Add Intelligence rc

By persist.vendor.intelligence, # on -> mount(ok) -> on # off -> write_zeroes -> remove -> rm(ok) -> disable # on -> mount(fail) -> remove -> rm(ok) -> disable For SEpolicy, type=1400 audit(1731445557.444:32): avc: denied { read } for comm="kworker/u16:3" path="/dev/block/sda33" dev="tmpfs" ino=1050 scontext=u:r:kernel:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=1 type=1400 audit(1731445557.476:33): avc: denied { execute_no_trans } for comm="storage_intelli" path="/vendor/bin/toolbox" dev="dm-11" ino=368 scontext=u:r:storage_intelligence:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=1 type=1400 audit(1731448933.292:16): avc: denied { search } for comm="dd" name="block" dev="tmpfs" ino=12 scontext=u:r:storage_intelligence:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=1 type=1400 audit(1731461590.844:16): avc: denied { write } for comm="dd" name="sda33" dev="tmpfs" ino=1052 scontext=u:r:storage_intelligence:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=1 type=1400 audit(1731461590.844:17): avc: denied { open } for comm="dd" path="/dev/block/sda33" dev="tmpfs" ino=1052 scontext=u:r:storage_intelligence:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=1 Bug: 378120929 Flag: build.RELEASE_PIXEL_VENDOR_INTELLIGENCE_AID Change-Id: If9d2f067e29b6c574d3b827ea509fec92c6d8028 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2024-11-09 16:23:56 -08:00 · 2024-11-09 16:23:56 -08:00 · 3bcf1e5891
commit 3bcf1e5891
parent 5085275f71
13 changed files with 92 additions and 8 deletions
--- a/storage/Android.bp
+++ b/storage/Android.bp
@ -14,8 +14,15 @@ cc_binary {
    shared_libs: [
        "libbase",
        "libdump",
-	"liblog",
+        "liblog",
    ],
    vendor: true,
    relative_install_path: "dump",
 }
+
+sh_binary {
+    name: "storage_intelligence.sh",
+    src: "storage_intelligence.sh",
+    init_rc: ["storage.intelligence.rc"],
+    vendor: true,
+}
--- a/storage/sepolicy/file.te
+++ b/storage/sepolicy/file.te
@ -4,3 +4,5 @@ type dump_storage_data_file, file_type, data_file_type;
 type sg_device, dev_type;
 type sg_util_exec, exec_type, vendor_file_type, file_type;

+# Intelligence Service
+type intelligence_data_file, file_type, data_file_type;
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@ -1,9 +1,13 @@
 # storage
-/vendor/bin/dump/dump_storage      u:object_r:dump_storage_exec:s0
-/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging  u:object_r:sysfs_scsi_devices_0000:s0
-/dev/sg[0-9]                       u:object_r:sg_device:s0
-/data/vendor/storage(/.*)?         u:object_r:dump_storage_data_file:s0
-/vendor/bin/sg_read_buffer         u:object_r:sg_util_exec:s0
-/dev/block/by-name/userdata_exp.*  u:object_r:userdata_exp_block_device:s0
-/vendor/bin/ufs_firmware_update\.sh                                  u:object_r:ufs_firmware_update_exec:s0
+/data/vendor/intelligence(/.*)?                                      u:object_r:intelligence_data_file:s0
+/data/vendor/storage(/.*)?                                           u:object_r:dump_storage_data_file:s0

+/dev/block/by-name/userdata_exp.*                                    u:object_r:userdata_exp_block_device:s0
+/dev/sg[0-9]                                                         u:object_r:sg_device:s0
+
+/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging  u:object_r:sysfs_scsi_devices_0000:s0
+
+/vendor/bin/dump/dump_storage                                        u:object_r:dump_storage_exec:s0
+/vendor/bin/sg_read_buffer                                           u:object_r:sg_util_exec:s0
+/vendor/bin/storage_intelligence\.sh                                 u:object_r:storage_intelligence_exec:s0
+/vendor/bin/ufs_firmware_update\.sh                                  u:object_r:ufs_firmware_update_exec:s0
--- a/storage/sepolicy/init.te
+++ b/storage/sepolicy/init.te
@ -1,3 +1,4 @@
 # init
 allow init sysfs_scsi_devices_0000:file w_file_perms;

+dontaudit init intelligence_data_file:dir mounton;
--- a/storage/sepolicy/kernel.te
+++ b/storage/sepolicy/kernel.te
@ -0,0 +1,3 @@
+# for intelligence service
+
+allow kernel userdata_exp_block_device:blk_file read;
--- a/storage/sepolicy/property.te
+++ b/storage/sepolicy/property.te
@ -0,0 +1,3 @@
+# for intelligence service
+
+vendor_internal_prop(vendor_intelligence_prop)
--- a/storage/sepolicy/property_contexts
+++ b/storage/sepolicy/property_contexts
@ -0,0 +1 @@
+persist.vendor.intelligence          u:object_r:vendor_intelligence_prop:s0
--- a/storage/sepolicy/storage_intelligence.te
+++ b/storage/sepolicy/storage_intelligence.te
@ -0,0 +1,12 @@
+# support intelligence service
+init_daemon_domain(storage_intelligence)
+type storage_intelligence, domain;
+type storage_intelligence_exec, vendor_file_type, exec_type, file_type;
+
+set_prop(storage_intelligence, vendor_intelligence_prop);
+
+allow storage_intelligence vendor_toolbox_exec:file execute_no_trans;
+
+# for storage management
+allow storage_intelligence block_device:dir { search };
+allow storage_intelligence userdata_exp_block_device:blk_file rw_file_perms;
--- a/storage/sepolicy/tracking_denials/bug_map
+++ b/storage/sepolicy/tracking_denials/bug_map
@ -0,0 +1 @@
+shell vendor_intelligence_prop file b/378120929
--- a/storage/sepolicy/vendor_init.te
+++ b/storage/sepolicy/vendor_init.te
@ -4,3 +4,5 @@ allow vendor_init sg_device:chr_file r_file_perms;
 # dirty swappiness
 allow vendor_init proc_dirty:file w_file_perms;

+# intelligence
+set_prop(vendor_init, vendor_intelligence_prop);
--- a/storage/storage.intelligence.rc
+++ b/storage/storage.intelligence.rc
@ -0,0 +1,23 @@
+# For intelligence service
+# on  -> mount(ok)    -> on
+# off -> write_zeroes -> remove -> rm(ok) -> disable
+# on  -> mount(fail)  -> remove -> rm(ok) -> disable
+
+service storage_intelligence /vendor/bin/storage_intelligence.sh
+    user root
+    disabled
+    oneshot
+
+on boot && property:persist.vendor.intelligence=on
+    mkdir /data/vendor/intelligence 0770 vendor_intelligence vendor_intelligence
+    restorecon_recursive /data/vendor/intelligence
+    mount f2fs loop@/dev/block/by-name/userdata_exp.ai /data/vendor/intelligence ro
+    start storage_intelligence
+
+on boot && property:persist.vendor.intelligence=off
+    start storage_intelligence
+
+on property:persist.vendor.intelligence=remove
+    rm /data/userdata_exp.ai
+    rmdir /data/vendor/intelligence
+    setprop persist.vendor.intelligence disable
--- a/storage/storage_intelligence.sh
+++ b/storage/storage_intelligence.sh
@ -0,0 +1,24 @@
+#!/vendor/bin/sh
+#
+# The script belongs to the feature of UFS FFU via OTA: go/p23-ffu-ota
+# Its purpose is to copy the corresponding firmware into partition for UFS FFU.
+
+
+property="persist.vendor.intelligence"
+partition="/dev/block/by-name/userdata_exp.ai"
+mount_point="/data/vendor/intelligence"
+backend_file="/data/userdata_exp.ai"
+
+request=`getprop $property`
+
+if [ "$request" == "on" ]; then
+	mounted=`grep $mount_point /proc/mounts`
+	if [ "$mounted" ]; then
+		setprop $property on
+	else
+		setprop $property remove
+	fi
+elif [ "$request" == "off" ]; then
+	dd if=/dev/zero of=$partition bs=4k count=2
+	setprop $property remove
+fi
--- a/storage/tracking_denials/bug_map
+++ b/storage/tracking_denials/bug_map
@ -0,0 +1 @@
+shell vendor_intelligence_prop file b/378120929
				`@ -0,0 +1 @@`
				`persist.vendor.intelligence u:object_r:vendor_intelligence_prop:s0`
				`@ -0,0 +1 @@`
				`shell vendor_intelligence_prop file b/378120929`