diff --git a/aoc/sepolicy/aocxd.te b/aoc/sepolicy/aocxd.te index bcfcd7b..2eedf48 100644 --- a/aoc/sepolicy/aocxd.te +++ b/aoc/sepolicy/aocxd.te @@ -26,3 +26,6 @@ add_service(aocxd, aocx); # allow managing thread priority allow aocxd self:global_capability_class_set sys_nice; + +allow aocxd dumpstate:fd use; +allow aocxd dumpstate:fifo_file write; diff --git a/aoc/sepolicy/dumpstate.te b/aoc/sepolicy/dumpstate.te new file mode 100644 index 0000000..5b89fe1 --- /dev/null +++ b/aoc/sepolicy/dumpstate.te @@ -0,0 +1,2 @@ +# Allow dumpstate to talk to aocxd over binder +binder_call(dumpstate, aocxd) diff --git a/audio/sepolicy/common/genfs_contexts b/audio/sepolicy/common/genfs_contexts index eaa0c71..c4a3120 100644 --- a/audio/sepolicy/common/genfs_contexts +++ b/audio/sepolicy/common/genfs_contexts @@ -21,3 +21,4 @@ genfscon sysfs /devices/platform/audiometrics/call_count u:ob genfscon sysfs /devices/platform/audiometrics/offload_effects_id u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/audiometrics/offload_effects_duration u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/audiometrics/bt_usage u:object_r:sysfs_pixelstats:s0 +genfscon sysfs /devices/platform/audiometrics/speaker_version u:object_r:sysfs_pixelstats:s0 diff --git a/camera/lyric.mk b/camera/lyric.mk index e3feab3..7762f4d 100644 --- a/camera/lyric.mk +++ b/camera/lyric.mk @@ -11,13 +11,8 @@ ifneq ($(wildcard vendor/google/services/LyricCameraHAL/src),) $(call soong_config_set,gch,hwl_library,lyric) endif -# Check if we're in PDK build -ifeq ($(wildcard vendor/google/camera),) -# If vendor/google/camera doesn't exist, it's a PDK build. -$(call soong_config_set,lyric,pdk_build,true) -else -# Otherwise, it's an internal Google build. -$(call soong_config_set,lyric,pdk_build,false) +# Check if we're in the internal build +ifneq ($(wildcard vendor/google/camera),) PRODUCT_SOONG_NAMESPACES += \ vendor/google/camera \ diff --git a/camera/sepolicy/product/private/service_contexts b/camera/sepolicy/product/private/service_contexts index fed03af..0cb84b4 100644 --- a/camera/sepolicy/product/private/service_contexts +++ b/camera/sepolicy/product/private/service_contexts @@ -1 +1,5 @@ -com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:camera_binder_service:s0 \ No newline at end of file +com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:camera_binder_service:s0 + +com.google.pixel.camera.services.cameraidremapper.ICameraIdRemapper/default u:object_r:camera_cameraidremapper_service:s0 + +com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:camera_lyricconfigprovider_service:s0 diff --git a/camera/sepolicy/product/private/vendor_pbcs_app.te b/camera/sepolicy/product/private/vendor_pbcs_app.te index 54bc0c0..b8a52d2 100644 --- a/camera/sepolicy/product/private/vendor_pbcs_app.te +++ b/camera/sepolicy/product/private/vendor_pbcs_app.te @@ -9,4 +9,10 @@ allow vendor_pbcs_app app_api_service:service_manager find; allow vendor_pbcs_app cameraserver_service:service_manager find; # Allow PBCS to add the ServiceBinder service to ServiceManager. -add_service(vendor_pbcs_app, camera_binder_service); \ No newline at end of file +add_service(vendor_pbcs_app, camera_binder_service); + +# Allow PBCS to add the CameraIdRemapper service to ServiceManager. +add_service(vendor_pbcs_app, camera_cameraidremapper_service); + +# Allow PBCS to add the LyricConfigProvider service to ServiceManager. +add_service(vendor_pbcs_app, camera_lyricconfigprovider_service); diff --git a/camera/sepolicy/product/private/vendor_pcs_app.te b/camera/sepolicy/product/private/vendor_pcs_app.te index 55eeee7..d41adb4 100644 --- a/camera/sepolicy/product/private/vendor_pcs_app.te +++ b/camera/sepolicy/product/private/vendor_pcs_app.te @@ -8,6 +8,8 @@ allow vendor_pcs_app { app_api_service audioserver_service cameraserver_service + camera_cameraidremapper_service + camera_lyricconfigprovider_service drmserver_service mediametrics_service mediaserver_service diff --git a/camera/sepolicy/product/public/service.te b/camera/sepolicy/product/public/service.te index f94fd9f..2cdc125 100644 --- a/camera/sepolicy/product/public/service.te +++ b/camera/sepolicy/product/public/service.te @@ -1 +1,5 @@ -type camera_binder_service, hal_service_type, protected_service, service_manager_type; \ No newline at end of file +type camera_binder_service, hal_service_type, protected_service, service_manager_type; + +type camera_cameraidremapper_service, hal_service_type, protected_service, service_manager_type; + +type camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type; diff --git a/camera/sepolicy/vendor/hal_camera_default.te b/camera/sepolicy/vendor/hal_camera_default.te index 9e7b105..f661eff 100644 --- a/camera/sepolicy/vendor/hal_camera_default.te +++ b/camera/sepolicy/vendor/hal_camera_default.te @@ -1,6 +1,6 @@ allow hal_camera_default camera_binder_service:service_manager find; # Allow Lyric Hal to find the LyricConfigProvider service through ServiceManager. -allow hal_camera_default vendor_camera_lyricconfigprovider_service:service_manager find; +allow hal_camera_default camera_lyricconfigprovider_service:service_manager find; allow hal_camera_default hal_pixel_remote_camera_service:service_manager find; diff --git a/camera/sepolicy/vendor/service.te b/camera/sepolicy/vendor/service.te index 35887ba..513ce05 100644 --- a/camera/sepolicy/vendor/service.te +++ b/camera/sepolicy/vendor/service.te @@ -1,9 +1,5 @@ type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type; -type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type; - type vendor_camera_isp_service, hal_service_type, protected_service, service_manager_type; -type vendor_camera_cameraidremapper_service, hal_service_type, protected_service, service_manager_type; - type vendor_image_processing_hal_service, hal_service_type, protected_service, service_manager_type; diff --git a/camera/sepolicy/vendor/service_contexts b/camera/sepolicy/vendor/service_contexts index 9f5e335..47e13a7 100644 --- a/camera/sepolicy/vendor/service_contexts +++ b/camera/sepolicy/vendor/service_contexts @@ -1,9 +1,5 @@ com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0 -com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:vendor_camera_lyricconfigprovider_service:s0 - com.google.pixel.camera.isp.IIspService/default u:object_r:vendor_camera_isp_service:s0 -com.google.pixel.camera.services.cameraidremapper.ICameraIdRemapper/default u:object_r:vendor_camera_cameraidremapper_service:s0 - com.google.android.imageprocessing.IImageProcessingHal u:object_r:vendor_image_processing_hal_service:s0 diff --git a/camera/sepolicy/vendor/vendor_pbcs_app.te b/camera/sepolicy/vendor/vendor_pbcs_app.te index b25c9a2..965ef54 100644 --- a/camera/sepolicy/vendor/vendor_pbcs_app.te +++ b/camera/sepolicy/vendor/vendor_pbcs_app.te @@ -1,9 +1,9 @@ # Allow PBCS to add the ServiceBinder service to ServiceManager. add_service(vendor_pbcs_app, camera_binder_service); # Allow PBCS to add the LyricConfigProvider service to ServiceManager. -add_service(vendor_pbcs_app, vendor_camera_lyricconfigprovider_service); +add_service(vendor_pbcs_app, camera_lyricconfigprovider_service); # Allow PBCS to add the CameraIdRemapper service to ServiceManager. -add_service(vendor_pbcs_app, vendor_camera_cameraidremapper_service); +add_service(vendor_pbcs_app, camera_cameraidremapper_service); # Allow PBCS to read debug system properties of the form vendor.camera.pbcs.debug.* # and persist.vendor.camera.pbcs.debug.* diff --git a/camera/sepolicy/vendor/vendor_pcs_app.te b/camera/sepolicy/vendor/vendor_pcs_app.te index b4d71b5..068a0f7 100644 --- a/camera/sepolicy/vendor/vendor_pcs_app.te +++ b/camera/sepolicy/vendor/vendor_pcs_app.te @@ -1,6 +1,6 @@ allow vendor_pcs_app { - vendor_camera_lyricconfigprovider_service - vendor_camera_cameraidremapper_service + camera_lyricconfigprovider_service + camera_cameraidremapper_service edgetpu_app_service }:service_manager find; diff --git a/fingerprint/Android.bp b/fingerprint/Android.bp new file mode 100644 index 0000000..b5bd008 --- /dev/null +++ b/fingerprint/Android.bp @@ -0,0 +1,21 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +cc_binary { + name: "dump_fingerprint", + srcs: ["dump_fingerprint.cpp"], + init_rc: ["init.fingerprint.dump.rc"], + cflags: [ + "-Wall", + "-Wextra", + "-Werror", + ], + shared_libs: [ + "libbase", + "libdump", + "liblog", + ], + vendor: true, + relative_install_path: "dump", +} diff --git a/fingerprint/dump_fingerprint.cpp b/fingerprint/dump_fingerprint.cpp new file mode 100644 index 0000000..1c8c7cd --- /dev/null +++ b/fingerprint/dump_fingerprint.cpp @@ -0,0 +1,39 @@ +/* + * Copyright 2024 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include + +static constexpr const char *kTombstonesDirPath = "/data/vendor/tombstones/fingerprint/"; + +int main() { + printf("------ Fingerprint tombstones ------\n"); + std::unique_ptr tombstones_dir(opendir(kTombstonesDirPath), closedir); + if (tombstones_dir) { + dirent *entry; + while ((entry = readdir(tombstones_dir.get())) != nullptr) { + std::string file_name(entry->d_name); + if (!strcmp(file_name.c_str(), ".") || !strcmp(file_name.c_str(), "..")) + continue; + std::string file_path(kTombstonesDirPath + file_name); + dumpFileContent(file_name.c_str(), file_path.c_str()); + } + } + + return 0; +} diff --git a/fingerprint/fingerprint.mk b/fingerprint/fingerprint.mk new file mode 100644 index 0000000..fb3ceda --- /dev/null +++ b/fingerprint/fingerprint.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/fingerprint/sepolicy + +PRODUCT_PACKAGES += dump_fingerprint diff --git a/fingerprint/init.fingerprint.dump.rc b/fingerprint/init.fingerprint.dump.rc new file mode 100644 index 0000000..f00cdc4 --- /dev/null +++ b/fingerprint/init.fingerprint.dump.rc @@ -0,0 +1,2 @@ +on post-fs-data + mkdir /data/vendor/tombstones/fingerprint 0770 system system diff --git a/fingerprint/sepolicy/dump_fingerprint.te b/fingerprint/sepolicy/dump_fingerprint.te new file mode 100644 index 0000000..9af033b --- /dev/null +++ b/fingerprint/sepolicy/dump_fingerprint.te @@ -0,0 +1,5 @@ +pixel_bugreport(dump_fingerprint) + +allow dump_fingerprint fingerprint_vendor_data_file:dir r_dir_perms; +allow dump_fingerprint fingerprint_vendor_data_file:file r_file_perms; + diff --git a/fingerprint/sepolicy/file_contexts b/fingerprint/sepolicy/file_contexts new file mode 100644 index 0000000..a035703 --- /dev/null +++ b/fingerprint/sepolicy/file_contexts @@ -0,0 +1,2 @@ +/vendor/bin/dump/dump_fingerprint u:object_r:dump_fingerprint_exec:s0 +/data/vendor/tombstones/fingerprint(/.*)? u:object_r:fingerprint_vendor_data_file:s0 diff --git a/fingerprint/sepolicy/hal_fingerprint.te b/fingerprint/sepolicy/hal_fingerprint.te new file mode 100644 index 0000000..6e1af7e --- /dev/null +++ b/fingerprint/sepolicy/hal_fingerprint.te @@ -0,0 +1 @@ +allow hal_fingerprint trusty_log_device:chr_file r_file_perms; diff --git a/gps/lsi/sepolicy/file.te b/gps/lsi/sepolicy/file.te deleted file mode 100644 index 246700a..0000000 --- a/gps/lsi/sepolicy/file.te +++ /dev/null @@ -1,5 +0,0 @@ -type vendor_gps_file, file_type, data_file_type; -type sysfs_gps, sysfs_type, fs_type; -userdebug_or_eng(` - typeattribute vendor_gps_file mlstrustedobject; -') diff --git a/gps/lsi/sepolicy/property.te b/gps/lsi/sepolicy/property.te deleted file mode 100644 index 6b62560..0000000 --- a/gps/lsi/sepolicy/property.te +++ /dev/null @@ -1 +0,0 @@ -vendor_internal_prop(vendor_gps_prop) diff --git a/gps/lsi/sepolicy/property_contexts b/gps/lsi/sepolicy/property_contexts deleted file mode 100644 index 4546116..0000000 --- a/gps/lsi/sepolicy/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -vendor.gps. u:object_r:vendor_gps_prop:s0 -persist.vendor.gps. u:object_r:vendor_gps_prop:s0 diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te index 43ff35d..cc63702 100644 --- a/gps/pixel/sepolicy/hal_gnss_pixel.te +++ b/gps/pixel/sepolicy/hal_gnss_pixel.te @@ -1,9 +1,3 @@ -type hal_gnss_pixel, domain; -hal_server_domain(hal_gnss_pixel, hal_gnss) - -type hal_gnss_pixel_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_gnss_pixel) - #IPC between pixel and vendor HAL binder_call(hal_gnss_pixel, hal_gnss_default) diff --git a/gs_watchdogd/gs_watchdogd.cpp b/gs_watchdogd/gs_watchdogd.cpp index 82e01d0..333e023 100644 --- a/gs_watchdogd/gs_watchdogd.cpp +++ b/gs_watchdogd/gs_watchdogd.cpp @@ -19,38 +19,31 @@ #include #include #include +#include -#include #include #include #include #include #include +#include #include -#include +#include #include +#define NSEC_PER_SEC (1000LL * 1000LL * 1000LL) + #define DEV_GLOB "/sys/devices/platform/*.watchdog_cl*/watchdog/watchdog*" -#define DEFAULT_INTERVAL 10s -#define DEFAULT_MARGIN 10s - using android::base::Basename; using android::base::StringPrintf; -using std::literals::chrono_literals::operator""s; -int main(int argc, char** argv) { +int main(int __unused argc, char** argv) { + auto min_timeout_nsecs = std::numeric_limits::max(); + android::base::InitLogging(argv, &android::base::KernelLogger); - std::chrono::seconds interval = argc >= 2 - ? std::chrono::seconds(atoi(argv[1])) : DEFAULT_INTERVAL; - std::chrono::seconds margin = argc >= 3 - ? std::chrono::seconds(atoi(argv[2])) : DEFAULT_MARGIN; - - LOG(INFO) << "gs_watchdogd started (interval " << interval.count() - << ", margin " << margin.count() << ")!"; - glob_t globbuf; int ret = glob(DEV_GLOB, GLOB_MARK, nullptr, &globbuf); if (ret) { @@ -61,8 +54,7 @@ int main(int argc, char** argv) { std::vector wdt_dev_fds; for (size_t i = 0; i < globbuf.gl_pathc; i++) { - std::chrono::seconds timeout = interval + margin; - int timeout_secs = timeout.count(); + int timeout_secs; std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[i]).c_str()); int fd = TEMP_FAILURE_RETRY(open(dev_path.c_str(), O_RDWR | O_CLOEXEC)); @@ -71,29 +63,39 @@ int main(int argc, char** argv) { return 1; } - wdt_dev_fds.emplace_back(fd); - ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout_secs); + ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout_secs); if (ret) { - PLOG(ERROR) << "Failed to set timeout to " << timeout_secs; - ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout_secs); - if (ret) { - PLOG(ERROR) << "Failed to get timeout"; - } else { - interval = timeout > margin ? timeout - margin : 1s; - LOG(WARNING) << "Adjusted interval to timeout returned by driver: " - << "timeout " << timeout_secs - << ", interval " << interval.count() - << ", margin " << margin.count(); - } + PLOG(ERROR) << "Failed to get timeout on " << dev_path; + continue; + } else { + min_timeout_nsecs = std::min(min_timeout_nsecs, NSEC_PER_SEC * timeout_secs); } + + wdt_dev_fds.emplace_back(fd); } globfree(&globbuf); + if (wdt_dev_fds.empty()) { + LOG(ERROR) << "no valid wdt dev found"; + return 1; + } + + timespec ts; + auto result = div(min_timeout_nsecs / 2, NSEC_PER_SEC); + ts.tv_sec = result.quot; + ts.tv_nsec = result.rem; + while (true) { + timespec rem = ts; + for (const auto& fd : wdt_dev_fds) { TEMP_FAILURE_RETRY(write(fd, "", 1)); } - sleep(interval.count()); + + if (TEMP_FAILURE_RETRY(nanosleep(&rem, &rem))) { + PLOG(ERROR) << "nanosleep failed"; + return 1; + } } } diff --git a/gs_watchdogd/init.gs_watchdogd.rc b/gs_watchdogd/init.gs_watchdogd.rc index f58ce50..23d5fb2 100644 --- a/gs_watchdogd/init.gs_watchdogd.rc +++ b/gs_watchdogd/init.gs_watchdogd.rc @@ -1,5 +1,5 @@ -# Set watchdog timer to 30 seconds and pet it every 10 seconds to get a 20 second margin -service gs_watchdogd /system_ext/bin/gs_watchdogd 10 20 +# Pet watchdog timer every half of its timeout period. +service gs_watchdogd /system_ext/bin/gs_watchdogd class core oneshot seclabel u:r:gs_watchdogd:s0 diff --git a/power/Android.bp b/power/Android.bp new file mode 100644 index 0000000..b70372c --- /dev/null +++ b/power/Android.bp @@ -0,0 +1,10 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +prebuilt_etc { + name: "init.power-gs.rc", + src: "init.power-gs.rc", + vendor: true, + sub_dir: "init", +} diff --git a/power/OWNERS b/power/OWNERS new file mode 100644 index 0000000..09c47ea --- /dev/null +++ b/power/OWNERS @@ -0,0 +1,5 @@ +joaodias@google.com +frankvarela@google.com +krossmo@google.com +cozette@google.com +dennisyee@google.com diff --git a/power/init.power-gs.rc b/power/init.power-gs.rc new file mode 100644 index 0000000..03748a2 --- /dev/null +++ b/power/init.power-gs.rc @@ -0,0 +1,3 @@ +on property:sys.boot_completed=1 + # Reduce pm_freeze_timeout value + write /sys/power/pm_freeze_timeout 1000 diff --git a/power/power.mk b/power/power.mk new file mode 100644 index 0000000..336cd96 --- /dev/null +++ b/power/power.mk @@ -0,0 +1 @@ +PRODUCT_PACKAGES += init.power-gs.rc diff --git a/storage/init.storage.rc b/storage/init.storage.rc index 9cad2ea..9e4acd4 100644 --- a/storage/init.storage.rc +++ b/storage/init.storage.rc @@ -1,3 +1,11 @@ +on init + # Make foreground and background I/O priority different. none-to-rt was + # introduced in kernel 5.14. promote-to-rt was introduced in kernel 6.5. + # Write none-to-rt first and promote-to-rt next to support both older and + # newer kernel versions. + write /dev/blkio/blkio.prio.class none-to-rt + write /dev/blkio/blkio.prio.class promote-to-rt + on property:ro.build.type=userdebug write /dev/sys/block/bootdevice/pixel/enable_pixel_ufs_logging 1 chown system /dev/sg3