From e93068e6ca6a2a8d93a3d2fc83c52b5cffad8787 Mon Sep 17 00:00:00 2001
From: bowenlai <bowenlai@google.com>
Date: Tue, 22 Oct 2024 16:59:20 +0800
Subject: [PATCH 1/5] Rename aocx.IAoc to aocx.IAoc/default to support stable
 AIDL

Also add framework_compatibility_matrix.xml for aoc stable AIDL

Bug: 380993517
Flag: EXEMPT HAL interface change
Test: local build
Change-Id: I8a41ff1bdd4ffc8e5d7da08879738aa11fb81813
---
 aoc/aoc.mk                    | 5 +++++
 aoc/sepolicy/service_contexts | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/aoc/aoc.mk b/aoc/aoc.mk
index 9ee4517..13d849c 100644
--- a/aoc/aoc.mk
+++ b/aoc/aoc.mk
@@ -13,6 +13,11 @@ PRODUCT_COPY_FILES += \
 	device/google/gs-common/aoc/conf/init.aoc.daemon.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/init.aoc.rc
 endif
 
+ifneq ($(wildcard vendor/google/whitechapel/aoc/aocx/aidl/aocx/framework_compatibility_matrix.xml),)
+DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE += \
+    vendor/google/whitechapel/aoc/aocx/aidl/aocx/framework_compatibility_matrix.xml
+endif
+
 # AoC debug support
 PRODUCT_PACKAGES_DEBUG += \
 	aocdump \
diff --git a/aoc/sepolicy/service_contexts b/aoc/sepolicy/service_contexts
index de31e51..80346c8 100644
--- a/aoc/sepolicy/service_contexts
+++ b/aoc/sepolicy/service_contexts
@@ -1 +1 @@
-aocx.IAocx    u:object_r:aocx:s0
+aocx.IAocx/default    u:object_r:aocx:s0

From 97f50223aaae52a60a2cf990bf171747e8ceba4a Mon Sep 17 00:00:00 2001
From: Dinesh Yadav <dkyadav@google.com>
Date: Tue, 3 Dec 2024 04:01:59 +0000
Subject: [PATCH 2/5] Allow tachyon service to make binder calls to GCA

This permission is needed for tachyon service to call callbacks.

AVC Error seen when tachyon tries accessing GCA:
12-02 11:40:03.212  6987  6987 W com.google.edge: type=1400 audit(0.0:17): avc:  denied  { call } for  scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:google_camera_app:s0:c145,c256,c512,c768 tclass=binder permissive=0
12-03 07:12:26.424  4166  4166 W com.google.edge: type=1400 audit(0.0:254): avc:  denied  { call } for  scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:debug_camera_app:s0:c67,c257,c512,c768 tclass=binder permissive=0

Bug: 381787911
Flag: EXEMPT updates device sepolicy only
Change-Id: Id27ecd53e9ea7fbf273be098749cdaece55d00cb
---
 edgetpu/sepolicy/google_camera.te | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 edgetpu/sepolicy/google_camera.te

diff --git a/edgetpu/sepolicy/google_camera.te b/edgetpu/sepolicy/google_camera.te
new file mode 100644
index 0000000..0c3cd38
--- /dev/null
+++ b/edgetpu/sepolicy/google_camera.te
@@ -0,0 +1,5 @@
+# Allow tachyon service to communicate with google_camera_app via binder.
+binder_call(edgetpu_tachyon_server, google_camera_app);
+
+# Allow tachyon_service to communicate with fishfood/Eng camera variants via binder.
+binder_call(edgetpu_tachyon_server, debug_camera_app);

From 67118860083ac040d92a74de83746476ec41262e Mon Sep 17 00:00:00 2001
From: Dinesh Yadav <dkyadav@google.com>
Date: Thu, 5 Dec 2024 08:02:02 +0000
Subject: [PATCH 3/5] Revert "Allow tachyon service to make binder calls to
 GCA"

This reverts commit 97f50223aaae52a60a2cf990bf171747e8ceba4a.

Reason for revert: This change breaks git_main-without-vendor  as google_camera_app & debug_camera_app are not supported in non-vendor builds.

Change-Id: I9bf47c59aa036caf66e2f3fe5d7b6ea0938e4442
---
 edgetpu/sepolicy/google_camera.te | 5 -----
 1 file changed, 5 deletions(-)
 delete mode 100644 edgetpu/sepolicy/google_camera.te

diff --git a/edgetpu/sepolicy/google_camera.te b/edgetpu/sepolicy/google_camera.te
deleted file mode 100644
index 0c3cd38..0000000
--- a/edgetpu/sepolicy/google_camera.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# Allow tachyon service to communicate with google_camera_app via binder.
-binder_call(edgetpu_tachyon_server, google_camera_app);
-
-# Allow tachyon_service to communicate with fishfood/Eng camera variants via binder.
-binder_call(edgetpu_tachyon_server, debug_camera_app);

From afc6c2840186e8b43aa43efa9b8fafb033c55c01 Mon Sep 17 00:00:00 2001
From: Dmitry Skiba <dskiba@google.com>
Date: Mon, 2 Dec 2024 06:04:29 +0000
Subject: [PATCH 4/5] Add recovery support for perf experiments.

This change establishes a place for perf experiments and adds a
script to delay experiments for recovery purposes. For more info
see go/pixel-perf-experiment-whatif.

Bug: 365855872
Test: build/flash, set .Perf__experiments_delay_seconds=10, verify that vendor.perf.allow_experiments=1 after 10 seconds
Flag: NONE controlled by Mendel instead
Change-Id: I78db482542066d5d5646d8c303dbe88054cfe66d
Signed-off-by: Dmitry Skiba <dskiba@google.com>
---
 performance/experiments/Android.bp              | 10 ++++++++++
 performance/experiments/experiments.mk          |  3 +++
 .../experiments/pixel-experiments-recovery.rc   | 17 +++++++++++++++++
 .../experiments/pixel-experiments-recovery.sh   | 15 +++++++++++++++
 performance/experiments/sepolicy/file_contexts  |  1 +
 .../sepolicy/pixel-experiments-recovery.sh.te   | 10 ++++++++++
 performance/experiments/sepolicy/property.te    |  3 +++
 .../experiments/sepolicy/property_contexts      |  1 +
 8 files changed, 60 insertions(+)
 create mode 100644 performance/experiments/Android.bp
 create mode 100644 performance/experiments/experiments.mk
 create mode 100644 performance/experiments/pixel-experiments-recovery.rc
 create mode 100755 performance/experiments/pixel-experiments-recovery.sh
 create mode 100644 performance/experiments/sepolicy/file_contexts
 create mode 100644 performance/experiments/sepolicy/pixel-experiments-recovery.sh.te
 create mode 100644 performance/experiments/sepolicy/property.te
 create mode 100644 performance/experiments/sepolicy/property_contexts

diff --git a/performance/experiments/Android.bp b/performance/experiments/Android.bp
new file mode 100644
index 0000000..a2f7ebe
--- /dev/null
+++ b/performance/experiments/Android.bp
@@ -0,0 +1,10 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+sh_binary {
+    name: "pixel-experiments-recovery.sh",
+    src: "pixel-experiments-recovery.sh",
+    vendor: true,
+    init_rc: ["pixel-experiments-recovery.rc"],
+}
diff --git a/performance/experiments/experiments.mk b/performance/experiments/experiments.mk
new file mode 100644
index 0000000..b52d0e6
--- /dev/null
+++ b/performance/experiments/experiments.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/performance/experiments/sepolicy
+
+PRODUCT_PACKAGES += pixel-experiments-recovery.sh
diff --git a/performance/experiments/pixel-experiments-recovery.rc b/performance/experiments/pixel-experiments-recovery.rc
new file mode 100644
index 0000000..a8247c3
--- /dev/null
+++ b/performance/experiments/pixel-experiments-recovery.rc
@@ -0,0 +1,17 @@
+# pixel-experiments-recovery.sh waits Perf__experiments_delay_seconds and sets
+# vendor.perf.allow_experiments=1, triggering experiments.
+service pixel-experiments-recovery /vendor/bin/pixel-experiments-recovery.sh \
+    ${vendor.pixel.system.phenotype.Perf__experiments_delay_seconds}
+    class main
+    user root
+    group root system
+    oneshot
+    disabled
+
+# vendor.pixel.system.phenotype.Perf__xxx properties are set sometime after the
+# device is unlocked for the first time. The check for sys.boot_completed is not
+# strictly needed, but will prevent surprises if for some reason the property
+# is set early.
+on property:sys.boot_completed=1 && \
+    property:vendor.pixel.system.phenotype.Perf__experiments_delay_seconds=*
+    restart pixel-experiments-recovery
diff --git a/performance/experiments/pixel-experiments-recovery.sh b/performance/experiments/pixel-experiments-recovery.sh
new file mode 100755
index 0000000..188222e
--- /dev/null
+++ b/performance/experiments/pixel-experiments-recovery.sh
@@ -0,0 +1,15 @@
+#!/vendor/bin/sh
+
+# This script delays experiments by the specified amount of seconds. The delay is not needed for
+# the normal operation, but becomes essential for the rare case (which "should not happen") where
+# an experiment causes really bad issues (e.g. crashes the kernel). In such case the delay gives
+# GMSCore an opportunity to fetch fresh experiments snapshot (with the bad experiment disabled).
+#
+# See go/pixel-perf-experiment-whatif for more info.
+
+delay_seconds="$1"
+
+if [ -n "$delay_seconds" ]; then
+    sleep "$delay_seconds"
+    /vendor/bin/setprop vendor.perf.allow_experiments 1
+fi
diff --git a/performance/experiments/sepolicy/file_contexts b/performance/experiments/sepolicy/file_contexts
new file mode 100644
index 0000000..7364807
--- /dev/null
+++ b/performance/experiments/sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/pixel-experiments-recovery\.sh     u:object_r:pixel-experiments-recovery-sh_exec:s0
diff --git a/performance/experiments/sepolicy/pixel-experiments-recovery.sh.te b/performance/experiments/sepolicy/pixel-experiments-recovery.sh.te
new file mode 100644
index 0000000..2da555b
--- /dev/null
+++ b/performance/experiments/sepolicy/pixel-experiments-recovery.sh.te
@@ -0,0 +1,10 @@
+# Rules for pixel-experiments-recovery.sh
+
+type pixel-experiments-recovery-sh, domain;
+type pixel-experiments-recovery-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(pixel-experiments-recovery-sh)
+
+# Allow "setprop vendor.perf.allow_experiments".
+allow pixel-experiments-recovery-sh vendor_toolbox_exec:file { execute_no_trans };
+set_prop(pixel-experiments-recovery-sh, vendor_perf_allow_experiments_prop)
diff --git a/performance/experiments/sepolicy/property.te b/performance/experiments/sepolicy/property.te
new file mode 100644
index 0000000..e43312c
--- /dev/null
+++ b/performance/experiments/sepolicy/property.te
@@ -0,0 +1,3 @@
+# Properties shared between experiments.
+
+vendor_internal_prop(vendor_perf_allow_experiments_prop)
diff --git a/performance/experiments/sepolicy/property_contexts b/performance/experiments/sepolicy/property_contexts
new file mode 100644
index 0000000..50de9c1
--- /dev/null
+++ b/performance/experiments/sepolicy/property_contexts
@@ -0,0 +1 @@
+vendor.perf.allow_experiments       u:object_r:vendor_perf_allow_experiments_prop:s0

From 4250b91047b6151b43ee87aca5626854dfb36fb7 Mon Sep 17 00:00:00 2001
From: Dmitry Skiba <dskiba@google.com>
Date: Thu, 5 Dec 2024 00:16:11 +0000
Subject: [PATCH 5/5] Add kswapd experiment.

See go/pixel-perf-25q1-experiments for the info.

Bug: 365855872
Test: build/flash, set .Perf__experiments_delay_seconds=0, set .Perf__kswapd_experiment=true, observe /sys/kernel/vendor_mm/kswapd_cpu_affinity changes
Flag: NONE controlled by Mendel instead
Change-Id: Id63690f0dcd38de92e4c2fde5b0ab814ed3d9db1
Signed-off-by: Dmitry Skiba <dskiba@google.com>
---
 performance/experiments/experiments.mk        |  2 ++
 performance/experiments/kswapd/Android.bp     | 10 +++++++
 performance/experiments/kswapd/kswapd.mk      |  1 +
 .../kswapd/pixel-kswapd-experiment.rc         | 28 +++++++++++++++++++
 4 files changed, 41 insertions(+)
 create mode 100644 performance/experiments/kswapd/Android.bp
 create mode 100644 performance/experiments/kswapd/kswapd.mk
 create mode 100644 performance/experiments/kswapd/pixel-kswapd-experiment.rc

diff --git a/performance/experiments/experiments.mk b/performance/experiments/experiments.mk
index b52d0e6..191332d 100644
--- a/performance/experiments/experiments.mk
+++ b/performance/experiments/experiments.mk
@@ -1,3 +1,5 @@
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/performance/experiments/sepolicy
 
 PRODUCT_PACKAGES += pixel-experiments-recovery.sh
+
+include device/google/gs-common/performance/experiments/kswapd/kswapd.mk
diff --git a/performance/experiments/kswapd/Android.bp b/performance/experiments/kswapd/Android.bp
new file mode 100644
index 0000000..23af711
--- /dev/null
+++ b/performance/experiments/kswapd/Android.bp
@@ -0,0 +1,10 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+prebuilt_etc {
+    name: "pixel-kswapd-experiment.rc",
+    src: "pixel-kswapd-experiment.rc",
+    vendor: true,
+    sub_dir: "init",
+}
diff --git a/performance/experiments/kswapd/kswapd.mk b/performance/experiments/kswapd/kswapd.mk
new file mode 100644
index 0000000..15d762f
--- /dev/null
+++ b/performance/experiments/kswapd/kswapd.mk
@@ -0,0 +1 @@
+PRODUCT_PACKAGES += pixel-kswapd-experiment.rc
diff --git a/performance/experiments/kswapd/pixel-kswapd-experiment.rc b/performance/experiments/kswapd/pixel-kswapd-experiment.rc
new file mode 100644
index 0000000..36dcac3
--- /dev/null
+++ b/performance/experiments/kswapd/pixel-kswapd-experiment.rc
@@ -0,0 +1,28 @@
+# Kswapd experiment - allow kswapd to run on all cores. We only target zuma and
+# zumapro because these are the only platforms where kswapd avoids big cores by
+# default.
+
+on property:vendor.perf.allow_experiments=1 \
+    && property:ro.board.platform=zuma \
+    && property:vendor.pixel.system.phenotype.Perf__kswapd_experiment=true
+    write /sys/kernel/vendor_mm/kswapd_cpu_affinity 1ff
+
+on property:vendor.perf.allow_experiments=1 \
+    && property:ro.board.platform=zumapro \
+    && property:vendor.pixel.system.phenotype.Perf__kswapd_experiment=true
+    write /sys/kernel/vendor_mm/kswapd_cpu_affinity ff
+
+
+# Kswapd experiment rampdown - restore CPU affinity to the default.
+
+on property:vendor.perf.allow_experiments=1 \
+    && property:ro.board.platform=zuma \
+    && property:vendor.pixel.system.phenotype.Perf__kswapd_experiment=""
+    # Value is from device/google/zuma/conf/init.zuma.rc
+    write /sys/kernel/vendor_mm/kswapd_cpu_affinity ff
+
+on property:vendor.perf.allow_experiments=1 \
+    && property:ro.board.platform=zumapro \
+    && property:vendor.pixel.system.phenotype.Perf__kswapd_experiment=""
+    # Value is from device/google/zumapro/conf/init.zumapro.soc.rc
+    write /sys/kernel/vendor_mm/kswapd_cpu_affinity 7f