From f15086f3d99e094c503bdb9776bb90fd4796a39d Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 5 Sep 2022 11:05:32 +0800
Subject: [PATCH 1/3] move insmod script to gs-common

Bug: 243763292
Test: boot to home
Change-Id: I43b281a5b1c77d1388bac356b6b2bf267dbe099c
---
 insmod/Android.bp      | 13 ++++++++
 insmod/init.common.cfg | 11 +++++++
 insmod/init.insmod.rc  | 10 +++++++
 insmod/insmod.mk       |  3 ++
 insmod/insmod.sh       | 67 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 104 insertions(+)
 create mode 100644 insmod/Android.bp
 create mode 100644 insmod/init.common.cfg
 create mode 100644 insmod/init.insmod.rc
 create mode 100644 insmod/insmod.mk
 create mode 100755 insmod/insmod.sh

diff --git a/insmod/Android.bp b/insmod/Android.bp
new file mode 100644
index 0000000..084fd2c
--- /dev/null
+++ b/insmod/Android.bp
@@ -0,0 +1,13 @@
+sh_binary {
+    name: "insmod.sh",
+    src: "insmod.sh",
+    init_rc: ["init.insmod.rc"],
+    vendor: true,
+}
+
+prebuilt_etc {
+    name: "init.common.cfg",
+    src: "init.common.cfg",
+    vendor: true,
+}
+
diff --git a/insmod/init.common.cfg b/insmod/init.common.cfg
new file mode 100644
index 0000000..3a81fd2
--- /dev/null
+++ b/insmod/init.common.cfg
@@ -0,0 +1,11 @@
+####################################################
+#           init.insmod.common.cfg                 #
+# This file contains common kernel modules to load #
+# at init time by init.insmod.sh script            #
+####################################################
+
+# Load common kernel modules
+# Modules here will be loaded *before* device specific modules
+modprobe|-b *
+# All common modules loaded
+setprop|vendor.common.modules.ready
diff --git a/insmod/init.insmod.rc b/insmod/init.insmod.rc
new file mode 100644
index 0000000..de23b5b
--- /dev/null
+++ b/insmod/init.insmod.rc
@@ -0,0 +1,10 @@
+on init
+    # Loading common kernel modules in background
+    start insmod_sh
+
+service insmod_sh /vendor/bin/insmod.sh /vendor/etc/init.common.cfg
+    class main
+    user root
+    group root system
+    disabled
+    oneshot
diff --git a/insmod/insmod.mk b/insmod/insmod.mk
new file mode 100644
index 0000000..ac8d555
--- /dev/null
+++ b/insmod/insmod.mk
@@ -0,0 +1,3 @@
+PRODUCT_PACKAGES += \
+        insmod.sh \
+        init.common.cfg
diff --git a/insmod/insmod.sh b/insmod/insmod.sh
new file mode 100755
index 0000000..2c434ef
--- /dev/null
+++ b/insmod/insmod.sh
@@ -0,0 +1,67 @@
+#!/vendor/bin/sh
+
+#############################################################
+### init.insmod.cfg format:                               ###
+### ----------------------------------------------------- ###
+### [insmod|setprop|enable/moprobe|wait] [path|prop name] ###
+### ...                                                   ###
+#############################################################
+
+modules_dir=
+
+for f in /vendor/lib/modules/*/modules.dep /vendor/lib/modules/modules.dep; do
+  if [[ -f "$f" ]]; then
+    modules_dir="$(dirname "$f")"
+    break
+  fi
+done
+
+if [[ -z "${modules_dir}" ]]; then
+  echo "Unable to locate kernel modules directory" 2>&1
+  exit 1
+fi
+
+# imitates wait_for_file() in init
+wait_for_file()
+{
+    filename="${1}"
+    timeout="${2:-5}"
+
+    expiry=$(($(date "+%s")+timeout))
+    while [[ ! -e "${filename}" ]] && [[ "$(date "+%s")" -le "${expiry}" ]]
+    do
+        sleep 0.01
+    done
+}
+
+if [ $# -eq 1 ]; then
+  cfg_file=$1
+else
+  # Set property even if there is no insmod config
+  # to unblock early-boot trigger
+  setprop vendor.common.modules.ready
+  setprop vendor.device.modules.ready
+  setprop vendor.all.modules.ready
+  setprop vendor.all.devices.ready
+  exit 1
+fi
+
+if [ -f $cfg_file ]; then
+  while IFS="|" read -r action arg
+  do
+    case $action in
+      "insmod") insmod $arg ;;
+      "setprop") setprop $arg 1 ;;
+      "enable") echo 1 > $arg ;;
+      "modprobe")
+        case ${arg} in
+          "-b *" | "-b")
+            arg="-b --all=${modules_dir}/modules.load" ;;
+          "*" | "")
+            arg="--all=${modules_dir}/modules.load" ;;
+        esac
+        modprobe -a -d "${modules_dir}" $arg ;;
+      "wait") wait_for_file $arg ;;
+    esac
+  done < $cfg_file
+fi

From 8e524374dd09303a4999e32a258e402ae5bc3b6d Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Tue, 6 Sep 2022 10:36:43 +0800
Subject: [PATCH 2/3] move insert module script sepolicy to gs-common

Bug: 243763292
Test: boot to home with no relevant SELinux error
Change-Id: I6646fa4433fc1ccb94ac05f9cc8d7076a6a2d8cf
---
 insmod/insmod.mk                  |  1 +
 insmod/sepolicy/file_contexts     |  5 +++++
 insmod/sepolicy/insmod-sh.te      | 11 +++++++++++
 insmod/sepolicy/property.te       |  1 +
 insmod/sepolicy/property_contexts |  5 +++++
 5 files changed, 23 insertions(+)
 create mode 100644 insmod/sepolicy/file_contexts
 create mode 100644 insmod/sepolicy/insmod-sh.te
 create mode 100644 insmod/sepolicy/property.te
 create mode 100644 insmod/sepolicy/property_contexts

diff --git a/insmod/insmod.mk b/insmod/insmod.mk
index ac8d555..aa2261a 100644
--- a/insmod/insmod.mk
+++ b/insmod/insmod.mk
@@ -1,3 +1,4 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/insmod/sepolicy
 PRODUCT_PACKAGES += \
         insmod.sh \
         init.common.cfg
diff --git a/insmod/sepolicy/file_contexts b/insmod/sepolicy/file_contexts
new file mode 100644
index 0000000..e048641
--- /dev/null
+++ b/insmod/sepolicy/file_contexts
@@ -0,0 +1,5 @@
+# Vendor_kernel_modules
+/vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0
+
+/vendor/bin/insmod\.sh          u:object_r:insmod-sh_exec:s0
+
diff --git a/insmod/sepolicy/insmod-sh.te b/insmod/sepolicy/insmod-sh.te
new file mode 100644
index 0000000..d7b4f72
--- /dev/null
+++ b/insmod/sepolicy/insmod-sh.te
@@ -0,0 +1,11 @@
+type insmod-sh, domain;
+type insmod-sh_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(insmod-sh)
+
+allow insmod-sh self:capability sys_module;
+allow insmod-sh vendor_kernel_modules:system module_load;
+allow insmod-sh vendor_toolbox_exec:file execute_no_trans;
+
+set_prop(insmod-sh, vendor_device_prop)
+
+dontaudit insmod-sh proc_cmdline:file r_file_perms;
diff --git a/insmod/sepolicy/property.te b/insmod/sepolicy/property.te
new file mode 100644
index 0000000..50f7b34
--- /dev/null
+++ b/insmod/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_device_prop)
diff --git a/insmod/sepolicy/property_contexts b/insmod/sepolicy/property_contexts
new file mode 100644
index 0000000..1e871b6
--- /dev/null
+++ b/insmod/sepolicy/property_contexts
@@ -0,0 +1,5 @@
+# Kernel modules related
+vendor.common.modules.ready     u:object_r:vendor_device_prop:s0
+vendor.device.modules.ready     u:object_r:vendor_device_prop:s0
+vendor.all.modules.ready        u:object_r:vendor_device_prop:s0
+vendor.all.devices.ready        u:object_r:vendor_device_prop:s0

From e4a75e452a88df14061e0b3735a9ee264265a66e Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Tue, 6 Sep 2022 14:53:47 +0800
Subject: [PATCH 3/3] rename rc to avoid name collision

Bug: 245233839
Test: build pass
Change-Id: I9057ac78d1197fd098290282552805f91b80f02a
---
 insmod/Android.bp                         | 2 +-
 insmod/{init.insmod.rc => init.module.rc} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename insmod/{init.insmod.rc => init.module.rc} (100%)

diff --git a/insmod/Android.bp b/insmod/Android.bp
index 084fd2c..4db5de5 100644
--- a/insmod/Android.bp
+++ b/insmod/Android.bp
@@ -1,7 +1,7 @@
 sh_binary {
     name: "insmod.sh",
     src: "insmod.sh",
-    init_rc: ["init.insmod.rc"],
+    init_rc: ["init.module.rc"],
     vendor: true,
 }
 
diff --git a/insmod/init.insmod.rc b/insmod/init.module.rc
similarity index 100%
rename from insmod/init.insmod.rc
rename to insmod/init.module.rc