From 1ea1cff89a0eee47ad780923bae64a902a9b6a07 Mon Sep 17 00:00:00 2001 From: Poomarin Phloyphisut Date: Mon, 5 Aug 2024 11:11:03 +0000 Subject: [PATCH 01/87] [USB Audio] Fix SEPolicy issue Error: avc: denied { search } for name="01" dev="debugfs" ino=927573 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:vendor_usb_debugfs:s0 tclass=dir permissive=0 Bug: 342060153 Test: Local Test. Flag: EXEMPT bugfix Change-Id: I29a73a202b239cf37dc53ccf3ef83df3b693e717 --- audio/sepolicy/common/hal_audio_default.te | 1 + 1 file changed, 1 insertion(+) diff --git a/audio/sepolicy/common/hal_audio_default.te b/audio/sepolicy/common/hal_audio_default.te index fac4f1a..6637951 100644 --- a/audio/sepolicy/common/hal_audio_default.te +++ b/audio/sepolicy/common/hal_audio_default.te @@ -14,6 +14,7 @@ allow hal_audio_default amcs_device:chr_file rw_file_perms; allow hal_audio_default sysfs_pixelstats:file rw_file_perms; allow hal_audio_default sysfs_extcon:dir search; allow hal_audio_default sysfs_extcon:file r_file_perms; +allow hal_audio_default vendor_usb_debugfs:dir search; #allow access to aoc and kernel boottime allow hal_audio_default sysfs_aoc:dir { search }; From 15c9c33a4626a01e0d22d8f7ac55487304ad21aa Mon Sep 17 00:00:00 2001 From: David Li Date: Fri, 13 Sep 2024 10:03:50 +0000 Subject: [PATCH 02/87] audio: add soong configs for debugging Bug: 357140465 Test: mm Flag: EXEMPT bugfix Change-Id: Ib5f229135ccde98b21c6fde8efd9b9121b2a0159 --- audio/aidl.mk | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/audio/aidl.mk b/audio/aidl.mk index e06ac0b..7dd56bc 100644 --- a/audio/aidl.mk +++ b/audio/aidl.mk @@ -27,4 +27,11 @@ PRODUCT_PROPERTY_OVERRIDES += \ PRODUCT_SYSTEM_EXT_PROPERTIES += \ ro.audio.ihaladaptervendorextension_enabled=true +ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT))) +$(call soong_config_set,aoc_audio_func,dump_usecase_data,true) +$(call soong_config_set,aoc_audio_func,hal_socket_control,true) +$(call soong_config_set,aoc_audio_func,record_tuning_keys,true) +$(call soong_config_set,aoc_audio_func,aidl_command_interface,true) +endif + $(call soong_config_set,pixel_audio_hal_type,aidl_build,true) From 617a80e659ff25d55638e19035e472607c980549 Mon Sep 17 00:00:00 2001 From: Safayat Ullah Date: Tue, 10 Sep 2024 10:04:08 +0000 Subject: [PATCH 03/87] display-dump: use generic panel path Bug: 364795380 Test: adb bugreport Flag: EXEMPT bugfix Change-Id: I10f55a3ffb5daf6bf72d80473ba3af23b85a5120 --- display/dump_display.cpp | 12 ++++++------ display/dump_second_display.cpp | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/display/dump_display.cpp b/display/dump_display.cpp index 2df6b4b..f57a134 100644 --- a/display/dump_display.cpp +++ b/display/dump_display.cpp @@ -16,15 +16,15 @@ #include #include - int main() { setbuf(stdout, NULL); dumpFileContent("DECON-0 counters /sys/class/drm/card0/device/decon0/counters", "/sys/class/drm/card0/device/decon0/counters"); dumpFileContent("CRTC-0 event log", "/sys/kernel/debug/dri/0/crtc-0/event"); runCommand("libdisplaycolor", "/vendor/bin/dumpsys displaycolor -v"); - dumpFileContent("Primary panel name", "/sys/devices/platform/exynos-drm/primary-panel/panel_name"); - dumpFileContent("Primary panel extra info", "/sys/devices/platform/exynos-drm/primary-panel/panel_extinfo"); - dumpFileContent("Primary panel power Vreg", "/sys/devices/platform/exynos-drm/primary-panel/panel_pwr_vreg"); - dumpFileContent("Primary panel power mode register", "/sys/devices/platform/exynos-drm/primary-panel/power_mode"); + + dumpFileContent("Primary panel name", "/sys/class/drm/card0/device/primary-panel/panel_name"); + dumpFileContent("Primary panel extra info", "/sys/class/drm/card0/device/primary-panel/panel_extinfo"); + dumpFileContent("Primary panel power Vreg", "/sys/class/drm/card0/device/primary-panel/panel_pwr_vreg"); + dumpFileContent("Primary panel power mode register", "/sys/class/drm/card0/device/primary-panel/power_mode"); return 0; -} \ No newline at end of file +} diff --git a/display/dump_second_display.cpp b/display/dump_second_display.cpp index 80ea909..9590c7f 100644 --- a/display/dump_second_display.cpp +++ b/display/dump_second_display.cpp @@ -18,9 +18,9 @@ int main() { dumpFileContent("DECON-1 counters /sys/class/drm/card0/device/decon1/counters", "/sys/class/drm/card0/device/decon1/counters"); dumpFileContent("CRTC-1 event log", "/sys/kernel/debug/dri/0/crtc-1/event"); - dumpFileContent("Secondary panel name", "/sys/devices/platform/exynos-drm/secondary-panel/panel_name"); - dumpFileContent("Secondary panel extra info", "/sys/devices/platform/exynos-drm/secondary-panel/panel_extinfo"); - dumpFileContent("Secondary panel power mode register", "/sys/devices/platform/exynos-drm/secondary-panel/power_mode"); + + dumpFileContent("Secondary panel name", "/sys/class/drm/card0/device/secondary-panel/panel_name"); + dumpFileContent("Secondary panel extra info", "/sys/class/drm/card0/device/secondary-panel/panel_extinfo"); + dumpFileContent("Secondary panel power mode register", "/sys/class/drm/card0/device/secondary-panel/power_mode"); return 0; } - From c398fe11da07c1045fc71322ffb814c258846909 Mon Sep 17 00:00:00 2001 From: Kiwon Park Date: Fri, 27 Sep 2024 16:44:38 +0000 Subject: [PATCH 04/87] Allow gmscore to read setupwizard_feature_prop Bug: 369682921 Change-Id: I7d893ee8785be326e98df57bc06396f7e10d2b01 Test: test bootstrap transfer Flag: EXEMPT bugfix --- esim/sepolicy/system_ext/private/gmscore_app.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/esim/sepolicy/system_ext/private/gmscore_app.te b/esim/sepolicy/system_ext/private/gmscore_app.te index 90bc371..4dc1639 100644 --- a/esim/sepolicy/system_ext/private/gmscore_app.te +++ b/esim/sepolicy/system_ext/private/gmscore_app.te @@ -1,2 +1,2 @@ # Allow to read setupwizard_feature_prop -get_prop(priv_app, setupwizard_feature_prop) +get_prop(gmscore_app, setupwizard_feature_prop) From d36b2b709b90c1113c9ddf58b06fafe37c11e9fe Mon Sep 17 00:00:00 2001 From: Ravi Jain Date: Mon, 30 Sep 2024 08:35:31 +0000 Subject: [PATCH 05/87] vibrator: Add vibrator HAL flags Move the HAL vibrator Flags temporarily from hardware/google/pixel. Bug: 362659323 Test: Build Pass Flag: EXEMPT refactor Change-Id: Id51defdb09c1d912b991cada5c413b66c8501df7 --- vibrator/flags/Android.bp | 43 ++++++++++++++++++++++++++++ vibrator/flags/VibratorFlags.aconfig | 10 +++++++ 2 files changed, 53 insertions(+) create mode 100644 vibrator/flags/Android.bp create mode 100644 vibrator/flags/VibratorFlags.aconfig diff --git a/vibrator/flags/Android.bp b/vibrator/flags/Android.bp new file mode 100644 index 0000000..0b36aee --- /dev/null +++ b/vibrator/flags/Android.bp @@ -0,0 +1,43 @@ +// +// Copyright (C) 2024 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +aconfig_declarations { + name: "VibratorFlagsL26", + package: "vendor.vibrator.hal.flags", + container: "vendor", + exportable: true, + srcs: ["VibratorFlags.aconfig"], +} + +cc_aconfig_library { + name: "PixelVibratorFlagsL26", + aconfig_declarations: "VibratorFlagsL26", + vendor_available: true, + visibility: [ + "//vendor:__subpackages__", + "//device/google/felix:__subpackages__", + ], +} + +java_aconfig_library { + name: "PixelVibratorFlagsL26_java", + aconfig_declarations: "VibratorFlagsL26", + mode: "exported", + visibility: ["//vendor:__subpackages__"], +} diff --git a/vibrator/flags/VibratorFlags.aconfig b/vibrator/flags/VibratorFlags.aconfig new file mode 100644 index 0000000..ec6e2d4 --- /dev/null +++ b/vibrator/flags/VibratorFlags.aconfig @@ -0,0 +1,10 @@ +package: "vendor.vibrator.hal.flags" +container: "vendor" + +flag { + name: "remove_capo" + namespace: "vibrator" + is_exported: true + description: "This flag controls the removal of utilizing Capo at the HAL level" + bug: "290223630" +} From 7d245967c13c775b60d4a420a439c8c7ff05f2a1 Mon Sep 17 00:00:00 2001 From: Ravi Jain Date: Fri, 8 Mar 2024 09:13:38 +0000 Subject: [PATCH 06/87] dumpstate: touch: Add touch_predump for stm 10-01 21:39:00.372 11262 11262 I sh : type=1400 audit(0.0:20): avc: denied { write } for name="driver_test" dev="proc" ino=4026536282 scontext=u:r:predump_touch:s0 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 10-01 21:39:00.432 11265 11265 I cat : type=1400 audit(0.0:22): avc: denied { search } for name="spi20.0" dev="sysfs" ino=55787 scontext=u:r:predump_touch:s0 tcontext=u:object_r:sysfs_touch:s0 tclass=dir permissive=1 10-01 21:39:00.444 11262 11262 I sh : type=1400 audit(0.0:25): avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=112798 scontext=u:r:predump_touch:s0 tcontext=u:object_r:sysfs_touch:s0 tclass=file permissive=1 Test: b/318578275 Test: Flash on dogfood device and check touch dump logs Bug: 287907308 Flag: EXEMPT bugfix Change-Id: I9dade94f96879a269b5db2ebbe9595ea0e099acc --- touch/stm/Android.bp | 7 +++++++ touch/stm/predump_sepolicy/file.te | 3 +++ touch/stm/predump_sepolicy/file_contexts | 2 ++ touch/stm/predump_sepolicy/genfs_contexts | 7 +++++++ touch/stm/predump_sepolicy/predump_touch.te | 6 ++++++ touch/stm/predump_sepolicy/property.te | 2 ++ touch/stm/predump_sepolicy/property_contexts | 2 ++ touch/stm/predump_sepolicy/vendor_init.te | 2 ++ touch/stm/predump_stm20.mk | 6 ++++++ touch/stm/predump_stm6.mk | 6 ++++++ 10 files changed, 43 insertions(+) create mode 100644 touch/stm/predump_sepolicy/file.te create mode 100644 touch/stm/predump_sepolicy/file_contexts create mode 100644 touch/stm/predump_sepolicy/genfs_contexts create mode 100644 touch/stm/predump_sepolicy/predump_touch.te create mode 100644 touch/stm/predump_sepolicy/property.te create mode 100644 touch/stm/predump_sepolicy/property_contexts create mode 100644 touch/stm/predump_sepolicy/vendor_init.te create mode 100644 touch/stm/predump_stm20.mk create mode 100644 touch/stm/predump_stm6.mk diff --git a/touch/stm/Android.bp b/touch/stm/Android.bp index 1727f07..0d64fd6 100644 --- a/touch/stm/Android.bp +++ b/touch/stm/Android.bp @@ -8,3 +8,10 @@ sh_binary { vendor: true, sub_dir: "dump", } + +sh_binary { + name: "predump_stm.sh", + src: "dump_stm.sh", + vendor: true, + sub_dir: "dump_touch", +} diff --git a/touch/stm/predump_sepolicy/file.te b/touch/stm/predump_sepolicy/file.te new file mode 100644 index 0000000..7f298c3 --- /dev/null +++ b/touch/stm/predump_sepolicy/file.te @@ -0,0 +1,3 @@ +# touch predump script +type proc_touch, proc_type, fs_type; +type sysfs_touch, sysfs_type, fs_type; diff --git a/touch/stm/predump_sepolicy/file_contexts b/touch/stm/predump_sepolicy/file_contexts new file mode 100644 index 0000000..2667543 --- /dev/null +++ b/touch/stm/predump_sepolicy/file_contexts @@ -0,0 +1,2 @@ +/vendor/bin/dump_touch/predump_stm\.sh u:object_r:predump_touch_exec:s0 + diff --git a/touch/stm/predump_sepolicy/genfs_contexts b/touch/stm/predump_sepolicy/genfs_contexts new file mode 100644 index 0000000..2ed8978 --- /dev/null +++ b/touch/stm/predump_sepolicy/genfs_contexts @@ -0,0 +1,7 @@ +genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0 u:object_r:sysfs_touch:s0 +genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0 u:object_r:sysfs_touch:s0 +genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0 + +genfscon proc /fts/driver_test u:object_r:proc_touch:s0 +genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0 + diff --git a/touch/stm/predump_sepolicy/predump_touch.te b/touch/stm/predump_sepolicy/predump_touch.te new file mode 100644 index 0000000..f0f458c --- /dev/null +++ b/touch/stm/predump_sepolicy/predump_touch.te @@ -0,0 +1,6 @@ +# touch predump script +allow predump_touch proc_touch:file rw_file_perms; +allow predump_touch sysfs_touch:dir search; +allow predump_touch sysfs_touch:file rw_file_perms; + +get_prop(predump_touch vendor_touch_dump_path_prop) diff --git a/touch/stm/predump_sepolicy/property.te b/touch/stm/predump_sepolicy/property.te new file mode 100644 index 0000000..612c855 --- /dev/null +++ b/touch/stm/predump_sepolicy/property.te @@ -0,0 +1,2 @@ +# touch predump script +vendor_internal_prop(vendor_touch_dump_path_prop) diff --git a/touch/stm/predump_sepolicy/property_contexts b/touch/stm/predump_sepolicy/property_contexts new file mode 100644 index 0000000..db9fd5a --- /dev/null +++ b/touch/stm/predump_sepolicy/property_contexts @@ -0,0 +1,2 @@ +ro.vendor.touch.dump. u:object_r:vendor_touch_dump_path_prop:s0 + diff --git a/touch/stm/predump_sepolicy/vendor_init.te b/touch/stm/predump_sepolicy/vendor_init.te new file mode 100644 index 0000000..9017c5b --- /dev/null +++ b/touch/stm/predump_sepolicy/vendor_init.te @@ -0,0 +1,2 @@ +# touch predump script +set_prop(vendor_init, vendor_touch_dump_path_prop) diff --git a/touch/stm/predump_stm20.mk b/touch/stm/predump_stm20.mk new file mode 100644 index 0000000..cdf3e35 --- /dev/null +++ b/touch/stm/predump_stm20.mk @@ -0,0 +1,6 @@ +PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.sys=/sys/class/spi_master/spi20/spi20.0 +PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.proc=/proc/fts/driver_test + +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/stm/predump_sepolicy + +PRODUCT_PACKAGES += predump_stm.sh diff --git a/touch/stm/predump_stm6.mk b/touch/stm/predump_stm6.mk new file mode 100644 index 0000000..2cbde2c --- /dev/null +++ b/touch/stm/predump_stm6.mk @@ -0,0 +1,6 @@ +PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.sys=/sys/class/spi_master/spi6/spi6.0 +PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.proc=/proc/fts_ext/driver_test + +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/stm/predump_sepolicy + +PRODUCT_PACKAGES += predump_stm.sh From 297158486d7252b6a2acc5004c601e6cc9cb3655 Mon Sep 17 00:00:00 2001 From: Ravi Jain Date: Fri, 8 Mar 2024 09:14:09 +0000 Subject: [PATCH 07/87] dumpstate: touch: Add touch_predump for focaltech 10-01 21:39:00.372 11262 11262 I sh : type=1400 audit(0.0:20): avc: denied { write } for name="driver_test" dev="proc" ino=4026536282 scontext=u:r:predump_touch:s0 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 10-01 21:40:03.076 6244 6244 I sh : type=1400 audit(0.0:21): avc: denied { search } for name="focaltech_touch" dev="proc" ino=4026535873 scontext=u:r:predump_touch:s0 tcontext=u:object_r:proc_touch:s0 tclass=dir permissive=1 Test: b/318578275 Test: Flash on dogfood device and check touch dump logs Bug: 287907308 Flag: EXEMPT bugfix Change-Id: I1652ecc1054b50946159d4c3c0f3995cefa896f5 --- touch/focaltech/Android.bp | 8 ++++++++ touch/focaltech/predump_focaltech.mk | 3 +++ touch/focaltech/predump_sepolicy/file.te | 2 ++ touch/focaltech/predump_sepolicy/file_contexts | 2 ++ touch/focaltech/predump_sepolicy/genfs_contexts | 3 +++ touch/focaltech/predump_sepolicy/predump_touch.te | 3 +++ 6 files changed, 21 insertions(+) create mode 100644 touch/focaltech/predump_focaltech.mk create mode 100644 touch/focaltech/predump_sepolicy/file.te create mode 100644 touch/focaltech/predump_sepolicy/file_contexts create mode 100644 touch/focaltech/predump_sepolicy/genfs_contexts create mode 100644 touch/focaltech/predump_sepolicy/predump_touch.te diff --git a/touch/focaltech/Android.bp b/touch/focaltech/Android.bp index ebaa308..0b53132 100644 --- a/touch/focaltech/Android.bp +++ b/touch/focaltech/Android.bp @@ -9,3 +9,11 @@ sh_binary { vendor: true, sub_dir: "dump", } + +sh_binary { + name: "predump_focaltech.sh", + src: "dump_focaltech.sh", + init_rc: ["init.touch.rc"], + vendor: true, + sub_dir: "dump_touch", +} diff --git a/touch/focaltech/predump_focaltech.mk b/touch/focaltech/predump_focaltech.mk new file mode 100644 index 0000000..aff76bc --- /dev/null +++ b/touch/focaltech/predump_focaltech.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/focaltech/predump_sepolicy + +PRODUCT_PACKAGES += predump_focaltech.sh diff --git a/touch/focaltech/predump_sepolicy/file.te b/touch/focaltech/predump_sepolicy/file.te new file mode 100644 index 0000000..696f244 --- /dev/null +++ b/touch/focaltech/predump_sepolicy/file.te @@ -0,0 +1,2 @@ +# touch predump script +type proc_touch, proc_type, fs_type; diff --git a/touch/focaltech/predump_sepolicy/file_contexts b/touch/focaltech/predump_sepolicy/file_contexts new file mode 100644 index 0000000..517895b --- /dev/null +++ b/touch/focaltech/predump_sepolicy/file_contexts @@ -0,0 +1,2 @@ +/vendor/bin/dump/predump_focaltech\.sh u:object_r:predump_touch_exec:s0 + diff --git a/touch/focaltech/predump_sepolicy/genfs_contexts b/touch/focaltech/predump_sepolicy/genfs_contexts new file mode 100644 index 0000000..2ac9314 --- /dev/null +++ b/touch/focaltech/predump_sepolicy/genfs_contexts @@ -0,0 +1,3 @@ +genfscon proc /focaltech_touch u:object_r:proc_touch:s0 + + diff --git a/touch/focaltech/predump_sepolicy/predump_touch.te b/touch/focaltech/predump_sepolicy/predump_touch.te new file mode 100644 index 0000000..c34ba49 --- /dev/null +++ b/touch/focaltech/predump_sepolicy/predump_touch.te @@ -0,0 +1,3 @@ +# touch predump script +allow predump_touch proc_touch:dir search; +allow predump_touch proc_touch:file rw_file_perms; From 1d9653d8c10dfff7c391d0f4248389c2711b14f3 Mon Sep 17 00:00:00 2001 From: Ernie Hsu Date: Wed, 2 Oct 2024 03:49:39 +0000 Subject: [PATCH 08/87] Add common lib for libgc2 encoders and decoders Flag: EXEMPT refactor Bug: 369762843 Change-Id: Ia971c1cc7dd9c67d147cf6e173772a5bfbfd2cef --- mediacodec/vpu/mediacodec_google.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mediacodec/vpu/mediacodec_google.mk b/mediacodec/vpu/mediacodec_google.mk index 8c1e974..3984501 100644 --- a/mediacodec/vpu/mediacodec_google.mk +++ b/mediacodec/vpu/mediacodec_google.mk @@ -7,10 +7,12 @@ PRODUCT_PACKAGES += \ libgc2_vdi_vpu \ libgc2_log \ libgc2_utils \ + libgc2_dec \ libgc2_av1_dec \ libgc2_vp9_dec \ libgc2_hevc_dec \ libgc2_avc_dec \ + libgc2_enc \ libgc2_av1_enc \ libgc2_hevc_enc \ libgc2_avc_enc \ From 3c88c195812e38e6535a5ccb42f39609200e2887 Mon Sep 17 00:00:00 2001 From: sienna Date: Tue, 3 Sep 2024 09:16:43 +0000 Subject: [PATCH 09/87] Update AIDL to v4. Bug: 361494448 Test: atest vts_treble_vintf_vendor_test Flag: EXEMPT update aidl Change-Id: I6883ad8fdb5cadc44e8e59fc50642fc24532cff9 --- audio/aidl/device_framework_matrix_product.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audio/aidl/device_framework_matrix_product.xml b/audio/aidl/device_framework_matrix_product.xml index 0e7e998..11f01c7 100644 --- a/audio/aidl/device_framework_matrix_product.xml +++ b/audio/aidl/device_framework_matrix_product.xml @@ -9,7 +9,7 @@ vendor.google.whitechapel.audio.extension - 3 + 4 IAudioExtension default From 1822201a0c6a91d84627c6b59fcd21b223285dac Mon Sep 17 00:00:00 2001 From: samou Date: Fri, 4 Oct 2024 08:41:51 +0000 Subject: [PATCH 10/87] sepolicy: remove irregular policy Flag: EXEMPT refactor Bug: 364989823 Change-Id: I4cced2ae29591425a5bfcb971be6bd2db6b19c66 Signed-off-by: samou --- .../sepolicy/vendor/dumpstate.te | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/battery_mitigation/sepolicy/vendor/dumpstate.te b/battery_mitigation/sepolicy/vendor/dumpstate.te index bb84ff2..b3bb1d4 100644 --- a/battery_mitigation/sepolicy/vendor/dumpstate.te +++ b/battery_mitigation/sepolicy/vendor/dumpstate.te @@ -1,21 +1,3 @@ # To call battery_mitigation hal allow dumpstate hal_battery_mitigation_service:service_manager find; binder_call(dumpstate, battery_mitigation); - -allow hal_dumpstate_default sysfs_acpm_stats:dir { read open search }; -allow hal_dumpstate_default sysfs_acpm_stats:file { read open getattr }; -allow hal_dumpstate_default sysfs_cpu:file { read open getattr }; -allow hal_dumpstate_default sysfs_batteryinfo:dir { read open search }; -allow hal_dumpstate_default sysfs_batteryinfo:file { read open getattr }; -allow hal_dumpstate_default logbuffer_device:chr_file { read open getattr }; -allow hal_dumpstate_default mitigation_vendor_data_file:file { read open getattr }; -allow hal_dumpstate_default mitigation_vendor_data_file:dir { search }; -allow hal_dumpstate_default sysfs_bcl:dir { read open search }; -allow hal_dumpstate_default sysfs_bcl:file { read open getattr }; -allow hal_dumpstate_default vendor_file:file { execute_no_trans }; -allow hal_dumpstate_default battery_history_device:chr_file { read }; - - -userdebug_or_eng(` - allow hal_dumpstate_default vendor_pm_genpd_debugfs:file { read open getattr }; -') From 0379e1a2b834867e10ddce54c2d6111a9a4ef242 Mon Sep 17 00:00:00 2001 From: Taylor Nelms Date: Fri, 27 Sep 2024 20:33:30 +0000 Subject: [PATCH 11/87] display: add pixel display trace to bugreport AVC error log justifications: [ 1198.907014] type=1400 audit(1728067746.876:2074): avc: denied { search } for comm="cat" name="instances" dev="tracefs" ino=4194 scontext=u:r:dump_display_userdebug:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1 [ 1198.908565] type=1400 audit(1728067746.876:2075): avc: denied { read } for comm="cat" name="trace" dev="tracefs" ino=167692 scontext=u:r:dump_display_userdebug:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1 [ 1198.909716] type=1400 audit(1728067746.876:2076): avc: denied { open } for comm="cat" path="/sys/kernel/tracing/instances/pixel-display/trace" dev="tracefs" ino=167692 scontext=u:r:dump_display_userdebug:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1 Bug: 369099258 Test: pixel display trace visible in bugreport Flag: EXEMPT bugfix Change-Id: I53f9340aee155d1ff0d0c0bc2db45e6bd77f342a Signed-off-by: Taylor Nelms --- display/dump_display_userdebug.sh | 4 ++++ display/sepolicy/dump_display.te | 1 + display/sepolicy/dump_display_userdebug.te | 3 +++ 3 files changed, 8 insertions(+) diff --git a/display/dump_display_userdebug.sh b/display/dump_display_userdebug.sh index b66a4fe..84b7311 100644 --- a/display/dump_display_userdebug.sh +++ b/display/dump_display_userdebug.sh @@ -1,4 +1,8 @@ #!/vendor/bin/sh +display_trace_path="/sys/kernel/tracing/instances/pixel-display/trace" +echo "------ Display Trace ($display_trace_path)------" +cat $display_trace_path + echo "------ HWC Fence States ------" for f in $(ls /data/vendor/log/hwc/*_hwc_fence_state*.txt) do diff --git a/display/sepolicy/dump_display.te b/display/sepolicy/dump_display.te index b8fd1b8..3e2cb69 100644 --- a/display/sepolicy/dump_display.te +++ b/display/sepolicy/dump_display.te @@ -1,3 +1,4 @@ +# Display (dump for bugreport) pixel_bugreport(dump_display) allow dump_display sysfs_display:file r_file_perms; diff --git a/display/sepolicy/dump_display_userdebug.te b/display/sepolicy/dump_display_userdebug.te index a3f83bb..c08fb29 100644 --- a/display/sepolicy/dump_display_userdebug.te +++ b/display/sepolicy/dump_display_userdebug.te @@ -1,3 +1,4 @@ +# Display eng/userdebug (dump for bugreport) pixel_bugreport(dump_display_userdebug) userdebug_or_eng(` @@ -5,4 +6,6 @@ userdebug_or_eng(` allow dump_display_userdebug vendor_log_file:dir search; allow dump_display_userdebug vendor_hwc_log_file:dir r_dir_perms; allow dump_display_userdebug vendor_hwc_log_file:file r_file_perms; + allow dump_display_userdebug debugfs_tracing_instances:dir search; + allow dump_display_userdebug debugfs_tracing_instances:file r_file_perms; ') From 21b3ed1922aafdcce305e21962362aee2d328696 Mon Sep 17 00:00:00 2001 From: Super Liu Date: Mon, 16 Sep 2024 01:56:49 +0000 Subject: [PATCH 12/87] touch: Support SW_LID event from sensor HAL Bug: 353360211 Flag: EXEMPT bugfix Test: Manual local test. Change-Id: Ie071f0aaf19956f1a472693baf19cbeb0c73b186 Signed-off-by: Super Liu --- touch/gti/sepolicy/hal_sensors_default.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 touch/gti/sepolicy/hal_sensors_default.te diff --git a/touch/gti/sepolicy/hal_sensors_default.te b/touch/gti/sepolicy/hal_sensors_default.te new file mode 100644 index 0000000..37b93fd --- /dev/null +++ b/touch/gti/sepolicy/hal_sensors_default.te @@ -0,0 +1,2 @@ +# Support SW_LID event from SensorHAL to configure touch input and gesture +set_prop(hal_sensors_default, vendor_gti_prop) From f24bfe8ca3703d0013735e67ddb942b05f893034 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 7 Oct 2024 03:48:06 +0000 Subject: [PATCH 13/87] ban hal_dumpstate_default from execute_no_trans It keeps people from using my domain to do random things, which causes VTS failure like b/364989823. Bug: 371497180 Test: build pass and adb bugreport build fail when ag/28359861 is around. Change-Id: I438bf2b026718a46bb841ab5e656d11eec630960 --- gear/dumpstate/sepolicy/hal_dumpstate_default.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gear/dumpstate/sepolicy/hal_dumpstate_default.te b/gear/dumpstate/sepolicy/hal_dumpstate_default.te index 06ebb75..e0f0b09 100644 --- a/gear/dumpstate/sepolicy/hal_dumpstate_default.te +++ b/gear/dumpstate/sepolicy/hal_dumpstate_default.te @@ -5,3 +5,8 @@ allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms; allow hal_dumpstate_default shell_data_file:file getattr; set_prop(hal_dumpstate_default, vendor_logger_prop) +# All dumps that are executed via hal_dumpstate_default should use their +# own domain to request their permissions to achieve compartmentalization. +# go/pixel-bugreport has examples on how to do that. +neverallow hal_dumpstate_default { vendor_file_type -vendor_toolbox_exec }:file execute_no_trans; + From 0af034bf9f1066b190124630ca655306a2156457 Mon Sep 17 00:00:00 2001 From: Ocean Chen Date: Mon, 7 Oct 2024 14:48:56 +0800 Subject: [PATCH 14/87] storage: Defer blkio class configuration Move blkio class configuration from on init to on property:sys.boot_completed=1. This improves I/O balance between foreground and background processes during boot, as many background processes compete for I/O resources at that time. Deferring the configuration ensures a smoother user experience by prioritizing foreground processes. Bug: 364960533 Test: forrest build and test on felix Change-Id: If15343d4d96d55032618a4611bf9fdf47105c974 --- storage/init.storage.rc | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/storage/init.storage.rc b/storage/init.storage.rc index 9e4acd4..77057cd 100644 --- a/storage/init.storage.rc +++ b/storage/init.storage.rc @@ -1,11 +1,3 @@ -on init - # Make foreground and background I/O priority different. none-to-rt was - # introduced in kernel 5.14. promote-to-rt was introduced in kernel 6.5. - # Write none-to-rt first and promote-to-rt next to support both older and - # newer kernel versions. - write /dev/blkio/blkio.prio.class none-to-rt - write /dev/blkio/blkio.prio.class promote-to-rt - on property:ro.build.type=userdebug write /dev/sys/block/bootdevice/pixel/enable_pixel_ufs_logging 1 chown system /dev/sg3 @@ -44,6 +36,13 @@ on init write /dev/sys/block/bootdevice/clkgate_enable 0 on property:sys.boot_completed=1 + # Make foreground and background I/O priority different. none-to-rt was + # introduced in kernel 5.14. promote-to-rt was introduced in kernel 6.5. + # Write none-to-rt first and promote-to-rt next to support both older and + # newer kernel versions. + write /dev/blkio/blkio.prio.class none-to-rt + write /dev/blkio/blkio.prio.class promote-to-rt + # Health Storage HAL chown system system /dev/sys/block/bootdevice/manual_gc From df68b9bc589a3a0af59155a442ad019be2b5ae2b Mon Sep 17 00:00:00 2001 From: timmyli Date: Mon, 7 Oct 2024 09:40:24 +0000 Subject: [PATCH 15/87] Add permission for mediacodec to bindercall camera hal Bug: 370903762 Test: local test to check permissions Flag: EXEMPT bug fix 10-07 01:54:59.328000 1046 768 768 I auditd : type=1400 audit(0.0:1920): avc: denied { call } for comm="binder:768_A" scontext=u:r:mediacodec_google:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=0 10-07 01:54:59.328000 1046 768 768 W binder:768_A: type=1400 audit(0.0:1920): avc: denied { call } for scontext=u:r:mediacodec_google:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=0 Change-Id: I437df92d99f0c31c0b5a1bdebc63f6bc7360ca90 --- mediacodec/vpu/sepolicy/mediacodec_google.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te index 8022675..99a3c8d 100644 --- a/mediacodec/vpu/sepolicy/mediacodec_google.te +++ b/mediacodec/vpu/sepolicy/mediacodec_google.te @@ -1,3 +1,4 @@ +# Google Mediacodec type mediacodec_google, domain; type mediacodec_google_exec, exec_type, vendor_file_type, file_type; @@ -8,6 +9,7 @@ hal_server_domain(mediacodec_google, hal_codec2) hal_client_domain(mediacodec_google, hal_graphics_allocator) add_service(mediacodec_google, eco_service) +binder_call(mediacodec_google, hal_camera_default) allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; allow mediacodec_google video_device:chr_file { read write open ioctl map }; From 93d8e4ada661b7563097d461ed1a5e1c3bf13491 Mon Sep 17 00:00:00 2001 From: Madhav Iyengar Date: Fri, 30 Aug 2024 16:19:51 +0000 Subject: [PATCH 16/87] [chre-hal-xport] Add file_contexts for new xport Bug: 369883034 Flag: android.chre.flags.refactor_hal_xport_agnostic Change-Id: I13b1a769f0f866a0b7c17d461052a6be83cc0e07 --- aoc/sepolicy/file_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts index 73293f7..778de0c 100644 --- a/aoc/sepolicy/file_contexts +++ b/aoc/sepolicy/file_contexts @@ -34,6 +34,9 @@ /dev/acd-chre_bt_offload_ctl u:object_r:aoc_device:s0 /dev/acd-chre_bt_offload_data_tx u:object_r:aoc_device:s0 /dev/acd-chre_bt_offload_data_rx u:object_r:aoc_device:s0 +/dev/acd-chre_ctl u:object_r:aoc_device:s0 +/dev/acd-chre_data_tx u:object_r:aoc_device:s0 +/dev/acd-chre_data_rx u:object_r:aoc_device:s0 # AoC vendor binaries /vendor/bin/aocd u:object_r:aocd_exec:s0 From 8af77ef94228bf37bd7be4d8db496f7084e0333d Mon Sep 17 00:00:00 2001 From: Tommy Chiu Date: Wed, 9 Oct 2024 05:05:34 +0000 Subject: [PATCH 17/87] gsc: Change the criteria for building GSC targets There can be a case where vendor directory exists but vendor/google_nos does not. Bug: 371059500 Test: manual Flag: EXEMPT refactor Change-Id: I96f429ec3284114868ad220ea308a6920930c065 --- dauntless/gsc.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dauntless/gsc.mk b/dauntless/gsc.mk index c1cf0e0..b563cc4 100644 --- a/dauntless/gsc.mk +++ b/dauntless/gsc.mk @@ -1,6 +1,6 @@ # Dauntless BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/dauntless/sepolicy -ifneq ($(wildcard vendor),) +ifneq ($(wildcard vendor/google_nos),) PRODUCT_SOONG_NAMESPACES += vendor/google_nos/init/dauntless PRODUCT_PACKAGES += \ @@ -92,4 +92,4 @@ endif $(call dist-for-goals,droid,vendor/google_nos/prebuilts/dauntless/intermediate_images/d3m2_intermediate.ec.bin) endif -endif # $(wildcard vendor) +endif # $(wildcard vendor/google_nos) From d7d26a5aec77d377ddd9782ff82684b4246a74bb Mon Sep 17 00:00:00 2001 From: Kiwon Park Date: Wed, 9 Oct 2024 23:41:33 +0000 Subject: [PATCH 18/87] Disable bootstrap for UGS devices (sold in Canada) Bug: 366072023 Change-Id: I0072d2a44bc7d5ba4c62b2410949e7378c457044 Test: m Flag: EXEMPT disabling a feature --- esim/init.esim-gs.rc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/esim/init.esim-gs.rc b/esim/init.esim-gs.rc index 291f9ee..ce27334 100644 --- a/esim/init.esim-gs.rc +++ b/esim/init.esim-gs.rc @@ -2,6 +2,10 @@ on property:ro.build.type=user && property:ro.boot.flash.locked=0 setprop setupwizard.feature.provisioning_profile_mode false +# Disable bootstrap for UGS devices +on property:ro.boot.warranty.sku=UGS + setprop setupwizard.feature.provisioning_profile_mode false + # Disable bootstrap for DVT devices shipping to non-US carriers on property:ro.boot.warranty.sku=BOF setprop setupwizard.feature.provisioning_profile_mode false From 06943763d5047578bc0af4f85966ddbcee1c1ac2 Mon Sep 17 00:00:00 2001 From: Zhengyuan Cui Date: Fri, 11 Oct 2024 00:55:53 +0000 Subject: [PATCH 19/87] Remove DBA from edgetpu.mk DBA is not used anymore. Verified dba service was there before and not there after. Flashed built image to device to check. Change-Id: I3838fcbbe3e6e2cadef81b4e2fc0d5cee60603cf Bug: 369217630 --- edgetpu/edgetpu.mk | 4 ---- 1 file changed, 4 deletions(-) diff --git a/edgetpu/edgetpu.mk b/edgetpu/edgetpu.mk index feb728f..9f7e1de 100644 --- a/edgetpu/edgetpu.mk +++ b/edgetpu/edgetpu.mk @@ -19,10 +19,6 @@ PRODUCT_PACKAGES += \ # TPU TFlite Delegate PRODUCT_PACKAGES += \ libedgetpu_util -# TPU DBA AIDL HAL service -PRODUCT_PACKAGES += com.google.edgetpu.dba-service -# TPU DBA C API library -PRODUCT_PACKAGES += libedgetpu_dba.google # TPU Tachyon HAL service PRODUCT_PACKAGES += com.google.edgetpu.tachyon-service # TPU Tachyon C API library From 2c8ec7ea440e908d7239a925a6d732e1a5ab9cef Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Wed, 16 Oct 2024 04:39:03 +0000 Subject: [PATCH 20/87] dump_gps: Support bugreport extract resource info Bug: 369971486 Flag: EXEMPT log information update. Test: Different input value in b/369971486. Test: Read the sysfs value in b/369971486. Test: Collect bugreport and check the attachment in b/369971486. Test: Sepolicy test in b/369971486. Change-Id: Ib8f2565387a9a2c7d715e4791bbcddb86a12fb70 --- gps/dump/dump_gps.cpp | 44 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/gps/dump/dump_gps.cpp b/gps/dump/dump_gps.cpp index 62f69f8..e073732 100644 --- a/gps/dump/dump_gps.cpp +++ b/gps/dump/dump_gps.cpp @@ -13,13 +13,16 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include -#include -#include #include +#include +#include +#include +#include +#include #define GPS_LOG_NUMBER_PROPERTY "persist.vendor.gps.aol.log_num" #define GPS_LOG_DIRECTORY "/data/vendor/gps/logs" +#define GPS_RESOURCE_DIRECTORY "/data/vendor/gps/resource" #define GPS_TMP_LOG_DIRECTORY "/data/vendor/gps/logs/.tmp" #define GPS_LOG_PREFIX "gl-" #define GPS_MCU_LOG_PREFIX "esw-" @@ -29,6 +32,40 @@ #define GPS_RAWLOG_PREFIX "rawbin" #define GPS_MEMDUMP_LOG_PREFIX "memdump_" +static void copyDirectory(const std::string &source, + const std::string &outputDir) { + DIR *dir = opendir(source.c_str()); + if (dir == nullptr) { + return; + } + + if (mkdir(outputDir.c_str(), 0777) == -1) { + closedir(dir); + return; + } + + struct dirent *entry; + while ((entry = readdir(dir)) != nullptr) { + std::string entryName = entry->d_name; + if (entryName == "." || entryName == "..") { + continue; + } + + std::string sourcePath = source + "/" + entryName; + std::string destPath = outputDir + "/" + entryName; + + struct stat st; + if (stat(sourcePath.c_str(), &st) == 0) { + if (S_ISDIR(st.st_mode)) + copyDirectory(sourcePath, destPath); + else + copyFile(sourcePath.c_str(), destPath.c_str()); + } + } + closedir(dir); + return; +} + int main() { if(!::android::base::GetBoolProperty("vendor.gps.aol.enabled", false)) { printf("vendor.gps.aol.enabled is false. gps logging is not running.\n"); @@ -50,6 +87,7 @@ int main() { } dumpLogs(GPS_LOG_DIRECTORY, outputDir.c_str(), maxFileNum, GPS_RAWLOG_PREFIX); dumpLogs(GPS_LOG_DIRECTORY, outputDir.c_str(), 18, GPS_MEMDUMP_LOG_PREFIX); + copyDirectory(GPS_RESOURCE_DIRECTORY, concatenatePath(outputDir.c_str(), "resource")); return 0; } From 570dfe1ed4ab5458d757a981b986845b66adb292 Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Wed, 16 Oct 2024 16:29:59 +0800 Subject: [PATCH 21/87] storage: support new UFS error history algorithm Bug: 359746077 Test: adb bugreport Change-Id: I52a7ae0f1f9b60349437c0b3b5de630dd41b5627 Signed-off-by: Randall Huang --- storage/dump_storage.cpp | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/storage/dump_storage.cpp b/storage/dump_storage.cpp index e6b3e4c..47c5e76 100644 --- a/storage/dump_storage.cpp +++ b/storage/dump_storage.cpp @@ -221,14 +221,23 @@ int main() { read_buffer(18, 131072, "kioxia_12_ufs_err_history.dat"); break; case 0x1AD: //SKhynix - read_buffer(0, 4096, "hynix_00_ufs_err_history.dat"); - read_buffer(16, 131072, "skhynix_10_ufs_err_history.dat"); - read_buffer(17, 131072, "skhynix_11_ufs_err_history.dat"); - read_buffer(18, 131072, "skhynix_12_ufs_err_history.dat"); - read_buffer(19, 131072, "skhynix_13_ufs_err_history.dat"); + if (!strcmp(ufs_ver.c_str(), "0x0310")) { + read_buffer(0, 4096, "skhynix_00_ufs_err_history.dat"); + read_buffer(16, 131072, "skhynix_10_ufs_err_history.dat"); + read_buffer(17, 131072, "skhynix_11_ufs_err_history.dat"); + read_buffer(18, 131072, "skhynix_12_ufs_err_history.dat"); + read_buffer(19, 131072, "skhynix_13_ufs_err_history.dat"); + } else { + read_buffer(0, 4096, "skhynix_00_ufs_err_history.dat"); + read_buffer(16, 524288, "skhynix_10_ufs_err_history.dat"); + read_buffer(17, 524288, "skhynix_11_ufs_err_history.dat"); + } break; case 0x1CE: //SAMSUNG - read_buffer(16, 8404992, "samsung_10_ufs_err_history.dat"); + if (!strcmp(ufs_ver.c_str(), "0x0310")) + read_buffer(16, 8404992, "samsung_10_ufs_err_history.dat"); + else + read_buffer(16, 12599296, "samsung_10_ufs_err_history.dat"); break; default: break; From 6b137ff16d1967c1f2c4a91b65032e3c8652e4cd Mon Sep 17 00:00:00 2001 From: Brian Norris Date: Fri, 18 Oct 2024 15:06:46 -0700 Subject: [PATCH 22/87] insmod.sh: Support 'rmmod' directive Some mechanisms (e.g., initramfs module lists) may be overzealous in what modules get loaded on a system. It can save resources to remove certain modules when we know they are going to be unused -- for example, extraneous panel drivers only needed for other devices within a given device family. Bug: 360934165 Test: `rmmod|.ko` added to init.insmod..cfg Change-Id: Iddb588116a0526faded3396d54f54ef82deed44d --- insmod/insmod.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/insmod/insmod.sh b/insmod/insmod.sh index 8cac37e..dfc4fdd 100755 --- a/insmod/insmod.sh +++ b/insmod/insmod.sh @@ -1,11 +1,11 @@ #!/vendor/bin/sh -############################################################# -### init.insmod.cfg format: ### -### ----------------------------------------------------- ### -### [insmod|setprop|enable/moprobe|wait] [path|prop name] ### -### ... ### -############################################################# +################################################################### +### init.insmod.cfg format: ### +### ----------------------------------------------------------- ### +### [insmod|setprop|enable|moprobe|rmmod|wait] [path|prop name] ### +### ... ### +################################################################### modules_dir= system_modules_dir= @@ -96,6 +96,7 @@ if [ -f $cfg_file ]; then modprobe -a -d "${modules_dir}" $arg fi ;; + "rmmod") rmmod $arg ;; "wait") wait_for_file $arg ;; esac done < $cfg_file From afd55f92b90d646b7b7c735d47a82605a670b5d2 Mon Sep 17 00:00:00 2001 From: Poomarin Phloyphisut Date: Mon, 30 Sep 2024 06:24:59 +0000 Subject: [PATCH 23/87] [Audio AIDL] Move audiometricext to HIDL only. Previously, audiometricext module which is HIDL module is mistakenly included in AIDL rom. Test: Local Build on both HIDL and AIDL devices Flag: EXEMPT bugfix Bug: 369772495 Change-Id: Ic56fa134056afa782440a8f1dcaa032df481bcc2 --- aoc/aoc.mk | 6 ------ audio/aidl/device_framework_matrix_product.xml | 8 -------- audio/aidl/manifest.xml | 9 --------- audio/hidl_gs101.mk | 8 +++++++- audio/hidl_gs201.mk | 6 ++++++ audio/hidl_zuma.mk | 6 ++++++ 6 files changed, 19 insertions(+), 24 deletions(-) diff --git a/aoc/aoc.mk b/aoc/aoc.mk index 136bb42..9ee4517 100644 --- a/aoc/aoc.mk +++ b/aoc/aoc.mk @@ -4,12 +4,6 @@ PRODUCT_PACKAGES += dump_aoc \ aocd \ aocxd -ifeq (,$(filter aosp_%,$(TARGET_PRODUCT))) -# IAudioMetricExt HIDL -PRODUCT_PACKAGES += \ - vendor.google.audiometricext@1.0-service-vendor -endif - # If AoC Daemon is not present on this build, load firmware at boot via rc ifeq ($(wildcard vendor/google/whitechapel/aoc/aocd),) PRODUCT_COPY_FILES += \ diff --git a/audio/aidl/device_framework_matrix_product.xml b/audio/aidl/device_framework_matrix_product.xml index 0e7e998..8cdb540 100644 --- a/audio/aidl/device_framework_matrix_product.xml +++ b/audio/aidl/device_framework_matrix_product.xml @@ -1,12 +1,4 @@ - - vendor.google.audiometricext - 1.0 - - IAudioMetricExt - default - - vendor.google.whitechapel.audio.extension 3 diff --git a/audio/aidl/manifest.xml b/audio/aidl/manifest.xml index 237aa4a..daeb1c4 100644 --- a/audio/aidl/manifest.xml +++ b/audio/aidl/manifest.xml @@ -1,11 +1,2 @@ - - vendor.google.audiometricext - hwbinder - 1.0 - - IAudioMetricExt - default - - diff --git a/audio/hidl_gs101.mk b/audio/hidl_gs101.mk index f764e7a..4ccbbfb 100644 --- a/audio/hidl_gs101.mk +++ b/audio/hidl_gs101.mk @@ -32,8 +32,14 @@ PRODUCT_PACKAGES += \ libamcsextfile \ audio_amcs_ext \ +ifeq (,$(filter aosp_%,$(TARGET_PRODUCT))) +# IAudioMetricExt HIDL +PRODUCT_PACKAGES += \ + vendor.google.audiometricext@1.0-service-vendor +endif + BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hidl include device/google/gs-common/audio/common.mk -DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/audio/hidl/device_framework_matrix_product_gs101.xml +DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/audio/hidl/device_framework_matrix_product_gs101.xml \ No newline at end of file diff --git a/audio/hidl_gs201.mk b/audio/hidl_gs201.mk index 1438b27..c183b9a 100644 --- a/audio/hidl_gs201.mk +++ b/audio/hidl_gs201.mk @@ -32,6 +32,12 @@ PRODUCT_PACKAGES += \ audio_spk_35l41 \ sound_trigger.primary.$(TARGET_BOARD_PLATFORM) +ifeq (,$(filter aosp_%,$(TARGET_PRODUCT))) +# IAudioMetricExt HIDL +PRODUCT_PACKAGES += \ + vendor.google.audiometricext@1.0-service-vendor +endif + BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hidl include device/google/gs-common/audio/common.mk diff --git a/audio/hidl_zuma.mk b/audio/hidl_zuma.mk index 41dd02a..6fb3449 100644 --- a/audio/hidl_zuma.mk +++ b/audio/hidl_zuma.mk @@ -35,6 +35,12 @@ PRODUCT_PACKAGES += \ audio_hdmi_aoc \ sound_trigger.primary.$(TARGET_BOARD_PLATFORM) +ifeq (,$(filter aosp_%,$(TARGET_PRODUCT))) +# IAudioMetricExt HIDL +PRODUCT_PACKAGES += \ + vendor.google.audiometricext@1.0-service-vendor +endif + BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hidl BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hdmi_audio From 016ddaf6d00d171971ff34064072a046d3d01582 Mon Sep 17 00:00:00 2001 From: jonerlin Date: Sun, 29 Sep 2024 02:21:10 +0000 Subject: [PATCH 24/87] introduce pixel bluetooth common hal service android.hardware.bluetooth-service.pixel bug: 373530837 bug: 370264579 Test: verify bt function in forest test build Flag: EXEMPT, mechanical change. Change-Id: I5c0d87740bab8636309ee6c60ee9e8d83ea3a66c --- bluetooth/bluetooth.mk | 13 +++++++++++++ bluetooth/compatibility_matrix.xml | 30 ++++++++++++++++++++++++++++++ bluetooth/manifest_bluetooth.xml | 27 +++++++++++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 bluetooth/bluetooth.mk create mode 100644 bluetooth/compatibility_matrix.xml create mode 100644 bluetooth/manifest_bluetooth.xml diff --git a/bluetooth/bluetooth.mk b/bluetooth/bluetooth.mk new file mode 100644 index 0000000..6f9a9d7 --- /dev/null +++ b/bluetooth/bluetooth.mk @@ -0,0 +1,13 @@ +PRODUCT_SOONG_NAMESPACES += vendor/google/connectivity/bluetooth/common +PRODUCT_PACKAGES += \ + android.hardware.bluetooth-V1-ndk.so \ + android.hardware.bluetooth.finder-V1-ndk.so \ + android.hardware.bluetooth.ranging-V1-ndk.so \ + android.hardware.bluetooth-service.pixel \ + vendor.google.bluetooth_ext-V1-ndk.so \ + bt_vendor.conf \ + android.hardware.bluetooth.prebuilt.xml \ + android.hardware.bluetooth_le.prebuilt.xml + +DEVICE_MANIFEST_FILE += device/google/gs-common/bluetooth/manifest_bluetooth.xml +DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/bluetooth/compatibility_matrix.xml diff --git a/bluetooth/compatibility_matrix.xml b/bluetooth/compatibility_matrix.xml new file mode 100644 index 0000000..65b0c6d --- /dev/null +++ b/bluetooth/compatibility_matrix.xml @@ -0,0 +1,30 @@ + + + vendor.google.bluetooth_ext + 1 + + IBluetoothFinder + default + + + IBluetoothCcc + default + + + IBTChannelAvoidance + default + + + IBluetoothSar + default + + + IBluetoothExt + default + + + IBluetoothEwp + default + + + diff --git a/bluetooth/manifest_bluetooth.xml b/bluetooth/manifest_bluetooth.xml new file mode 100644 index 0000000..a72f1c9 --- /dev/null +++ b/bluetooth/manifest_bluetooth.xml @@ -0,0 +1,27 @@ + + + android.hardware.bluetooth + 1 + IBluetoothHci/default + + + android.hardware.bluetooth.finder + 1 + IBluetoothFinder/default + + + android.hardware.bluetooth.ranging + 1 + IBluetoothChannelSounding/default + + + vendor.google.bluetooth_ext + 1 + IBTChannelAvoidance/default + IBluetoothCcc/default + IBluetoothEwp/default + IBluetoothExt/default + IBluetoothFinder/default + IBluetoothSar/default + + From c3a0ad4d1cfce95fab67ce8db0bb9acb556345a0 Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Tue, 22 Oct 2024 13:13:14 +0800 Subject: [PATCH 25/87] storage: adjust ufs error history design Bug: 359746077 Test: adb bugreport Change-Id: I32d1cab81351285e1f9ea770169c8be2246f3df7 Signed-off-by: Randall Huang --- storage/dump_storage.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/storage/dump_storage.cpp b/storage/dump_storage.cpp index 47c5e76..272b1ee 100644 --- a/storage/dump_storage.cpp +++ b/storage/dump_storage.cpp @@ -229,8 +229,8 @@ int main() { read_buffer(19, 131072, "skhynix_13_ufs_err_history.dat"); } else { read_buffer(0, 4096, "skhynix_00_ufs_err_history.dat"); - read_buffer(16, 524288, "skhynix_10_ufs_err_history.dat"); - read_buffer(17, 524288, "skhynix_11_ufs_err_history.dat"); + read_buffer(16, 8388608, "skhynix_10_ufs_err_history.dat"); + read_buffer(17, 8388608, "skhynix_11_ufs_err_history.dat"); } break; case 0x1CE: //SAMSUNG From 25ac4cc5eca8d65904b02bae637ca5cb840de640 Mon Sep 17 00:00:00 2001 From: Nathan Kulczak Date: Wed, 9 Oct 2024 03:51:31 +0000 Subject: [PATCH 26/87] Vibrator: Add enable_pwle_v2 Add new flag to control status of CAP_COMPOSE_PWLE_EFFECTS_V2 Flag: vendor.vibrator.hal.flags.enable_pwle_v2 Bug: 346570576 Test: Flash to device and test with setprop Change-Id: I9c004be51284bb6d044a1cb9327ea0502cc4f352 Signed-off-by: Nathan Kulczak --- vibrator/flags/VibratorFlags.aconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/vibrator/flags/VibratorFlags.aconfig b/vibrator/flags/VibratorFlags.aconfig index ec6e2d4..3e0a6fd 100644 --- a/vibrator/flags/VibratorFlags.aconfig +++ b/vibrator/flags/VibratorFlags.aconfig @@ -8,3 +8,11 @@ flag { description: "This flag controls the removal of utilizing Capo at the HAL level" bug: "290223630" } + +flag { + name: "enable_pwle_v2" + namespace: "vibrator" + is_exported: true + description: "This flag enables the PWLE V2 APIs guarded by the CAP_COMPOSE_PWLE_EFFECTS_V2 compatability" + bug: "346570576" +} \ No newline at end of file From d76dcdca38059f3bd2288856452eab796b5b3dfd Mon Sep 17 00:00:00 2001 From: jonerlin Date: Tue, 22 Oct 2024 15:36:51 +0000 Subject: [PATCH 27/87] add sepolicy rules for bluetooth common hal 10-21 17:44:33.052 8548 8548 W binder:8548_2: type=1400 audit(0.0:181): avc: denied { open } for path="/dev/wbrc" dev="tmpfs" ino=1653 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:wb_coexistence_dev:s0 tclass=chr_file permissive=0 10-21 17:44:33.056 8548 8548 W binder:8548_2: type=1400 audit(0.0:182): avc: denied { call } for scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0 10-21 14:33:39.544 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothCcc/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.547 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothExt/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.548 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothEwp/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.548 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothFinder/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.549 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothSar/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:33:39.550 491 491 E SELinux : avc: denied { add } for pid=889 uid=1002 name=vendor.google.bluetooth_ext.IBTChannelAvoidance/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:34:29.557 491 491 E SELinux : avc: denied { find } for pid=11758 uid=1002 name=power.stats-vendor scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_power_stats_vendor_service:s0 tclass=service_manager permissive=0 10-21 14:34:29.558 491 491 E SELinux : avc: denied { add } for pid=11758 uid=1002 name=vendor.google.bluetooth_ext.IBluetoothExt/default scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 10-21 14:34:29.848 11758 11758 W binder:11758_2: type=1400 audit(0.0:317): avc: denied { read write } for name="wbrc" dev="tmpfs" ino=1654 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:wb_coexistence_dev:s0 tclass=chr_file permissive=0 10-21 14:34:29.948 11758 11758 W binder:11758_2: type=1400 audit(0.0:318): avc: denied { read write } for name="wbrc" dev="tmpfs" ino=1654 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:wb_coexistence_dev:s0 tclass=chr_file permissive=0 10-22 21:43:21.504000 1002 874 874 I auditd : type=1400 audit(0.0:7): avc: denied { search } for comm="android.hardwar" name="aconfig" dev="sda10" ino=18 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:aconfig_storage_metadata_file:s0 tclass=dir permissive=0 10-22 21:43:21.504000 1002 874 874 W android.hardwar: type=1400 audit(0.0:7): avc: denied { search } for name="aconfig" dev="sda10" ino=18 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:aconfig_storage_metadata_file:s0 tclass=dir permissive=0 10-22 05:51:56.052000 1002 890 890 I auditd : type=1400 audit(0.0:30): avc: denied { read } for comm="binder:890_2" name="logbuffer_tty18" dev="tmpfs" ino=1297 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0 10-22 05:51:56.052000 1002 890 890 W binder:890_2: type=1400 audit(0.0:30): avc: denied { read } for name="logbuffer_tty18" dev="tmpfs" ino=1297 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:122): avc: denied { search } for name="coredump" dev="dm-52" ino=426 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:123): avc: denied { write } for name="coredump" dev="dm-52" ino=426 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:124): avc: denied { add_name } for name="coredump_bt_2024-10-22_22-35-30.bin" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:125): avc: denied { create } for name="coredump_bt_2024-10-22_22-35-30.bin" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:126): avc: denied { read write open } for path="/data/vendor/ssrdump/coredump/coredump_bt_2024-10-22_22-35-30.bin" dev="dm-52" ino=18673 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-22 22:35:30.176 871 871 I binder:871_2: type=1400 audit(0.0:127): avc: denied { setattr } for name="coredump_bt_2024-10-22_22-35-30.bin" dev="dm-52" ino=18673 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-23 13:34:22.908 873 873 I binder:873_3: type=1400 audit(0.0:5101): avc: denied { read } for name="logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-23 13:34:22.908 873 873 I binder:873_3: type=1400 audit(0.0:5102): avc: denied { open } for path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-23 13:34:22.908 873 873 I binder:873_3: type=1400 audit(0.0:5103): avc: denied { getattr } for path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-23 13:34:22.908 873 873 I binder:873_3: type=1400 audit(0.0:5104): avc: denied { ioctl } for path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 ioctlcmd=0x5401 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 10-23 13:34:22.912 873 873 I binder:873_3: type=1400 audit(0.0:5105): avc: denied { read } for name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 [ 354.876922] type=1400 audit(1729656523.440:124): avc: denied { search } for comm="binder:873_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 [ 354.879606] type=1400 audit(1729656523.444:126): avc: denied { write } for comm="binder:873_2" name="coredump" dev="dm-52" ino=426 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 [ 354.879747] type=1400 audit(1729656523.444:127): avc: denied { add_name } for comm="binder:873_2" name="coredump_bt_2024-10-23_12-08-43.bin" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 [ 710.811807] type=1400 audit(1729656879.376:1045): avc: denied { getattr } for comm="dump_modem" path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_modem:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 bug=b/361725982 [ 738.329130] type=1400 audit(1729656906.892:2083): avc: denied { read } for comm="binder:873_3" name="logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 [ 738.329926] type=1400 audit(1729656906.892:2084): avc: denied { open } for comm="binder:873_3" path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 [ 738.330266] type=1400 audit(1729656906.892:2085): avc: denied { getattr } for comm="binder:873_3" path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 [ 738.330724] type=1400 audit(1729656906.892:2086): avc: denied { ioctl } for comm="binder:873_3" path="/dev/logbuffer_tty18" dev="tmpfs" ino=1264 ioctlcmd=0x5401 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1 [ 738.332303] type=1400 audit(1729656906.896:2087): avc: denied { read } for comm="binder:873_3" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 Bug: 374695851 Bug: 372146292 Test: build pass, enable/disable Bluetooth and Pair new device, make bt firmware crash to get the firmware dump file Flag: EXEMPT, mechanical change. Change-Id: Ia5b2b8485c53dd677a39268438a9507817908f4f --- bluetooth/bluetooth.mk | 3 +++ bluetooth/sepolicy/device.te | 3 +++ bluetooth/sepolicy/file_contexts | 6 ++++++ bluetooth/sepolicy/genfs_contexts | 8 ++++++++ bluetooth/sepolicy/hal_bluetooth_btlinux.te | 18 ++++++++++++++++++ bluetooth/sepolicy/hwservice.te | 3 +++ bluetooth/sepolicy/hwservice_contexts | 6 ++++++ bluetooth/sepolicy/service.te | 2 ++ bluetooth/sepolicy/service_contexts | 7 +++++++ 9 files changed, 56 insertions(+) create mode 100644 bluetooth/sepolicy/device.te create mode 100644 bluetooth/sepolicy/file_contexts create mode 100644 bluetooth/sepolicy/genfs_contexts create mode 100644 bluetooth/sepolicy/hal_bluetooth_btlinux.te create mode 100644 bluetooth/sepolicy/hwservice.te create mode 100644 bluetooth/sepolicy/hwservice_contexts create mode 100644 bluetooth/sepolicy/service.te create mode 100644 bluetooth/sepolicy/service_contexts diff --git a/bluetooth/bluetooth.mk b/bluetooth/bluetooth.mk index 6f9a9d7..29ddb9c 100644 --- a/bluetooth/bluetooth.mk +++ b/bluetooth/bluetooth.mk @@ -9,5 +9,8 @@ PRODUCT_PACKAGES += \ android.hardware.bluetooth.prebuilt.xml \ android.hardware.bluetooth_le.prebuilt.xml +BOARD_SEPOLICY_DIRS += device/google/gs-common/bluetooth/sepolicy +BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats + DEVICE_MANIFEST_FILE += device/google/gs-common/bluetooth/manifest_bluetooth.xml DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/bluetooth/compatibility_matrix.xml diff --git a/bluetooth/sepolicy/device.te b/bluetooth/sepolicy/device.te new file mode 100644 index 0000000..a256332 --- /dev/null +++ b/bluetooth/sepolicy/device.te @@ -0,0 +1,3 @@ +# Bt Wifi Coexistence device +type wb_coexistence_dev, dev_type; + diff --git a/bluetooth/sepolicy/file_contexts b/bluetooth/sepolicy/file_contexts new file mode 100644 index 0000000..e7c2617 --- /dev/null +++ b/bluetooth/sepolicy/file_contexts @@ -0,0 +1,6 @@ +# Bluetooth +/vendor/bin/hw/android\.hardware\.bluetooth-service\.pixel u:object_r:hal_bluetooth_btlinux_exec:s0 + +/dev/wbrc u:object_r:wb_coexistence_dev:s0 +/dev/ttySAC16 u:object_r:hci_attach_dev:s0 + diff --git a/bluetooth/sepolicy/genfs_contexts b/bluetooth/sepolicy/genfs_contexts new file mode 100644 index 0000000..899041b --- /dev/null +++ b/bluetooth/sepolicy/genfs_contexts @@ -0,0 +1,8 @@ +# Bluetooth pin control device node +genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0 +genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0 +genfscon proc /bluetooth/sleep/btwake u:object_r:proc_bluetooth_writable:s0 +genfscon proc /bluetooth/timesync u:object_r:proc_bluetooth_writable:s0 + diff --git a/bluetooth/sepolicy/hal_bluetooth_btlinux.te b/bluetooth/sepolicy/hal_bluetooth_btlinux.te new file mode 100644 index 0000000..a893102 --- /dev/null +++ b/bluetooth/sepolicy/hal_bluetooth_btlinux.te @@ -0,0 +1,18 @@ +# coexistence device file node +add_hwservice(hal_bluetooth_btlinux, hal_bluetooth_coexistence_hwservice); +add_service(hal_bluetooth_btlinux, hal_bluetooth_coexistence_service); +allow hal_bluetooth_btlinux wb_coexistence_dev:chr_file rw_file_perms; + +# power stats +allow hal_bluetooth_btlinux hal_power_stats_vendor_service:service_manager find; +binder_call(hal_bluetooth_btlinux, hal_power_stats_default) + +# bt firmware dump +allow hal_bluetooth_btlinux aconfig_storage_metadata_file:dir search; +allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir { read search }; + +userdebug_or_eng(` + allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:dir create_dir_perms; + allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:file create_file_perms; + allow hal_bluetooth_btlinux logbuffer_device:chr_file r_file_perms; +') diff --git a/bluetooth/sepolicy/hwservice.te b/bluetooth/sepolicy/hwservice.te new file mode 100644 index 0000000..5e36cd0 --- /dev/null +++ b/bluetooth/sepolicy/hwservice.te @@ -0,0 +1,3 @@ +# Bluetooth HAL extension +type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type; + diff --git a/bluetooth/sepolicy/hwservice_contexts b/bluetooth/sepolicy/hwservice_contexts new file mode 100644 index 0000000..8480b4e --- /dev/null +++ b/bluetooth/sepolicy/hwservice_contexts @@ -0,0 +1,6 @@ +# Bluetooth HAL extension +hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.ccc::IBluetoothCcc u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.ewp::IBluetoothEwp u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.ext::IBluetoothExt u:object_r:hal_bluetooth_coexistence_hwservice:s0 diff --git a/bluetooth/sepolicy/service.te b/bluetooth/sepolicy/service.te new file mode 100644 index 0000000..b8403da --- /dev/null +++ b/bluetooth/sepolicy/service.te @@ -0,0 +1,2 @@ +# Bluetooth HAL extension +type hal_bluetooth_coexistence_service, hal_service_type, service_manager_type; diff --git a/bluetooth/sepolicy/service_contexts b/bluetooth/sepolicy/service_contexts new file mode 100644 index 0000000..4aecc90 --- /dev/null +++ b/bluetooth/sepolicy/service_contexts @@ -0,0 +1,7 @@ +# Bluetooth HAL extension +vendor.google.bluetooth_ext.IBTChannelAvoidance/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothSar/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothCcc/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothEwp/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothExt/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothFinder/default u:object_r:hal_bluetooth_coexistence_service:s0 From 69ffa902be28e8874d1ad70d3e947274f6ff57c8 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 24 Oct 2024 08:05:26 +0000 Subject: [PATCH 28/87] Remove the duplicate gxp rule Bug: 375108715 Test: build Flag: EXEMPT bugfix Change-Id: I8d4aa27c963709a91b1284921a20d7fc5d369d89 --- gxp/sepolicy/dump_gxp.te | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gxp/sepolicy/dump_gxp.te b/gxp/sepolicy/dump_gxp.te index 8d285c5..322a01f 100644 --- a/gxp/sepolicy/dump_gxp.te +++ b/gxp/sepolicy/dump_gxp.te @@ -1,3 +1,4 @@ +# Dump GXP logs to bugreport. pixel_bugreport(dump_gxp) userdebug_or_eng(` @@ -7,7 +8,5 @@ userdebug_or_eng(` allow dump_gxp sscoredump_vendor_data_coredump_file:file r_file_perms; allow dump_gxp sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; allow dump_gxp sscoredump_vendor_data_crashinfo_file:file r_file_perms; - # Allow dump_gxp to access gxp properties. - get_prop(google_camera_app, vendor_gxp_prop) ') From 4352bbc13d1b7280ad138a4ddd9a48a47038c1ab Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 24 Oct 2024 09:27:33 +0000 Subject: [PATCH 29/87] Move camera type back to project Bug: 375108715 Test: build Flag: EXEMPT bugfix Change-Id: I3fe71ed2249903e703590c43ae675d67588a87a5 --- gcam_app/sepolicy/product/public/debug_camera_app.te | 2 -- gcam_app/sepolicy/product/public/google_camera_app.te | 2 -- 2 files changed, 4 deletions(-) delete mode 100644 gcam_app/sepolicy/product/public/debug_camera_app.te delete mode 100644 gcam_app/sepolicy/product/public/google_camera_app.te diff --git a/gcam_app/sepolicy/product/public/debug_camera_app.te b/gcam_app/sepolicy/product/public/debug_camera_app.te deleted file mode 100644 index 0572eee..0000000 --- a/gcam_app/sepolicy/product/public/debug_camera_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# GCA-Eng and GCA-Next -type debug_camera_app, domain; diff --git a/gcam_app/sepolicy/product/public/google_camera_app.te b/gcam_app/sepolicy/product/public/google_camera_app.te deleted file mode 100644 index a8d6512..0000000 --- a/gcam_app/sepolicy/product/public/google_camera_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# GCA-Release and GCA-Dogfood -type google_camera_app, domain; From b7d645e1b4fa779757ef28c8c31b2fb4c8940c10 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Fri, 25 Oct 2024 10:54:34 -0700 Subject: [PATCH 30/87] mte: add nnk@google.com to OWNERS That way I can help with reviews and other MTE changes. Test: not needed. OWNERS file change only Change-Id: I1fb75c2e1347c4085eb614f858b4fb57dd462ad1 --- mte/OWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/mte/OWNERS b/mte/OWNERS index 929e941..66a1635 100644 --- a/mte/OWNERS +++ b/mte/OWNERS @@ -2,3 +2,4 @@ eugenis@google.com pcc@google.com mitchp@google.com fmayer@google.com +nnk@google.com From cea50c9a35b9ad6dcb5d91ec15cc46da992ba9e9 Mon Sep 17 00:00:00 2001 From: Florian Mayer Date: Fri, 25 Oct 2024 17:58:21 +0000 Subject: [PATCH 31/87] Remove mitchp from OWNERS Change-Id: Ib22ad3ae3a6ad1634618d2e04bda363d318c95cd --- mte/OWNERS | 1 - 1 file changed, 1 deletion(-) diff --git a/mte/OWNERS b/mte/OWNERS index 66a1635..57da09d 100644 --- a/mte/OWNERS +++ b/mte/OWNERS @@ -1,5 +1,4 @@ eugenis@google.com pcc@google.com -mitchp@google.com fmayer@google.com nnk@google.com From 952e4d78414dada4fdcc0871addae18393a06bb9 Mon Sep 17 00:00:00 2001 From: jonerlin Date: Wed, 23 Oct 2024 14:09:12 +0000 Subject: [PATCH 32/87] bt: add dumpstate for bluetooth common hal Bug: 373526518 Bug: 372146292 Test: build pass, get bugreport and check bt dumpstate log files Flag: EXEMPT, mechanical change. Change-Id: I63cf188014696e830160ebc7acaeead79520c5b4 --- bluetooth/dump/Android.bp | 20 ++++++++++++++++++ bluetooth/dump/dump.cpp | 44 +++++++++++++++++++++++++++++++++++++++ bluetooth/dump/dumplog.mk | 1 + 3 files changed, 65 insertions(+) create mode 100644 bluetooth/dump/Android.bp create mode 100644 bluetooth/dump/dump.cpp create mode 100644 bluetooth/dump/dumplog.mk diff --git a/bluetooth/dump/Android.bp b/bluetooth/dump/Android.bp new file mode 100644 index 0000000..72e83b4 --- /dev/null +++ b/bluetooth/dump/Android.bp @@ -0,0 +1,20 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +cc_binary { + name: "dump_bt", + srcs: ["dump.cpp"], + cflags: [ + "-Wall", + "-Wextra", + "-Werror", + ], + shared_libs: [ + "libbase", + "libdump", + "liblog", + ], + vendor: true, + relative_install_path: "dump", +} diff --git a/bluetooth/dump/dump.cpp b/bluetooth/dump/dump.cpp new file mode 100644 index 0000000..db92c3c --- /dev/null +++ b/bluetooth/dump/dump.cpp @@ -0,0 +1,44 @@ +/* + * Copyright 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include + +#define PIXELBT_ACTIVITY_LOG_DIRECTORY "/data/vendor/bluetooth" +#define PIXELBT_SNOOP_LOG_DIRECTORY "/data/vendor/bluetooth" +#define PIXELBT_FW_LOG_DIRECTORY "/data/vendor/ssrdump/coredump" +#define PIXELBT_SNOOP_LOG_PREFIX "btsnoop_hci_vnd" +#define PIXELBT_BACKUP_SNOOP_LOG_PREFIX "backup_btsnoop_hci_vnd" +#define PIXELBT_FW_DUMP_LOG_PREFIX "coredump_bt_socdump_" +#define PIXELBT_CHRE_DUMP_LOG_PREFIX "coredump_bt_chredump_" +#define PIXELBT_HAL_DUMP_LOG_PREFIX "coredump_bt_" +#define PIXELBT_ACTIVITY_LOG_PREFIX "bt_activity_" + +int main() { + std::string outputDir = concatenatePath(BUGREPORT_PACKING_DIR, "bt"); + if (mkdir(outputDir.c_str(), 0777) == -1) { + printf("Unable to create folder: %s\n", outputDir.c_str()); + return 0; + } + + dumpLogs(PIXELBT_SNOOP_LOG_DIRECTORY, outputDir.c_str(), 4, + PIXELBT_SNOOP_LOG_PREFIX); + dumpLogs(PIXELBT_SNOOP_LOG_DIRECTORY, outputDir.c_str(), 2, PIXELBT_BACKUP_SNOOP_LOG_PREFIX); + dumpLogs(PIXELBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_FW_DUMP_LOG_PREFIX); + dumpLogs(PIXELBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_CHRE_DUMP_LOG_PREFIX); + dumpLogs(PIXELBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_HAL_DUMP_LOG_PREFIX); + dumpLogs(PIXELBT_ACTIVITY_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_ACTIVITY_LOG_PREFIX); + return 0; +} diff --git a/bluetooth/dump/dumplog.mk b/bluetooth/dump/dumplog.mk new file mode 100644 index 0000000..d47d4ec --- /dev/null +++ b/bluetooth/dump/dumplog.mk @@ -0,0 +1 @@ +PRODUCT_PACKAGES_DEBUG += dump_bt From 1de5b57908769952b6aca32851e70589b972823e Mon Sep 17 00:00:00 2001 From: jonerlin Date: Thu, 24 Oct 2024 02:27:40 +0000 Subject: [PATCH 33/87] add bluetooth common hal sepolicy rules for bt subsystem crash info files 10-28 14:58:24.744000 1002 894 894 I auditd : type=1400 audit(0.0:131): avc: denied { write } for comm="binder:894_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 10-28 14:58:24.744000 1002 894 894 I binder:894_2: type=1400 audit(0.0:131): avc: denied { write } for name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 10-28 14:58:24.744000 1002 894 894 I auditd : type=1400 audit(0.0:132): avc: denied { add_name } for comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 10-28 14:58:24.744000 1002 894 894 I binder:894_2: type=1400 audit(0.0:132): avc: denied { add_name } for name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 10-28 14:58:24.744000 1002 894 894 I auditd : type=1400 audit(0.0:133): avc: denied { create } for comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:58:24.744000 1002 894 894 I binder:894_2: type=1400 audit(0.0:133): avc: denied { create } for name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:58:24.748000 1002 894 894 I auditd : type=1400 audit(0.0:134): avc: denied { read write open } for comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:58:24.748000 1002 894 894 I binder:894_2: type=1400 audit(0.0:134): avc: denied { read write open } for path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:58:24.748000 1002 894 894 I auditd : type=1400 audit(0.0:135): avc: denied { setattr } for comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:58:24.748000 1002 894 894 I binder:894_2: type=1400 audit(0.0:135): avc: denied { setattr } for name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:59:54.572000 1002 894 894 I auditd : type=1400 audit(0.0:2065): avc: denied { open } for comm="binder:894_2" path="/data/vendor/ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 10-28 14:59:54.572000 1002 894 894 I binder:894_2: type=1400 audit(0.0:2065): avc: denied { open } for path="/data/vendor/ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 10-28 14:59:54.572000 1002 894 894 I auditd : type=1400 audit(0.0:2066): avc: denied { read } for comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:59:54.572000 1002 894 894 I binder:894_2: type=1400 audit(0.0:2066): avc: denied { read } for name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:59:54.572000 1002 894 894 I auditd : type=1400 audit(0.0:2067): avc: denied { open } for comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:59:54.572000 1002 894 894 I binder:894_2: type=1400 audit(0.0:2067): avc: denied { open } for path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:59:54.572000 1002 894 894 I auditd : type=1400 audit(0.0:2068): avc: denied { getattr } for comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-28 14:59:54.572000 1002 894 894 I binder:894_2: type=1400 audit(0.0:2068): avc: denied { getattr } for path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1 10-23 13:34:22.912 873 873 I binder:873_3: type=1400 audit(0.0:5105): avc: denied { read } for name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 [ 354.876922] type=1400 audit(1729656523.440:124): avc: denied { search } for comm="binder:873_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 [ 738.332303] type=1400 audit(1729656906.896:2087): avc: denied { read } for comm="binder:873_3" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 Bug: 374695851 Test: build pass, make bt crash and get the bugreport Flag: EXEMPT, internal cleanup. Change-Id: If9c4064fe71bfc0b1055bc953a1b2e22978e1938 --- bluetooth/sepolicy/hal_bluetooth_btlinux.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bluetooth/sepolicy/hal_bluetooth_btlinux.te b/bluetooth/sepolicy/hal_bluetooth_btlinux.te index a893102..0c85cb0 100644 --- a/bluetooth/sepolicy/hal_bluetooth_btlinux.te +++ b/bluetooth/sepolicy/hal_bluetooth_btlinux.te @@ -9,7 +9,8 @@ binder_call(hal_bluetooth_btlinux, hal_power_stats_default) # bt firmware dump allow hal_bluetooth_btlinux aconfig_storage_metadata_file:dir search; -allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir { read search }; +allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir rw_dir_perms; +allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:file rw_file_perms; userdebug_or_eng(` allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:dir create_dir_perms; From 62abd5daf8301fcefef0d60063babfa45b866dd3 Mon Sep 17 00:00:00 2001 From: jonerlin Date: Wed, 23 Oct 2024 14:44:06 +0000 Subject: [PATCH 34/87] add sepolicy rules for bluetooth common hal dumpstate 10-27 07:29:30.836000 1000 7403 7403 I auditd : type=1400 audit(0.0:1002): avc: denied { search } for comm="dump_bt" name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 07:29:30.836000 1000 7403 7403 I dump_bt : type=1400 audit(0.0:1002): avc: denied { search } for name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 07:29:30.836000 1000 7403 7403 I auditd : type=1400 audit(0.0:1003): avc: denied { write } for comm="dump_bt" name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 07:29:30.836000 1000 7403 7403 I dump_bt : type=1400 audit(0.0:1003): avc: denied { write } for name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 07:29:30.836000 1000 7403 7403 I auditd : type=1400 audit(0.0:1004): avc: denied { add_name } for comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 07:29:30.836000 1000 7403 7403 I dump_bt : type=1400 audit(0.0:1004): avc: denied { add_name } for name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 07:29:30.836000 1000 7403 7403 I auditd : type=1400 audit(0.0:1005): avc: denied { create } for comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 07:29:30.836000 1000 7403 7403 I dump_bt : type=1400 audit(0.0:1005): avc: denied { create } for name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 07:29:30.836000 1000 7403 7403 I auditd : type=1400 audit(0.0:1006): avc: denied { read } for comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-27 07:29:30.836000 1000 7403 7403 I dump_bt : type=1400 audit(0.0:1006): avc: denied { read } for name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-27 11:02:17.568000 1000 7510 7510 I auditd : type=1400 audit(0.0:1005): avc: denied { open } for comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-27 11:02:17.568000 1000 7510 7510 I dump_bt : type=1400 audit(0.0:1005): avc: denied { open } for path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-27 11:02:17.568000 1000 7510 7510 I auditd : type=1400 audit(0.0:1006): avc: denied { read } for comm="dump_bt" name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 11:02:17.568000 1000 7510 7510 I dump_bt : type=1400 audit(0.0:1006): avc: denied { read } for name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 10-27 11:02:17.568000 1000 7510 7510 I auditd : type=1400 audit(0.0:1007): avc: denied { search } for comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-27 11:02:17.568000 1000 7510 7510 I dump_bt : type=1400 audit(0.0:1007): avc: denied { search } for name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-27 11:02:17.568000 1000 7510 7510 I auditd : type=1400 audit(0.0:1008): avc: denied { read } for comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1 10-27 11:02:17.568000 1000 7510 7510 I dump_bt : type=1400 audit(0.0:1008): avc: denied { read } for name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1 10-27 11:02:17.568000 1000 7510 7510 I auditd : type=1400 audit(0.0:1009): avc: denied { open } for comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1 10-27 11:02:17.568000 1000 7510 7510 I dump_bt : type=1400 audit(0.0:1009): avc: denied { open } for path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1 10-27 21:03:41.980000 1000 7526 7526 I auditd : type=1400 audit(0.0:1015): avc: denied { create } for comm="dump_bt" name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 10-27 21:03:41.980000 1000 7526 7526 I dump_bt : type=1400 audit(0.0:1015): avc: denied { create } for name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 10-27 21:03:41.980000 1000 7526 7526 I auditd : type=1400 audit(0.0:1016): avc: denied { write open } for comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 10-27 21:03:41.980000 1000 7526 7526 I dump_bt : type=1400 audit(0.0:1016): avc: denied { write open } for path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 10-27 21:03:41.980000 1000 7526 7526 I auditd : type=1400 audit(0.0:1017): avc: denied { getattr } for comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1 10-27 21:03:41.980000 1000 7526 7526 I dump_bt : type=1400 audit(0.0:1017): avc: denied { getattr } for path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1 10-27 21:03:41.980000 1000 7526 7526 I auditd : type=1400 audit(0.0:1018): avc: denied { getattr } for comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 10-27 21:03:41.980000 1000 7526 7526 I dump_bt : type=1400 audit(0.0:1018): avc: denied { getattr } for path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 10-27 21:03:42.000000 1000 7526 7526 I auditd : type=1400 audit(0.0:1019): avc: denied { search } for comm="dump_bt" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 10-27 21:03:42.000000 1000 7526 7526 I dump_bt : type=1400 audit(0.0:1019): avc: denied { search } for name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1 10-28 00:05:09.220000 1000 8227 8227 I auditd : type=1400 audit(0.0:1062): avc: denied { read } for comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-28 00:05:09.220000 1000 8227 8227 I dump_bt : type=1400 audit(0.0:1062): avc: denied { read } for name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-28 00:05:09.220000 1000 8227 8227 I auditd : type=1400 audit(0.0:1063): avc: denied { open } for comm="dump_bt" path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-28 00:05:09.220000 1000 8227 8227 I dump_bt : type=1400 audit(0.0:1063): avc: denied { open } for path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-28 00:05:09.220000 1000 8227 8227 I auditd : type=1400 audit(0.0:1064): avc: denied { search } for comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-28 00:05:09.220000 1000 8227 8227 I dump_bt : type=1400 audit(0.0:1064): avc: denied { search } for name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1 10-28 00:05:09.220000 1000 8227 8227 I auditd : type=1400 audit(0.0:1065): avc: denied { read } for comm="dump_bt" name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-28 00:05:09.220000 1000 8227 8227 I dump_bt : type=1400 audit(0.0:1065): avc: denied { read } for name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-28 00:05:09.220000 1000 8227 8227 I auditd : type=1400 audit(0.0:1066): avc: denied { open } for comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-28 00:05:09.220000 1000 8227 8227 I dump_bt : type=1400 audit(0.0:1066): avc: denied { open } for path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-28 07:01:56.708000 1000 7681 7681 I auditd : type=1400 audit(0.0:1019): avc: denied { getattr } for comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-28 07:01:56.708000 1000 7681 7681 I dump_bt : type=1400 audit(0.0:1019): avc: denied { getattr } for path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1 10-24 09:58:37.780000 1000 7820 7820 I auditd : type=1400 audit(0.0:985): avc: denied { read } for comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-24 09:58:37.780000 1000 7820 7820 I dump_bt : type=1400 audit(0.0:985): avc: denied { read } for name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-24 09:58:37.780000 1000 7820 7820 I auditd : type=1400 audit(0.0:986): avc: denied { open } for comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-24 09:58:37.780000 1000 7820 7820 I dump_bt : type=1400 audit(0.0:986): avc: denied { open } for path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-24 09:58:37.780000 1000 7820 7820 I auditd : type=1400 audit(0.0:987): avc: denied { search } for comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-24 09:58:37.780000 1000 7820 7820 I dump_bt : type=1400 audit(0.0:987): avc: denied { search } for name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 10-24 09:58:37.780000 1000 7820 7820 I auditd : type=1400 audit(0.0:988): avc: denied { read } for comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1 10-24 09:58:37.780000 1000 7820 7820 I dump_bt : type=1400 audit(0.0:988): avc: denied { read } for name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1 Bug: 373526518 Bug: 372146292 Test: build pass, get bugreport and check bt dumpstate log files Flag: EXEMPT, mechanical change. Change-Id: I65025ffdac1c3017c494ae2a9fe8deeb5c7ce970 --- bluetooth/dump/dumplog.mk | 2 ++ bluetooth/dump/sepolicy/dump.te | 12 ++++++++++++ bluetooth/dump/sepolicy/file_contexts | 2 ++ 3 files changed, 16 insertions(+) create mode 100644 bluetooth/dump/sepolicy/dump.te create mode 100644 bluetooth/dump/sepolicy/file_contexts diff --git a/bluetooth/dump/dumplog.mk b/bluetooth/dump/dumplog.mk index d47d4ec..51c3b3c 100644 --- a/bluetooth/dump/dumplog.mk +++ b/bluetooth/dump/dumplog.mk @@ -1 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bluetooth/dump/sepolicy/ + PRODUCT_PACKAGES_DEBUG += dump_bt diff --git a/bluetooth/dump/sepolicy/dump.te b/bluetooth/dump/sepolicy/dump.te new file mode 100644 index 0000000..fdd123e --- /dev/null +++ b/bluetooth/dump/sepolicy/dump.te @@ -0,0 +1,12 @@ +# pixel bluetooth common hal service +pixel_bugreport(dump_bt) + +allow hal_dumpstate_default vendor_bt_data_file:dir { open read search }; +allow hal_dumpstate_default vendor_bt_data_file:file read; +allow dump_bt radio_vendor_data_file:dir create_dir_perms; +allow dump_bt radio_vendor_data_file:file create_file_perms; +allow dump_bt vendor_bt_data_file:dir r_dir_perms; +allow dump_bt vendor_bt_data_file:file r_file_perms; +allow dump_bt sscoredump_vendor_data_crashinfo_file:dir search; +allow dump_bt sscoredump_vendor_data_coredump_file:dir r_dir_perms; +allow dump_bt sscoredump_vendor_data_coredump_file:file r_file_perms; diff --git a/bluetooth/dump/sepolicy/file_contexts b/bluetooth/dump/sepolicy/file_contexts new file mode 100644 index 0000000..da28d10 --- /dev/null +++ b/bluetooth/dump/sepolicy/file_contexts @@ -0,0 +1,2 @@ +# bt common hal dump_bt service +/vendor/bin/dump/dump_bt u:object_r:dump_bt_exec:s0 From 0a17acae18022adf38d4f960e2bff013705adfeb Mon Sep 17 00:00:00 2001 From: Lucas Wei Date: Wed, 23 Oct 2024 08:35:26 +0000 Subject: [PATCH 35/87] Introduce dump_chip_info module Introduce dump_chip_info dumper to dump driver information of chip-info and required sepolicy. [ 9819.206787][ T335] type=1400 audit(1729750876.372:4710): avc: denied { execute_no_trans } for comm="android.hardwar" path="/vendor/bin/dump/dump_chip_info" dev="dm-11" ino=79 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1 [ 9819.231374][ T335] type=1400 audit(1729750876.384:4711): avc: denied { getattr } for comm="dump_chip_info" path="pipe:[1038881]" dev="pipefs" ino=1038881 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:r:shell:s0 tclass=fifo_file permissive=1 Flag: EXEMPT, change source of chipid Bug: 298883728 Change-Id: I0ff6edf98548de4b93c9eeee005ab2e7b365cf7f --- dump_chip_info/Android.bp | 20 +++++++++++++++++++ dump_chip_info/chip_info.mk | 3 +++ dump_chip_info/dump_chip_info.cpp | 24 +++++++++++++++++++++++ dump_chip_info/sepolicy/dump_chip_info.te | 3 +++ dump_chip_info/sepolicy/file.te | 2 ++ dump_chip_info/sepolicy/file_contexts | 1 + dump_chip_info/sepolicy/genfs_contexts | 2 ++ 7 files changed, 55 insertions(+) create mode 100644 dump_chip_info/Android.bp create mode 100644 dump_chip_info/chip_info.mk create mode 100644 dump_chip_info/dump_chip_info.cpp create mode 100644 dump_chip_info/sepolicy/dump_chip_info.te create mode 100644 dump_chip_info/sepolicy/file.te create mode 100644 dump_chip_info/sepolicy/file_contexts create mode 100644 dump_chip_info/sepolicy/genfs_contexts diff --git a/dump_chip_info/Android.bp b/dump_chip_info/Android.bp new file mode 100644 index 0000000..4a13160 --- /dev/null +++ b/dump_chip_info/Android.bp @@ -0,0 +1,20 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +cc_binary { + name: "dump_chip_info", + srcs: ["dump_chip_info.cpp"], + cflags: [ + "-Wall", + "-Wextra", + "-Werror", + ], + shared_libs: [ + "libbase", + "libdump", + "liblog", + ], + vendor: true, + relative_install_path: "dump", +} diff --git a/dump_chip_info/chip_info.mk b/dump_chip_info/chip_info.mk new file mode 100644 index 0000000..a0d8317 --- /dev/null +++ b/dump_chip_info/chip_info.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/dump_chip_info/sepolicy + +PRODUCT_PACKAGES += dump_chip_info diff --git a/dump_chip_info/dump_chip_info.cpp b/dump_chip_info/dump_chip_info.cpp new file mode 100644 index 0000000..dd83743 --- /dev/null +++ b/dump_chip_info/dump_chip_info.cpp @@ -0,0 +1,24 @@ +/* + * Copyright 2024 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include + +int main() { + dumpFileContent("ap_rom_patch_ver", "/sys/devices/system/goog-chip-info/ap_rom_patch_ver"); + dumpFileContent("gpcm_asic_id", "/sys/devices/system/goog-chip-info/gpcm_asic_id"); + + return 0; +} diff --git a/dump_chip_info/sepolicy/dump_chip_info.te b/dump_chip_info/sepolicy/dump_chip_info.te new file mode 100644 index 0000000..936d425 --- /dev/null +++ b/dump_chip_info/sepolicy/dump_chip_info.te @@ -0,0 +1,3 @@ +# +pixel_bugreport(dump_chip_info) +allow dump_chip_info sysfs_chip_info:file r_file_perms; diff --git a/dump_chip_info/sepolicy/file.te b/dump_chip_info/sepolicy/file.te new file mode 100644 index 0000000..80900b0 --- /dev/null +++ b/dump_chip_info/sepolicy/file.te @@ -0,0 +1,2 @@ +# +type sysfs_chip_info, sysfs_type, fs_type; diff --git a/dump_chip_info/sepolicy/file_contexts b/dump_chip_info/sepolicy/file_contexts new file mode 100644 index 0000000..b9f4b21 --- /dev/null +++ b/dump_chip_info/sepolicy/file_contexts @@ -0,0 +1 @@ +/vendor/bin/dump/dump_chip_info u:object_r:dump_chip_info_exec:s0 diff --git a/dump_chip_info/sepolicy/genfs_contexts b/dump_chip_info/sepolicy/genfs_contexts new file mode 100644 index 0000000..3fda2de --- /dev/null +++ b/dump_chip_info/sepolicy/genfs_contexts @@ -0,0 +1,2 @@ +genfscon sysfs /devices/system/goog-chip-info/ap_rom_patch_ver u:object_r:sysfs_chip_info:s0 +genfscon sysfs /devices/system/goog-chip-info/gpcm_asic_id u:object_r:sysfs_chip_info:s0 From 1f83bb110e61799fdd0e00ff0d79957569eed848 Mon Sep 17 00:00:00 2001 From: Kai Hsieh Date: Sat, 21 Sep 2024 13:38:00 +0800 Subject: [PATCH 36/87] Add GIA (Google Input interface Abstraction layer) related SEPolicy rules and AIDL compatibility matrices. AVC evidences: 10-29 16:53:50.756 1305 1305 I binder:1305_2: type=1400 audit(0.0:24): avc: denied { search } for name="goog_touch_interface" dev="sysfs" ino=110634 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=dir permissive=1 10-29 16:53:50.756 1305 1305 I binder:1305_2: type=1400 audit(0.0:25): avc: denied { read } for name="interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 10-29 16:53:50.756 1305 1305 I binder:1305_2: type=1400 audit(0.0:26): avc: denied { open } for path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 10-29 16:53:50.756 1305 1305 I binder:1305_2: type=1400 audit(0.0:27): avc: denied { getattr } for path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 10-29 16:53:50.756 1305 1305 I binder:1305_2: type=1400 audit(0.0:28): avc: denied { write } for name="interactive_calibrate" dev="sysfs" ino=110738 scontext=u:r:gia:s0 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 Test: Build succeed. Test: Manually, checked whether GIA service is started successfully via command `service list`. Bug: 367881686 Flag: build.RELEASE_PIXEL_GIA_ENABLED Change-Id: I8069521425ff1e830d759252bf8bf460f4dc6f32 Signed-off-by: Kai Hsieh --- input/gia/aidl/compatibility_matrix.xml | 10 ++++++++++ input/gia/aidl/manifest.xml | 10 ++++++++++ input/gia/gia.mk | 11 +++++++++++ input/gia/sepolicy/attributes | 2 ++ input/gia/sepolicy/file_contexts | 2 ++ input/gia/sepolicy/gia.te | 18 ++++++++++++++++++ input/gia/sepolicy/hal_gia.te | 8 ++++++++ input/gia/sepolicy/service.te | 2 ++ input/gia/sepolicy/service_contexts | 2 ++ 9 files changed, 65 insertions(+) create mode 100644 input/gia/aidl/compatibility_matrix.xml create mode 100644 input/gia/aidl/manifest.xml create mode 100644 input/gia/gia.mk create mode 100644 input/gia/sepolicy/attributes create mode 100644 input/gia/sepolicy/file_contexts create mode 100644 input/gia/sepolicy/gia.te create mode 100644 input/gia/sepolicy/hal_gia.te create mode 100644 input/gia/sepolicy/service.te create mode 100644 input/gia/sepolicy/service_contexts diff --git a/input/gia/aidl/compatibility_matrix.xml b/input/gia/aidl/compatibility_matrix.xml new file mode 100644 index 0000000..1a348ea --- /dev/null +++ b/input/gia/aidl/compatibility_matrix.xml @@ -0,0 +1,10 @@ + + + com.google.input.gia.core + + IGiaService + default + + 1 + + \ No newline at end of file diff --git a/input/gia/aidl/manifest.xml b/input/gia/aidl/manifest.xml new file mode 100644 index 0000000..98303c8 --- /dev/null +++ b/input/gia/aidl/manifest.xml @@ -0,0 +1,10 @@ + + + com.google.input.gia.core + + IGiaService + default + + 1 + + \ No newline at end of file diff --git a/input/gia/gia.mk b/input/gia/gia.mk new file mode 100644 index 0000000..ea079ca --- /dev/null +++ b/input/gia/gia.mk @@ -0,0 +1,11 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy + +PRODUCT_PACKAGES += gia +PRODUCT_PACKAGES += com.google.input.gia.giaservicemanager + +PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces +PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core +PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core-servicemanager + +DEVICE_MANIFEST_FILE += device/google/gs-common/input/gia/aidl/manifest.xml +DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/input/gia/aidl/compatibility_matrix.xml diff --git a/input/gia/sepolicy/attributes b/input/gia/sepolicy/attributes new file mode 100644 index 0000000..1d61ad3 --- /dev/null +++ b/input/gia/sepolicy/attributes @@ -0,0 +1,2 @@ +# This macro produces: define hal_gia, hal_gia_client, hal_gia_server +hal_attribute(gia) diff --git a/input/gia/sepolicy/file_contexts b/input/gia/sepolicy/file_contexts new file mode 100644 index 0000000..99d6857 --- /dev/null +++ b/input/gia/sepolicy/file_contexts @@ -0,0 +1,2 @@ +# chmod +x in SEPolicy language +/vendor/bin/gia u:object_r:gia_exec:s0 diff --git a/input/gia/sepolicy/gia.te b/input/gia/sepolicy/gia.te new file mode 100644 index 0000000..2c84e7c --- /dev/null +++ b/input/gia/sepolicy/gia.te @@ -0,0 +1,18 @@ +# SEPolicies for GIA (Google Input interface Abstraction layer) +type gia, domain; +type gia_exec, exec_type, vendor_file_type, file_type; + +# Macro transferring gia_exec to the gia domain +init_daemon_domain(gia) + +# let this domain use the hal service +hal_client_domain(gia, hal_gia) +# allow binder communication with service_manager +binder_use(gia) + +# let this domain serve the hal service +hal_server_domain(gia, hal_gia) + +# allow gia for accessing touch related system file-nodes +allow gia sysfs_touch_gti:dir r_dir_perms; +allow gia sysfs_touch_gti:file rw_file_perms; diff --git a/input/gia/sepolicy/hal_gia.te b/input/gia/sepolicy/hal_gia.te new file mode 100644 index 0000000..b75c9fb --- /dev/null +++ b/input/gia/sepolicy/hal_gia.te @@ -0,0 +1,8 @@ +# allow binder connection from client to server +binder_call(hal_gia_client, hal_gia_server) + +# allow client to find the service & allow server to register the service +hal_attribute_service(hal_gia, hal_gia_service) + +# allow binder communication from server to service_manager +binder_use(hal_gia_server) diff --git a/input/gia/sepolicy/service.te b/input/gia/sepolicy/service.te new file mode 100644 index 0000000..aed1135 --- /dev/null +++ b/input/gia/sepolicy/service.te @@ -0,0 +1,2 @@ +# Declares GIA related services +type hal_gia_service, hal_service_type, protected_service, service_manager_type; diff --git a/input/gia/sepolicy/service_contexts b/input/gia/sepolicy/service_contexts new file mode 100644 index 0000000..b1773ec --- /dev/null +++ b/input/gia/sepolicy/service_contexts @@ -0,0 +1,2 @@ +# Attaches GIA services to the cooresponding SEPolicy group +com.google.input.gia.core.IGiaService/default u:object_r:hal_gia_service:s0 From 8ad4c5c9b97421f35cb709da573806de71e47a87 Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Wed, 30 Oct 2024 17:03:14 +0800 Subject: [PATCH 37/87] RamdumpService: Update the SELinux policy for Flood Control to use Firebase Cloud Firestore. Bug: 369260803 Design: go/fc-app-server Flag: NONE N/A Change-Id: Iebc91446aad59e2ed4e995fc5fc8fd3a45e0dc6f --- ramdump_and_coredump/sepolicy/ramdump_app.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ramdump_and_coredump/sepolicy/ramdump_app.te b/ramdump_and_coredump/sepolicy/ramdump_app.te index 85d4bfd..9eebc98 100644 --- a/ramdump_and_coredump/sepolicy/ramdump_app.te +++ b/ramdump_and_coredump/sepolicy/ramdump_app.te @@ -1,8 +1,12 @@ +# SEpolicy for com.android.ramdump type ramdump_app, domain; userdebug_or_eng(` app_domain(ramdump_app) + # For using Firebase Cloud Firestore + net_domain(ramdump_app) + allow ramdump_app app_api_service:service_manager find; allow ramdump_app ramdump_vendor_data_file:file create_file_perms; From 50930b4181f7331984d826895d745e04ebc3501c Mon Sep 17 00:00:00 2001 From: Frank Yu Date: Fri, 1 Nov 2024 09:04:43 +0000 Subject: [PATCH 38/87] Allow grilservice_app to binder call twoshay avc error log: [ 37.308566] type=1400 audit(1730161331.968:20): avc: denied { call } for comm="pool-3-thread-1" scontext=u:r:grilservice_app:s0:c253,c256,c512,c768 tcontext=u:r:twoshay:s0 tclass=binder permissive=0 bug=b/375564898 app=com.google.android.grilservice Flag: EXEMPT bugfix Bug: 375564898 Change-Id: I7bd57884763e255be57455b138e306c904bc66e1 --- gril/hidl/1.7/sepolicy/grilservice_app.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gril/hidl/1.7/sepolicy/grilservice_app.te b/gril/hidl/1.7/sepolicy/grilservice_app.te index 3a170b8..fd20fb4 100644 --- a/gril/hidl/1.7/sepolicy/grilservice_app.te +++ b/gril/hidl/1.7/sepolicy/grilservice_app.te @@ -2,3 +2,5 @@ allow grilservice_app hal_radio_ext_service:service_manager find; # allow grilservice_app to binder call hal_radioext_default binder_call(grilservice_app, hal_radioext_default) +# allow grilservice_app to binder call twoshay +binder_call(grilservice_app, twoshay) From 5c50ccab628834d912fc873886cd92a36ca92302 Mon Sep 17 00:00:00 2001 From: timmyli Date: Tue, 5 Nov 2024 06:38:20 +0000 Subject: [PATCH 39/87] Add permissions for GCA to access various services app_api_service gives access to blanket app service permissions. The more specific ones are listed in logs below. Bug: 370899024 Bug: 375958865 Test: manual test with GCA to verify permissions Flag: EXEMPT refactor Specific logs: 11-05 01:13:34.640 332 332 E SELinux : avc: denied { find } for pid=5493 uid=10155 name=media.player scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1 11-05 01:13:34.641 332 332 E SELinux : avc: denied { find } for pid=5493 uid=10155 name=media.camera scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1 11-05 01:29:31.002 326 326 E SELinux : avc: denied { find } for pid=5465 uid=10155 name=media.metrics scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediametrics_service:s0 tclass=service_manager permissive=1 11-05 01:29:31.498 326 326 E SELinux : avc: denied { find } for pid=5465 uid=10155 name=media.extractor scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:mediaextractor_service:s0 tclass=service_manager permissive=1 11-05 01:29:30.961 326 326 E SELinux : avc: denied { find } for pid=5465 uid=10155 name=media.audio_flinger scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:audioserver_service:s0 tclass=service_manager permissive=1 Logs from app services blanket granted by app_api_service 10-28 02:25:22.057 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=content scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1 10-28 02:25:21.953 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=connectivity scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1 10-28 02:25:22.577 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=power scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1 10-28 02:25:22.062 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=notification scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1 10-28 02:25:21.988 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=appops scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:appops_service:s0 tclass=service_manager permissive=1 10-28 02:25:22.014 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=user scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:user_service:s0 tclass=service_manager permissive=1 10-28 02:25:21.852 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=display scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1 10-28 02:25:21.998 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=jobscheduler scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1 10-28 02:25:21.855 339 339 I auditd : avc: denied { find } for pid=10509 uid=10149 name=network_management scontext=u:r:google_camera_app:s0:c149,c256,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1 10-02 05:40:18.428 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=content_capture scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1 10-02 05:40:19.270 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=device_policy scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1 10-02 05:40:19.215 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=sensorservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1 10-02 05:40:18.166 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=netstats scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1 10-02 05:40:19.219 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=virtualdevice_native scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1 10-02 05:40:19.230 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=thermalservice scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1 10-02 05:40:19.224 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=media.camera scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1 10-02 05:40:19.214 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=media.player scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1 10-02 05:40:19.485 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=backup scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1 10-02 05:40:17.920 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=activity scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1 10-02 05:40:19.511 355 355 I auditd : avc: denied { find } for pid=9560 uid=10129 name=device_state scontext=u:r:google_camera_app:s0:c129,c256,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1 Change-Id: I9bd98af328f948152c89f9f2c3a066a951f4aaad --- .../sepolicy/product/private/google_camera_app.te | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/gcam_app/sepolicy/product/private/google_camera_app.te b/gcam_app/sepolicy/product/private/google_camera_app.te index a4c7a79..2d3d73c 100644 --- a/gcam_app/sepolicy/product/private/google_camera_app.te +++ b/gcam_app/sepolicy/product/private/google_camera_app.te @@ -3,12 +3,12 @@ typeattribute google_camera_app coredomain; app_domain(google_camera_app) net_domain(google_camera_app) -#allow google_camera_app app_api_service:service_manager find; -#allow google_camera_app audioserver_service:service_manager find; -#allow google_camera_app cameraserver_service:service_manager find; -#allow google_camera_app mediaextractor_service:service_manager find; -#allow google_camera_app mediametrics_service:service_manager find; -#allow google_camera_app mediaserver_service:service_manager find; +allow google_camera_app app_api_service:service_manager find; +allow google_camera_app audioserver_service:service_manager find; +allow google_camera_app cameraserver_service:service_manager find; +allow google_camera_app mediaextractor_service:service_manager find; +allow google_camera_app mediametrics_service:service_manager find; +allow google_camera_app mediaserver_service:service_manager find; # Allows GCA to access the PowerHAL. hal_client_domain(google_camera_app, hal_power) From 8d4f1c1f07019f3a968b4e9a119a88513c4a585d Mon Sep 17 00:00:00 2001 From: KRIS CHEN Date: Tue, 5 Nov 2024 09:31:29 +0000 Subject: [PATCH 40/87] Allow fingerprint HAL to access IGoodixFingerprintDaemon Fix the following avc denial: avc: denied { add } for pid=1285 uid=1000 name=vendor.goodix.hardware.biometrics.fingerprint.IGoodixFingerprintDaemon/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0 Flag: EXEMPT NDK Bug: 376602341 Test: boot with no relevant error Change-Id: I12b5824d239bb3b55bb82fb50b9f6fc4c38b36c5 --- fingerprint/sepolicy/service_contexts | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 fingerprint/sepolicy/service_contexts diff --git a/fingerprint/sepolicy/service_contexts b/fingerprint/sepolicy/service_contexts new file mode 100644 index 0000000..4cc220f --- /dev/null +++ b/fingerprint/sepolicy/service_contexts @@ -0,0 +1,2 @@ +# Fingerprint HAL extension +vendor.goodix.hardware.biometrics.fingerprint.IGoodixFingerprintDaemon/default u:object_r:hal_fingerprint_service:s0 From cb2c9c91c1549b16c5c6d51411d3d4ab9f528ff7 Mon Sep 17 00:00:00 2001 From: timmyli Date: Tue, 5 Nov 2024 21:39:34 +0000 Subject: [PATCH 41/87] Consolidate gca permissions inside gs-common SeLinux team is making an effort to have a general set of permissions inside gs-common for GCA as oppose to having a new google_camera_app.te for each device generation. Move the next gen permissions to the gs-common. Bug: 361092857 Test: manual test to check permissions Flag: EXEMPT add permissions 11-05 16:28:30.048 5720 5720 I FinishThread: type=1400 audit(0.0:665): avc: denied { read write } for name="gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera 11-05 16:28:30.048 5720 5720 I FinishThread: type=1400 audit(0.0:666): avc: denied { open } for path="/dev/gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera 11-05 16:28:30.048 5720 5720 I FinishThread: type=1400 audit(0.0:667): avc: denied { ioctl } for path="/dev/gxp" dev="tmpfs" ino=1545 ioctlcmd=0xee06 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera 11-05 16:15:05.062 332 332 E SELinux : avc: denied { find } for pid=5586 uid=10155 name=com.google.edgetpu.IEdgeTpuAppService/default scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_app_service:s0 tclass=service_manager permissive=1 11-05 16:15:06.356 5586 5586 I frame-quality-s: type=1400 audit(0.0:554): avc: denied { ioctl } for path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 ioctlcmd=0xed23 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera Change-Id: Ie38edbf7e2fecf6bc45605a947ad6fc63d4f4378 --- gcam_app/sepolicy/vendor/google_camera_app.te | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gcam_app/sepolicy/vendor/google_camera_app.te b/gcam_app/sepolicy/vendor/google_camera_app.te index 81f91ac..3f5a0ec 100644 --- a/gcam_app/sepolicy/vendor/google_camera_app.te +++ b/gcam_app/sepolicy/vendor/google_camera_app.te @@ -1,12 +1,12 @@ # GCARelease and GCADogfood. # Allows GCA to acccess the GXP device & properties. -#allow google_camera_app gxp_device:chr_file rw_file_perms; +allow google_camera_app gxp_device:chr_file rw_file_perms; get_prop(google_camera_app, vendor_gxp_prop) # Allows GCA to find and access the EdgeTPU. -#allow google_camera_app edgetpu_app_service:service_manager find; -#allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; +allow google_camera_app edgetpu_app_service:service_manager find; +allow google_camera_app edgetpu_device:chr_file { ioctl }; # Allows GCA to access the hw_jpeg /dev/video12. #allow google_camera_app hw_jpg_device:chr_file rw_file_perms; From 132ad09bcedd5fecc9729b23743a53db75d91f92 Mon Sep 17 00:00:00 2001 From: timmyli Date: Wed, 6 Nov 2024 08:03:47 +0000 Subject: [PATCH 42/87] Add more access for GCA to edgetpu Bug: 361092857 Test: manual test to check permissions Flag: EXEMPT add permissions 11-06 03:01:49.736 719 719 W binder:719_3: type=1400 audit(0.0:710): avc: denied { read write } for path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0 Change-Id: I2ef4ac39645179fe2a2ec1d7aeac928a43a01a61 --- gcam_app/sepolicy/vendor/google_camera_app.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gcam_app/sepolicy/vendor/google_camera_app.te b/gcam_app/sepolicy/vendor/google_camera_app.te index 3f5a0ec..76f0811 100644 --- a/gcam_app/sepolicy/vendor/google_camera_app.te +++ b/gcam_app/sepolicy/vendor/google_camera_app.te @@ -6,7 +6,7 @@ get_prop(google_camera_app, vendor_gxp_prop) # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { ioctl }; +allow google_camera_app edgetpu_device:chr_file rw_file_perms; # Allows GCA to access the hw_jpeg /dev/video12. #allow google_camera_app hw_jpg_device:chr_file rw_file_perms; From 84d3523c6c9d6f0e9ae3d918871eed6e12c6c506 Mon Sep 17 00:00:00 2001 From: "ELIYAZ MOMIN (xWF)" Date: Wed, 6 Nov 2024 16:54:52 +0000 Subject: [PATCH 43/87] Revert "Add more access for GCA to edgetpu" This reverts commit 132ad09bcedd5fecc9729b23743a53db75d91f92. Reason for revert: Change-Id: Ic0cf086e2dc3aad19b1e0965873f9966ad7e6c29 --- gcam_app/sepolicy/vendor/google_camera_app.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gcam_app/sepolicy/vendor/google_camera_app.te b/gcam_app/sepolicy/vendor/google_camera_app.te index 76f0811..3f5a0ec 100644 --- a/gcam_app/sepolicy/vendor/google_camera_app.te +++ b/gcam_app/sepolicy/vendor/google_camera_app.te @@ -6,7 +6,7 @@ get_prop(google_camera_app, vendor_gxp_prop) # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file rw_file_perms; +allow google_camera_app edgetpu_device:chr_file { ioctl }; # Allows GCA to access the hw_jpeg /dev/video12. #allow google_camera_app hw_jpg_device:chr_file rw_file_perms; From ba53a62a59fdbf64a6929944077389eb71a0192f Mon Sep 17 00:00:00 2001 From: Timmy Li Date: Wed, 6 Nov 2024 18:00:29 +0000 Subject: [PATCH 44/87] Revert^2 "Add more access for GCA to edgetpu" This reverts commit 84d3523c6c9d6f0e9ae3d918871eed6e12c6c506. Reason for revert: Remerge attempt after fixing build error. Bug: 361092857 Test: manual test with GCA for permissions Flag: EXEMPT add permissions 11-06 03:01:49.736 719 719 W binder:719_3: type=1400 audit(0.0:710): avc: denied { read write } for path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0 Change-Id: I89ec01928edc4fcb4832d2da84c442354a65c25c --- gcam_app/sepolicy/vendor/google_camera_app.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gcam_app/sepolicy/vendor/google_camera_app.te b/gcam_app/sepolicy/vendor/google_camera_app.te index 3f5a0ec..a1c3ddb 100644 --- a/gcam_app/sepolicy/vendor/google_camera_app.te +++ b/gcam_app/sepolicy/vendor/google_camera_app.te @@ -6,7 +6,7 @@ get_prop(google_camera_app, vendor_gxp_prop) # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { ioctl }; +allow google_camera_app edgetpu_device:chr_file { read write ioctl }; # Allows GCA to access the hw_jpeg /dev/video12. #allow google_camera_app hw_jpg_device:chr_file rw_file_perms; From 2f08dd633a8648365ae14cd035131ab7ca241c96 Mon Sep 17 00:00:00 2001 From: Zhengyuan Cui Date: Wed, 6 Nov 2024 20:36:46 +0000 Subject: [PATCH 45/87] Allow command line tools to access Tachyon service in user builds. Bug: 377528455 Change-Id: I878e960b32af45030cebf73e9138752506c37953 Flag: tachyon --- edgetpu/sepolicy/edgetpu_tachyon_service.te | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/edgetpu/sepolicy/edgetpu_tachyon_service.te b/edgetpu/sepolicy/edgetpu_tachyon_service.te index 80db366..642b469 100644 --- a/edgetpu/sepolicy/edgetpu_tachyon_service.te +++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te @@ -42,7 +42,7 @@ allow edgetpu_tachyon_server proc_version:file r_file_perms; # Allow Tachyon service to send trace packets to Perfetto with SELinux enabled # under userdebug builds. -userdebug_or_eng(`perfetto_producer(edgetpu_tachyon_server)') +perfetto_producer(edgetpu_tachyon_server) # Allow Tachyon service to read tflite DarwiNN delegate properties get_prop(edgetpu_tachyon_server, vendor_tflite_delegate_prop) @@ -65,6 +65,4 @@ userdebug_or_eng(` ') # For shell level testing -userdebug_or_eng(` - binder_call(edgetpu_tachyon_server, shell); -') +binder_call(edgetpu_tachyon_server, shell); From ea38f5c687cd74241cc46c809bc68ba73693cda4 Mon Sep 17 00:00:00 2001 From: Snehal Koukuntla Date: Fri, 8 Nov 2024 17:04:21 +0000 Subject: [PATCH 46/87] Add widevine SELinux permissions for L1 839 839 I android.hardwar: type=1400 audit(0.0:982): avc: denied { read } for name="system" dev="tmpfs" ino=1313 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1 Bug: 363181505 Flag: EXEMPT bugfix Change-Id: Ib9391b24f03a7306b8ba42c960d4c77c5bf148e8 --- widevine/sepolicy/hal_drm_widevine.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/widevine/sepolicy/hal_drm_widevine.te b/widevine/sepolicy/hal_drm_widevine.te index 9b4792e..98b49e6 100644 --- a/widevine/sepolicy/hal_drm_widevine.te +++ b/widevine/sepolicy/hal_drm_widevine.te @@ -10,4 +10,5 @@ allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms; allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms; #L1 -#TODO(snehalreddy@) : Add L1 permissions +allow hal_drm_widevine dmabuf_system_heap_device:chr_file r_file_perms; + From 872e4328210b90a24f8365a63cc0252d8edfcafc Mon Sep 17 00:00:00 2001 From: timmyli Date: Fri, 8 Nov 2024 05:34:12 +0000 Subject: [PATCH 47/87] Replace many app service permission with app_api_service We don't need to grant permissions to all these things. Just app_api_service is enough. Bug: 363018500 Test: manual test with GCA Eng Flag: EXEMPT add permissions Change-Id: I2457b54b244b2739e89393f52442afd4544418f1 11-08 00:33:23.429 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.436 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=display scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:display_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.439 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=network_management scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.453 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=connectivity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:connectivity_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.457 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=netstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.470 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.488 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=jobscheduler scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:jobscheduler_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.502 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=shortcut scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:shortcut_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.604 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=notification scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:notification_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.606 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.627 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=content_capture scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.630 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=gpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.630 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=activity_task scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.643 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=sensorservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.644 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=virtualdevice_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:virtual_device_native_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.652 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=device_policy scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.652 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=batterystats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:batterystats_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.653 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=powerstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:powerstats_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.662 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=trust scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.677 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=device_state scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:device_state_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.718 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=vibrator_manager scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:vibrator_manager_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.724 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=input_method scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_method_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.732 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=power scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:power_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.733 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=thermalservice scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.784 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=voiceinteraction scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.786 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=autofill scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.795 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=sensitive_content_protection_service scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.798 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=graphicsstats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:graphicsstats_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.798 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=performance_hint scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1 11-08 00:33:23.835 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=clipboard scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:clipboard_service:s0 tclass=service_manager permissive=1 11-08 00:33:24.029 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1 11-08 00:33:24.130 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=backup scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:backup_service:s0 tclass=service_manager permissive=1 11-08 00:33:24.160 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=audio scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1 11-08 00:33:24.368 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1 11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1555): avc: denied { read } for name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng 11-08 00:33:24.364 16052 16052 I GoogleCameraEng: type=1400 audit(0.0:1556): avc: denied { open } for path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng 11-08 00:33:24.650 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=android.frameworks.stats.IStats/default scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1 11-08 00:33:24.872 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=package_native scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:package_native_service:s0 tclass=service_manager permissive=1 11-08 00:33:26.556 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=input scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:input_service:s0 tclass=service_manager permissive=1 11-08 00:33:34.977 344 344 E SELinux : avc: denied { find } for pid=16052 uid=10296 name=storagestats scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:storagestats_service:s0 tclass=service_manager permissive=1 11-08 00:33:42.547 344 344 E SELinux : avc: denied { find } for pid=16961 uid=10296 name=activity scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1 11-08 00:33:42.593 344 344 E SELinux : avc: denied { find } for pid=16961 uid=10296 name=mount scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:mount_service:s0 tclass=service_manager permissive=1 11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1681): avc: denied { read } for name="enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng 11-08 00:33:42.656 16961 16961 I GoogleCameraEng: type=1400 audit(0.0:1682): avc: denied { open } for path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 app=com.google.android.GoogleCameraEng 11-08 00:33:42.726 344 344 E SELinux : avc: denied { find } for pid=16961 uid=10296 name=content scontext=u:r:debug_camera_app:s0:c40,c257,c512,c768 tcontext=u:object_r:content_service:s0 tclass=service_manager permissive=1 Change-Id: I91235f2f699fd07107eaa11174beee895559770e --- .../sepolicy/product/private/debug_camera_app.te | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/gcam_app/sepolicy/product/private/debug_camera_app.te b/gcam_app/sepolicy/product/private/debug_camera_app.te index 4402e55..0449bc0 100644 --- a/gcam_app/sepolicy/product/private/debug_camera_app.te +++ b/gcam_app/sepolicy/product/private/debug_camera_app.te @@ -6,23 +6,12 @@ userdebug_or_eng(` app_domain(debug_camera_app) net_domain(debug_camera_app) - allow debug_camera_app activity_service:service_manager find; - allow debug_camera_app activity_task_service:service_manager find; + allow debug_camera_app app_api_service:service_manager find; allow debug_camera_app audioserver_service:service_manager find; - allow debug_camera_app batterystats_service:service_manager find; allow debug_camera_app cameraserver_service:service_manager find; - allow debug_camera_app device_policy_service:service_manager find; - allow debug_camera_app device_state_service:service_manager find; - allow debug_camera_app gpu_service:service_manager find; allow debug_camera_app mediaextractor_service:service_manager find; allow debug_camera_app mediametrics_service:service_manager find; allow debug_camera_app mediaserver_service:service_manager find; - allow debug_camera_app powerstats_service:service_manager find; - allow debug_camera_app sensorservice_service:service_manager find; - allow debug_camera_app thermal_service:service_manager find; - allow debug_camera_app trust_service:service_manager find; - allow debug_camera_app vibrator_manager_service:service_manager find; - allow debug_camera_app virtual_device_native_service:service_manager find; # Allows GCA_Eng & GCA-Next to access the PowerHAL. hal_client_domain(debug_camera_app, hal_power) From 3330640782c18dfcd08d63e94309ff4568db9439 Mon Sep 17 00:00:00 2001 From: Ocean Chen Date: Wed, 30 Oct 2024 01:28:16 +0800 Subject: [PATCH 48/87] Revert "storage: Defer blkio class configuration" This patch change the I/O schedulor back to mq-deadline before boot completed. Bug:374905027 Test: forrest run This reverts commit 0af034bf9f1066b190124630ca655306a2156457. Change-Id: Ie49fb8a62d6fdb8da112e83d5a8e3551b0072379 --- storage/init.storage.rc | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/storage/init.storage.rc b/storage/init.storage.rc index 77057cd..9e4acd4 100644 --- a/storage/init.storage.rc +++ b/storage/init.storage.rc @@ -1,3 +1,11 @@ +on init + # Make foreground and background I/O priority different. none-to-rt was + # introduced in kernel 5.14. promote-to-rt was introduced in kernel 6.5. + # Write none-to-rt first and promote-to-rt next to support both older and + # newer kernel versions. + write /dev/blkio/blkio.prio.class none-to-rt + write /dev/blkio/blkio.prio.class promote-to-rt + on property:ro.build.type=userdebug write /dev/sys/block/bootdevice/pixel/enable_pixel_ufs_logging 1 chown system /dev/sg3 @@ -36,13 +44,6 @@ on init write /dev/sys/block/bootdevice/clkgate_enable 0 on property:sys.boot_completed=1 - # Make foreground and background I/O priority different. none-to-rt was - # introduced in kernel 5.14. promote-to-rt was introduced in kernel 6.5. - # Write none-to-rt first and promote-to-rt next to support both older and - # newer kernel versions. - write /dev/blkio/blkio.prio.class none-to-rt - write /dev/blkio/blkio.prio.class promote-to-rt - # Health Storage HAL chown system system /dev/sys/block/bootdevice/manual_gc From cfedcac7d7ba9acfd0e2edb9c16d7c8e5913f1fb Mon Sep 17 00:00:00 2001 From: timmyli Date: Fri, 8 Nov 2024 06:08:27 +0000 Subject: [PATCH 49/87] Remove bug comment Bug: 363018500 Test: comment only Flag: EXEMPT remove comment Change-Id: I86ed9f0e7ed5b3741b23afffb2d7440683f34eb0 --- gcam_app/sepolicy/product/private/debug_camera_app.te | 1 - 1 file changed, 1 deletion(-) diff --git a/gcam_app/sepolicy/product/private/debug_camera_app.te b/gcam_app/sepolicy/product/private/debug_camera_app.te index 0449bc0..9d4643d 100644 --- a/gcam_app/sepolicy/product/private/debug_camera_app.te +++ b/gcam_app/sepolicy/product/private/debug_camera_app.te @@ -1,5 +1,4 @@ # GCANext and GCAEng. -# b/363018500 typeattribute debug_camera_app coredomain; userdebug_or_eng(` From f39a955d95f76da1838f63b6968540bbdc9ae025 Mon Sep 17 00:00:00 2001 From: Lucas Wei Date: Tue, 29 Oct 2024 07:10:23 +0000 Subject: [PATCH 50/87] Introduce Pixel mailbox module Introduce Pixel mailbox module to dump debugging messages and integrate with bugreport. This patch also create sepolicy files to avoid avc denied. avc: denied { search } for comm="dump_mailbox" name="radio" dev="dm-57" ino=375 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 avc: denied { search } for comm="dump_mailbox" name="instances" dev="tracefs" ino=4203 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1 avc: denied { read } for comm="dump_mailbox" name="trace" dev="tracefs" ino=7250 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1 avc: denied { open } for comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=7187 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_traci avc: denied { create } for comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 avc: denied { write open } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=29097 scontext=u:r:dump_mailbox:s0 tcontex=1 avc: denied { getattr } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=29097 scontext=u:r:dump_mailbox:s0 tcontext=ut=5 audit_backlog_limit=64 =1 avc: denied { read } for comm="dump_mailbox" name="trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1 avc: denied { open } for comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1 avc: denied { create } for comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 avc: denied { write open } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=30937 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 avc: denied { getattr } for comm="dump_mailbox" path="/sys/kernel/tracing/instances/goog_cpm_mailbox/trace" dev="tracefs" ino=5239 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:debugfs_tracing_instances_mailbox:s0 tclass=file permissive=1 avc: denied { getattr } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=30937 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 avc: denied { create } for comm="dump_mailbox" name="goog_cpm_mailbox_trace" scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclas(6 results) 15:39:41 [4796/19306] avc: denied { write open } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=32864 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 avc: denied { getattr } for comm="dump_mailbox" path="/data/vendor/radio/logs/always-on/all_logs/mailbox/goog_cpm_mailbox_trace" dev="dm-52" ino=32864 scontext=u:r:dump_mailbox:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 Flag: EXEMPT, add mailbox dump program to bugreport Bug: 363168077 Change-Id: I622f37bf8f913df8d9b242ab206fc267d446753d --- mailbox/Android.bp | 21 ++++++++++++++++++ mailbox/dump/dump_mailbox.cpp | 32 +++++++++++++++++++++++++++ mailbox/dump/sepolicy/dump_mailbox.te | 7 ++++++ mailbox/dump/sepolicy/file.te | 2 ++ mailbox/dump/sepolicy/file_contexts | 1 + mailbox/dump/sepolicy/genfs_contexts | 2 ++ mailbox/init.mailbox.rc | 8 +++++++ mailbox/mailbox.mk | 3 +++ 8 files changed, 76 insertions(+) create mode 100644 mailbox/Android.bp create mode 100644 mailbox/dump/dump_mailbox.cpp create mode 100644 mailbox/dump/sepolicy/dump_mailbox.te create mode 100644 mailbox/dump/sepolicy/file.te create mode 100644 mailbox/dump/sepolicy/file_contexts create mode 100644 mailbox/dump/sepolicy/genfs_contexts create mode 100644 mailbox/init.mailbox.rc create mode 100644 mailbox/mailbox.mk diff --git a/mailbox/Android.bp b/mailbox/Android.bp new file mode 100644 index 0000000..6969685 --- /dev/null +++ b/mailbox/Android.bp @@ -0,0 +1,21 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +cc_binary { + name: "dump_mailbox", + srcs: ["dump/dump_mailbox.cpp"], + init_rc: ["init.mailbox.rc"], + cflags: [ + "-Wall", + "-Wextra", + "-Werror", + ], + shared_libs: [ + "libbase", + "libdump", + "liblog", + ], + vendor: true, + relative_install_path: "dump", +} diff --git a/mailbox/dump/dump_mailbox.cpp b/mailbox/dump/dump_mailbox.cpp new file mode 100644 index 0000000..8f63b30 --- /dev/null +++ b/mailbox/dump/dump_mailbox.cpp @@ -0,0 +1,32 @@ +/* + * Copyright 2024 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include + +int main() { + std::string outputDir = concatenatePath(BUGREPORT_PACKING_DIR, "mailbox"); + if (mkdir(outputDir.c_str(), 0777) == -1) { + printf("Unable to create folder: %s\n", outputDir.c_str()); + return 0; + } + + copyFile("/sys/kernel/tracing/instances/goog_cpm_mailbox/trace", + concatenatePath(outputDir.c_str(), "goog_cpm_mailbox_trace").c_str()); + copyFile("/sys/kernel/tracing/instances/goog_nq_mailbox/trace", + concatenatePath(outputDir.c_str(), "goog_nq_mailbox_trace").c_str()); + + return 0; +} diff --git a/mailbox/dump/sepolicy/dump_mailbox.te b/mailbox/dump/sepolicy/dump_mailbox.te new file mode 100644 index 0000000..64f184c --- /dev/null +++ b/mailbox/dump/sepolicy/dump_mailbox.te @@ -0,0 +1,7 @@ +# +pixel_bugreport(dump_mailbox) +allow dump_mailbox radio_vendor_data_file:dir create_dir_perms; +allow dump_mailbox radio_vendor_data_file:file create_file_perms; +allow dump_mailbox debugfs_tracing_instances:file r_file_perms; +allow dump_mailbox debugfs_tracing_instances:dir search; +allow dump_mailbox debugfs_tracing_instances_mailbox:file r_file_perms; diff --git a/mailbox/dump/sepolicy/file.te b/mailbox/dump/sepolicy/file.te new file mode 100644 index 0000000..5bb7bc4 --- /dev/null +++ b/mailbox/dump/sepolicy/file.te @@ -0,0 +1,2 @@ +# +type debugfs_tracing_instances_mailbox, sysfs_type, fs_type; diff --git a/mailbox/dump/sepolicy/file_contexts b/mailbox/dump/sepolicy/file_contexts new file mode 100644 index 0000000..b9bea15 --- /dev/null +++ b/mailbox/dump/sepolicy/file_contexts @@ -0,0 +1 @@ +/vendor/bin/dump/dump_mailbox u:object_r:dump_mailbox_exec:s0 diff --git a/mailbox/dump/sepolicy/genfs_contexts b/mailbox/dump/sepolicy/genfs_contexts new file mode 100644 index 0000000..0bac5e8 --- /dev/null +++ b/mailbox/dump/sepolicy/genfs_contexts @@ -0,0 +1,2 @@ +genfscon tracefs /instances/goog_cpm_mailbox/trace u:object_r:debugfs_tracing_instances_mailbox:s0 +genfscon tracefs /instances/goog_nq_mailbox/trace u:object_r:debugfs_tracing_instances_mailbox:s0 diff --git a/mailbox/init.mailbox.rc b/mailbox/init.mailbox.rc new file mode 100644 index 0000000..7659290 --- /dev/null +++ b/mailbox/init.mailbox.rc @@ -0,0 +1,8 @@ +on property:sys.boot_completed=1 + chown system system /sys/kernel/tracing/instances/goog_cpm_mailbox + chown system system /sys/kernel/tracing/instances/goog_cpm_mailbox/trace + write /sys/kernel/tracing/instances/goog_cpm_mailbox/buffer_size_kb 512 + + chown system system /sys/kernel/tracing/instances/goog_nq_mailbox + chown system system /sys/kernel/tracing/instances/goog_nq_mailbox/trace + write /sys/kernel/tracing/instances/goog_nq_mailbox/buffer_size_kb 512 diff --git a/mailbox/mailbox.mk b/mailbox/mailbox.mk new file mode 100644 index 0000000..aeefb9a --- /dev/null +++ b/mailbox/mailbox.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/mailbox/dump/sepolicy + +PRODUCT_PACKAGES += dump_mailbox From c68ac049e183628a60f85652607c7a66aa367bbc Mon Sep 17 00:00:00 2001 From: "ELIYAZ MOMIN (xWF)" Date: Wed, 13 Nov 2024 14:06:06 +0000 Subject: [PATCH 51/87] Revert "Add GIA (Google Input interface Abstraction layer) relat..." Revert submission 29512389-gia Reason for revert: Reverted changes: /q/submissionid:29512389-gia Change-Id: Ia4fd036130e54a5573efbd02a044631232561ea1 --- input/gia/aidl/compatibility_matrix.xml | 10 ---------- input/gia/aidl/manifest.xml | 10 ---------- input/gia/gia.mk | 11 ----------- input/gia/sepolicy/attributes | 2 -- input/gia/sepolicy/file_contexts | 2 -- input/gia/sepolicy/gia.te | 18 ------------------ input/gia/sepolicy/hal_gia.te | 8 -------- input/gia/sepolicy/service.te | 2 -- input/gia/sepolicy/service_contexts | 2 -- 9 files changed, 65 deletions(-) delete mode 100644 input/gia/aidl/compatibility_matrix.xml delete mode 100644 input/gia/aidl/manifest.xml delete mode 100644 input/gia/gia.mk delete mode 100644 input/gia/sepolicy/attributes delete mode 100644 input/gia/sepolicy/file_contexts delete mode 100644 input/gia/sepolicy/gia.te delete mode 100644 input/gia/sepolicy/hal_gia.te delete mode 100644 input/gia/sepolicy/service.te delete mode 100644 input/gia/sepolicy/service_contexts diff --git a/input/gia/aidl/compatibility_matrix.xml b/input/gia/aidl/compatibility_matrix.xml deleted file mode 100644 index 1a348ea..0000000 --- a/input/gia/aidl/compatibility_matrix.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - com.google.input.gia.core - - IGiaService - default - - 1 - - \ No newline at end of file diff --git a/input/gia/aidl/manifest.xml b/input/gia/aidl/manifest.xml deleted file mode 100644 index 98303c8..0000000 --- a/input/gia/aidl/manifest.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - com.google.input.gia.core - - IGiaService - default - - 1 - - \ No newline at end of file diff --git a/input/gia/gia.mk b/input/gia/gia.mk deleted file mode 100644 index ea079ca..0000000 --- a/input/gia/gia.mk +++ /dev/null @@ -1,11 +0,0 @@ -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy - -PRODUCT_PACKAGES += gia -PRODUCT_PACKAGES += com.google.input.gia.giaservicemanager - -PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces -PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core -PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core-servicemanager - -DEVICE_MANIFEST_FILE += device/google/gs-common/input/gia/aidl/manifest.xml -DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/input/gia/aidl/compatibility_matrix.xml diff --git a/input/gia/sepolicy/attributes b/input/gia/sepolicy/attributes deleted file mode 100644 index 1d61ad3..0000000 --- a/input/gia/sepolicy/attributes +++ /dev/null @@ -1,2 +0,0 @@ -# This macro produces: define hal_gia, hal_gia_client, hal_gia_server -hal_attribute(gia) diff --git a/input/gia/sepolicy/file_contexts b/input/gia/sepolicy/file_contexts deleted file mode 100644 index 99d6857..0000000 --- a/input/gia/sepolicy/file_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# chmod +x in SEPolicy language -/vendor/bin/gia u:object_r:gia_exec:s0 diff --git a/input/gia/sepolicy/gia.te b/input/gia/sepolicy/gia.te deleted file mode 100644 index 2c84e7c..0000000 --- a/input/gia/sepolicy/gia.te +++ /dev/null @@ -1,18 +0,0 @@ -# SEPolicies for GIA (Google Input interface Abstraction layer) -type gia, domain; -type gia_exec, exec_type, vendor_file_type, file_type; - -# Macro transferring gia_exec to the gia domain -init_daemon_domain(gia) - -# let this domain use the hal service -hal_client_domain(gia, hal_gia) -# allow binder communication with service_manager -binder_use(gia) - -# let this domain serve the hal service -hal_server_domain(gia, hal_gia) - -# allow gia for accessing touch related system file-nodes -allow gia sysfs_touch_gti:dir r_dir_perms; -allow gia sysfs_touch_gti:file rw_file_perms; diff --git a/input/gia/sepolicy/hal_gia.te b/input/gia/sepolicy/hal_gia.te deleted file mode 100644 index b75c9fb..0000000 --- a/input/gia/sepolicy/hal_gia.te +++ /dev/null @@ -1,8 +0,0 @@ -# allow binder connection from client to server -binder_call(hal_gia_client, hal_gia_server) - -# allow client to find the service & allow server to register the service -hal_attribute_service(hal_gia, hal_gia_service) - -# allow binder communication from server to service_manager -binder_use(hal_gia_server) diff --git a/input/gia/sepolicy/service.te b/input/gia/sepolicy/service.te deleted file mode 100644 index aed1135..0000000 --- a/input/gia/sepolicy/service.te +++ /dev/null @@ -1,2 +0,0 @@ -# Declares GIA related services -type hal_gia_service, hal_service_type, protected_service, service_manager_type; diff --git a/input/gia/sepolicy/service_contexts b/input/gia/sepolicy/service_contexts deleted file mode 100644 index b1773ec..0000000 --- a/input/gia/sepolicy/service_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Attaches GIA services to the cooresponding SEPolicy group -com.google.input.gia.core.IGiaService/default u:object_r:hal_gia_service:s0 From e546ba5bae773176505d14893b3cac4188ab83e9 Mon Sep 17 00:00:00 2001 From: Madhav Iyengar Date: Wed, 13 Nov 2024 00:21:07 +0000 Subject: [PATCH 52/87] Give ContextHub HAL access to AOC version Required to gate use of the new ContextHub HAL <-> CHRE transport on the availability of a bugfix in AOC. Bug: 378367295 Flag: android.chre.flags.efw_xport_in_context_hub Test: ... Change-Id: Ibd5e3d20b7e5c14ea2200d85c179a4e96eb3b65a --- chre/sepolicy/hal_contexthub_default.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/chre/sepolicy/hal_contexthub_default.te b/chre/sepolicy/hal_contexthub_default.te index 87e3a42..50e7ca3 100644 --- a/chre/sepolicy/hal_contexthub_default.te +++ b/chre/sepolicy/hal_contexthub_default.te @@ -35,3 +35,6 @@ allow hal_contexthub_default self:global_capability2_class_set block_suspend; # Allow binder calls with clients binder_call(hal_contexthub_default, hal_sensors_default) + +# Allow access for AoC properties. +get_prop(hal_contexthub_default, vendor_aoc_prop) From 303cf04de1bc9ee566fa53d779216ed6171f75bf Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Thu, 14 Nov 2024 08:30:49 +0000 Subject: [PATCH 53/87] sepolicy: Allow hal_gnss_pixel create file [ 7564.504317] type=1400 audit(1731556655.872:63): avc: denied { create } for comm="android.hardwar" name="android.hardware.gnss-service.pixel" scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_gps_file:s0 tclass=file permissive=0 bug=b/378004800 flag: EXEMPT the function has been verified at userdebug ROM. Bug: 378004800 Bug: 377446770 Test: b/378004800 abtd to check sepolicy Test: b/377446770#comment1 verified the coredump function on user ROM. Change-Id: If5cbe1dfde904f7d1eb0daaa53fa6bef19161f01 --- gps/pixel/sepolicy/hal_gnss_pixel.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te index e3e4d92..b9e1bd4 100644 --- a/gps/pixel/sepolicy/hal_gnss_pixel.te +++ b/gps/pixel/sepolicy/hal_gnss_pixel.te @@ -24,3 +24,6 @@ allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms; # Allow access ssrdump information allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:file r_file_perms; allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; + +# Allow pixel gnss access vendor_gps_file +allow hal_gnss_pixel vendor_gps_file:file create_file_perms; From 97586506bbe6318946d9554c17ea6379327dfbd8 Mon Sep 17 00:00:00 2001 From: Kai Hsieh Date: Thu, 14 Nov 2024 08:51:17 +0000 Subject: [PATCH 54/87] Revert^2 "Add GIA (Google Input interface Abstraction laye..." Revert submission 30378113-revert-29512389-gia-PMLMEKURMT Reason for revert: Revert to fix the issue that GIA cannot be started in caimen-next-userdbg Reverted changes: /q/submissionid:30378113-revert-29512389-gia-PMLMEKURMT Bug: 367881686 Change-Id: Iecc4738c10dfe244bea02611f1926a9f6264a46c --- input/gia/aidl/compatibility_matrix.xml | 10 ++++++++++ input/gia/aidl/manifest.xml | 10 ++++++++++ input/gia/gia.mk | 11 +++++++++++ input/gia/sepolicy/attributes | 2 ++ input/gia/sepolicy/file_contexts | 2 ++ input/gia/sepolicy/gia.te | 18 ++++++++++++++++++ input/gia/sepolicy/hal_gia.te | 8 ++++++++ input/gia/sepolicy/service.te | 2 ++ input/gia/sepolicy/service_contexts | 2 ++ 9 files changed, 65 insertions(+) create mode 100644 input/gia/aidl/compatibility_matrix.xml create mode 100644 input/gia/aidl/manifest.xml create mode 100644 input/gia/gia.mk create mode 100644 input/gia/sepolicy/attributes create mode 100644 input/gia/sepolicy/file_contexts create mode 100644 input/gia/sepolicy/gia.te create mode 100644 input/gia/sepolicy/hal_gia.te create mode 100644 input/gia/sepolicy/service.te create mode 100644 input/gia/sepolicy/service_contexts diff --git a/input/gia/aidl/compatibility_matrix.xml b/input/gia/aidl/compatibility_matrix.xml new file mode 100644 index 0000000..1a348ea --- /dev/null +++ b/input/gia/aidl/compatibility_matrix.xml @@ -0,0 +1,10 @@ + + + com.google.input.gia.core + + IGiaService + default + + 1 + + \ No newline at end of file diff --git a/input/gia/aidl/manifest.xml b/input/gia/aidl/manifest.xml new file mode 100644 index 0000000..98303c8 --- /dev/null +++ b/input/gia/aidl/manifest.xml @@ -0,0 +1,10 @@ + + + com.google.input.gia.core + + IGiaService + default + + 1 + + \ No newline at end of file diff --git a/input/gia/gia.mk b/input/gia/gia.mk new file mode 100644 index 0000000..ea079ca --- /dev/null +++ b/input/gia/gia.mk @@ -0,0 +1,11 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy + +PRODUCT_PACKAGES += gia +PRODUCT_PACKAGES += com.google.input.gia.giaservicemanager + +PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces +PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core +PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core-servicemanager + +DEVICE_MANIFEST_FILE += device/google/gs-common/input/gia/aidl/manifest.xml +DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/input/gia/aidl/compatibility_matrix.xml diff --git a/input/gia/sepolicy/attributes b/input/gia/sepolicy/attributes new file mode 100644 index 0000000..1d61ad3 --- /dev/null +++ b/input/gia/sepolicy/attributes @@ -0,0 +1,2 @@ +# This macro produces: define hal_gia, hal_gia_client, hal_gia_server +hal_attribute(gia) diff --git a/input/gia/sepolicy/file_contexts b/input/gia/sepolicy/file_contexts new file mode 100644 index 0000000..99d6857 --- /dev/null +++ b/input/gia/sepolicy/file_contexts @@ -0,0 +1,2 @@ +# chmod +x in SEPolicy language +/vendor/bin/gia u:object_r:gia_exec:s0 diff --git a/input/gia/sepolicy/gia.te b/input/gia/sepolicy/gia.te new file mode 100644 index 0000000..2c84e7c --- /dev/null +++ b/input/gia/sepolicy/gia.te @@ -0,0 +1,18 @@ +# SEPolicies for GIA (Google Input interface Abstraction layer) +type gia, domain; +type gia_exec, exec_type, vendor_file_type, file_type; + +# Macro transferring gia_exec to the gia domain +init_daemon_domain(gia) + +# let this domain use the hal service +hal_client_domain(gia, hal_gia) +# allow binder communication with service_manager +binder_use(gia) + +# let this domain serve the hal service +hal_server_domain(gia, hal_gia) + +# allow gia for accessing touch related system file-nodes +allow gia sysfs_touch_gti:dir r_dir_perms; +allow gia sysfs_touch_gti:file rw_file_perms; diff --git a/input/gia/sepolicy/hal_gia.te b/input/gia/sepolicy/hal_gia.te new file mode 100644 index 0000000..b75c9fb --- /dev/null +++ b/input/gia/sepolicy/hal_gia.te @@ -0,0 +1,8 @@ +# allow binder connection from client to server +binder_call(hal_gia_client, hal_gia_server) + +# allow client to find the service & allow server to register the service +hal_attribute_service(hal_gia, hal_gia_service) + +# allow binder communication from server to service_manager +binder_use(hal_gia_server) diff --git a/input/gia/sepolicy/service.te b/input/gia/sepolicy/service.te new file mode 100644 index 0000000..aed1135 --- /dev/null +++ b/input/gia/sepolicy/service.te @@ -0,0 +1,2 @@ +# Declares GIA related services +type hal_gia_service, hal_service_type, protected_service, service_manager_type; diff --git a/input/gia/sepolicy/service_contexts b/input/gia/sepolicy/service_contexts new file mode 100644 index 0000000..b1773ec --- /dev/null +++ b/input/gia/sepolicy/service_contexts @@ -0,0 +1,2 @@ +# Attaches GIA services to the cooresponding SEPolicy group +com.google.input.gia.core.IGiaService/default u:object_r:hal_gia_service:s0 From 5a063cc17b732b5b8ac5afe392aef8f0d234360d Mon Sep 17 00:00:00 2001 From: Robert Lee Date: Mon, 28 Oct 2024 06:18:49 +0000 Subject: [PATCH 55/87] audio: update hdmi audio path Add permission to read HDMI states by audio hal. For new project is using /devices/platform/dwc_dptx-audio/extcon/hdmi_audio For old projects are using /devices/platform/drmdp-adma/extcon/hdmi_audio Bug: 328784922 Test: builds Flag: EXEMPT update sepolocy Change-Id: I3bd0ccf1ee804de3157e759eac275673c9fc96a2 Signed-off-by: Robert Lee --- audio/aidl.mk | 6 +++++- audio/hidl_zuma.mk | 2 +- audio/sepolicy/hdmi_audio/dptx/genfs_contexts | 1 + audio/sepolicy/hdmi_audio/{ => drmdp}/genfs_contexts | 0 4 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 audio/sepolicy/hdmi_audio/dptx/genfs_contexts rename audio/sepolicy/hdmi_audio/{ => drmdp}/genfs_contexts (100%) diff --git a/audio/aidl.mk b/audio/aidl.mk index 7dd56bc..68458dd 100644 --- a/audio/aidl.mk +++ b/audio/aidl.mk @@ -16,7 +16,11 @@ PRODUCT_PACKAGES += \ libhapticgeneratoraidl \ BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/aidl -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hdmi_audio +ifeq ($(AUDIO_USE_DPTX_SEPOLICY),true) +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hdmi_audio/dptx +else +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hdmi_audio/drmdp +endif include device/google/gs-common/audio/common.mk diff --git a/audio/hidl_zuma.mk b/audio/hidl_zuma.mk index 6fb3449..64ad2ba 100644 --- a/audio/hidl_zuma.mk +++ b/audio/hidl_zuma.mk @@ -42,7 +42,7 @@ PRODUCT_PACKAGES += \ endif BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hidl -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hdmi_audio +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hdmi_audio/drmdp include device/google/gs-common/audio/common.mk diff --git a/audio/sepolicy/hdmi_audio/dptx/genfs_contexts b/audio/sepolicy/hdmi_audio/dptx/genfs_contexts new file mode 100644 index 0000000..64803be --- /dev/null +++ b/audio/sepolicy/hdmi_audio/dptx/genfs_contexts @@ -0,0 +1 @@ +genfscon sysfs /devices/platform/dwc_dptx-audio/extcon/hdmi_audio u:object_r:sysfs_extcon:s0 diff --git a/audio/sepolicy/hdmi_audio/genfs_contexts b/audio/sepolicy/hdmi_audio/drmdp/genfs_contexts similarity index 100% rename from audio/sepolicy/hdmi_audio/genfs_contexts rename to audio/sepolicy/hdmi_audio/drmdp/genfs_contexts From 421324351c8a39ea1d2583e8df666dade9be6267 Mon Sep 17 00:00:00 2001 From: Tommy Chiu Date: Wed, 9 Oct 2024 05:05:34 +0000 Subject: [PATCH 56/87] gsc: Change the criteria for building GSC targets There can be a case where vendor directory exists but vendor/google_nos does not. Bug: 371059500 Test: manual Flag: EXEMPT refactor (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8af77ef94228bf37bd7be4d8db496f7084e0333d) Merged-In: I96f429ec3284114868ad220ea308a6920930c065 Change-Id: I96f429ec3284114868ad220ea308a6920930c065 --- dauntless/gsc.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dauntless/gsc.mk b/dauntless/gsc.mk index c1cf0e0..b563cc4 100644 --- a/dauntless/gsc.mk +++ b/dauntless/gsc.mk @@ -1,6 +1,6 @@ # Dauntless BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/dauntless/sepolicy -ifneq ($(wildcard vendor),) +ifneq ($(wildcard vendor/google_nos),) PRODUCT_SOONG_NAMESPACES += vendor/google_nos/init/dauntless PRODUCT_PACKAGES += \ @@ -92,4 +92,4 @@ endif $(call dist-for-goals,droid,vendor/google_nos/prebuilts/dauntless/intermediate_images/d3m2_intermediate.ec.bin) endif -endif # $(wildcard vendor) +endif # $(wildcard vendor/google_nos) From 350e26241504bb140122f396f3447d8ce36ef574 Mon Sep 17 00:00:00 2001 From: Daniel Lee Date: Mon, 18 Nov 2024 10:38:21 -0800 Subject: [PATCH 57/87] storage: turn off writebooster flags upon init Enabling writebooster capability for Pixel UFS (pa/2994670) enabled the following flags in Android Common Kernel: - wb_flush_en - wb_flush_during_h8 - wb_enable This patch disables these writebooster-related flags to restore the intended behavior for Pixel devices. This overrides the default Android Common Kernel behavior. While 'wb_flush_en' and 'wb_enable' have corresponding sysfs entries ('enable_wb_buf_flush' and 'wb_on') for toggling, 'wb_flush_during_h8' currently lacks this functionality in the Android Common Kernel. Pixel provides the 'manual_gc' sysfs entry as a workaround. Setting 'manual_gc' to 0 disables 'wb_flush_during_h8'. Bug: 377958570 Flag: EXEMPT bugfix Test: check if all writebooster-realated flags are false upon init Change-Id: I918bf6939de3e208b715f554a96ccbd053f68a18 Signed-off-by: Daniel Lee --- storage/init.storage.rc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/storage/init.storage.rc b/storage/init.storage.rc index 9e4acd4..943c483 100644 --- a/storage/init.storage.rc +++ b/storage/init.storage.rc @@ -42,10 +42,13 @@ on init # UFS write /dev/sys/block/bootdevice/clkgate_enable 0 + write /dev/sys/block/bootdevice/wb_on 0 + write /dev/sys/block/bootdevice/enable_wb_buf_flush 0 on property:sys.boot_completed=1 # Health Storage HAL chown system system /dev/sys/block/bootdevice/manual_gc + write /dev/sys/block/bootdevice/manual_gc 0 # Pixelstats chown system system /dev/sys/block/bootdevice/slowio_read_cnt From 993506e4f1e30d6a890ecf8c3b3ed492e0d174a6 Mon Sep 17 00:00:00 2001 From: Julius Snipes Date: Thu, 14 Nov 2024 05:21:13 +0000 Subject: [PATCH 58/87] GRIL sepolicy for aidl radioext v2.1 avc: denied { find } for pid=2019 uid=10269 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c13,c257,c512,c768 tcontext=u:object_r:hal_aidl_radio_ext_service:s0 tclass=service_manager permissive=1 avc: denied { find } for pid=6500 uid=10242 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c242,c256,c512,c768 tcontext=u:object_r:hal_radio_ext_service:s0 tclass=service_manager permissive=0 avc: denied { find } for interface=vendor.google.radioext::IRadioExt sid=u:r:grilservice_app:s0:c242,c256,c512,c768 pid=6500 scontext=u:r:grilservice_app:s0:c242,c256,c512,c768 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 avc: denied { read write } for comm="vendor.google.r" name="umts_boot0" dev="tmpfs" ino=1352 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file permissive=1 avc: denied { search } for name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1 avc: denied { read write } for name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1 avc: denied { read write } for name="backlight" dev="sysfs" ino=83794 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 avc: denied { create } for name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 avc: denied { create } for name="radio" dev="dm-53" ino=379 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 avc: denied { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_hwservice:s0 tclass=hwservice_manager permissive=1 avc: denied { find } for interface=hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance sid=u:r:hal_aidl_radio_ext:s0 pid=792 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=1 avc: denied { read } for name="link_rate" dev="sysfs" ino=111840 scontext=u:r:hal_aidl_radio_ext:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 355774451 Change-Id: Iea5e0cdff82b140caa1e8b6717e94d6d78076b28 Test: verify with test roms Flag: EXEMPT sepolicy --- gril/aidl/2.1/compatibility_matrix.xml | 10 ++++++ gril/aidl/2.1/gril_aidl.mk | 4 +++ gril/aidl/2.1/sepolicy/file_contexts | 1 + gril/aidl/2.1/sepolicy/grilservice_app.te | 4 +++ gril/aidl/2.1/sepolicy/hal_aidl_radio_ext.te | 36 ++++++++++++++++++++ gril/aidl/2.1/sepolicy/hal_camera_default.te | 2 ++ gril/aidl/2.1/sepolicy/twoshay.te | 2 ++ 7 files changed, 59 insertions(+) create mode 100644 gril/aidl/2.1/compatibility_matrix.xml create mode 100644 gril/aidl/2.1/gril_aidl.mk create mode 100644 gril/aidl/2.1/sepolicy/file_contexts create mode 100644 gril/aidl/2.1/sepolicy/grilservice_app.te create mode 100644 gril/aidl/2.1/sepolicy/hal_aidl_radio_ext.te create mode 100644 gril/aidl/2.1/sepolicy/hal_camera_default.te create mode 100644 gril/aidl/2.1/sepolicy/twoshay.te diff --git a/gril/aidl/2.1/compatibility_matrix.xml b/gril/aidl/2.1/compatibility_matrix.xml new file mode 100644 index 0000000..c1ce8f9 --- /dev/null +++ b/gril/aidl/2.1/compatibility_matrix.xml @@ -0,0 +1,10 @@ + + + vendor.google.radio_ext + 3 + + IRadioExt + default + + + diff --git a/gril/aidl/2.1/gril_aidl.mk b/gril/aidl/2.1/gril_aidl.mk new file mode 100644 index 0000000..d5bc3fc --- /dev/null +++ b/gril/aidl/2.1/gril_aidl.mk @@ -0,0 +1,4 @@ +PRODUCT_PACKAGES += vendor.google.radioext@1.0-service +DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/aidl/2.1/compatibility_matrix.xml +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/aidl/2.1/sepolicy +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy diff --git a/gril/aidl/2.1/sepolicy/file_contexts b/gril/aidl/2.1/sepolicy/file_contexts new file mode 100644 index 0000000..9973b80 --- /dev/null +++ b/gril/aidl/2.1/sepolicy/file_contexts @@ -0,0 +1 @@ +/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_aidl_radio_ext_exec:s0 diff --git a/gril/aidl/2.1/sepolicy/grilservice_app.te b/gril/aidl/2.1/sepolicy/grilservice_app.te new file mode 100644 index 0000000..812c8a2 --- /dev/null +++ b/gril/aidl/2.1/sepolicy/grilservice_app.te @@ -0,0 +1,4 @@ +# allow grilservice_app to find hal_radio_ext_service +allow grilservice_app hal_radio_ext_service:service_manager find; +binder_call(grilservice_app, hal_aidl_radio_ext) +binder_call(grilservice_app, twoshay) diff --git a/gril/aidl/2.1/sepolicy/hal_aidl_radio_ext.te b/gril/aidl/2.1/sepolicy/hal_aidl_radio_ext.te new file mode 100644 index 0000000..eaff153 --- /dev/null +++ b/gril/aidl/2.1/sepolicy/hal_aidl_radio_ext.te @@ -0,0 +1,36 @@ +# hal_aidl_radio_ext domain +type hal_aidl_radio_ext, domain; +type hal_aidl_radio_ext_exec, vendor_file_type, exec_type, file_type; + +init_daemon_domain(hal_aidl_radio_ext) + +get_prop(hal_aidl_radio_ext, hwservicemanager_prop) +get_prop(hal_aidl_radio_ext, telephony_modemtype_prop) +set_prop(hal_aidl_radio_ext, vendor_gril_prop) + +binder_call(hal_aidl_radio_ext, servicemanager) +binder_call(hal_aidl_radio_ext, grilservice_app) +binder_call(hal_aidl_radio_ext, hal_bluetooth_btlinux) + +add_service(hal_aidl_radio_ext, hal_radio_ext_service) + +# RW /dev/oem_ipc0 +allow hal_aidl_radio_ext radio_device:chr_file rw_file_perms; + +# RW MIPI Freq files +allow hal_aidl_radio_ext radio_vendor_data_file:dir create_dir_perms; +allow hal_aidl_radio_ext radio_vendor_data_file:file create_file_perms; + +# Bluetooth +allow hal_aidl_radio_ext hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow hal_aidl_radio_ext hal_bluetooth_coexistence_service:service_manager find; + +# Allow access to the backlight driver to set ssc_mode +allow hal_aidl_radio_ext sysfs_leds:dir search; +allow hal_aidl_radio_ext sysfs_leds:file rw_file_perms; + +# legacy/zuma/vendor +allow hal_aidl_radio_ext sysfs_display:file rw_file_perms; + +# Allow access to read display port info +allow hal_aidl_radio_ext sysfs:file r_file_perms; diff --git a/gril/aidl/2.1/sepolicy/hal_camera_default.te b/gril/aidl/2.1/sepolicy/hal_camera_default.te new file mode 100644 index 0000000..61f8001 --- /dev/null +++ b/gril/aidl/2.1/sepolicy/hal_camera_default.te @@ -0,0 +1,2 @@ +# allow hal_camera_default to binder call hal_aidl_radio_ext +binder_call(hal_camera_default, hal_aidl_radio_ext); diff --git a/gril/aidl/2.1/sepolicy/twoshay.te b/gril/aidl/2.1/sepolicy/twoshay.te new file mode 100644 index 0000000..f7d3fe1 --- /dev/null +++ b/gril/aidl/2.1/sepolicy/twoshay.te @@ -0,0 +1,2 @@ +# allow twoshay to binder call hal_aidl_radio_ext +binder_call(twoshay, hal_aidl_radio_ext) From 06497542780af5d8f6abb7f89288a35ffd32d228 Mon Sep 17 00:00:00 2001 From: Wesley Lee Date: Wed, 13 Nov 2024 20:04:58 -0800 Subject: [PATCH 59/87] mediacodec: add GPU access policy avc: denied { read write } for comm="binder:757_6" name="renderD128" dev="tmpfs" ino=1566 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1 Bug: 378609071 Flag: EXEMPT bugfix Test: run cts -m CtsMediaV2TestCases -t android.mediav2.cts.CodecEncoderSurfaceTest#testSimpleEncodeFromSurface[26_c2.google.av1.encoder_video/av01_c2.google.av1.decoder_video/av01_512kbps_30fps_yuv420flexible_tonemapyes_persistentsurface] Change-Id: I2af4f53c9ff8aca0d3c7fd721738f2044d4772fd Signed-off-by: Wesley Lee --- mediacodec/vpu/sepolicy/mediacodec_google.te | 1 + 1 file changed, 1 insertion(+) diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te index 99a3c8d..cf9dfc5 100644 --- a/mediacodec/vpu/sepolicy/mediacodec_google.te +++ b/mediacodec/vpu/sepolicy/mediacodec_google.te @@ -13,6 +13,7 @@ binder_call(mediacodec_google, hal_camera_default) allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; allow mediacodec_google video_device:chr_file { read write open ioctl map }; +allow mediacodec_google gpu_device:chr_file rw_file_perms; # mediacodec_google should never execute any executable without a domain transition neverallow mediacodec_google { file_type fs_type }:file execute_no_trans; From 83e7cc5a7f4582c919c99a0459a500a263b57824 Mon Sep 17 00:00:00 2001 From: Aleks Rozman Date: Wed, 20 Nov 2024 22:48:19 +0000 Subject: [PATCH 60/87] Build lyric from source if prebuilt directory is missing. On select branches, like the camera-stability, the prebuilt directory is missing so we want to make sure that it is building from source even if the flags tell us that a prebuilt should be used. Bug: 380099804 Change-Id: I8832451c1f7ff6d6de3c2991e9f63317966a2f83 Test: Make on camera-stability-dev and verify warning Flag: EXEMPT (not applicable) --- camera/lyric.mk | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/camera/lyric.mk b/camera/lyric.mk index c886138..0ec1d6d 100644 --- a/camera/lyric.mk +++ b/camera/lyric.mk @@ -20,8 +20,20 @@ endif # All shipping releases will switch to prebuilts (trunk+) # if this condition is not true, then build from source. -ifneq ($(RELEASE_PIXEL_CAMERA_ENABLE_PREBUILT),true) +# Fallback if the prebuilts directory does not exist, then we must +# build from source no matter what, so we log a warning +ifeq ($(RELEASE_PIXEL_CAMERA_ENABLE_PREBUILT),true) + ifeq ($(wildcard vendor/google/services/LyricCameraHAL/prebuilt),) + $(warning Lyric prebuilt directory is missing, it will be built from source) + BUILD_LYRIC_FROM_SOURCE := true + else + BUILD_LYRIC_FROM_SOURCE := false + endif +else + BUILD_LYRIC_FROM_SOURCE := true +endif # RELEASE_PIXEL_CAMERA_ENABLE_PREBUILT +ifeq ($(BUILD_LYRIC_FROM_SOURCE),true) PRODUCT_SOONG_NAMESPACES += \ vendor/google/camera \ vendor/google/camera/google_3a/libs_v4 \ @@ -41,7 +53,7 @@ PRODUCT_SOONG_NAMESPACES += \ # Calibration tool for debug builds PRODUCT_PACKAGES_DEBUG += tarasque_test PRODUCT_PACKAGES_DEBUG += ProtoCalibGenerator -endif # RELEASE_PIXEL_CAMERA_ENABLE_PREBUILT check +endif # BUILD_LYRIC_FROM_SOURCE # Init-time log settings for Google 3A PRODUCT_PACKAGES += libg3a_standalone_gabc_rc From e3df39e77c1ef707966f42e0c8e56852abf70bd9 Mon Sep 17 00:00:00 2001 From: Boon Jun Date: Fri, 15 Nov 2024 08:16:47 +0000 Subject: [PATCH 61/87] Document radioext_interface_type soong variable usage Bug: 377991853 Bug: 371878208 Test: None Flag: EXEMPT DOCS_ONLY Change-Id: Ibb722d63ee726aeead0f7c89bdfa21c0ad3ae6b3 --- camera/lyric_soong_variables.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/camera/lyric_soong_variables.md b/camera/lyric_soong_variables.md index b442943..4289109 100644 --- a/camera/lyric_soong_variables.md +++ b/camera/lyric_soong_variables.md @@ -44,3 +44,13 @@ Example: $(call soong_config_set,google3a_config,target_device,oriole) ``` A mixture of `camera_hardware` and `tuning_product` used by 3A. + +## `radioext_interface_type` + +Example: +``` +$(call soong_config_set,lyric,radioext_interface_type,aidl) +``` +Specifies which interface type to use in the RadioExt client when communicating +with the RadioExt service. The possible values are "hidl" and "aidl". +Devices launching with Android 15 no longer support HIDL. From 064b50e43ba8e983cde1a01e18bbb5d551649027 Mon Sep 17 00:00:00 2001 From: Dinesh Yadav Date: Tue, 19 Nov 2024 10:24:12 +0000 Subject: [PATCH 62/87] Add sepolicy for edgetpu_tachyon_service to report metrics This permission is needed to report errors encountered while running gxp workloads to telemetry services. AVC Error seen while reporting errors: 11-21 09:30:05.711 406 406 E SELinux : avc: denied { find } for pid=1821 uid=1000 name=android.frameworks.stats.IStats/default scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=0 Bug: 359404493 Flag: EXEMPT updates device sepolicy only Change-Id: Ic282928aad6283077e183f931230f79eea49053d Signed-off-by: Dinesh Yadav --- gxp/sepolicy/edgetpu_tachyon_service.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gxp/sepolicy/edgetpu_tachyon_service.te b/gxp/sepolicy/edgetpu_tachyon_service.te index 35987dd..31b7e7b 100644 --- a/gxp/sepolicy/edgetpu_tachyon_service.te +++ b/gxp/sepolicy/edgetpu_tachyon_service.te @@ -1,3 +1,7 @@ # Allow Tachyon service to access the GXP device and read GXP properties. allow edgetpu_tachyon_server gxp_device:chr_file rw_file_perms; get_prop(edgetpu_tachyon_server, vendor_gxp_prop) + +# Allow tachyon service to log to stats service for reporting metrics. +allow edgetpu_tachyon_server fwk_stats_service:service_manager find; +binder_call(edgetpu_tachyon_server, system_server); From 20bb32819de8ed816bf4f833fcb813f9a8dd0898 Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Thu, 14 Nov 2024 08:22:11 +0000 Subject: [PATCH 63/87] modem_svc: move shared_modem_platform related sepolicy to gs-common Bug: 372400955 Flag: NONE local testing only Change-Id: Ia23ff9f43ee855c2a758714d025123c071e9c288 --- modem/shared_modem_platform/sepolicy/file_contexts | 2 ++ modem/shared_modem_platform/sepolicy/modem_svc_sit.te | 2 ++ modem/shared_modem_platform/shared_modem_platform.mk | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 modem/shared_modem_platform/sepolicy/file_contexts create mode 100644 modem/shared_modem_platform/sepolicy/modem_svc_sit.te diff --git a/modem/shared_modem_platform/sepolicy/file_contexts b/modem/shared_modem_platform/sepolicy/file_contexts new file mode 100644 index 0000000..2598585 --- /dev/null +++ b/modem/shared_modem_platform/sepolicy/file_contexts @@ -0,0 +1,2 @@ +# modem_svc_sit +/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 diff --git a/modem/shared_modem_platform/sepolicy/modem_svc_sit.te b/modem/shared_modem_platform/sepolicy/modem_svc_sit.te new file mode 100644 index 0000000..b1ed074 --- /dev/null +++ b/modem/shared_modem_platform/sepolicy/modem_svc_sit.te @@ -0,0 +1,2 @@ +# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. +hal_server_domain(modem_svc_sit, hal_shared_modem_platform) diff --git a/modem/shared_modem_platform/shared_modem_platform.mk b/modem/shared_modem_platform/shared_modem_platform.mk index 3f50c37..0a3be6d 100644 --- a/modem/shared_modem_platform/shared_modem_platform.mk +++ b/modem/shared_modem_platform/shared_modem_platform.mk @@ -8,4 +8,4 @@ SOONG_CONFIG_shared_modem_platform_vendor := $(SHARED_MODEM_PLATFORM_VENDOR) PRODUCT_PACKAGES += shared_modem_platform DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/shared_modem_platform/compatibility_matrix.xml -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy +BOARD_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy From e8884c92fbcaa706f4f1e4e0969b1d8c0bebb94f Mon Sep 17 00:00:00 2001 From: Edwin Tung Date: Tue, 19 Nov 2024 17:51:47 +0800 Subject: [PATCH 64/87] dump_gps: collect gps logs in ascending order Bug: 359797762 Test: Check gps file in dumpstate Flag: EXEMPT, add gps dump to bugreport Change-Id: Ia869e634c5f526f217fd24595a6f415c30046980 --- gps/dump/dump_gps.cpp | 56 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/gps/dump/dump_gps.cpp b/gps/dump/dump_gps.cpp index e073732..7906a1f 100644 --- a/gps/dump/dump_gps.cpp +++ b/gps/dump/dump_gps.cpp @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -66,6 +67,58 @@ static void copyDirectory(const std::string &source, return; } +int compareFileExtensions(const struct dirent **a, const struct dirent **b) { + int num_a, num_b; + sscanf((*a)->d_name, "rawbinlog.out.%d", &num_a); + sscanf((*b)->d_name, "rawbinlog.out.%d", &num_b); + + return num_a - num_b; +} + +void dumpLogsAscending(const char* SrcDir, const char* DestDir, int limit, const char* prefix) { + + struct dirent **dirent_list = NULL; + int num_entries = scandir(SrcDir, &dirent_list, 0, (int (*)(const struct dirent **, const struct dirent **)) alphasort); + if (!dirent_list) { + printf("Unable to scan dir: %s.\n", SrcDir); + return; + } else if (num_entries <= 0) { + printf("No file is found.\n"); + return; + } + + if (access(DestDir, R_OK)) { + printf("Unable to find folder: %s\n", DestDir); + return; + } + + qsort(dirent_list, num_entries, sizeof(struct dirent *), (int (*)(const void *, const void *)) compareFileExtensions); + + int copiedFiles = 0; + + for (int i = 0 ; i < num_entries; i++) { + + if (0 != strncmp(dirent_list[i]->d_name, prefix, strlen(prefix))) { + continue; + } + + if ((copiedFiles >= limit) && (limit != -1)) { + printf("Skipped %s\n", dirent_list[i]->d_name); + continue; + } + + copiedFiles++; + copyFile(concatenatePath(SrcDir, dirent_list[i]->d_name).c_str(), concatenatePath(DestDir, dirent_list[i]->d_name).c_str()); + } + + while (num_entries--) { + free(dirent_list[num_entries]); + } + + free(dirent_list); + return; +} + int main() { if(!::android::base::GetBoolProperty("vendor.gps.aol.enabled", false)) { printf("vendor.gps.aol.enabled is false. gps logging is not running.\n"); @@ -85,9 +138,8 @@ int main() { if (access(GPS_VENDOR_CHIP_INFO, F_OK) == 0) { copyFile(GPS_VENDOR_CHIP_INFO, concatenatePath(outputDir.c_str(), "chip.info").c_str()); } - dumpLogs(GPS_LOG_DIRECTORY, outputDir.c_str(), maxFileNum, GPS_RAWLOG_PREFIX); + dumpLogsAscending(GPS_LOG_DIRECTORY, outputDir.c_str(), 5, GPS_RAWLOG_PREFIX); dumpLogs(GPS_LOG_DIRECTORY, outputDir.c_str(), 18, GPS_MEMDUMP_LOG_PREFIX); copyDirectory(GPS_RESOURCE_DIRECTORY, concatenatePath(outputDir.c_str(), "resource")); return 0; } - From 74283c5cbe4c40bf5765745795424cd46454eacc Mon Sep 17 00:00:00 2001 From: "Liana Kazanova (xWF)" Date: Thu, 21 Nov 2024 17:53:56 +0000 Subject: [PATCH 65/87] Revert "modem_svc: move shared_modem_platform related sepolicy t..." Revert submission 30519089-move_modem_sepolicy Reason for revert: DroidMonitor: Potential culprit for http://b/380274930 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted. Reverted changes: /q/submissionid:30519089-move_modem_sepolicy Change-Id: I241b3aba370f77c705ca3890151e760b4764beca --- modem/shared_modem_platform/sepolicy/file_contexts | 2 -- modem/shared_modem_platform/sepolicy/modem_svc_sit.te | 2 -- modem/shared_modem_platform/shared_modem_platform.mk | 2 +- 3 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 modem/shared_modem_platform/sepolicy/file_contexts delete mode 100644 modem/shared_modem_platform/sepolicy/modem_svc_sit.te diff --git a/modem/shared_modem_platform/sepolicy/file_contexts b/modem/shared_modem_platform/sepolicy/file_contexts deleted file mode 100644 index 2598585..0000000 --- a/modem/shared_modem_platform/sepolicy/file_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# modem_svc_sit -/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 diff --git a/modem/shared_modem_platform/sepolicy/modem_svc_sit.te b/modem/shared_modem_platform/sepolicy/modem_svc_sit.te deleted file mode 100644 index b1ed074..0000000 --- a/modem/shared_modem_platform/sepolicy/modem_svc_sit.te +++ /dev/null @@ -1,2 +0,0 @@ -# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. -hal_server_domain(modem_svc_sit, hal_shared_modem_platform) diff --git a/modem/shared_modem_platform/shared_modem_platform.mk b/modem/shared_modem_platform/shared_modem_platform.mk index 0a3be6d..3f50c37 100644 --- a/modem/shared_modem_platform/shared_modem_platform.mk +++ b/modem/shared_modem_platform/shared_modem_platform.mk @@ -8,4 +8,4 @@ SOONG_CONFIG_shared_modem_platform_vendor := $(SHARED_MODEM_PLATFORM_VENDOR) PRODUCT_PACKAGES += shared_modem_platform DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/shared_modem_platform/compatibility_matrix.xml -BOARD_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy From 8fb8122f3be2e1700a4d9416fb1fb1209a3879c1 Mon Sep 17 00:00:00 2001 From: Meng Wang Date: Thu, 21 Nov 2024 18:08:00 +0000 Subject: [PATCH 66/87] gs-common/esim: include sysprop setupwizard.feature.provisioning_profile_mode So all eSIM bootstrap configs are included in one shot. This change is no-op for devices already including esim.mk because the sysproop was already set so. Flag: NONE no-op mk change Bug: 380280915 Change-Id: Ic1e83e4cd2ad546ddecbef7234457559894217e1 --- esim/esim.mk | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/esim/esim.mk b/esim/esim.mk index 47e21b7..487f15e 100644 --- a/esim/esim.mk +++ b/esim/esim.mk @@ -1,5 +1,10 @@ +## Configuration for eSIM bootstrap + +# Enable eSIM bootstrap by default +PRODUCT_PRODUCT_PROPERTIES += setupwizard.feature.provisioning_profile_mode=true + +# init.rc and sepolcy to conditionally disable eSIM bootstrap PRODUCT_PACKAGES += init.esim-gs.rc BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/vendor -# system_ext SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/system_ext/public SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/system_ext/private From 168f30d8a1cfd6b9fc45e054c8d050d73c151375 Mon Sep 17 00:00:00 2001 From: Will Song Date: Sat, 24 Aug 2024 23:55:33 +0000 Subject: [PATCH 67/87] Revert^2 "gs-common: Added common perf init.rc" Re-land after making SELinux corrections. 98e6a61c1f41e00f950ef08d00cb30f7635a6d49 Bug: 335874870 Flag: NONE code refactor Test: Boot and check parameters Signed-off-by: Will Song Change-Id: I4ae6407e7edeeed4b62774698b5cb85d32a01c2d --- performance/Android.bp | 5 ++++- performance/init.pixel-perf.rc | 13 +++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 performance/init.pixel-perf.rc diff --git a/performance/Android.bp b/performance/Android.bp index 5c0e0b2..6dae537 100644 --- a/performance/Android.bp +++ b/performance/Android.bp @@ -5,7 +5,10 @@ package { cc_binary { name: "dump_perf", srcs: ["dump_perf.cpp"], - init_rc: ["init.pixel-mm-gs.rc"], + init_rc: [ + "init.pixel-mm-gs.rc", + "init.pixel-perf.rc", + ], cflags: [ "-Wall", "-Wextra", diff --git a/performance/init.pixel-perf.rc b/performance/init.pixel-perf.rc new file mode 100644 index 0000000..82766a5 --- /dev/null +++ b/performance/init.pixel-perf.rc @@ -0,0 +1,13 @@ +# Copyright (C) 2024 The Android Open-Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. From db25f03ec3da8f4c48ebfd004a71d84fe75522e2 Mon Sep 17 00:00:00 2001 From: Will Song Date: Sat, 24 Aug 2024 23:55:33 +0000 Subject: [PATCH 68/87] Revert^2 "gs-common: Move cpufreq perf settings to gs-common" Re-land after making SELinux corrections. 7606e415045aeaea6326cef4fc64aff60e19f522 Bug: 335874870 Flag: NONE code refactor Test: Boot and check parameters Signed-off-by: Will Song Change-Id: I8721e1fb7f9df5b476a27e2db8aea8a5c395b233 --- performance/init.pixel-perf.rc | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/performance/init.pixel-perf.rc b/performance/init.pixel-perf.rc index 82766a5..36c487f 100644 --- a/performance/init.pixel-perf.rc +++ b/performance/init.pixel-perf.rc @@ -11,3 +11,35 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +on init + # cpufreq governor setting + write /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor sched_pixel + write /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor sched_pixel + write /sys/devices/system/cpu/cpu2/cpufreq/scaling_governor sched_pixel + write /sys/devices/system/cpu/cpu3/cpufreq/scaling_governor sched_pixel + write /sys/devices/system/cpu/cpu4/cpufreq/scaling_governor sched_pixel + write /sys/devices/system/cpu/cpu5/cpufreq/scaling_governor sched_pixel + write /sys/devices/system/cpu/cpu6/cpufreq/scaling_governor sched_pixel + write /sys/devices/system/cpu/cpu7/cpufreq/scaling_governor sched_pixel + write /sys/devices/system/cpu/cpu8/cpufreq/scaling_governor sched_pixel + + write /sys/devices/system/cpu/cpu0/cpufreq/sched_pixel/up_rate_limit_us 500 + write /sys/devices/system/cpu/cpu1/cpufreq/sched_pixel/up_rate_limit_us 500 + write /sys/devices/system/cpu/cpu2/cpufreq/sched_pixel/up_rate_limit_us 500 + write /sys/devices/system/cpu/cpu3/cpufreq/sched_pixel/up_rate_limit_us 500 + write /sys/devices/system/cpu/cpu4/cpufreq/sched_pixel/up_rate_limit_us 500 + write /sys/devices/system/cpu/cpu5/cpufreq/sched_pixel/up_rate_limit_us 500 + write /sys/devices/system/cpu/cpu6/cpufreq/sched_pixel/up_rate_limit_us 500 + write /sys/devices/system/cpu/cpu7/cpufreq/sched_pixel/up_rate_limit_us 500 + write /sys/devices/system/cpu/cpu8/cpufreq/sched_pixel/up_rate_limit_us 500 + + write /sys/devices/system/cpu/cpu0/cpufreq/sched_pixel/down_rate_limit_us 500 + write /sys/devices/system/cpu/cpu1/cpufreq/sched_pixel/down_rate_limit_us 500 + write /sys/devices/system/cpu/cpu2/cpufreq/sched_pixel/down_rate_limit_us 500 + write /sys/devices/system/cpu/cpu3/cpufreq/sched_pixel/down_rate_limit_us 500 + write /sys/devices/system/cpu/cpu4/cpufreq/sched_pixel/down_rate_limit_us 500 + write /sys/devices/system/cpu/cpu5/cpufreq/sched_pixel/down_rate_limit_us 500 + write /sys/devices/system/cpu/cpu6/cpufreq/sched_pixel/down_rate_limit_us 500 + write /sys/devices/system/cpu/cpu7/cpufreq/sched_pixel/down_rate_limit_us 500 + write /sys/devices/system/cpu/cpu8/cpufreq/sched_pixel/down_rate_limit_us 500 From d6b9cc46bf99e21fbf685460c2b4d0cb6ecc9be8 Mon Sep 17 00:00:00 2001 From: Chintan Pandya Date: Fri, 15 Nov 2024 09:22:42 -0800 Subject: [PATCH 69/87] Introduce interrupts module for debug and trace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Interrupts module has following functions to perform: 1. Apply boot time configuration - Create a new trace instance - Enable required irq and irq_gia events in the instance - Apply required filters on the high frequency events - Set instance's trace buffer size - Enable tracing 2. Sepolicy for every required access 3. Copy interrupts trace buffer to dumpsys whenever triggered AVC denials: avc: denied { search } for comm="dump_interrupts" name="radio" dev="dm-53" ino=373 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 avc: denied { write } for comm="dump_interrupts" name="all_logs" dev="dm-53" ino=7808 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 avc: denied { add_name } for comm="dump_interrupts" name="interrupts" scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 avc: denied { create } for comm="dump_interrupts" name="interrupts" scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 avc: denied { search } for comm="dump_interrupts" name="instances" dev="tracefs" ino=2151 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1 avc: denied { search } for comm="dump_interrupts" name="radio" dev="dm-53" ino=373 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1 avc:  denied  { read } for  comm="dump_interrupts" name="trace" dev="tracefs" ino=143409 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:tracefs_instances_interrupts:s0 tclass=file permissive=1 avc:  denied  { open } for  comm="dump_interrupts" path="/sys/kernel/tracing/instances/irq_gia_google/trace" dev="tracefs" ino=143409 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:tracefs_instances_interrupts:s0 tclass=file permissive=1 avc:  denied  { create } for  comm="dump_interrupts" name="interrupts_trace" scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 avc:  denied  { write open } for  comm="dump_interrupts" path="/data/vendor/radio/logs/always-on/all_logs/interrupts/interrupts_trace" dev="dm-53" ino=8102 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 avc: denied { getattr } for comm="dump_interrupts" path="/sys/kernel/tracing/instances/irq_gia_google/trace" dev="tracefs" ino=141578 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:tracefs_instances_interrupts:s0 tclass=file permissive=1 avc: denied { getattr } for comm="dump_interrupts" path="/data/vendor/radio/logs/always-on/all_logs/interrupts/interrupts_trace" dev="dm-53" ino=7965 scontext=u:r:dump_interrupts_traces:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1 Flag: EXEMPT, add interrupts traces dump program to bugreport Bug: 376124648 Test: Manually checked boot time trace configuration. Collected `adb bugreport`. And checked interrupt traces are dumped into and extracted out from the bugreport. More details in the bug. Change-Id: I08872a321fa9726b50a54aeb0a91ed63c0652a3a --- interrupts/Android.bp | 21 +++++++++++++ interrupts/init.interrupts.rc | 23 ++++++++++++++ interrupts/interrupts.mk | 3 ++ interrupts/traces/dump_interrupts_traces.cpp | 30 +++++++++++++++++++ .../traces/sepolicy/dump_interrupts_traces.te | 7 +++++ interrupts/traces/sepolicy/file.te | 2 ++ interrupts/traces/sepolicy/file_contexts | 1 + interrupts/traces/sepolicy/genfs_contexts | 1 + 8 files changed, 88 insertions(+) create mode 100644 interrupts/Android.bp create mode 100644 interrupts/init.interrupts.rc create mode 100644 interrupts/interrupts.mk create mode 100644 interrupts/traces/dump_interrupts_traces.cpp create mode 100644 interrupts/traces/sepolicy/dump_interrupts_traces.te create mode 100644 interrupts/traces/sepolicy/file.te create mode 100644 interrupts/traces/sepolicy/file_contexts create mode 100644 interrupts/traces/sepolicy/genfs_contexts diff --git a/interrupts/Android.bp b/interrupts/Android.bp new file mode 100644 index 0000000..a4f62bc --- /dev/null +++ b/interrupts/Android.bp @@ -0,0 +1,21 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +cc_binary { + name: "dump_interrupts_traces", + srcs: ["traces/dump_interrupts_traces.cpp"], + init_rc: ["init.interrupts.rc"], + cflags: [ + "-Wall", + "-Wextra", + "-Werror", + ], + shared_libs: [ + "libbase", + "libdump", + "liblog", + ], + vendor: true, + relative_install_path: "dump", +} diff --git a/interrupts/init.interrupts.rc b/interrupts/init.interrupts.rc new file mode 100644 index 0000000..9492fdc --- /dev/null +++ b/interrupts/init.interrupts.rc @@ -0,0 +1,23 @@ +on init + # Create the directory for the trace instance during early init + mkdir /sys/kernel/tracing/instances/irq_gia_google 0755 root root + chown system system /sys/kernel/tracing/instances/irq_gia_google + chown system system /sys/kernel/tracing/instances/irq_gia_google/trace + + # Enable gia events + write /sys/kernel/tracing/instances/irq_gia_google/events/irq_gia/enable 1 + + # There are some very high frequency IRQ events happening all the time. Tracing + # them is not absolute necessity, but a flood of them is noise for more interesting + # events that we want to capture. All these high frequency IRQs have virq < 11. + write /sys/kernel/tracing/instances/irq_gia_google/events/irq/filter "irq > 11" + write /sys/kernel/tracing/instances/irq_gia_google/events/irq/irq_handler_entry/enable 1 + write /sys/kernel/tracing/instances/irq_gia_google/events/irq/irq_handler_exit/enable 1 + + # Keep the buffer size small. This size is practically enough for debug purpose. + # Having low size helps because this entire buffer gets dumped in bugreport. + # Having a large size can impact bugreport size and time it takes to pack/unpack. + write /sys/kernel/tracing/instances/irq_gia_google/buffer_size_kb 512 + + # Go! + write /sys/kernel/tracing/instances/irq_gia_google/tracing_on 1 diff --git a/interrupts/interrupts.mk b/interrupts/interrupts.mk new file mode 100644 index 0000000..bf14f97 --- /dev/null +++ b/interrupts/interrupts.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/interrupts/traces/sepolicy + +PRODUCT_PACKAGES += dump_interrupts_traces diff --git a/interrupts/traces/dump_interrupts_traces.cpp b/interrupts/traces/dump_interrupts_traces.cpp new file mode 100644 index 0000000..da747a3 --- /dev/null +++ b/interrupts/traces/dump_interrupts_traces.cpp @@ -0,0 +1,30 @@ +/* + * Copyright 2024 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include + +int main() { + std::string outputDir = concatenatePath(BUGREPORT_PACKING_DIR, "interrupts"); + if (mkdir(outputDir.c_str(), 0777) == -1) { + printf("Unable to create folder: %s\n", outputDir.c_str()); + return 0; + } + + copyFile("/sys/kernel/tracing/instances/irq_gia_google/trace", + concatenatePath(outputDir.c_str(), "interrupts_trace").c_str()); + + return 0; +} diff --git a/interrupts/traces/sepolicy/dump_interrupts_traces.te b/interrupts/traces/sepolicy/dump_interrupts_traces.te new file mode 100644 index 0000000..bc3952a --- /dev/null +++ b/interrupts/traces/sepolicy/dump_interrupts_traces.te @@ -0,0 +1,7 @@ +# +pixel_bugreport(dump_interrupts_traces) + +allow dump_interrupts_traces radio_vendor_data_file:dir { search add_name create write }; +allow dump_interrupts_traces radio_vendor_data_file:file { getattr create write open }; +allow dump_interrupts_traces debugfs_tracing_instances:dir search; +allow dump_interrupts_traces tracefs_instances_interrupts:file { getattr read open }; diff --git a/interrupts/traces/sepolicy/file.te b/interrupts/traces/sepolicy/file.te new file mode 100644 index 0000000..4decea9 --- /dev/null +++ b/interrupts/traces/sepolicy/file.te @@ -0,0 +1,2 @@ +# +type tracefs_instances_interrupts, sysfs_type, fs_type; diff --git a/interrupts/traces/sepolicy/file_contexts b/interrupts/traces/sepolicy/file_contexts new file mode 100644 index 0000000..5a010e9 --- /dev/null +++ b/interrupts/traces/sepolicy/file_contexts @@ -0,0 +1 @@ +/vendor/bin/dump/dump_interrupts_traces u:object_r:dump_interrupts_traces_exec:s0 diff --git a/interrupts/traces/sepolicy/genfs_contexts b/interrupts/traces/sepolicy/genfs_contexts new file mode 100644 index 0000000..70223b7 --- /dev/null +++ b/interrupts/traces/sepolicy/genfs_contexts @@ -0,0 +1 @@ +genfscon tracefs /instances/irq_gia_google/trace u:object_r:tracefs_instances_interrupts:s0 From 219845f0d9d0e55e1925fdf320c77fcdf362b2ca Mon Sep 17 00:00:00 2001 From: Lucas Wei Date: Tue, 26 Nov 2024 06:19:45 +0000 Subject: [PATCH 70/87] dump_chip_info: dump more tables from chip-info driver Add instructions to dump more tables from chip-info driver and grant permissions by sepolicy. Flag: EXEMPT, add more table entries for dumping Test: adb shell dumpsys android.hardware.dumpstate.IDumpstateDevice/default dump_chip_info Bug: 376346526 Change-Id: Ic9d0bb2059271e95e615e8f64cab129fa8358484 --- dump_chip_info/dump_chip_info.cpp | 4 ++++ dump_chip_info/sepolicy/genfs_contexts | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/dump_chip_info/dump_chip_info.cpp b/dump_chip_info/dump_chip_info.cpp index dd83743..bbd0065 100644 --- a/dump_chip_info/dump_chip_info.cpp +++ b/dump_chip_info/dump_chip_info.cpp @@ -19,6 +19,10 @@ int main() { dumpFileContent("ap_rom_patch_ver", "/sys/devices/system/goog-chip-info/ap_rom_patch_ver"); dumpFileContent("gpcm_asic_id", "/sys/devices/system/goog-chip-info/gpcm_asic_id"); + dumpFileContent("device_table", "/sys/devices/system/goog-chip-info/device_table"); + dumpFileContent("dvfs_table", "/sys/devices/system/goog-chip-info/dvfs_table"); + dumpFileContent("hw_feature_table", "/sys/devices/system/goog-chip-info/hw_feature_table"); + dumpFileContent("ids_table", "/sys/devices/system/goog-chip-info/ids_table"); return 0; } diff --git a/dump_chip_info/sepolicy/genfs_contexts b/dump_chip_info/sepolicy/genfs_contexts index 3fda2de..ce42be1 100644 --- a/dump_chip_info/sepolicy/genfs_contexts +++ b/dump_chip_info/sepolicy/genfs_contexts @@ -1,2 +1,6 @@ genfscon sysfs /devices/system/goog-chip-info/ap_rom_patch_ver u:object_r:sysfs_chip_info:s0 genfscon sysfs /devices/system/goog-chip-info/gpcm_asic_id u:object_r:sysfs_chip_info:s0 +genfscon sysfs /devices/system/goog-chip-info/device_table u:object_r:sysfs_chip_info:s0 +genfscon sysfs /devices/system/goog-chip-info/dvfs_table u:object_r:sysfs_chip_info:s0 +genfscon sysfs /devices/system/goog-chip-info/hw_feature_table u:object_r:sysfs_chip_info:s0 +genfscon sysfs /devices/system/goog-chip-info/ids_table u:object_r:sysfs_chip_info:s0 From e93068e6ca6a2a8d93a3d2fc83c52b5cffad8787 Mon Sep 17 00:00:00 2001 From: bowenlai Date: Tue, 22 Oct 2024 16:59:20 +0800 Subject: [PATCH 71/87] Rename aocx.IAoc to aocx.IAoc/default to support stable AIDL Also add framework_compatibility_matrix.xml for aoc stable AIDL Bug: 380993517 Flag: EXEMPT HAL interface change Test: local build Change-Id: I8a41ff1bdd4ffc8e5d7da08879738aa11fb81813 --- aoc/aoc.mk | 5 +++++ aoc/sepolicy/service_contexts | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/aoc/aoc.mk b/aoc/aoc.mk index 9ee4517..13d849c 100644 --- a/aoc/aoc.mk +++ b/aoc/aoc.mk @@ -13,6 +13,11 @@ PRODUCT_COPY_FILES += \ device/google/gs-common/aoc/conf/init.aoc.daemon.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/init.aoc.rc endif +ifneq ($(wildcard vendor/google/whitechapel/aoc/aocx/aidl/aocx/framework_compatibility_matrix.xml),) +DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE += \ + vendor/google/whitechapel/aoc/aocx/aidl/aocx/framework_compatibility_matrix.xml +endif + # AoC debug support PRODUCT_PACKAGES_DEBUG += \ aocdump \ diff --git a/aoc/sepolicy/service_contexts b/aoc/sepolicy/service_contexts index de31e51..80346c8 100644 --- a/aoc/sepolicy/service_contexts +++ b/aoc/sepolicy/service_contexts @@ -1 +1 @@ -aocx.IAocx u:object_r:aocx:s0 +aocx.IAocx/default u:object_r:aocx:s0 From 5085275f712b1555e22902886e246b602e06a678 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Kosi=C5=84ski?= Date: Mon, 2 Dec 2024 20:31:08 +0000 Subject: [PATCH 72/87] Add libg3a logging initrc files. These files are installed on the vendor partition regardless of whether we use a prebuilt APEX or build it from source. History links (Google internal only): libg3a_gabc.rc: https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:vendor/google/camera/google_3a/libs_v4/gABC/libg3a_gabc.rc;drc=82654c90cc30d21948d0be24931edda10739caf0 libg3a_gaf.rc: https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:vendor/google/camera/google_3a/libs_v4/gAF/libg3a_gaf.rc;drc=1e01ef4606e8553866d803a30e4284485ff12741 libg3a_ghawb.rc: https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:vendor/google/camera/google_3a/libs_v4/gHAWB/libg3a_ghawb.rc;drc=82654c90cc30d21948d0be24931edda10739caf0 Bug: 380379803 Test: presubmit, check husky logs when prebuilt APEX is used Flag: EXEMPT build system fix Change-Id: I405c0e3ad78d63e3faee8723c2ba7ba7cf0dd6db --- camera/Android.bp | 24 ++++++++++++ camera/libg3a_gabc.rc | 28 ++++++++++++++ camera/libg3a_gaf.rc | 83 ++++++++++++++++++++++++++++++++++++++++++ camera/libg3a_ghawb.rc | 28 ++++++++++++++ 4 files changed, 163 insertions(+) create mode 100644 camera/libg3a_gabc.rc create mode 100644 camera/libg3a_gaf.rc create mode 100644 camera/libg3a_ghawb.rc diff --git a/camera/Android.bp b/camera/Android.bp index e845678..2c7ec58 100644 --- a/camera/Android.bp +++ b/camera/Android.bp @@ -34,3 +34,27 @@ prebuilt_etc { src: "com.google.pixel.camera.concurrent_foldable_dual_front.xml", sub_dir: "permissions", } + +prebuilt_etc { + name: "libg3a_standalone_gabc_rc", + vendor: true, + proprietary: true, + init_rc: ["libg3a_gabc.rc"], + src: "libg3a_gabc.rc", +} + +prebuilt_etc { + name: "libg3a_standalone_gaf_rc", + vendor: true, + proprietary: true, + init_rc: ["libg3a_gaf.rc"], + src: "libg3a_gaf.rc", +} + +prebuilt_etc { + name: "libg3a_standalone_ghawb_rc", + vendor: true, + proprietary: true, + init_rc: ["libg3a_ghawb.rc"], + src: "libg3a_ghawb.rc", +} diff --git a/camera/libg3a_gabc.rc b/camera/libg3a_gabc.rc new file mode 100644 index 0000000..c092edd --- /dev/null +++ b/camera/libg3a_gabc.rc @@ -0,0 +1,28 @@ +# override default log levels. +on boot + setprop log.tag.GABC E + +# backward-compatible system props. +on property:persist.vendor.camera.gabc.debug_level=0 + setprop log.tag.GABC S + +on property:persist.vendor.camera.gabc.debug_level=1 + setprop log.tag.GABC V + +on property:persist.vendor.camera.gabc.debug_level=2 + setprop log.tag.GABC V + +on property:persist.vendor.camera.gabc.debug_level=3 + setprop log.tag.GABC D + +on property:persist.vendor.camera.gabc.debug_level=4 + setprop log.tag.GABC I + +on property:persist.vendor.camera.gabc.debug_level=5 + setprop log.tag.GABC W + +on property:persist.vendor.camera.gabc.debug_level=6 + setprop log.tag.GABC E + +on property:persist.vendor.camera.gabc.debug_level=7 + setprop log.tag.GABC A diff --git a/camera/libg3a_gaf.rc b/camera/libg3a_gaf.rc new file mode 100644 index 0000000..214b467 --- /dev/null +++ b/camera/libg3a_gaf.rc @@ -0,0 +1,83 @@ +# override default log levels. +on boot + setprop log.tag.GAF E + +# backward-compatible system props. +on property:persist.vendor.camera.af.debug_level=0 + setprop log.tag.GAF S + +on property:persist.vendor.camera.af.debug_level=1 + setprop log.tag.GAF V + +on property:persist.vendor.camera.af.debug_level=2 + setprop log.tag.GAF V + +on property:persist.vendor.camera.af.debug_level=3 + setprop log.tag.GAF D + +on property:persist.vendor.camera.af.debug_level=4 + setprop log.tag.GAF I + +on property:persist.vendor.camera.af.debug_level=5 + setprop log.tag.GAF W + +on property:persist.vendor.camera.af.debug_level=6 + setprop log.tag.GAF E + +on property:persist.vendor.camera.af.debug_level=7 + setprop log.tag.GAF A + +on property:persist.vendor.camera.af.video_debug_enable=2 + setprop vendor.camera.3a.log_level 1 + setprop log.tag.3a.gcrd.af.parser.input V + setprop log.tag.3a.gcrd.af.parser.output V + setprop log.tag.3a.gcrd.af.processor V + setprop log.tag.3a.gcrd.af.engine V + setprop log.tag.3a.gcrd.dtm V + +on property:persist.vendor.camera.af.video_debug_enable=0 + setprop vendor.camera.3a.log_level 6 + setprop log.tag.3a.gcrd.af.parser.input E + setprop log.tag.3a.gcrd.af.parser.output E + setprop log.tag.3a.gcrd.af.processor E + setprop log.tag.3a.gcrd.af.engine E + setprop log.tag.3a.gcrd.dtm E + +on property:persist.vendor.camera.af.default_focus_only=false + setprop persist.vendor.camera.af.ignore_ctrl_focus_region false + setprop persist.vendor.camera.af.ignore_face 0 + setprop persist.vendor.camera.af.force_saliency_consumption "" + +on property:persist.vendor.camera.af.default_focus_only=true + setprop persist.vendor.camera.af.ignore_ctrl_focus_region true + setprop persist.vendor.camera.af.ignore_face 1 + setprop persist.vendor.camera.af.force_saliency_consumption false + +# Reset every related properties +on property:persist.vendor.camera.af.standalone_searchlet=reset + setprop persist.vendor.camera.af.ignore_pd \"\" + setprop persist.vendor.camera.af.ignore_tof \"\" + setprop persist.vendor.camera.af.ignore_cdaf \"\" + setprop persist.vendor.camera.af.ignore_gyro \"\" + setprop persist.vendor.camera.af.ignore_3a \"\" + setprop vendor.camera.debug.enable_saliency \"\" + +# Standalone framework: PDAF +on property:persist.vendor.camera.af.standalone_searchlet=pdaf + setprop persist.vendor.camera.af.ignore_tof 1 + setprop persist.vendor.camera.af.ignore_gyro 1 + setprop persist.vendor.camera.af.ignore_3a 1 + setprop vendor.camera.debug.enable_saliency 0 + +# Standalone framework: LDAF +on property:persist.vendor.camera.af.standalone_searchlet=ldaf + setprop persist.vendor.camera.af.ignore_pd 7 + setprop persist.vendor.camera.af.ignore_gyro 1 + setprop persist.vendor.camera.af.ignore_3a 1 + setprop vendor.camera.debug.enable_saliency 0 + +# Standalone framework: CDAF +on property:persist.vendor.camera.af.standalone_searchlet=cdaf + setprop persist.vendor.camera.af.ignore_pd 7 + setprop persist.vendor.camera.af.ignore_tof 1 + setprop vendor.camera.debug.enable_saliency 0 diff --git a/camera/libg3a_ghawb.rc b/camera/libg3a_ghawb.rc new file mode 100644 index 0000000..4ca6717 --- /dev/null +++ b/camera/libg3a_ghawb.rc @@ -0,0 +1,28 @@ +# override default log levels. +on boot + setprop log.tag.GHAWB E + +# backward-compatible system props. +on property:persist.vendor.camera.ghawb.debug_level=0 + setprop log.tag.GHAWB S + +on property:persist.vendor.camera.ghawb.debug_level=1 + setprop log.tag.GHAWB V + +on property:persist.vendor.camera.ghawb.debug_level=2 + setprop log.tag.GHAWB V + +on property:persist.vendor.camera.ghawb.debug_level=3 + setprop log.tag.GHAWB D + +on property:persist.vendor.camera.ghawb.debug_level=4 + setprop log.tag.GHAWB I + +on property:persist.vendor.camera.ghawb.debug_level=5 + setprop log.tag.GHAWB W + +on property:persist.vendor.camera.ghawb.debug_level=6 + setprop log.tag.GHAWB E + +on property:persist.vendor.camera.ghawb.debug_level=7 + setprop log.tag.GHAWB A From 97f50223aaae52a60a2cf990bf171747e8ceba4a Mon Sep 17 00:00:00 2001 From: Dinesh Yadav Date: Tue, 3 Dec 2024 04:01:59 +0000 Subject: [PATCH 73/87] Allow tachyon service to make binder calls to GCA This permission is needed for tachyon service to call callbacks. AVC Error seen when tachyon tries accessing GCA: 12-02 11:40:03.212 6987 6987 W com.google.edge: type=1400 audit(0.0:17): avc: denied { call } for scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:google_camera_app:s0:c145,c256,c512,c768 tclass=binder permissive=0 12-03 07:12:26.424 4166 4166 W com.google.edge: type=1400 audit(0.0:254): avc: denied { call } for scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:debug_camera_app:s0:c67,c257,c512,c768 tclass=binder permissive=0 Bug: 381787911 Flag: EXEMPT updates device sepolicy only Change-Id: Id27ecd53e9ea7fbf273be098749cdaece55d00cb --- edgetpu/sepolicy/google_camera.te | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 edgetpu/sepolicy/google_camera.te diff --git a/edgetpu/sepolicy/google_camera.te b/edgetpu/sepolicy/google_camera.te new file mode 100644 index 0000000..0c3cd38 --- /dev/null +++ b/edgetpu/sepolicy/google_camera.te @@ -0,0 +1,5 @@ +# Allow tachyon service to communicate with google_camera_app via binder. +binder_call(edgetpu_tachyon_server, google_camera_app); + +# Allow tachyon_service to communicate with fishfood/Eng camera variants via binder. +binder_call(edgetpu_tachyon_server, debug_camera_app); From 67118860083ac040d92a74de83746476ec41262e Mon Sep 17 00:00:00 2001 From: Dinesh Yadav Date: Thu, 5 Dec 2024 08:02:02 +0000 Subject: [PATCH 74/87] Revert "Allow tachyon service to make binder calls to GCA" This reverts commit 97f50223aaae52a60a2cf990bf171747e8ceba4a. Reason for revert: This change breaks git_main-without-vendor as google_camera_app & debug_camera_app are not supported in non-vendor builds. Change-Id: I9bf47c59aa036caf66e2f3fe5d7b6ea0938e4442 --- edgetpu/sepolicy/google_camera.te | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 edgetpu/sepolicy/google_camera.te diff --git a/edgetpu/sepolicy/google_camera.te b/edgetpu/sepolicy/google_camera.te deleted file mode 100644 index 0c3cd38..0000000 --- a/edgetpu/sepolicy/google_camera.te +++ /dev/null @@ -1,5 +0,0 @@ -# Allow tachyon service to communicate with google_camera_app via binder. -binder_call(edgetpu_tachyon_server, google_camera_app); - -# Allow tachyon_service to communicate with fishfood/Eng camera variants via binder. -binder_call(edgetpu_tachyon_server, debug_camera_app); From afc6c2840186e8b43aa43efa9b8fafb033c55c01 Mon Sep 17 00:00:00 2001 From: Dmitry Skiba Date: Mon, 2 Dec 2024 06:04:29 +0000 Subject: [PATCH 75/87] Add recovery support for perf experiments. This change establishes a place for perf experiments and adds a script to delay experiments for recovery purposes. For more info see go/pixel-perf-experiment-whatif. Bug: 365855872 Test: build/flash, set .Perf__experiments_delay_seconds=10, verify that vendor.perf.allow_experiments=1 after 10 seconds Flag: NONE controlled by Mendel instead Change-Id: I78db482542066d5d5646d8c303dbe88054cfe66d Signed-off-by: Dmitry Skiba --- performance/experiments/Android.bp | 10 ++++++++++ performance/experiments/experiments.mk | 3 +++ .../experiments/pixel-experiments-recovery.rc | 17 +++++++++++++++++ .../experiments/pixel-experiments-recovery.sh | 15 +++++++++++++++ performance/experiments/sepolicy/file_contexts | 1 + .../sepolicy/pixel-experiments-recovery.sh.te | 10 ++++++++++ performance/experiments/sepolicy/property.te | 3 +++ .../experiments/sepolicy/property_contexts | 1 + 8 files changed, 60 insertions(+) create mode 100644 performance/experiments/Android.bp create mode 100644 performance/experiments/experiments.mk create mode 100644 performance/experiments/pixel-experiments-recovery.rc create mode 100755 performance/experiments/pixel-experiments-recovery.sh create mode 100644 performance/experiments/sepolicy/file_contexts create mode 100644 performance/experiments/sepolicy/pixel-experiments-recovery.sh.te create mode 100644 performance/experiments/sepolicy/property.te create mode 100644 performance/experiments/sepolicy/property_contexts diff --git a/performance/experiments/Android.bp b/performance/experiments/Android.bp new file mode 100644 index 0000000..a2f7ebe --- /dev/null +++ b/performance/experiments/Android.bp @@ -0,0 +1,10 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +sh_binary { + name: "pixel-experiments-recovery.sh", + src: "pixel-experiments-recovery.sh", + vendor: true, + init_rc: ["pixel-experiments-recovery.rc"], +} diff --git a/performance/experiments/experiments.mk b/performance/experiments/experiments.mk new file mode 100644 index 0000000..b52d0e6 --- /dev/null +++ b/performance/experiments/experiments.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/performance/experiments/sepolicy + +PRODUCT_PACKAGES += pixel-experiments-recovery.sh diff --git a/performance/experiments/pixel-experiments-recovery.rc b/performance/experiments/pixel-experiments-recovery.rc new file mode 100644 index 0000000..a8247c3 --- /dev/null +++ b/performance/experiments/pixel-experiments-recovery.rc @@ -0,0 +1,17 @@ +# pixel-experiments-recovery.sh waits Perf__experiments_delay_seconds and sets +# vendor.perf.allow_experiments=1, triggering experiments. +service pixel-experiments-recovery /vendor/bin/pixel-experiments-recovery.sh \ + ${vendor.pixel.system.phenotype.Perf__experiments_delay_seconds} + class main + user root + group root system + oneshot + disabled + +# vendor.pixel.system.phenotype.Perf__xxx properties are set sometime after the +# device is unlocked for the first time. The check for sys.boot_completed is not +# strictly needed, but will prevent surprises if for some reason the property +# is set early. +on property:sys.boot_completed=1 && \ + property:vendor.pixel.system.phenotype.Perf__experiments_delay_seconds=* + restart pixel-experiments-recovery diff --git a/performance/experiments/pixel-experiments-recovery.sh b/performance/experiments/pixel-experiments-recovery.sh new file mode 100755 index 0000000..188222e --- /dev/null +++ b/performance/experiments/pixel-experiments-recovery.sh @@ -0,0 +1,15 @@ +#!/vendor/bin/sh + +# This script delays experiments by the specified amount of seconds. The delay is not needed for +# the normal operation, but becomes essential for the rare case (which "should not happen") where +# an experiment causes really bad issues (e.g. crashes the kernel). In such case the delay gives +# GMSCore an opportunity to fetch fresh experiments snapshot (with the bad experiment disabled). +# +# See go/pixel-perf-experiment-whatif for more info. + +delay_seconds="$1" + +if [ -n "$delay_seconds" ]; then + sleep "$delay_seconds" + /vendor/bin/setprop vendor.perf.allow_experiments 1 +fi diff --git a/performance/experiments/sepolicy/file_contexts b/performance/experiments/sepolicy/file_contexts new file mode 100644 index 0000000..7364807 --- /dev/null +++ b/performance/experiments/sepolicy/file_contexts @@ -0,0 +1 @@ +/vendor/bin/pixel-experiments-recovery\.sh u:object_r:pixel-experiments-recovery-sh_exec:s0 diff --git a/performance/experiments/sepolicy/pixel-experiments-recovery.sh.te b/performance/experiments/sepolicy/pixel-experiments-recovery.sh.te new file mode 100644 index 0000000..2da555b --- /dev/null +++ b/performance/experiments/sepolicy/pixel-experiments-recovery.sh.te @@ -0,0 +1,10 @@ +# Rules for pixel-experiments-recovery.sh + +type pixel-experiments-recovery-sh, domain; +type pixel-experiments-recovery-sh_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(pixel-experiments-recovery-sh) + +# Allow "setprop vendor.perf.allow_experiments". +allow pixel-experiments-recovery-sh vendor_toolbox_exec:file { execute_no_trans }; +set_prop(pixel-experiments-recovery-sh, vendor_perf_allow_experiments_prop) diff --git a/performance/experiments/sepolicy/property.te b/performance/experiments/sepolicy/property.te new file mode 100644 index 0000000..e43312c --- /dev/null +++ b/performance/experiments/sepolicy/property.te @@ -0,0 +1,3 @@ +# Properties shared between experiments. + +vendor_internal_prop(vendor_perf_allow_experiments_prop) diff --git a/performance/experiments/sepolicy/property_contexts b/performance/experiments/sepolicy/property_contexts new file mode 100644 index 0000000..50de9c1 --- /dev/null +++ b/performance/experiments/sepolicy/property_contexts @@ -0,0 +1 @@ +vendor.perf.allow_experiments u:object_r:vendor_perf_allow_experiments_prop:s0 From 2c41fdac3207d6e2c67efda05e9e5761d577daa4 Mon Sep 17 00:00:00 2001 From: Piotr Klasa Date: Thu, 5 Dec 2024 12:05:19 +0100 Subject: [PATCH 76/87] Add Proc Vendor Sched Sepolicy Fix Bug: 361092565 Test: m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot Test: adb shell dmesg | grep proc_vendor_sched ; adb logcat -d | grep proc_vendor_sched Evidences 12-02 19:31:34.952 279 279 W init : type=1400 audit(0.0:7): avc: denied { associate } for name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 12-02 19:31:34.956 279 279 W init : type=1400 audit(0.0:8): avc: denied { associate } for name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 12-02 19:31:34.956 279 279 W init : type=1400 audit(0.0:9): avc: denied { associate } for name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 12-02 19:31:34.956 279 279 W init : type=1400 audit(0.0:10): avc: denied { associate } for name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 12-02 19:31:34.956 279 279 W init : type=1400 audit(0.0:11): avc: denied { associate } for name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 12-02 19:31:34.956 279 279 W init : type=1400 audit(0.0:12): avc: denied { associate } for name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 12-02 19:31:34.960 279 279 W init : type=1400 audit(0.0:13): avc: denied { associate } for name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 12-02 19:31:34.960 279 279 W init : type=1400 audit(0.0:14): avc: denied { associate } for name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 12-02 19:31:34.960 279 279 W init : type=1400 audit(0.0:15): avc: denied { associate } for name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 12-02 19:31:34.960 279 279 W init : type=1400 audit(0.0:16): avc: denied { associate } for name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0 Flag: EXEMPT bugfix Change-Id: Iad58e23abc1a7e27c3f5f4130e50d7e4aa0b6cf8 --- performance/sepolicy/proc_vendor_sched.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 performance/sepolicy/proc_vendor_sched.te diff --git a/performance/sepolicy/proc_vendor_sched.te b/performance/sepolicy/proc_vendor_sched.te new file mode 100644 index 0000000..dc78c75 --- /dev/null +++ b/performance/sepolicy/proc_vendor_sched.te @@ -0,0 +1,2 @@ +#Vendor Sched +allow proc_vendor_sched proc:filesystem associate; From 4250b91047b6151b43ee87aca5626854dfb36fb7 Mon Sep 17 00:00:00 2001 From: Dmitry Skiba Date: Thu, 5 Dec 2024 00:16:11 +0000 Subject: [PATCH 77/87] Add kswapd experiment. See go/pixel-perf-25q1-experiments for the info. Bug: 365855872 Test: build/flash, set .Perf__experiments_delay_seconds=0, set .Perf__kswapd_experiment=true, observe /sys/kernel/vendor_mm/kswapd_cpu_affinity changes Flag: NONE controlled by Mendel instead Change-Id: Id63690f0dcd38de92e4c2fde5b0ab814ed3d9db1 Signed-off-by: Dmitry Skiba --- performance/experiments/experiments.mk | 2 ++ performance/experiments/kswapd/Android.bp | 10 +++++++ performance/experiments/kswapd/kswapd.mk | 1 + .../kswapd/pixel-kswapd-experiment.rc | 28 +++++++++++++++++++ 4 files changed, 41 insertions(+) create mode 100644 performance/experiments/kswapd/Android.bp create mode 100644 performance/experiments/kswapd/kswapd.mk create mode 100644 performance/experiments/kswapd/pixel-kswapd-experiment.rc diff --git a/performance/experiments/experiments.mk b/performance/experiments/experiments.mk index b52d0e6..191332d 100644 --- a/performance/experiments/experiments.mk +++ b/performance/experiments/experiments.mk @@ -1,3 +1,5 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/performance/experiments/sepolicy PRODUCT_PACKAGES += pixel-experiments-recovery.sh + +include device/google/gs-common/performance/experiments/kswapd/kswapd.mk diff --git a/performance/experiments/kswapd/Android.bp b/performance/experiments/kswapd/Android.bp new file mode 100644 index 0000000..23af711 --- /dev/null +++ b/performance/experiments/kswapd/Android.bp @@ -0,0 +1,10 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +prebuilt_etc { + name: "pixel-kswapd-experiment.rc", + src: "pixel-kswapd-experiment.rc", + vendor: true, + sub_dir: "init", +} diff --git a/performance/experiments/kswapd/kswapd.mk b/performance/experiments/kswapd/kswapd.mk new file mode 100644 index 0000000..15d762f --- /dev/null +++ b/performance/experiments/kswapd/kswapd.mk @@ -0,0 +1 @@ +PRODUCT_PACKAGES += pixel-kswapd-experiment.rc diff --git a/performance/experiments/kswapd/pixel-kswapd-experiment.rc b/performance/experiments/kswapd/pixel-kswapd-experiment.rc new file mode 100644 index 0000000..36dcac3 --- /dev/null +++ b/performance/experiments/kswapd/pixel-kswapd-experiment.rc @@ -0,0 +1,28 @@ +# Kswapd experiment - allow kswapd to run on all cores. We only target zuma and +# zumapro because these are the only platforms where kswapd avoids big cores by +# default. + +on property:vendor.perf.allow_experiments=1 \ + && property:ro.board.platform=zuma \ + && property:vendor.pixel.system.phenotype.Perf__kswapd_experiment=true + write /sys/kernel/vendor_mm/kswapd_cpu_affinity 1ff + +on property:vendor.perf.allow_experiments=1 \ + && property:ro.board.platform=zumapro \ + && property:vendor.pixel.system.phenotype.Perf__kswapd_experiment=true + write /sys/kernel/vendor_mm/kswapd_cpu_affinity ff + + +# Kswapd experiment rampdown - restore CPU affinity to the default. + +on property:vendor.perf.allow_experiments=1 \ + && property:ro.board.platform=zuma \ + && property:vendor.pixel.system.phenotype.Perf__kswapd_experiment="" + # Value is from device/google/zuma/conf/init.zuma.rc + write /sys/kernel/vendor_mm/kswapd_cpu_affinity ff + +on property:vendor.perf.allow_experiments=1 \ + && property:ro.board.platform=zumapro \ + && property:vendor.pixel.system.phenotype.Perf__kswapd_experiment="" + # Value is from device/google/zumapro/conf/init.zumapro.soc.rc + write /sys/kernel/vendor_mm/kswapd_cpu_affinity 7f From f7eae2a9465db691385299b13c1bb23ae2c5012e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Kosi=C5=84ski?= Date: Thu, 5 Dec 2024 20:11:21 +0000 Subject: [PATCH 78/87] Always include camera calibration tools in debug builds. These statements will be ignored if the packages are unavailable, such as in the PDK build. Bug: 380373922 Test: presubmit, check that tools exist in husky-userdebug Flag: EXEMPT debug-only tool Change-Id: Id3a524a6adaf1f719a23eb91ebad161ce0551af4 --- camera/lyric.mk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/camera/lyric.mk b/camera/lyric.mk index 0ec1d6d..adffb74 100644 --- a/camera/lyric.mk +++ b/camera/lyric.mk @@ -49,10 +49,6 @@ PRODUCT_SOONG_NAMESPACES += \ vendor/google/camera/google_3a/libs_v4/gAF \ vendor/google/camera/google_3a/libs_v4/gafd \ vendor/google/camera/google_3a/libs_v4/gHAWB/native_coverage - -# Calibration tool for debug builds -PRODUCT_PACKAGES_DEBUG += tarasque_test -PRODUCT_PACKAGES_DEBUG += ProtoCalibGenerator endif # BUILD_LYRIC_FROM_SOURCE # Init-time log settings for Google 3A @@ -73,3 +69,7 @@ DEVICE_MATRIX_FILE += \ # sepolicy dir is added in dump.mk. # Make doesn't deduplicate sepolicy dirs, so including it here causes build errors. + +# Calibration tools for debug builds +PRODUCT_PACKAGES_DEBUG += tarasque_test +PRODUCT_PACKAGES_DEBUG += ProtoCalibGenerator From 3bcf1e58910c54ce4e8b27115cad71e6b8b386c6 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Sat, 9 Nov 2024 16:23:56 -0800 Subject: [PATCH 79/87] Add Intelligence rc By persist.vendor.intelligence, # on -> mount(ok) -> on # off -> write_zeroes -> remove -> rm(ok) -> disable # on -> mount(fail) -> remove -> rm(ok) -> disable For SEpolicy, type=1400 audit(1731445557.444:32): avc: denied { read } for comm="kworker/u16:3" path="/dev/block/sda33" dev="tmpfs" ino=1050 scontext=u:r:kernel:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=1 type=1400 audit(1731445557.476:33): avc: denied { execute_no_trans } for comm="storage_intelli" path="/vendor/bin/toolbox" dev="dm-11" ino=368 scontext=u:r:storage_intelligence:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=1 type=1400 audit(1731448933.292:16): avc: denied { search } for comm="dd" name="block" dev="tmpfs" ino=12 scontext=u:r:storage_intelligence:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=1 type=1400 audit(1731461590.844:16): avc: denied { write } for comm="dd" name="sda33" dev="tmpfs" ino=1052 scontext=u:r:storage_intelligence:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=1 type=1400 audit(1731461590.844:17): avc: denied { open } for comm="dd" path="/dev/block/sda33" dev="tmpfs" ino=1052 scontext=u:r:storage_intelligence:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=1 Bug: 378120929 Flag: build.RELEASE_PIXEL_VENDOR_INTELLIGENCE_AID Change-Id: If9d2f067e29b6c574d3b827ea509fec92c6d8028 Signed-off-by: Jaegeuk Kim --- storage/Android.bp | 9 ++++++++- storage/sepolicy/file.te | 2 ++ storage/sepolicy/file_contexts | 18 ++++++++++------- storage/sepolicy/init.te | 1 + storage/sepolicy/kernel.te | 3 +++ storage/sepolicy/property.te | 3 +++ storage/sepolicy/property_contexts | 1 + storage/sepolicy/storage_intelligence.te | 12 ++++++++++++ storage/sepolicy/tracking_denials/bug_map | 1 + storage/sepolicy/vendor_init.te | 2 ++ storage/storage.intelligence.rc | 23 ++++++++++++++++++++++ storage/storage_intelligence.sh | 24 +++++++++++++++++++++++ storage/tracking_denials/bug_map | 1 + 13 files changed, 92 insertions(+), 8 deletions(-) create mode 100644 storage/sepolicy/kernel.te create mode 100644 storage/sepolicy/property.te create mode 100644 storage/sepolicy/property_contexts create mode 100644 storage/sepolicy/storage_intelligence.te create mode 100644 storage/sepolicy/tracking_denials/bug_map create mode 100644 storage/storage.intelligence.rc create mode 100755 storage/storage_intelligence.sh create mode 100644 storage/tracking_denials/bug_map diff --git a/storage/Android.bp b/storage/Android.bp index 3a06113..eb806bc 100644 --- a/storage/Android.bp +++ b/storage/Android.bp @@ -14,8 +14,15 @@ cc_binary { shared_libs: [ "libbase", "libdump", - "liblog", + "liblog", ], vendor: true, relative_install_path: "dump", } + +sh_binary { + name: "storage_intelligence.sh", + src: "storage_intelligence.sh", + init_rc: ["storage.intelligence.rc"], + vendor: true, +} diff --git a/storage/sepolicy/file.te b/storage/sepolicy/file.te index 0fa9564..59b739d 100644 --- a/storage/sepolicy/file.te +++ b/storage/sepolicy/file.te @@ -4,3 +4,5 @@ type dump_storage_data_file, file_type, data_file_type; type sg_device, dev_type; type sg_util_exec, exec_type, vendor_file_type, file_type; +# Intelligence Service +type intelligence_data_file, file_type, data_file_type; diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts index 1ef5a67..18527fb 100644 --- a/storage/sepolicy/file_contexts +++ b/storage/sepolicy/file_contexts @@ -1,9 +1,13 @@ # storage -/vendor/bin/dump/dump_storage u:object_r:dump_storage_exec:s0 -/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0 -/dev/sg[0-9] u:object_r:sg_device:s0 -/data/vendor/storage(/.*)? u:object_r:dump_storage_data_file:s0 -/vendor/bin/sg_read_buffer u:object_r:sg_util_exec:s0 -/dev/block/by-name/userdata_exp.* u:object_r:userdata_exp_block_device:s0 -/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 +/data/vendor/intelligence(/.*)? u:object_r:intelligence_data_file:s0 +/data/vendor/storage(/.*)? u:object_r:dump_storage_data_file:s0 +/dev/block/by-name/userdata_exp.* u:object_r:userdata_exp_block_device:s0 +/dev/sg[0-9] u:object_r:sg_device:s0 + +/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0 + +/vendor/bin/dump/dump_storage u:object_r:dump_storage_exec:s0 +/vendor/bin/sg_read_buffer u:object_r:sg_util_exec:s0 +/vendor/bin/storage_intelligence\.sh u:object_r:storage_intelligence_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 diff --git a/storage/sepolicy/init.te b/storage/sepolicy/init.te index dc24247..464ca4b 100644 --- a/storage/sepolicy/init.te +++ b/storage/sepolicy/init.te @@ -1,3 +1,4 @@ # init allow init sysfs_scsi_devices_0000:file w_file_perms; +dontaudit init intelligence_data_file:dir mounton; diff --git a/storage/sepolicy/kernel.te b/storage/sepolicy/kernel.te new file mode 100644 index 0000000..55882ed --- /dev/null +++ b/storage/sepolicy/kernel.te @@ -0,0 +1,3 @@ +# for intelligence service + +allow kernel userdata_exp_block_device:blk_file read; diff --git a/storage/sepolicy/property.te b/storage/sepolicy/property.te new file mode 100644 index 0000000..598c71a --- /dev/null +++ b/storage/sepolicy/property.te @@ -0,0 +1,3 @@ +# for intelligence service + +vendor_internal_prop(vendor_intelligence_prop) diff --git a/storage/sepolicy/property_contexts b/storage/sepolicy/property_contexts new file mode 100644 index 0000000..b436986 --- /dev/null +++ b/storage/sepolicy/property_contexts @@ -0,0 +1 @@ +persist.vendor.intelligence u:object_r:vendor_intelligence_prop:s0 diff --git a/storage/sepolicy/storage_intelligence.te b/storage/sepolicy/storage_intelligence.te new file mode 100644 index 0000000..66d14df --- /dev/null +++ b/storage/sepolicy/storage_intelligence.te @@ -0,0 +1,12 @@ +# support intelligence service +init_daemon_domain(storage_intelligence) +type storage_intelligence, domain; +type storage_intelligence_exec, vendor_file_type, exec_type, file_type; + +set_prop(storage_intelligence, vendor_intelligence_prop); + +allow storage_intelligence vendor_toolbox_exec:file execute_no_trans; + +# for storage management +allow storage_intelligence block_device:dir { search }; +allow storage_intelligence userdata_exp_block_device:blk_file rw_file_perms; diff --git a/storage/sepolicy/tracking_denials/bug_map b/storage/sepolicy/tracking_denials/bug_map new file mode 100644 index 0000000..a1e8298 --- /dev/null +++ b/storage/sepolicy/tracking_denials/bug_map @@ -0,0 +1 @@ +shell vendor_intelligence_prop file b/378120929 diff --git a/storage/sepolicy/vendor_init.te b/storage/sepolicy/vendor_init.te index 73eb527..cbb2990 100644 --- a/storage/sepolicy/vendor_init.te +++ b/storage/sepolicy/vendor_init.te @@ -4,3 +4,5 @@ allow vendor_init sg_device:chr_file r_file_perms; # dirty swappiness allow vendor_init proc_dirty:file w_file_perms; +# intelligence +set_prop(vendor_init, vendor_intelligence_prop); diff --git a/storage/storage.intelligence.rc b/storage/storage.intelligence.rc new file mode 100644 index 0000000..85586ab --- /dev/null +++ b/storage/storage.intelligence.rc @@ -0,0 +1,23 @@ +# For intelligence service +# on -> mount(ok) -> on +# off -> write_zeroes -> remove -> rm(ok) -> disable +# on -> mount(fail) -> remove -> rm(ok) -> disable + +service storage_intelligence /vendor/bin/storage_intelligence.sh + user root + disabled + oneshot + +on boot && property:persist.vendor.intelligence=on + mkdir /data/vendor/intelligence 0770 vendor_intelligence vendor_intelligence + restorecon_recursive /data/vendor/intelligence + mount f2fs loop@/dev/block/by-name/userdata_exp.ai /data/vendor/intelligence ro + start storage_intelligence + +on boot && property:persist.vendor.intelligence=off + start storage_intelligence + +on property:persist.vendor.intelligence=remove + rm /data/userdata_exp.ai + rmdir /data/vendor/intelligence + setprop persist.vendor.intelligence disable diff --git a/storage/storage_intelligence.sh b/storage/storage_intelligence.sh new file mode 100755 index 0000000..03d2ca7 --- /dev/null +++ b/storage/storage_intelligence.sh @@ -0,0 +1,24 @@ +#!/vendor/bin/sh +# +# The script belongs to the feature of UFS FFU via OTA: go/p23-ffu-ota +# Its purpose is to copy the corresponding firmware into partition for UFS FFU. + + +property="persist.vendor.intelligence" +partition="/dev/block/by-name/userdata_exp.ai" +mount_point="/data/vendor/intelligence" +backend_file="/data/userdata_exp.ai" + +request=`getprop $property` + +if [ "$request" == "on" ]; then + mounted=`grep $mount_point /proc/mounts` + if [ "$mounted" ]; then + setprop $property on + else + setprop $property remove + fi +elif [ "$request" == "off" ]; then + dd if=/dev/zero of=$partition bs=4k count=2 + setprop $property remove +fi diff --git a/storage/tracking_denials/bug_map b/storage/tracking_denials/bug_map new file mode 100644 index 0000000..a1e8298 --- /dev/null +++ b/storage/tracking_denials/bug_map @@ -0,0 +1 @@ +shell vendor_intelligence_prop file b/378120929 From 2833eecc4936fc028f07f3bcb13606f8caf56cd9 Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Fri, 6 Dec 2024 09:23:51 +0000 Subject: [PATCH 80/87] modem_svc: move shared_modem_platform related sepolicy to gs-common Bug: 372400955 Change-Id: I8b08e5b7789a5b2bf027deed0afc97f87ca25f3f Flag: NONE local testing only --- modem/shared_modem_platform/sepolicy/file_contexts | 2 ++ modem/shared_modem_platform/sepolicy/modem_svc_sit.te | 2 ++ modem/shared_modem_platform/shared_modem_platform.mk | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 modem/shared_modem_platform/sepolicy/file_contexts create mode 100644 modem/shared_modem_platform/sepolicy/modem_svc_sit.te diff --git a/modem/shared_modem_platform/sepolicy/file_contexts b/modem/shared_modem_platform/sepolicy/file_contexts new file mode 100644 index 0000000..d6f4a74 --- /dev/null +++ b/modem/shared_modem_platform/sepolicy/file_contexts @@ -0,0 +1,2 @@ +# modem_svc_sit +/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 \ No newline at end of file diff --git a/modem/shared_modem_platform/sepolicy/modem_svc_sit.te b/modem/shared_modem_platform/sepolicy/modem_svc_sit.te new file mode 100644 index 0000000..b1ed074 --- /dev/null +++ b/modem/shared_modem_platform/sepolicy/modem_svc_sit.te @@ -0,0 +1,2 @@ +# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. +hal_server_domain(modem_svc_sit, hal_shared_modem_platform) diff --git a/modem/shared_modem_platform/shared_modem_platform.mk b/modem/shared_modem_platform/shared_modem_platform.mk index 3f50c37..0a3be6d 100644 --- a/modem/shared_modem_platform/shared_modem_platform.mk +++ b/modem/shared_modem_platform/shared_modem_platform.mk @@ -8,4 +8,4 @@ SOONG_CONFIG_shared_modem_platform_vendor := $(SHARED_MODEM_PLATFORM_VENDOR) PRODUCT_PACKAGES += shared_modem_platform DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/shared_modem_platform/compatibility_matrix.xml -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy +BOARD_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy From 8112ee64cc93db0c674bec442b2419e9ea6249a4 Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Fri, 6 Dec 2024 12:49:05 +0000 Subject: [PATCH 81/87] modem_svc: add modem_svc_sit to solve sepolicy conflicts arising from different device versions Add modem_svc_sit to gs-common. modem_svc_sit will support devices from gs101 to zuma_pro. The shared_modem_platform will be updated to support devices after zumapro (not include). Bug: 372400955 Flag: NONE local testing only Change-Id: I0bcc9baf69045327e6fcca92ab8003e303db2649 --- modem/modem_svc_sit/compatibility_matrix.xml | 11 +++++++++++ modem/modem_svc_sit/sepolicy/attributes | 1 + modem/modem_svc_sit/sepolicy/file_contexts | 2 ++ .../sepolicy/hal_shared_modem_platform.te | 8 ++++++++ .../sepolicy/modem_svc_sit.te | 0 modem/modem_svc_sit/sepolicy/service.te | 2 ++ modem/modem_svc_sit/sepolicy/service_contexts | 2 ++ modem/modem_svc_sit/shared_modem_platform.mk | 14 ++++++++++++++ modem/shared_modem_platform/sepolicy/file_contexts | 4 ++-- .../sepolicy/shared_modem_platform.te | 2 ++ .../shared_modem_platform/shared_modem_platform.mk | 2 ++ 11 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 modem/modem_svc_sit/compatibility_matrix.xml create mode 100644 modem/modem_svc_sit/sepolicy/attributes create mode 100644 modem/modem_svc_sit/sepolicy/file_contexts create mode 100644 modem/modem_svc_sit/sepolicy/hal_shared_modem_platform.te rename modem/{shared_modem_platform => modem_svc_sit}/sepolicy/modem_svc_sit.te (100%) create mode 100644 modem/modem_svc_sit/sepolicy/service.te create mode 100644 modem/modem_svc_sit/sepolicy/service_contexts create mode 100644 modem/modem_svc_sit/shared_modem_platform.mk create mode 100644 modem/shared_modem_platform/sepolicy/shared_modem_platform.te diff --git a/modem/modem_svc_sit/compatibility_matrix.xml b/modem/modem_svc_sit/compatibility_matrix.xml new file mode 100644 index 0000000..14d987a --- /dev/null +++ b/modem/modem_svc_sit/compatibility_matrix.xml @@ -0,0 +1,11 @@ + + + + com.google.pixel.shared_modem_platform + 3 + + ISharedModemPlatform + default + + + diff --git a/modem/modem_svc_sit/sepolicy/attributes b/modem/modem_svc_sit/sepolicy/attributes new file mode 100644 index 0000000..2cc802d --- /dev/null +++ b/modem/modem_svc_sit/sepolicy/attributes @@ -0,0 +1 @@ +hal_attribute(shared_modem_platform) diff --git a/modem/modem_svc_sit/sepolicy/file_contexts b/modem/modem_svc_sit/sepolicy/file_contexts new file mode 100644 index 0000000..d6f4a74 --- /dev/null +++ b/modem/modem_svc_sit/sepolicy/file_contexts @@ -0,0 +1,2 @@ +# modem_svc_sit +/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 \ No newline at end of file diff --git a/modem/modem_svc_sit/sepolicy/hal_shared_modem_platform.te b/modem/modem_svc_sit/sepolicy/hal_shared_modem_platform.te new file mode 100644 index 0000000..8771563 --- /dev/null +++ b/modem/modem_svc_sit/sepolicy/hal_shared_modem_platform.te @@ -0,0 +1,8 @@ +# Allow binder connection from client to server +binder_call(hal_shared_modem_platform_client, hal_shared_modem_platform_server) + +# Allow client to find the service, server to register the service +hal_attribute_service(hal_shared_modem_platform, hal_shared_modem_platform_service) + +# Allow binder communication from server to service_manager +binder_use(hal_shared_modem_platform_server) diff --git a/modem/shared_modem_platform/sepolicy/modem_svc_sit.te b/modem/modem_svc_sit/sepolicy/modem_svc_sit.te similarity index 100% rename from modem/shared_modem_platform/sepolicy/modem_svc_sit.te rename to modem/modem_svc_sit/sepolicy/modem_svc_sit.te diff --git a/modem/modem_svc_sit/sepolicy/service.te b/modem/modem_svc_sit/sepolicy/service.te new file mode 100644 index 0000000..0fd48ee --- /dev/null +++ b/modem/modem_svc_sit/sepolicy/service.te @@ -0,0 +1,2 @@ +# define hal_shared_modem_platform_service +type hal_shared_modem_platform_service, hal_service_type, service_manager_type; diff --git a/modem/modem_svc_sit/sepolicy/service_contexts b/modem/modem_svc_sit/sepolicy/service_contexts new file mode 100644 index 0000000..58232f7 --- /dev/null +++ b/modem/modem_svc_sit/sepolicy/service_contexts @@ -0,0 +1,2 @@ +# Bind Shared Modem Platform AIDL service name to the SELinux type. +com.google.pixel.shared_modem_platform.ISharedModemPlatform/default u:object_r:hal_shared_modem_platform_service:s0 diff --git a/modem/modem_svc_sit/shared_modem_platform.mk b/modem/modem_svc_sit/shared_modem_platform.mk new file mode 100644 index 0000000..6e9b05d --- /dev/null +++ b/modem/modem_svc_sit/shared_modem_platform.mk @@ -0,0 +1,14 @@ +# This file is not included in `modem.mk` since this is included at the +# beginning of each `device.mk` file, and so will be called before +# `SHARED_MODEM_PLATFORM_VENDOR` is defined later in the file. +# This file supoorts Whitechapel(gs101), Whitechapel Pro(gs201), Zuma, Zuma Pro. +# This file doesn't support devices which AP is after Zuma Pro. +# For device after Zuma Pro please use gs-common/modem/shared_modem_platform/shared_modem_platform.mk +SOONG_CONFIG_NAMESPACES += shared_modem_platform +SOONG_CONFIG_shared_modem_platform += \ + vendor +SOONG_CONFIG_shared_modem_platform_vendor := $(SHARED_MODEM_PLATFORM_VENDOR) + +PRODUCT_PACKAGES += shared_modem_platform +DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/modem_svc_sit/compatibility_matrix.xml +BOARD_SEPOLICY_DIRS += device/google/gs-common/modem/modem_svc_sit/sepolicy diff --git a/modem/shared_modem_platform/sepolicy/file_contexts b/modem/shared_modem_platform/sepolicy/file_contexts index d6f4a74..8760799 100644 --- a/modem/shared_modem_platform/sepolicy/file_contexts +++ b/modem/shared_modem_platform/sepolicy/file_contexts @@ -1,2 +1,2 @@ -# modem_svc_sit -/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 \ No newline at end of file +# shared_modem_platform +/vendor/bin/shared_modem_platform u:object_r:shared_modem_platform_exec:s0 \ No newline at end of file diff --git a/modem/shared_modem_platform/sepolicy/shared_modem_platform.te b/modem/shared_modem_platform/sepolicy/shared_modem_platform.te new file mode 100644 index 0000000..7fc7a30 --- /dev/null +++ b/modem/shared_modem_platform/sepolicy/shared_modem_platform.te @@ -0,0 +1,2 @@ +# Shared modem platform will register the default instance of the AIDL ISharedModemPlatform hal. +hal_server_domain(shared_modem_platform, hal_shared_modem_platform) diff --git a/modem/shared_modem_platform/shared_modem_platform.mk b/modem/shared_modem_platform/shared_modem_platform.mk index 0a3be6d..3c2a109 100644 --- a/modem/shared_modem_platform/shared_modem_platform.mk +++ b/modem/shared_modem_platform/shared_modem_platform.mk @@ -1,6 +1,8 @@ # This file is not included in `modem.mk` since this is included at the # beginning of each `device.mk` file, and so will be called before # `SHARED_MODEM_PLATFORM_VENDOR` is defined later in the file. +# This file supports support devices which AP is after zumapro(not include). +# For device before zumapro(include) please use gs-common/modem/modem_svc_sit/shared_modem_platform.mk SOONG_CONFIG_NAMESPACES += shared_modem_platform SOONG_CONFIG_shared_modem_platform += \ vendor From d5909db27fb8fbcd4b54e72bee962a12285916e7 Mon Sep 17 00:00:00 2001 From: Dmitry Skiba Date: Tue, 3 Dec 2024 04:03:34 +0000 Subject: [PATCH 82/87] Add apf experiment. See go/pixel-perf-apf-experiment for more info. Bug: 365855872 Test: build/flash, set .Perf__apf_experiment=true and observe vendor.powerhal.apf_enabled=false, .apf_disabled=true Flag: NONE controlled by Mendel instead Change-Id: Iee32c4b160d5013fbbd893765d3df54c1befa458 Signed-off-by: Dmitry Skiba --- performance/experiments/apf/Android.bp | 10 ++++++++++ performance/experiments/apf/apf.mk | 1 + performance/experiments/apf/pixel-apf-experiment.rc | 11 +++++++++++ performance/experiments/experiments.mk | 1 + 4 files changed, 23 insertions(+) create mode 100644 performance/experiments/apf/Android.bp create mode 100644 performance/experiments/apf/apf.mk create mode 100644 performance/experiments/apf/pixel-apf-experiment.rc diff --git a/performance/experiments/apf/Android.bp b/performance/experiments/apf/Android.bp new file mode 100644 index 0000000..e5e9f7c --- /dev/null +++ b/performance/experiments/apf/Android.bp @@ -0,0 +1,10 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +prebuilt_etc { + name: "pixel-apf-experiment.rc", + src: "pixel-apf-experiment.rc", + vendor: true, + sub_dir: "init", +} diff --git a/performance/experiments/apf/apf.mk b/performance/experiments/apf/apf.mk new file mode 100644 index 0000000..d8bc338 --- /dev/null +++ b/performance/experiments/apf/apf.mk @@ -0,0 +1 @@ +PRODUCT_PACKAGES += pixel-apf-experiment.rc diff --git a/performance/experiments/apf/pixel-apf-experiment.rc b/performance/experiments/apf/pixel-apf-experiment.rc new file mode 100644 index 0000000..f160dba --- /dev/null +++ b/performance/experiments/apf/pixel-apf-experiment.rc @@ -0,0 +1,11 @@ +# APF experiment (go/pixel-perf-apf-experiment). +on property:vendor.perf.allow_experiments=1 && \ + property:vendor.pixel.system.phenotype.Perf__apf_experiment=true + setprop vendor.powerhal.apf_disabled true + setprop vendor.powerhal.apf_enabled false + +# Rampdown of the experiment. +on property:vendor.perf.allow_experiments=1 && \ + property:vendor.pixel.system.phenotype.Perf__apf_experiment="" + setprop vendor.powerhal.apf_disabled false + setprop vendor.powerhal.apf_enabled true diff --git a/performance/experiments/experiments.mk b/performance/experiments/experiments.mk index 191332d..b14b823 100644 --- a/performance/experiments/experiments.mk +++ b/performance/experiments/experiments.mk @@ -3,3 +3,4 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/performance/experiments/se PRODUCT_PACKAGES += pixel-experiments-recovery.sh include device/google/gs-common/performance/experiments/kswapd/kswapd.mk +include device/google/gs-common/performance/experiments/apf/apf.mk From 9e1cdbc47113c5332a71c4664e94b446ee9245f0 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Fri, 6 Dec 2024 11:27:26 -0800 Subject: [PATCH 83/87] storage: add missing bug_map The warning is WAI, so make a correct report. [ 11.777638] [ T374] type=1400 audit(1733512828.220:561): avc: denied { open } for comm="getprop" path="/dev/__properties__/u:object_r:vendor_intelligence_prop:s0" dev="tmpfs" ino=436 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_intelligence_prop:s0 tclass=file permissive=1 w/ [ 10.560345] [ T376] type=1400 audit(1733515761.004:342): avc: denied { open } for comm="getprop" path="/dev/__properties__/u:object_r:vendor_intelligence_prop:s0" dev="tmpfs" ino=436 scontext=u:r:shell:s0 tcontext=u:object_r:vendor_intelligence_prop:s0 tclass=file permissive=1 bug=b/378120929 Bug: 378120929 Flag: EXEMPT bugfix Change-Id: Ia158d71c43e6006ee86a227b5a083bc27230ef71 Signed-off-by: Jaegeuk Kim --- storage/storage.mk | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/storage/storage.mk b/storage/storage.mk index ee7110c..c81d15e 100644 --- a/storage/storage.mk +++ b/storage/storage.mk @@ -1,4 +1,6 @@ -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/storage/sepolicy +BOARD_VENDOR_SEPOLICY_DIRS += \ + device/google/gs-common/storage/sepolicy \ + device/google/gs-common/storage/sepolicy/tracking_denials PRODUCT_PACKAGES += dump_storage From 842b86dcc1353033d1091f4148fa68cdb33962e5 Mon Sep 17 00:00:00 2001 From: Dmitry Skiba Date: Fri, 6 Dec 2024 22:09:53 +0000 Subject: [PATCH 84/87] Add amm experiment. See go/pixel-perf-amm-experiment for more info. Bug: 365855872 Test: build/flash; set .Perf__amm_experiment=true, observe auto_migration_margins_enable value changing 1->0; set .Perf__amm_experiment="", observe the value changing 0->1 Flag: NONE controlled by Mendel instead Change-Id: I02b98e3601a0564929acb73250e2e943664bc80a Signed-off-by: Dmitry Skiba --- performance/experiments/amm/Android.bp | 10 +++++++++ performance/experiments/amm/amm.mk | 1 + .../experiments/amm/pixel-amm-experiment.rc | 21 +++++++++++++++++++ performance/experiments/experiments.mk | 1 + 4 files changed, 33 insertions(+) create mode 100644 performance/experiments/amm/Android.bp create mode 100644 performance/experiments/amm/amm.mk create mode 100644 performance/experiments/amm/pixel-amm-experiment.rc diff --git a/performance/experiments/amm/Android.bp b/performance/experiments/amm/Android.bp new file mode 100644 index 0000000..a1c2e3b --- /dev/null +++ b/performance/experiments/amm/Android.bp @@ -0,0 +1,10 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +prebuilt_etc { + name: "pixel-amm-experiment.rc", + src: "pixel-amm-experiment.rc", + vendor: true, + sub_dir: "init", +} diff --git a/performance/experiments/amm/amm.mk b/performance/experiments/amm/amm.mk new file mode 100644 index 0000000..84f2b9e --- /dev/null +++ b/performance/experiments/amm/amm.mk @@ -0,0 +1 @@ +PRODUCT_PACKAGES += pixel-amm-experiment.rc diff --git a/performance/experiments/amm/pixel-amm-experiment.rc b/performance/experiments/amm/pixel-amm-experiment.rc new file mode 100644 index 0000000..2d724f2 --- /dev/null +++ b/performance/experiments/amm/pixel-amm-experiment.rc @@ -0,0 +1,21 @@ +# Activate DISABLE_AMM hint. +service pixel-amm-experiment-activate /vendor/bin/sendhint -m DISABLE_AMM + disabled + oneshot + +# Deactivate DISABLE_AMM hint. +service pixel-amm-experiment-deactivate /vendor/bin/sendhint -m DISABLE_AMM -e 0 + disabled + oneshot + +# AMM experiment (go/pixel-perf-amm-experiment). +on property:vendor.perf.allow_experiments=1 && \ + property:vendor.pixel.system.phenotype.Perf__amm_experiment=true + setprop vendor.powerhal.amm_enabled false + start pixel-amm-experiment-activate + +# Rampdown of the experiment. +on property:vendor.perf.allow_experiments=1 && \ + property:vendor.pixel.system.phenotype.Perf__amm_experiment="" + setprop vendor.powerhal.amm_enabled "" + start pixel-amm-experiment-deactivate diff --git a/performance/experiments/experiments.mk b/performance/experiments/experiments.mk index b14b823..3fbaa52 100644 --- a/performance/experiments/experiments.mk +++ b/performance/experiments/experiments.mk @@ -4,3 +4,4 @@ PRODUCT_PACKAGES += pixel-experiments-recovery.sh include device/google/gs-common/performance/experiments/kswapd/kswapd.mk include device/google/gs-common/performance/experiments/apf/apf.mk +include device/google/gs-common/performance/experiments/amm/amm.mk From 2d6b42c48746b28adc80557fcf701fddbbbd2079 Mon Sep 17 00:00:00 2001 From: Chintan Pandya Date: Thu, 5 Dec 2024 18:21:02 +0000 Subject: [PATCH 85/87] Remove code that just re-enables IRQ and GIA events These events are already enabled from kernel. Bug: 378928822 Test: Verified that trace functionality works as expected. Flag: EXEMPT, just a clean up in init rc Change-Id: I9e50e3d86e914b0db8633a1ae7287875b4df9838 Signed-off-by: Chintan Pandya --- interrupts/init.interrupts.rc | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/interrupts/init.interrupts.rc b/interrupts/init.interrupts.rc index 9492fdc..52fcaa5 100644 --- a/interrupts/init.interrupts.rc +++ b/interrupts/init.interrupts.rc @@ -1,23 +1,16 @@ on init # Create the directory for the trace instance during early init - mkdir /sys/kernel/tracing/instances/irq_gia_google 0755 root root + chmod 666 /sys/kernel/tracing/instances/irq_gia_google + chmod 666 /sys/kernel/tracing/instances/irq_gia_google/trace chown system system /sys/kernel/tracing/instances/irq_gia_google chown system system /sys/kernel/tracing/instances/irq_gia_google/trace - # Enable gia events - write /sys/kernel/tracing/instances/irq_gia_google/events/irq_gia/enable 1 - # There are some very high frequency IRQ events happening all the time. Tracing # them is not absolute necessity, but a flood of them is noise for more interesting # events that we want to capture. All these high frequency IRQs have virq < 11. write /sys/kernel/tracing/instances/irq_gia_google/events/irq/filter "irq > 11" - write /sys/kernel/tracing/instances/irq_gia_google/events/irq/irq_handler_entry/enable 1 - write /sys/kernel/tracing/instances/irq_gia_google/events/irq/irq_handler_exit/enable 1 # Keep the buffer size small. This size is practically enough for debug purpose. # Having low size helps because this entire buffer gets dumped in bugreport. # Having a large size can impact bugreport size and time it takes to pack/unpack. write /sys/kernel/tracing/instances/irq_gia_google/buffer_size_kb 512 - - # Go! - write /sys/kernel/tracing/instances/irq_gia_google/tracing_on 1 From f94206fea781e73d8e7d6391e4e444dbf595106f Mon Sep 17 00:00:00 2001 From: Chintan Pandya Date: Thu, 5 Dec 2024 18:23:52 +0000 Subject: [PATCH 86/87] Reduce the trace instance irq_gia_google's buffer size Bug: 382283364 Test: Verified that trace buffer size reduced. Flag: EXEMPT, init rc change to reduce trace buffer size Change-Id: I8bf50ac8fa3cff263592b3eca1a6b72a20b2b129 Signed-off-by: Chintan Pandya --- interrupts/init.interrupts.rc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interrupts/init.interrupts.rc b/interrupts/init.interrupts.rc index 52fcaa5..68bc281 100644 --- a/interrupts/init.interrupts.rc +++ b/interrupts/init.interrupts.rc @@ -13,4 +13,4 @@ on init # Keep the buffer size small. This size is practically enough for debug purpose. # Having low size helps because this entire buffer gets dumped in bugreport. # Having a large size can impact bugreport size and time it takes to pack/unpack. - write /sys/kernel/tracing/instances/irq_gia_google/buffer_size_kb 512 + write /sys/kernel/tracing/instances/irq_gia_google/buffer_size_kb 64 From 92b52953a38e7248071b9e92449225d9fb765599 Mon Sep 17 00:00:00 2001 From: Satish Yalla Date: Mon, 9 Dec 2024 02:15:16 +0000 Subject: [PATCH 87/87] Revert "Add amm experiment." This reverts commit 842b86dcc1353033d1091f4148fa68cdb33962e5. Reason for revert: DroidMonitor created revert due to b/382821677. Will be verified through ABTD for standard investigation. Change-Id: I5b0d026155c2acb0d117aad7249592fc3fa72d61 --- performance/experiments/amm/Android.bp | 10 --------- performance/experiments/amm/amm.mk | 1 - .../experiments/amm/pixel-amm-experiment.rc | 21 ------------------- performance/experiments/experiments.mk | 1 - 4 files changed, 33 deletions(-) delete mode 100644 performance/experiments/amm/Android.bp delete mode 100644 performance/experiments/amm/amm.mk delete mode 100644 performance/experiments/amm/pixel-amm-experiment.rc diff --git a/performance/experiments/amm/Android.bp b/performance/experiments/amm/Android.bp deleted file mode 100644 index a1c2e3b..0000000 --- a/performance/experiments/amm/Android.bp +++ /dev/null @@ -1,10 +0,0 @@ -package { - default_applicable_licenses: ["Android-Apache-2.0"], -} - -prebuilt_etc { - name: "pixel-amm-experiment.rc", - src: "pixel-amm-experiment.rc", - vendor: true, - sub_dir: "init", -} diff --git a/performance/experiments/amm/amm.mk b/performance/experiments/amm/amm.mk deleted file mode 100644 index 84f2b9e..0000000 --- a/performance/experiments/amm/amm.mk +++ /dev/null @@ -1 +0,0 @@ -PRODUCT_PACKAGES += pixel-amm-experiment.rc diff --git a/performance/experiments/amm/pixel-amm-experiment.rc b/performance/experiments/amm/pixel-amm-experiment.rc deleted file mode 100644 index 2d724f2..0000000 --- a/performance/experiments/amm/pixel-amm-experiment.rc +++ /dev/null @@ -1,21 +0,0 @@ -# Activate DISABLE_AMM hint. -service pixel-amm-experiment-activate /vendor/bin/sendhint -m DISABLE_AMM - disabled - oneshot - -# Deactivate DISABLE_AMM hint. -service pixel-amm-experiment-deactivate /vendor/bin/sendhint -m DISABLE_AMM -e 0 - disabled - oneshot - -# AMM experiment (go/pixel-perf-amm-experiment). -on property:vendor.perf.allow_experiments=1 && \ - property:vendor.pixel.system.phenotype.Perf__amm_experiment=true - setprop vendor.powerhal.amm_enabled false - start pixel-amm-experiment-activate - -# Rampdown of the experiment. -on property:vendor.perf.allow_experiments=1 && \ - property:vendor.pixel.system.phenotype.Perf__amm_experiment="" - setprop vendor.powerhal.amm_enabled "" - start pixel-amm-experiment-deactivate diff --git a/performance/experiments/experiments.mk b/performance/experiments/experiments.mk index 3fbaa52..b14b823 100644 --- a/performance/experiments/experiments.mk +++ b/performance/experiments/experiments.mk @@ -4,4 +4,3 @@ PRODUCT_PACKAGES += pixel-experiments-recovery.sh include device/google/gs-common/performance/experiments/kswapd/kswapd.mk include device/google/gs-common/performance/experiments/apf/apf.mk -include device/google/gs-common/performance/experiments/amm/amm.mk