Snap for 11947112 from 5f01cd2856 to mainline-tzdata6-release

Change-Id: I15b058571185470de2d5ce987ce7526a95d5623b

aoc/sepolicy/service.te

@@ -0,0 +1 @@
+type aocx, service_manager_type;

aoc/sepolicy/vndservice.te

@@ -1 +0,0 @@
-type aocx, vndservice_manager_type;

gps/lsi/sepolicy/device.te

@@ -0,0 +1 @@
+type vendor_gnss_device, dev_type;

gps/lsi/sepolicy/file.te

@@ -1 +1,5 @@
 type vendor_gps_file, file_type, data_file_type;
+type sysfs_gps, sysfs_type, fs_type;
+userdebug_or_eng(`
+  typeattribute vendor_gps_file mlstrustedobject;
+')

gps/lsi/sepolicy/file_contexts

@@ -7,6 +7,4 @@
 /vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
 /vendor/bin/hw/spad             u:object_r:spad_exec:s0
 /vendor/bin/hw/android.hardware.gnss-service           u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
-# keep only one rule and use eGNSS one
-# /data/vendor/gps(/.*)?             u:object_r:vendor_gps_file:s0
+/data/vendor/gps(/.*)?             u:object_r:vendor_gps_file:s0

gps/lsi/sepolicy/gnssd.te

@@ -31,3 +31,6 @@ set_prop(gnssd, vendor_gps_prop)
 
 # Read RIL property
 get_prop(gnssd, vendor_rild_prop)
+
+# Read modme state
+allow gnssd sysfs_modem_state:file r_file_perms;

gps/lsi/sepolicy/property.te

@@ -0,0 +1 @@
+vendor_internal_prop(vendor_gps_prop)

gps/lsi/sepolicy/property_contexts

@@ -0,0 +1,2 @@
+vendor.gps.                                u:object_r:vendor_gps_prop:s0
+persist.vendor.gps.                        u:object_r:vendor_gps_prop:s0

gps/pixel/sepolicy/hal_gnss_pixel.te

@@ -22,4 +22,8 @@ allow hal_gnss_pixel hal_contexthub_service:service_manager find;
 
 # Allow connect to gnss service
 allow hal_gnss_pixel vendor_gps_file:dir create_dir_perms;
-allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;
+allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;
+
+# Allow access ssrdump information
+allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;

gyotaku_app/dump/dump_gyotaku.cpp

@@ -19,7 +19,7 @@
 
 #define GYOTAKU_DIRECTORY "/data/vendor/gyotaku/andlog"
 #define GYOTAKU_ANDROID_LOG_PREFIX "android_"
-
+#define GYOTAKU_ODPM_LOG_PREFIX "odpm_"
 #define maxFileLogsNumber 30
 
 int main() {
@@ -30,6 +30,7 @@ int main() {
     }
 
     dumpLogs(GYOTAKU_DIRECTORY, outputDir.c_str(), maxFileLogsNumber, GYOTAKU_ANDROID_LOG_PREFIX);
+    dumpLogs(GYOTAKU_DIRECTORY, outputDir.c_str(), maxFileLogsNumber, GYOTAKU_ODPM_LOG_PREFIX);
     return 0;
 }
 

recorder/recorder.mk

@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/vendor
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/product/private

recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF+zCCA+OgAwIBAgIVAJFfB9eQ7J1w93C6aGBchm77ysA3MA0GCSqGSIb3DQEBCwUAMIGNMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
+MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxKTAnBgNVBAMMIGNvbV9nb29n
+bGVfYW5kcm9pZF9hcHBzX3JlY29yZGVyMB4XDTE5MDIxNTE1NDQxMloXDTQ5MDIxNTE1NDQxMlow
+gY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBW
+aWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEpMCcGA1UEAwwgY29t
+X2dvb2dsZV9hbmRyb2lkX2FwcHNfcmVjb3JkZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCFSs/DqyyRbMD2mEHxxv+DDnV7V8j/RUB43aZXC11kKbLAD/E8/WxV+e9frFoXlzXepK4m
+FliWHyLWNSUmFwVxl2JsrkxUJ4QWXIpw9azHkW9kO5r/VPTXCBAZn80qqaqHlzplHbflxLiQc+zv
+lWEg7HJPBMMMFC3yCYfhLbDrriZdMnT4mHMLUo24TzO2znv7c7SDBWQ57lAsdRB0OX+N4DfBXvUR
+QLUO9FazerGdcK58KHkxgo3ZHY3c2+efkfCkZUgu6HKLwA24O2e0/iYmC7vQTItGYCCyzbdlXDix
+t0YgpsdcsOtVSJLwv6movtAX9JGsrGkvZR9Ffa52Vfc+vW0yqahHxVFJ5VD6UrrQpkWjonrsIbHb
+RLQ05ZM735kd4NWrxgS0sDwdfvhmsj29Ag3q/cuIpG/+x37+vmTlMKggeqxSxoQ4RwGyZuvyb8PB
+/lCf6r6bAYyr88oAs03ATz3RqRH38rkHmFp5Cdf488tw2Wj6vB/JqnfPN8woslle0hUIkqH7Ezna
+0zF79yov7oePFdqr++khDHrrMQziwIk2PN+V0MLGQpmX5FF47Zmprtzvu52QN2f5rnKq2HSfBG0i
+FqZ8/iAEnUsCngVObHaASPxXq1AKiy3iEJaLDjFhGbQk9mbj9o/RHb0kyorI3d90PU8ss8xNsUnm
+pXa4sQIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRXxQfB1H79Hq56Ld1GUrRRfzWo
+ojAfBgNVHSMEGDAWgBRXxQfB1H79Hq56Ld1GUrRRfzWoojANBgkqhkiG9w0BAQsFAAOCAgEARATw
+47mgvvLpdLTPzjORUSLBWXS2WdH43o9tPBNOaLBVRWiua2OyMp8F+nbxm4y/3djGuXsn5S2F12jp
+7xQZcBU4c21vF/ttio/spnnkPBnf0nKndTLoKt4Tpcxq4vnyqyXlBJHIybh+bbc6HVTYM6n8k4vw
+KReUjEjCXAxZ8vWjTgSOAtDrHkaez3tOkACMFmRv+JP1zNG32chLG+8K0/pyLsnknloPAk02Btoc
+t7FI4XKtS/9Z9oipMHfWg8fjI4vRXqiiAR4ctf9EgxcwHY/KVX8RJxsAXMgl65e7qGagbfTWCbHl
+MnRnapjLKkvJKPiIbBx/xdgUoOxdugwL6XPfzg4THQzAiduCgxkDs/H3SQWem6VBZ57KSuudJsop
+s5hb7GS2Hqb5F3YHAlSGQxvj37mDTzbuTH3paqzPwSgnqw0jnkGl//f2osw/mqfD5msDLk4UcmpQ
+IeC10ofhF7hzaZOGwMg8VGzsMR5M154haxj6Y2NFEir6ylz/stPrelkwDvMIDgIororj2Bj7TkWu
++EABNAr8h9yTsJEvxayNMk96U+Rn2LKMZilJdf00SILpr6IFTD8uvRwLIHSCjSbd9C8kkAqbqKs4
+VCg5HPLHjxyXgWOAK1IeqqnryaFPjLqa2RsG6UL+UtIjC6eWMsWOfvRRrpTU21mo2Koc0MI=
+-----END CERTIFICATE-----

recorder/sepolicy/product/private/google_recorder_app.te

@@ -0,0 +1,16 @@
+app_domain(google_recorder_app)
+net_domain(google_recorder_app)
+
+get_prop(google_recorder_app, graphics_config_writable_prop)
+
+allow google_recorder_app app_api_service:service_manager find;
+allow google_recorder_app audioserver_service:service_manager find;
+allow google_recorder_app mediaextractor_service:service_manager find;
+allow google_recorder_app mediametrics_service:service_manager find;
+allow google_recorder_app mediaserver_service:service_manager find;
+
+allow google_recorder_app privapp_data_file:lnk_file r_file_perms;
+allow google_recorder_app privapp_data_file:file execute;
+
+# Library code may try to access default properties, but should be denied
+dontaudit google_recorder_app default_prop:file read;

recorder/sepolicy/product/private/keys.conf

@@ -0,0 +1,2 @@
+[@GOOGLERECORDER]
+ALL : device/google/gs-common/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem

recorder/sepolicy/product/private/mac_permissions.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+    * A signature is a hex encoded X.509 certificate or a tag defined in
+      keys.conf and is required for each signer tag.
+    * A signer tag may contain a seinfo tag and multiple package stanzas.
+    * A default tag is allowed that can contain policy for all apps not signed with a
+      previously listed cert. It may not contain any inner package stanzas.
+    * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
+      represents additional info that each app can use in setting a SELinux security
+      context on the eventual process.
+    * When a package is installed the following logic is used to determine what seinfo
+      value, if any, is assigned.
+      - All signatures used to sign the app are checked first.
+      - If a signer stanza has inner package stanzas, those stanza will be checked
+        to try and match the package name of the app. If the package name matches
+        then that seinfo tag is used. If no inner package matches then the outer
+        seinfo tag is assigned.
+      - The default tag is consulted last if needed.
+-->
+    <!-- Google Recorder app key -->
+    <signer signature="@GOOGLERECORDER" >
+      <seinfo value="GoogleRecorder" />
+    </signer>
+</policy>

recorder/sepolicy/product/private/seapp_contexts

@@ -0,0 +1,2 @@
+# Google Recorder
+user=_app isPrivApp=true seinfo=GoogleRecorder name=com.google.android.apps.recorder domain=google_recorder_app type=app_data_file levelFrom=all

recorder/sepolicy/product/public/google_recorder_app.te

@@ -0,0 +1 @@
+type google_recorder_app, domain;

recorder/sepolicy/vendor/google_recorder_app.te

@@ -0,0 +1 @@
+get_prop(google_recorder_app, vendor_audio_prop_restricted)

touch/gti/touch_gti_ical.cpp

@@ -34,6 +34,18 @@ int main(int argc, char *argv[])
 	char *line = NULL;
 	size_t len = 0;
 	FILE *ical_fd;
+	const char *ical_override_cmd_prop[2] = {
+		[0] = "vendor.touch.gti0.ical.override.cmd",
+		[1] = "vendor.touch.gti1.ical.override.cmd",
+	};
+	const char *ical_override_result_prop[2] = {
+		[0] = "vendor.touch.gti0.ical.override.result",
+		[1] = "vendor.touch.gti1.ical.override.result",
+	};
+	const char *ical_write_history_prop[2] = {
+		[0] = "vendor.touch.gti0.ical.write.history",
+		[1] = "vendor.touch.gti1.ical.write.history",
+	};
 	const char *ical_state_prop[2] = {
 		[0] = "vendor.touch.gti0.ical.state",
 		[1] = "vendor.touch.gti1.ical.state",
@@ -46,9 +58,16 @@ int main(int argc, char *argv[])
 		[0] = "/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate",
 		[1] = "/sys/devices/virtual/goog_touch_interface/gti.1/interactive_calibrate",
 	};
+	const char *ical_override_cmd_prop_path = ical_override_cmd_prop[0];
+	const char *ical_override_result_prop_path = ical_override_result_prop[0];
+	const char *ical_write_history_prop_path = ical_write_history_prop[0];
 	const char *ical_state_prop_path = ical_state_prop[0];
 	const char *ical_result_prop_path = ical_result_prop[0];
 	const char *ical_sysfs_path = ical_sysfs[0];
+	const char ical_override_all_cmd_prop_val[PROPERTY_VALUE_MAX] = "xxx";
+	char ical_override_cmd_prop_val[PROPERTY_VALUE_MAX] = "\0";
+	char ical_override_result_prop_val[PROPERTY_VALUE_MAX] = "\0";
+	char ical_write_history_prop_val[PROPERTY_VALUE_MAX] = "\0";
 
 	if (argc < 3) {
 		ALOGW("No target dev or command for interactive_calibrate sysfs.\n");
@@ -60,11 +79,18 @@ int main(int argc, char *argv[])
 	if (strncmp(argv[1], "1", strlen(argv[1])) == 0 ||
 		strncmp(argv[1], "gti1", strlen(argv[1])) == 0 ||
 		strncmp(argv[1], "gti.1", strlen(argv[1])) == 0) {
+		ical_override_cmd_prop_path = ical_override_cmd_prop[1];
+		ical_override_result_prop_path = ical_override_result_prop[1];
+		ical_write_history_prop_path = ical_write_history_prop[1];
 		ical_state_prop_path = ical_state_prop[1];
 		ical_result_prop_path = ical_result_prop[1];
 		ical_sysfs_path = ical_sysfs[1];
 	}
 
+	property_get(ical_override_cmd_prop_path, ical_override_cmd_prop_val, NULL);
+	property_get(ical_override_result_prop_path, ical_override_result_prop_val, "0 - -2147483648");
+	property_get(ical_write_history_prop_path, ical_write_history_prop_val, NULL);
+
 	property_set(ical_result_prop_path, "na");
 	property_set(ical_state_prop_path, "running");
 	if (access(ical_sysfs_path, F_OK | R_OK | W_OK)) {
@@ -84,11 +110,25 @@ int main(int argc, char *argv[])
 		getline(&line, &len, ical_fd);
 		if (line != NULL) {
 			property_set(ical_state_prop_path, "read");
-			property_set(ical_result_prop_path, line);
-			ALOGI("read: %s => %s", ical_sysfs_path, line);
+			if (strncmp(ical_override_cmd_prop_val,
+					ical_write_history_prop_val,
+					strlen(ical_write_history_prop_path)) == 0 ||
+				strncasecmp(ical_override_cmd_prop_val,
+					ical_override_all_cmd_prop_val,
+					strlen(ical_override_all_cmd_prop_val)) == 0) {
+				property_set(ical_result_prop_path, ical_override_result_prop_val);
+				ALOGW("read(original): %s => %s",
+					ical_sysfs_path, line);
+				ALOGW("read(override): %s => %s",
+					ical_sysfs_path, ical_override_result_prop_val);
+			} else {
+				property_set(ical_result_prop_path, line);
+				ALOGI("read: %s => %s", ical_sysfs_path, line);
+			}
 			free(line);
 		}
 	} else {
+		property_set(ical_write_history_prop_path, argv[2]);
 		property_set(ical_state_prop_path, argv[2]);
 		fwrite(argv[2], 1, strlen(argv[2]), ical_fd);
 		ALOGI("write: %s => %s\n", argv[2], ical_sysfs_path);

touch/twoshay/sepolicy/touchflow_debug/file_contexts

@@ -1,2 +0,0 @@
-/vendor/bin/hw/android\.hardware\.input\.processor-reflector     u:object_r:hal_input_processor_default_exec:s0
-/vendor/bin/twoshay_touchflow     u:object_r:twoshay_exec:s0