Snap for 9682161 from 5a2d8e7498 to udc-release

Change-Id: I5e22b0eb3ad8ec1ef55dcddabd6737e69e20589c

gxp/Android.bp

@@ -0,0 +1,19 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+    name: "dump_gxp",
+    srcs: ["dump_gxp.cpp"],
+    cflags: [
+        "-Wall",
+        "-Wextra",
+        "-Werror",
+    ],
+    shared_libs: [
+        "libbase",
+	"libdump",
+    ],
+    vendor: true,
+    relative_install_path: "dump",
+}

gxp/dump.mk

@@ -0,0 +1,4 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gxp/sepolicy/
+
+PRODUCT_PACKAGES_DEBUG += dump_gxp
+

gxp/dump_gxp.cpp

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+#include <android-base/properties.h>
+#include <android-base/file.h>
+
+#define maxGxpDebugDumps 8
+
+int main() {
+    if(::android::base::GetBoolProperty("vendor.gxp.attach_to_bugreport", false)) {
+        std::string outputDir = concatenatePath(BUGREPORT_PACKING_DIR, "gxp_ssrdump");
+        printf("Creating %s", outputDir.c_str());
+        if (mkdir(outputDir.c_str(), 0777) == -1) {
+            printf("Unable to create folder: %s\n", outputDir.c_str());
+            return 0;
+        }
+
+        dumpLogs("/data/vendor/ssrdump/coredump", outputDir.c_str(), maxGxpDebugDumps, "coredump_gxp_");
+        dumpLogs("/data/vendor/ssrdump", outputDir.c_str(), maxGxpDebugDumps, "crashinfo_gxp_");
+    }
+    return 0;
+}
+

gxp/sepolicy/dump_gxp.te

@@ -0,0 +1,11 @@
+pixel_bugreport(dump_gxp)
+
+userdebug_or_eng(`
+  allow dump_gxp radio_vendor_data_file:dir create_dir_perms;
+  allow dump_gxp radio_vendor_data_file:file create_file_perms;
+  allow dump_gxp sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+  allow dump_gxp sscoredump_vendor_data_coredump_file:file r_file_perms;
+  allow dump_gxp sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+  allow dump_gxp sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+')
+

gxp/sepolicy/file_contexts

@@ -0,0 +1,2 @@
+/vendor/bin/dump/dump_gxp           u:object_r:dump_gxp_exec:s0
+

mediacodec/common/mediacodec_common.mk

@@ -0,0 +1,4 @@
+# mediacodec_common for all build configs and sepolicy shared among different Codec HAL
+# example 1: shared among multiple HALs on the same device
+# example 2: shared among different Hals on different devices
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/mediacodec/common/sepolicy

mediacodec/common/sepolicy/file.te

@@ -0,0 +1 @@
+type vendor_media_data_file, file_type, data_file_type;

mediacodec/common/sepolicy/file_contexts

@@ -0,0 +1 @@
+/data/vendor/media(/.*)?  u:object_r:vendor_media_data_file:s0

mediacodec/common/sepolicy/vndservice.te

@@ -0,0 +1 @@
+type eco_service, vndservice_manager_type;

mediacodec/common/sepolicy/vndservice_contexts

@@ -0,0 +1 @@
+media.ecoservice      u:object_r:eco_service:s0

mediacodec/samsung/mediacodec_samsung.mk

@@ -0,0 +1,21 @@
+PRODUCT_SOONG_NAMESPACES += vendor/samsung_slsi/codec2
+
+PRODUCT_PACKAGES += \
+	samsung.hardware.media.c2@1.2-service \
+	codec2.vendor.base.policy \
+	codec2.vendor.ext.policy \
+	libExynosC2ComponentStore \
+	libExynosC2H264Dec \
+	libExynosC2H264Enc \
+	libExynosC2HevcDec \
+	libExynosC2HevcEnc \
+	libExynosC2Mpeg4Dec \
+	libExynosC2Mpeg4Enc \
+	libExynosC2H263Dec \
+	libExynosC2H263Enc \
+	libExynosC2Vp8Dec \
+	libExynosC2Vp8Enc \
+	libExynosC2Vp9Dec \
+	libExynosC2Vp9Enc
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/mediacodec/samsung/sepolicy

mediacodec/samsung/sepolicy/file.te

@@ -0,0 +1 @@
+type sysfs_mfc, sysfs_type, fs_type;

mediacodec/samsung/sepolicy/file_contexts

@@ -0,0 +1,2 @@
+# MFC
+/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.2-service u:object_r:mediacodec_samsung_exec:s0

mediacodec/samsung/sepolicy/genfs_contexts

@@ -0,0 +1 @@
+genfscon sysfs /devices/platform/mfc/video4linux/video u:object_r:sysfs_mfc:s0

mediacodec/samsung/sepolicy/mediacodec_samsung.te

@@ -0,0 +1,37 @@
+type mediacodec_samsung, domain;
+type mediacodec_samsung_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(mediacodec_samsung)
+
+hal_server_domain(mediacodec_samsung, hal_codec2)
+add_service(mediacodec_samsung, eco_service)
+
+vndbinder_use(mediacodec_samsung)
+
+allow mediacodec_samsung video_device:chr_file rw_file_perms;
+allow mediacodec_samsung dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediacodec_samsung gpu_device:chr_file rw_file_perms;
+
+allow mediacodec_samsung sysfs_mfc:file r_file_perms;
+allow mediacodec_samsung sysfs_mfc:dir r_dir_perms;
+
+# can use graphics allocator
+hal_client_domain(mediacodec_samsung, hal_graphics_allocator)
+
+binder_call(mediacodec_samsung, hal_camera_default)
+
+crash_dump_fallback(mediacodec_samsung)
+
+# mediacodec_samsung should never execute any executable without a domain transition
+neverallow mediacodec_samsung { file_type fs_type }:file execute_no_trans;
+
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediacodec_samsung domain:{ udp_socket rawip_socket } *;
+neverallow mediacodec_samsung { domain userdebug_or_eng(`-su') }:tcp_socket *;
+
+userdebug_or_eng(`
+ allow mediacodec_samsung vendor_media_data_file:dir rw_dir_perms;
+ allow mediacodec_samsung vendor_media_data_file:file create_file_perms;
+')