From a0708c27232717b340620112a9894eb5095bfe67 Mon Sep 17 00:00:00 2001
From: Daniel Chapin <chapin@google.com>
Date: Tue, 5 Mar 2024 00:55:40 +0000
Subject: [PATCH 1/4] Revert "Add betterbug folder to gs-common"

Revert submission 26348985-bb-sepolicy-poc

Reason for revert: Droidfood blocking bug: b/327991669

Bug: 327991669

Reverted changes: /q/submissionid:26348985-bb-sepolicy-poc
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:aca06d61c64f947252808f73fbe01fdda5109c0e)
Merged-In: I0fe0bb22e293093d941b4d8ba826c8c8689a370d
Change-Id: I0fe0bb22e293093d941b4d8ba826c8c8689a370d
24D1-dev is based on 24Q2-release. Therefore, we merged this CL to 24D1-dev.
---
 betterbug/betterbug.mk                            |  5 -----
 .../sepolicy/product/private/better_bug_app.te    | 15 ---------------
 betterbug/sepolicy/product/private/seapp_contexts |  2 --
 .../sepolicy/product/public/better_bug_app.te     |  1 -
 4 files changed, 23 deletions(-)
 delete mode 100644 betterbug/betterbug.mk
 delete mode 100644 betterbug/sepolicy/product/private/better_bug_app.te
 delete mode 100644 betterbug/sepolicy/product/private/seapp_contexts
 delete mode 100644 betterbug/sepolicy/product/public/better_bug_app.te

diff --git a/betterbug/betterbug.mk b/betterbug/betterbug.mk
deleted file mode 100644
index f3ae647..0000000
--- a/betterbug/betterbug.mk
+++ /dev/null
@@ -1,5 +0,0 @@
-PRODUCT_PACKAGES += BetterBugStub
-PRODUCT_PACKAGES_DEBUG += BetterBug
-
-PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/public
-PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/private
diff --git a/betterbug/sepolicy/product/private/better_bug_app.te b/betterbug/sepolicy/product/private/better_bug_app.te
deleted file mode 100644
index bb50612..0000000
--- a/betterbug/sepolicy/product/private/better_bug_app.te
+++ /dev/null
@@ -1,15 +0,0 @@
-typeattribute better_bug_app coredomain;
-
-app_domain(better_bug_app)
-net_domain(better_bug_app)
-
-allow better_bug_app shell_data_file:file read;
-allow better_bug_app privapp_data_file:file execute;
-
-allow better_bug_app app_api_service:service_manager find;
-allow better_bug_app system_api_service:service_manager find;
-allow better_bug_app mediaserver_service:service_manager find;
-
-set_prop(better_bug_app, ctl_start_prop)
-
-get_prop(better_bug_app, system_boot_reason_prop)
diff --git a/betterbug/sepolicy/product/private/seapp_contexts b/betterbug/sepolicy/product/private/seapp_contexts
deleted file mode 100644
index 261e710..0000000
--- a/betterbug/sepolicy/product/private/seapp_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# BetterBug
-user=_app isPrivApp=true name=com.google.android.apps.internal.betterbug domain=better_bug_app type=app_data_file levelFrom=all
diff --git a/betterbug/sepolicy/product/public/better_bug_app.te b/betterbug/sepolicy/product/public/better_bug_app.te
deleted file mode 100644
index 9a14782..0000000
--- a/betterbug/sepolicy/product/public/better_bug_app.te
+++ /dev/null
@@ -1 +0,0 @@
-type better_bug_app, domain;

From de061720c32c4bbdf8a814e87ac39ef200e46322 Mon Sep 17 00:00:00 2001
From: Woody Lin <woodylin@google.com>
Date: Mon, 15 Jan 2024 16:01:32 +0800
Subject: [PATCH 2/4] gs_watchdogd: Support multiple watchdog char devices

Handles systems with multiple watchdog hardware blocks. Identifies
each watchdog via the glob pattern
`/sys/devices/platform/*.watchdog_cl*/watchdog/watchdog*` to sysfs
path, and initializes and services each of them.

Bug: 295364297
Change-Id: I785c84e492a2286a5155a5b4692dae2a95df0cc4
---
 gs_watchdogd/gs_watchdogd.cpp | 75 ++++++++++++++++++++---------------
 1 file changed, 43 insertions(+), 32 deletions(-)

diff --git a/gs_watchdogd/gs_watchdogd.cpp b/gs_watchdogd/gs_watchdogd.cpp
index 59b089c..82e01d0 100644
--- a/gs_watchdogd/gs_watchdogd.cpp
+++ b/gs_watchdogd/gs_watchdogd.cpp
@@ -14,9 +14,11 @@
  * limitations under the License.
  */
 
+#include <android-base/chrono_utils.h>
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/stringprintf.h>
+#include <android-base/unique_fd.h>
 
 #include <errno.h>
 #include <fcntl.h>
@@ -26,21 +28,28 @@
 #include <string.h>
 #include <unistd.h>
 
-#define DEV_GLOB "/sys/devices/platform/*.watchdog_cl0/watchdog/watchdog*"
+#include <chrono>
+#include <vector>
+
+#define DEV_GLOB "/sys/devices/platform/*.watchdog_cl*/watchdog/watchdog*"
+
+#define DEFAULT_INTERVAL 10s
+#define DEFAULT_MARGIN 10s
 
 using android::base::Basename;
 using android::base::StringPrintf;
+using std::literals::chrono_literals::operator""s;
 
 int main(int argc, char** argv) {
     android::base::InitLogging(argv, &android::base::KernelLogger);
 
-    int interval = 10;
-    if (argc >= 2) interval = atoi(argv[1]);
+    std::chrono::seconds interval = argc >= 2
+        ? std::chrono::seconds(atoi(argv[1])) : DEFAULT_INTERVAL;
+    std::chrono::seconds margin = argc >= 3
+        ? std::chrono::seconds(atoi(argv[2])) : DEFAULT_MARGIN;
 
-    int margin = 10;
-    if (argc >= 3) margin = atoi(argv[2]);
-
-    LOG(INFO) << "gs_watchdogd started (interval " << interval << ", margin " << margin << ")!";
+    LOG(INFO) << "gs_watchdogd started (interval " << interval.count()
+              << ", margin " << margin.count() << ")!";
 
     glob_t globbuf;
     int ret = glob(DEV_GLOB, GLOB_MARK, nullptr, &globbuf);
@@ -49,40 +58,42 @@ int main(int argc, char** argv) {
         return 1;
     }
 
-    if (globbuf.gl_pathc > 1) {
-        PLOG(WARNING) << "Multiple watchdog dev path found by " << DEV_GLOB;
-    }
+    std::vector<android::base::unique_fd> wdt_dev_fds;
 
-    std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[0]).c_str());
-    globfree(&globbuf);
+    for (size_t i = 0; i < globbuf.gl_pathc; i++) {
+        std::chrono::seconds timeout = interval + margin;
+        int timeout_secs = timeout.count();
+        std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[i]).c_str());
 
-    int fd = open(dev_path.c_str(), O_RDWR | O_CLOEXEC);
-    if (fd == -1) {
-        PLOG(ERROR) << "Failed to open " << dev_path;
-        return 1;
-    }
+        int fd = TEMP_FAILURE_RETRY(open(dev_path.c_str(), O_RDWR | O_CLOEXEC));
+        if (fd == -1) {
+            PLOG(ERROR) << "Failed to open " << dev_path;
+            return 1;
+        }
 
-    int timeout = interval + margin;
-    ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout);
-    if (ret) {
-        PLOG(ERROR) << "Failed to set timeout to " << timeout;
-        ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout);
+        wdt_dev_fds.emplace_back(fd);
+        ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout_secs);
         if (ret) {
-            PLOG(ERROR) << "Failed to get timeout";
-        } else {
-            if (timeout > margin) {
-                interval = timeout - margin;
+            PLOG(ERROR) << "Failed to set timeout to " << timeout_secs;
+            ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout_secs);
+            if (ret) {
+                PLOG(ERROR) << "Failed to get timeout";
             } else {
-                interval = 1;
+                interval = timeout > margin ? timeout - margin : 1s;
+                LOG(WARNING) << "Adjusted interval to timeout returned by driver: "
+                             << "timeout " << timeout_secs
+                             << ", interval " << interval.count()
+                             << ", margin " << margin.count();
             }
-            LOG(WARNING) << "Adjusted interval to timeout returned by driver: "
-                         << "timeout " << timeout << ", interval " << interval << ", margin "
-                         << margin;
         }
     }
 
+    globfree(&globbuf);
+
     while (true) {
-        write(fd, "", 1);
-        sleep(interval);
+        for (const auto& fd : wdt_dev_fds) {
+            TEMP_FAILURE_RETRY(write(fd, "", 1));
+        }
+        sleep(interval.count());
     }
 }

From 3133d362a4bff2f89f486f27eb555bd57ac5150e Mon Sep 17 00:00:00 2001
From: Klines Jiang <klinesjiang@google.com>
Date: Mon, 25 Mar 2024 08:58:41 +0000
Subject: [PATCH 3/4] [Gyotaku] Update the build rule to exclude build Gyotaku
 dump for barbet

Pixel 5a (barbet) does not support Pixel dump, we need to exclude build
Pixel dump for Pixel 5a (barbet). The git_24Q2-beta-release TARGET_PRODUCT is barbet_beta, updated to barbet% for all barbet target products.

Bug: 330819191

Test: Local build and trigger a new build the result passed
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d4de4ddf902f75ebcb6b0e1079e78b8a96410ed5)
Merged-In: I2c1785105bab74a483bc68893d96a8a88eabfd90
Change-Id: I2c1785105bab74a483bc68893d96a8a88eabfd90
24D1-dev is based on 24Q2-release. Therefore, we merged this CL to 24D1-dev.
---
 gyotaku_app/gyotaku.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gyotaku_app/gyotaku.mk b/gyotaku_app/gyotaku.mk
index c6c41d5..8a6bb10 100644
--- a/gyotaku_app/gyotaku.mk
+++ b/gyotaku_app/gyotaku.mk
@@ -6,7 +6,7 @@ ifneq ($(TARGET_BUILD_VARIANT), user)
       BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/sepolicy/
 
       # Pixel 5a (barbet) does not support Pixel dump
-      ifneq ($(TARGET_PRODUCT), barbet)
+      ifeq (,$(filter barbet%,$(TARGET_PRODUCT)))
         PRODUCT_PACKAGES_DEBUG += dump_gyotaku
         BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/dump
       endif

From 099d9ea0a95ffdf7eb30c2712fbb613e8464f8fd Mon Sep 17 00:00:00 2001
From: Hongyang Jiao <jiaohy@google.com>
Date: Tue, 5 Mar 2024 23:12:07 +0000
Subject: [PATCH 4/4] Add betterbug folder to gs-common

Better Bug was previously labeled as priv_app, here we kept the same 'type=privapp_data_file levelFrom=user'

Copied some Better Bug used rules from system/sepolicy/private/priv_app.te.
(https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:system/sepolicy/private/priv_app.te;l=1?q=priv_app.te)

Test: local test
Bug: 322543833
Change-Id: Ia029e855dd46e65b9eec31835ccaabb3cb903058
---
 betterbug/betterbug.mk                        |  5 ++
 .../product/private/better_bug_app.te         | 47 +++++++++++++++++++
 .../sepolicy/product/private/seapp_contexts   |  2 +
 .../sepolicy/product/public/better_bug_app.te |  1 +
 4 files changed, 55 insertions(+)
 create mode 100644 betterbug/betterbug.mk
 create mode 100644 betterbug/sepolicy/product/private/better_bug_app.te
 create mode 100644 betterbug/sepolicy/product/private/seapp_contexts
 create mode 100644 betterbug/sepolicy/product/public/better_bug_app.te

diff --git a/betterbug/betterbug.mk b/betterbug/betterbug.mk
new file mode 100644
index 0000000..f3ae647
--- /dev/null
+++ b/betterbug/betterbug.mk
@@ -0,0 +1,5 @@
+PRODUCT_PACKAGES += BetterBugStub
+PRODUCT_PACKAGES_DEBUG += BetterBug
+
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/private
diff --git a/betterbug/sepolicy/product/private/better_bug_app.te b/betterbug/sepolicy/product/private/better_bug_app.te
new file mode 100644
index 0000000..26e0565
--- /dev/null
+++ b/betterbug/sepolicy/product/private/better_bug_app.te
@@ -0,0 +1,47 @@
+typeattribute better_bug_app coredomain;
+
+app_domain(better_bug_app)
+net_domain(better_bug_app)
+
+allow better_bug_app app_api_service:service_manager find;
+allow better_bug_app mediaserver_service:service_manager find;
+allow better_bug_app radio_service:service_manager find;
+allow better_bug_app system_api_service:service_manager find;
+
+allow better_bug_app privapp_data_file:file execute;
+allow better_bug_app privapp_data_file:lnk_file r_file_perms;
+allow better_bug_app shell_data_file:file r_file_perms;
+allow better_bug_app shell_data_file:dir r_dir_perms;
+
+# Allow traceur to pass file descriptors through a content provider to betterbug
+allow better_bug_app trace_data_file:file { getattr read };
+
+# Allow betterbug to read profile reports generated by profcollect.
+userdebug_or_eng(`
+  allow better_bug_app profcollectd_data_file:file r_file_perms;
+')
+
+# Allow BetterBug access to WM traces attributes
+allow better_bug_app wm_trace_data_file:dir r_dir_perms;
+allow better_bug_app wm_trace_data_file:file getattr;
+
+# Allow the bug reporting frontend to read the presence and timestamp of the
+# trace attached to the bugreport (but not its contents, which will go in the
+# usual bugreport .zip file). This is used by the bug reporting UI to tell if
+# the bugreport will contain a system trace or not while the bugreport is still
+# in progress.
+allow better_bug_app perfetto_traces_bugreport_data_file:dir r_dir_perms;
+allow better_bug_app perfetto_traces_bugreport_data_file:file { getattr };
+
+# Allow BetterBug to receive Perfetto traces through the framework
+# (i.e. TracingServiceProxy) and sendfile them into their private
+# directories for reporting when network and battery conditions are
+# appropriate.
+allow better_bug_app perfetto:fd use;
+allow better_bug_app perfetto_traces_data_file:file { read getattr };
+
+# Allow BetterBug to set property to start vendor.touch_dumpstate
+set_prop(better_bug_app, ctl_start_prop)
+
+# Allow BetterBug to read system boot reason
+get_prop(better_bug_app, system_boot_reason_prop)
diff --git a/betterbug/sepolicy/product/private/seapp_contexts b/betterbug/sepolicy/product/private/seapp_contexts
new file mode 100644
index 0000000..77fe3e1
--- /dev/null
+++ b/betterbug/sepolicy/product/private/seapp_contexts
@@ -0,0 +1,2 @@
+# BetterBug
+user=_app isPrivApp=true name=com.google.android.apps.internal.betterbug domain=better_bug_app type=privapp_data_file levelFrom=user
diff --git a/betterbug/sepolicy/product/public/better_bug_app.te b/betterbug/sepolicy/product/public/better_bug_app.te
new file mode 100644
index 0000000..9a14782
--- /dev/null
+++ b/betterbug/sepolicy/product/public/better_bug_app.te
@@ -0,0 +1 @@
+type better_bug_app, domain;