From e85971058fa5c7731bfc644a7fe858b43b599f2d Mon Sep 17 00:00:00 2001 From: Devika Krishnadas Date: Tue, 13 Feb 2024 23:42:09 +0000 Subject: [PATCH 1/4] Add Gralloc Flags Bug: 267352318 Bug: 319170642 Test: Boots to home with Gralloc4 and Gralloc5 Change-Id: Ic316408e7d83b67f21e94fec3f9cb2fea52512c2 Signed-off-by: Devika Krishnadas --- gpu/gpu.mk | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/gpu/gpu.mk b/gpu/gpu.mk index d1c3a6d..b87e7ad 100644 --- a/gpu/gpu.mk +++ b/gpu/gpu.mk @@ -1,3 +1,16 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gpu/sepolicy PRODUCT_PACKAGES += gpu_probe + +USE_MAPPER5 := false + +PRODUCT_PACKAGES += pixel_gralloc_allocator +PRODUCT_PACKAGES += pixel_gralloc_mapper + +ifeq ($(USE_MAPPER5), true) +$(call soong_config_set,arm_gralloc,mapper_version,mapper5) +$(call soong_config_set,aion_buffer,mapper_version,mapper5) +else +$(call soong_config_set,arm_gralloc,mapper_version,mapper4) +$(call soong_config_set,aion_buffer,mapper_version,mapper4) +endif From 3b682abda5b0d3a55a55d13ffc8b85bd9040a325 Mon Sep 17 00:00:00 2001 From: Shinru Han Date: Mon, 26 Feb 2024 02:57:50 +0000 Subject: [PATCH 2/4] Allow gnssd set gps property avc: denied { write } for name="property_service" dev="tmpfs" ino=837 scontext=u:r:gnssd:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 Bug: 320577795 Test: on-device Change-Id: I77c02d9754c8ccd66d8cc889fd361de0fc20e09d --- gps/lsi/sepolicy/gnssd.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gps/lsi/sepolicy/gnssd.te b/gps/lsi/sepolicy/gnssd.te index 8450253..42c974e 100644 --- a/gps/lsi/sepolicy/gnssd.te +++ b/gps/lsi/sepolicy/gnssd.te @@ -25,3 +25,6 @@ get_prop(gnssd, bootanim_system_prop) allow gnssd sysfs_soc:file r_file_perms; allow gnssd sysfs_gps:file rw_file_perms; + +# Allow gnssd to set GPS property +set_prop(gnssd, vendor_gps_prop) From 57384abb7e75807b094b9201057310b85e415dc5 Mon Sep 17 00:00:00 2001 From: Mark Chang Date: Mon, 19 Feb 2024 06:12:11 +0000 Subject: [PATCH 3/4] Move sepolicy files from hardware/google/pixel-sepolicy. Bug: 325422902 Test: Manual, system booted without sepolicy denied error. Change-Id: I10d20c0b79acf938bd41dcd640a716369ecf779b Signed-off-by: Mark Chang --- touch/twoshay/sepolicy/device.te | 1 + touch/twoshay/sepolicy/dumpstate.te | 2 ++ touch/twoshay/sepolicy/file_contexts | 2 ++ .../twoshay/sepolicy/hal_dumpstate_default.te | 2 ++ touch/twoshay/sepolicy/platform_app.te | 4 +++ touch/twoshay/sepolicy/service.te | 3 +++ touch/twoshay/sepolicy/service_contexts | 3 +++ .../sepolicy/touchflow_debug/file_contexts | 2 ++ touch/twoshay/sepolicy/twoshay.te | 27 +++++++++++++++++++ touch/twoshay/twoshay.mk | 3 +++ 10 files changed, 49 insertions(+) create mode 100644 touch/twoshay/sepolicy/device.te create mode 100644 touch/twoshay/sepolicy/dumpstate.te create mode 100644 touch/twoshay/sepolicy/file_contexts create mode 100644 touch/twoshay/sepolicy/hal_dumpstate_default.te create mode 100644 touch/twoshay/sepolicy/platform_app.te create mode 100644 touch/twoshay/sepolicy/service.te create mode 100644 touch/twoshay/sepolicy/service_contexts create mode 100644 touch/twoshay/sepolicy/touchflow_debug/file_contexts create mode 100644 touch/twoshay/sepolicy/twoshay.te create mode 100644 touch/twoshay/twoshay.mk diff --git a/touch/twoshay/sepolicy/device.te b/touch/twoshay/sepolicy/device.te new file mode 100644 index 0000000..d3ce622 --- /dev/null +++ b/touch/twoshay/sepolicy/device.te @@ -0,0 +1 @@ +type touch_offload_device, dev_type; diff --git a/touch/twoshay/sepolicy/dumpstate.te b/touch/twoshay/sepolicy/dumpstate.te new file mode 100644 index 0000000..90f14b8 --- /dev/null +++ b/touch/twoshay/sepolicy/dumpstate.te @@ -0,0 +1,2 @@ +allow dumpstate touch_context_service:service_manager find; +binder_call(dumpstate, twoshay) diff --git a/touch/twoshay/sepolicy/file_contexts b/touch/twoshay/sepolicy/file_contexts new file mode 100644 index 0000000..09728be --- /dev/null +++ b/touch/twoshay/sepolicy/file_contexts @@ -0,0 +1,2 @@ +/dev/touch_offload u:object_r:touch_offload_device:s0 +/vendor/bin/twoshay u:object_r:twoshay_exec:s0 diff --git a/touch/twoshay/sepolicy/hal_dumpstate_default.te b/touch/twoshay/sepolicy/hal_dumpstate_default.te new file mode 100644 index 0000000..81edc36 --- /dev/null +++ b/touch/twoshay/sepolicy/hal_dumpstate_default.te @@ -0,0 +1,2 @@ +allow hal_dumpstate_default touch_context_service:service_manager find; +binder_call(hal_dumpstate_default, twoshay) diff --git a/touch/twoshay/sepolicy/platform_app.te b/touch/twoshay/sepolicy/platform_app.te new file mode 100644 index 0000000..ac997a9 --- /dev/null +++ b/touch/twoshay/sepolicy/platform_app.te @@ -0,0 +1,4 @@ +allow platform_app gril_antenna_tuning_service:service_manager find; +allow platform_app screen_protector_detector_service:service_manager find; +allow platform_app touch_context_service:service_manager find; +binder_call(platform_app, twoshay) diff --git a/touch/twoshay/sepolicy/service.te b/touch/twoshay/sepolicy/service.te new file mode 100644 index 0000000..4aa064d --- /dev/null +++ b/touch/twoshay/sepolicy/service.te @@ -0,0 +1,3 @@ +type gril_antenna_tuning_service, service_manager_type, hal_service_type; +type screen_protector_detector_service, service_manager_type, hal_service_type; +type touch_context_service, service_manager_type, hal_service_type; diff --git a/touch/twoshay/sepolicy/service_contexts b/touch/twoshay/sepolicy/service_contexts new file mode 100644 index 0000000..f6aa1db --- /dev/null +++ b/touch/twoshay/sepolicy/service_contexts @@ -0,0 +1,3 @@ +com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0 +com.google.input.algos.gril.IGrilAntennaTuningService/default u:object_r:gril_antenna_tuning_service:s0 +com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0 diff --git a/touch/twoshay/sepolicy/touchflow_debug/file_contexts b/touch/twoshay/sepolicy/touchflow_debug/file_contexts new file mode 100644 index 0000000..17dfe62 --- /dev/null +++ b/touch/twoshay/sepolicy/touchflow_debug/file_contexts @@ -0,0 +1,2 @@ +/vendor/bin/hw/android\.hardware\.input\.processor-reflector u:object_r:hal_input_processor_default_exec:s0 +/vendor/bin/twoshay_touchflow u:object_r:twoshay_exec:s0 diff --git a/touch/twoshay/sepolicy/twoshay.te b/touch/twoshay/sepolicy/twoshay.te new file mode 100644 index 0000000..cd317a0 --- /dev/null +++ b/touch/twoshay/sepolicy/twoshay.te @@ -0,0 +1,27 @@ +type twoshay, domain; +type twoshay_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(twoshay) + +allow twoshay touch_offload_device:chr_file rw_file_perms; +allow twoshay twoshay:capability sys_nice; + +binder_use(twoshay) +add_service(twoshay, gril_antenna_tuning_service) +add_service(twoshay, screen_protector_detector_service) +add_service(twoshay, touch_context_service) + +binder_call(twoshay, platform_app) + +allow twoshay fwk_stats_service:service_manager find; +binder_call(twoshay, stats_service_server) + +# Allow dumpsys output in bugreports. +allow twoshay dumpstate:fd use; +allow twoshay dumpstate:fifo_file write; + +# b/198755236 +dontaudit twoshay twoshay:capability dac_override; + +# b/226830650 +dontaudit twoshay boot_status_prop:file read; diff --git a/touch/twoshay/twoshay.mk b/touch/twoshay/twoshay.mk new file mode 100644 index 0000000..20bf1ba --- /dev/null +++ b/touch/twoshay/twoshay.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/twoshay/sepolicy +PRODUCT_PACKAGES += twoshay +PRODUCT_SOONG_NAMESPACES += vendor/google/input/twoshay From d2dc2ff3b89dab1138c2bc63b8f3ba86e3208113 Mon Sep 17 00:00:00 2001 From: YiHo Cheng Date: Tue, 27 Feb 2024 07:49:46 +0000 Subject: [PATCH 4/4] gs-common:thermal: Add thermal owner file Bug: 327096037 Test: build Change-Id: I5ec3640c5cc6f66e53d5cbedacd68bc2c6b3cc22 --- thermal/OWNERS | 1 + 1 file changed, 1 insertion(+) create mode 100644 thermal/OWNERS diff --git a/thermal/OWNERS b/thermal/OWNERS new file mode 100644 index 0000000..5538b5f --- /dev/null +++ b/thermal/OWNERS @@ -0,0 +1 @@ +include platform/hardware/google/pixel:/thermal/OWNERS