumpstate/sepolicy/hal_dumpstate_default.te
index 3e4db45..96ff573 100644
--- a/gear/dumpstate/sepolicy/hal_dumpstate_default.te
+++ b/gear/dumpstate/sepolicy/hal_dumpstate_default.te
@@ -2,4 +2,5 @@ allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
 allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
 allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
 allow hal_dumpstate_default shell_data_file:file getattr;
+set_prop(hal_dumpstate_default, vendor_logger_prop)
 
diff --git a/gear/dumpstate/sepolicy/property.te b/gear/dumpstate/sepolicy/property.te
new file mode 100644
index 0000000..6a65855
--- /dev/null
+++ b/gear/dumpstate/sepolicy/property.te
@@ -0,0 +1,2 @@
+vendor_internal_prop(vendor_logger_prop)
+
diff --git a/gear/dumpstate/sepolicy/property_contexts b/gear/dumpstate/sepolicy/property_contexts
new file mode 100644
index 0000000..e6b1f76
--- /dev/null
+++ b/gear/dumpstate/sepolicy/property_contexts
@@ -0,0 +1,2 @@
+persist.vendor.verbose_logging_enabled     u:object_r:vendor_logger_prop:s0
+

From 340492516da05a95310458d93dd479a0242ee16f Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 27 Mar 2023 15:18:41 +0800
Subject: [PATCH 3/3] add space in front of property.te

Bug: 275279368
Test: built pass
Change-Id: Id298694487c7e84466e059228257786c74d09761
---
 gear/dumpstate/sepolicy/property.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gear/dumpstate/sepolicy/property.te b/gear/dumpstate/sepolicy/property.te
index 6a65855..c6f5a4f 100644
--- a/gear/dumpstate/sepolicy/property.te
+++ b/gear/dumpstate/sepolicy/property.te
@@ -1,2 +1,3 @@
+# verbose property
 vendor_internal_prop(vendor_logger_prop)