From d6d0daa2fa227986c5efdb6d93260ff80eabf373 Mon Sep 17 00:00:00 2001 From: TeYuan Wang Date: Thu, 7 Nov 2024 18:34:24 +0000 Subject: [PATCH 01/41] thermal: update sepolicy for thermal powercap framework Bug: 381132895 Test: check no selinux denied log Flag: EXEMPT sepolicy change Change-Id: Id6578c3f3eefdc6dc09fe0d7b469da7c8877d9d2 --- thermal/sepolicy/thermal_hal/genfs_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/thermal/sepolicy/thermal_hal/genfs_contexts b/thermal/sepolicy/thermal_hal/genfs_contexts index 3000fa0..699d0ca 100644 --- a/thermal/sepolicy/thermal_hal/genfs_contexts +++ b/thermal/sepolicy/thermal_hal/genfs_contexts @@ -1,3 +1,5 @@ genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/virtual/powercap u:object_r:sysfs_thermal:s0 genfscon sysfs /class/thermal u:object_r:sysfs_thermal:s0 +genfscon sysfs /class/powercap u:object_r:sysfs_thermal:s0 genfscon debugfs /gs101-thermal u:object_r:debugfs_thermal:s0 From 0c57ab86da5a579bf725c86703053add9e074687 Mon Sep 17 00:00:00 2001 From: Richard Chang Date: Mon, 6 Jan 2025 11:18:55 +0000 Subject: [PATCH 02/41] dumpstate: add readtracefs group permission for vendor dumpstate service Fix the permission problem when bugreport wants to read pixel trace node /sys/kernel/tracing/instances/pixel/trace. Bug: 387943504 Test: adb bugreport Test: adb shell dumpsys android.hardware.dumpstate.IDumpstateDevice/default dump_memory Test: system-ui trigger bugreport Flag: EXEMPT bugfix Change-Id: I2e666e8a1e40bce83b1f8c1b447e2d64e8912098 --- gear/dumpstate/android.hardware.dumpstate-service.rc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gear/dumpstate/android.hardware.dumpstate-service.rc b/gear/dumpstate/android.hardware.dumpstate-service.rc index ee69a68..3aba985 100644 --- a/gear/dumpstate/android.hardware.dumpstate-service.rc +++ b/gear/dumpstate/android.hardware.dumpstate-service.rc @@ -1,5 +1,5 @@ service vendor.dumpstate-default /vendor/bin/hw/android.hardware.dumpstate-service class hal user system - group system shell + group system shell readtracefs interface aidl android.hardware.dumpstate.IDumpstateDevice/default From 787e3b81dd82d63f38964c4114cfa9987839c296 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Tue, 7 Jan 2025 16:40:21 -0800 Subject: [PATCH 03/41] Mount rw to get restorecon_recursive working Bug: 378120929 Test: Boot and check selabel in /data/vendor/intelligence Flag: EXEMPT bugfix Change-Id: I0d3d391629248f7014c28b5f74bb95b50626c99d Signed-off-by: Jaegeuk Kim --- storage/storage.intelligence.rc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/storage/storage.intelligence.rc b/storage/storage.intelligence.rc index 85586ab..f22d813 100644 --- a/storage/storage.intelligence.rc +++ b/storage/storage.intelligence.rc @@ -10,8 +10,9 @@ service storage_intelligence /vendor/bin/storage_intelligence.sh on boot && property:persist.vendor.intelligence=on mkdir /data/vendor/intelligence 0770 vendor_intelligence vendor_intelligence + mount f2fs loop@/dev/block/by-name/userdata_exp.ai /data/vendor/intelligence rw restorecon_recursive /data/vendor/intelligence - mount f2fs loop@/dev/block/by-name/userdata_exp.ai /data/vendor/intelligence ro + mount f2fs /data/vendor/intelligence /data/vendor/intelligence remount ro start storage_intelligence on boot && property:persist.vendor.intelligence=off From 8e3e5d6db13d3f1cf7987c9370df42f41bcbeafb Mon Sep 17 00:00:00 2001 From: Edwin Tung Date: Wed, 8 Jan 2025 11:13:34 +0800 Subject: [PATCH 04/41] dump_gps: fix dump fail if gps folder existed Flag: EXEMPT logs collection. Bug: 387195808 Test: check gps files in dumpstate Change-Id: I972645e70827de0aad949d607809d655351c121a --- gps/dump/dump_gps.cpp | 46 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/gps/dump/dump_gps.cpp b/gps/dump/dump_gps.cpp index 7ef9cb3..c2d65c8 100644 --- a/gps/dump/dump_gps.cpp +++ b/gps/dump/dump_gps.cpp @@ -118,6 +118,46 @@ void dumpLogsAscending(const char* SrcDir, const char* DestDir, int limit, const return; } +void deleteRecursively(const char* dest_dir) { + struct dirent **dirent_list; + int num_entries = scandir(dest_dir, &dirent_list, 0, alphasort); + if (num_entries < 0) { + printf("Unable to scan dir: %s.\n", dest_dir); + return; + } + + for (int i = 0; i < num_entries; i++) { + char path[1024]; + snprintf(path, sizeof(path), "%s/%s", dest_dir, dirent_list[i]->d_name); + + if (strcmp(dirent_list[i]->d_name, ".") == 0 || strcmp(dirent_list[i]->d_name, "..") == 0) { + free(dirent_list[i]); + continue; + } + + struct stat statbuf; + if (stat(path, &statbuf) == 0) { + if (S_ISDIR(statbuf.st_mode)) { + deleteRecursively(path); + } else { + printf("Delete %s\n", path); + if (unlink(path) != 0) { + printf("Unable to delete file: %s\n", path); + } + } + } else { + printf("Unable to get file status: %s\n", path); + } + free(dirent_list[i]); + } + + free(dirent_list); + + if (rmdir(dest_dir) != 0) { + printf("Unable to delete directory: %s\n", dest_dir); + } +} + int main() { if(!::android::base::GetBoolProperty("vendor.gps.aol.enabled", false)) { printf("vendor.gps.aol.enabled is false. gps logging is not running.\n"); @@ -125,6 +165,12 @@ int main() { } int maxFileNum = ::android::base::GetIntProperty(GPS_LOG_NUMBER_PROPERTY, 20); std::string outputDir = concatenatePath(BUGREPORT_PACKING_DIR, "gps"); + + struct stat statbuf; + if (stat(outputDir.c_str(), &statbuf) == 0) { + printf("Directory %s already exists, delete\n", outputDir.c_str()); + deleteRecursively(outputDir.c_str()); + } if (mkdir(outputDir.c_str(), 0777) == -1) { printf("Unable to create folder: %s\n", outputDir.c_str()); return 0; From f720f9e87e5ec256acdd4b442deb5845fb00601c Mon Sep 17 00:00:00 2001 From: Hyungwoo Yang Date: Fri, 20 Dec 2024 07:49:29 +0000 Subject: [PATCH 05/41] Add sepolicy for Twoshay Notification Service Test: The notification service is successfully running. Flag: com.google.android.input.twoshay.flags.enable_notification_service Bug: 385001604 Change-Id: I8bb8a894ecc88d588e867022a0c61d8d8a5560ca Signed-off-by: Hyungwoo Yang --- touch/twoshay/aidl/compatibility_matrix_zuma.xml | 14 +++++++++++--- touch/twoshay/aidl/manifest_zuma.xml | 14 +++++++++++--- touch/twoshay/sepolicy/platform_app.te | 1 + touch/twoshay/sepolicy/service.te | 1 + touch/twoshay/sepolicy/service_contexts | 1 + touch/twoshay/sepolicy/twoshay.te | 1 + 6 files changed, 26 insertions(+), 6 deletions(-) diff --git a/touch/twoshay/aidl/compatibility_matrix_zuma.xml b/touch/twoshay/aidl/compatibility_matrix_zuma.xml index 0a40501..309e5bd 100644 --- a/touch/twoshay/aidl/compatibility_matrix_zuma.xml +++ b/touch/twoshay/aidl/compatibility_matrix_zuma.xml @@ -1,15 +1,23 @@ com.google.input - 2-4 + 2-5 ITouchContextService default + + com.google.input + 5 + + ITwoshayNotificationService + default + + com.google.input.algos.gril - 2-4 + 2-5 IGrilAntennaTuningService default @@ -17,7 +25,7 @@ com.google.input.algos.spd - 2-4 + 2-5 IScreenProtectorDetectorService default diff --git a/touch/twoshay/aidl/manifest_zuma.xml b/touch/twoshay/aidl/manifest_zuma.xml index e911d31..67bb212 100644 --- a/touch/twoshay/aidl/manifest_zuma.xml +++ b/touch/twoshay/aidl/manifest_zuma.xml @@ -1,15 +1,23 @@ com.google.input - 4 + 5 ITouchContextService default + + com.google.input + 5 + + ITwoshayNotificationService + default + + com.google.input.algos.gril - 4 + 5 IGrilAntennaTuningService default @@ -17,7 +25,7 @@ com.google.input.algos.spd - 4 + 5 IScreenProtectorDetectorService default diff --git a/touch/twoshay/sepolicy/platform_app.te b/touch/twoshay/sepolicy/platform_app.te index ac997a9..fe3318d 100644 --- a/touch/twoshay/sepolicy/platform_app.te +++ b/touch/twoshay/sepolicy/platform_app.te @@ -1,4 +1,5 @@ allow platform_app gril_antenna_tuning_service:service_manager find; allow platform_app screen_protector_detector_service:service_manager find; allow platform_app touch_context_service:service_manager find; +allow platform_app twoshay_notification_service:service_manager find; binder_call(platform_app, twoshay) diff --git a/touch/twoshay/sepolicy/service.te b/touch/twoshay/sepolicy/service.te index 4aa064d..dd7720c 100644 --- a/touch/twoshay/sepolicy/service.te +++ b/touch/twoshay/sepolicy/service.te @@ -1,3 +1,4 @@ type gril_antenna_tuning_service, service_manager_type, hal_service_type; type screen_protector_detector_service, service_manager_type, hal_service_type; type touch_context_service, service_manager_type, hal_service_type; +type twoshay_notification_service, service_manager_type, hal_service_type; diff --git a/touch/twoshay/sepolicy/service_contexts b/touch/twoshay/sepolicy/service_contexts index f6aa1db..76dc4b9 100644 --- a/touch/twoshay/sepolicy/service_contexts +++ b/touch/twoshay/sepolicy/service_contexts @@ -1,3 +1,4 @@ com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0 +com.google.input.ITwoshayNotificationService/default u:object_r:twoshay_notification_service:s0 com.google.input.algos.gril.IGrilAntennaTuningService/default u:object_r:gril_antenna_tuning_service:s0 com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0 diff --git a/touch/twoshay/sepolicy/twoshay.te b/touch/twoshay/sepolicy/twoshay.te index cd317a0..e910ff9 100644 --- a/touch/twoshay/sepolicy/twoshay.te +++ b/touch/twoshay/sepolicy/twoshay.te @@ -10,6 +10,7 @@ binder_use(twoshay) add_service(twoshay, gril_antenna_tuning_service) add_service(twoshay, screen_protector_detector_service) add_service(twoshay, touch_context_service) +add_service(twoshay, twoshay_notification_service) binder_call(twoshay, platform_app) From dfe9a2d4b5cdabc0cb049bd34862f08399806938 Mon Sep 17 00:00:00 2001 From: George Chang Date: Mon, 6 Jan 2025 13:02:09 +0000 Subject: [PATCH 06/41] gs-common: nfc: Add rules for hal_nfc_service avc: denied { set } for property=persist.vendor.nfc.antenna.am_value pid=13816 uid=1027 gid=1027 scontext=u:r:hal_nfc_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0 avc: denied { set } for property=persist.vendor.nfc.antenna.i_value pid=13816 uid=1027 gid=1027 scontext=u:r:hal_nfc_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0 avc: denied { set } for property=persist.vendor.nfc.antenna.se1_value pid=13816 uid=1027 gid=1027 scontext=u:r:hal_nfc_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0 avc: denied { set } for property=persist.vendor.nfc.antenna.se2_value pid=13816 uid=1027 gid=1027 scontext=u:r:hal_nfc_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0 avc: denied { set } for property=persist.vendor.se.reset pid=14792 uid=1027 gid=1027 scontext=u:r:hal_nfc_default:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=property_service permissive=0 avc: denied { read } for name="u:object_r:vendor_nfc_antenna_prop:s0" dev="tmpfs" ino=414 scontext=u:r:untrusted_app:s0:c79,c257,c512,c768 tcontext=u:object_r:vendor_nfc_antenna_prop:s0 tclass=file permissive=0 app=com.google.android.apps.internal.nfcassistancetool Bug: 381405365 Flag: EXEMPT update sepolicy Test: manual Change-Id: Ib02cebc625965928286dba7be278f6998ecdabe4 --- nfc/sepolicy_st21nfc/hal_nfc_default.te | 4 ++++ nfc/sepolicy_st21nfc/property.te | 4 ++++ nfc/sepolicy_st21nfc/property_contexts | 4 ++++ nfc/sepolicy_st21nfc/untrusted_app.te | 5 +++++ 4 files changed, 17 insertions(+) create mode 100644 nfc/sepolicy_st21nfc/hal_nfc_default.te create mode 100644 nfc/sepolicy_st21nfc/property.te create mode 100644 nfc/sepolicy_st21nfc/property_contexts create mode 100644 nfc/sepolicy_st21nfc/untrusted_app.te diff --git a/nfc/sepolicy_st21nfc/hal_nfc_default.te b/nfc/sepolicy_st21nfc/hal_nfc_default.te new file mode 100644 index 0000000..051b64d --- /dev/null +++ b/nfc/sepolicy_st21nfc/hal_nfc_default.te @@ -0,0 +1,4 @@ +# HAL NFC property +set_prop(hal_nfc_default, vendor_secure_element_prop) +set_prop(hal_nfc_default, vendor_nfc_prop) +set_prop(hal_nfc_default, vendor_nfc_antenna_prop) diff --git a/nfc/sepolicy_st21nfc/property.te b/nfc/sepolicy_st21nfc/property.te new file mode 100644 index 0000000..02e5d54 --- /dev/null +++ b/nfc/sepolicy_st21nfc/property.te @@ -0,0 +1,4 @@ +# NFC +vendor_internal_prop(vendor_nfc_prop) +vendor_restricted_prop(vendor_nfc_antenna_prop) + diff --git a/nfc/sepolicy_st21nfc/property_contexts b/nfc/sepolicy_st21nfc/property_contexts new file mode 100644 index 0000000..0b22a27 --- /dev/null +++ b/nfc/sepolicy_st21nfc/property_contexts @@ -0,0 +1,4 @@ +# NFC +persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 +persist.vendor.nfc.antenna. u:object_r:vendor_nfc_antenna_prop:s0 + diff --git a/nfc/sepolicy_st21nfc/untrusted_app.te b/nfc/sepolicy_st21nfc/untrusted_app.te new file mode 100644 index 0000000..d9b30bc --- /dev/null +++ b/nfc/sepolicy_st21nfc/untrusted_app.te @@ -0,0 +1,5 @@ +# NFC +userdebug_or_eng( + get_prop(untrusted_app, vendor_nfc_antenna_prop) +) + From 17719c9da4ad5d1cd683e24ee21ab996d637629d Mon Sep 17 00:00:00 2001 From: Brian Norris Date: Tue, 22 Oct 2024 14:59:53 -0700 Subject: [PATCH 07/41] insmod.sh: Fix 'setprop' syntax These all require a value. Bug: 360934165 Test: run `/vendor/bin/insmod.sh` with a missing cfg file Flag: EXEMPT bugfix Change-Id: If6b3b95f1eb4fcc21ca9d3f47c174af80ee98187 --- insmod/insmod.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/insmod/insmod.sh b/insmod/insmod.sh index dfc4fdd..270fa93 100755 --- a/insmod/insmod.sh +++ b/insmod/insmod.sh @@ -52,10 +52,10 @@ if [ $# -eq 1 ]; then else # Set property even if there is no insmod config # to unblock early-boot trigger - setprop vendor.common.modules.ready - setprop vendor.device.modules.ready - setprop vendor.all.modules.ready - setprop vendor.all.devices.ready + setprop vendor.common.modules.ready 1 + setprop vendor.device.modules.ready 1 + setprop vendor.all.modules.ready 1 + setprop vendor.all.devices.ready 1 exit 1 fi From 9ca0a241e27642c8a8145d90dab8e6c5b74f3157 Mon Sep 17 00:00:00 2001 From: Aditya Kumar Date: Wed, 8 Jan 2025 14:28:46 -0800 Subject: [PATCH 08/41] Remove -pedantic Bug: b/383382218 Test: m Flag: TEST_ONLY Change-Id: I612a5104379d56e4d9d6322cb2645aa8f8100cc6 --- gsa/Android.bp | 1 - 1 file changed, 1 deletion(-) diff --git a/gsa/Android.bp b/gsa/Android.bp index 59e0369..0bbad45 100644 --- a/gsa/Android.bp +++ b/gsa/Android.bp @@ -10,7 +10,6 @@ cc_binary { "-Wall", "-Wextra", "-Werror", - "-pedantic", ], shared_libs: [ "libdump", From 92ce682a8eb18d66792a91be62b6766d4d6faeca Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Thu, 9 Jan 2025 15:44:16 +0000 Subject: [PATCH 09/41] modem: Add kernel metrics log to bugreport Test: adb bugreport Bug: 368510043 Flag: EXEMPT use property flag: persist.vendor.modem.qms.kernel_metrics_collection Change-Id: I874157f12308194f38f67755abbcf2ba7efe3c7a --- modem/dump_modemlog/Android.bp | 1 + modem/dump_modemlog/dump_modem.rs | 35 +++++++++++++++++++++ modem/dump_modemlog/sepolicy/dump_modem.te | 2 ++ modem/dump_modemlog/sepolicy/genfs_contexts | 10 ++++-- 4 files changed, 46 insertions(+), 2 deletions(-) diff --git a/modem/dump_modemlog/Android.bp b/modem/dump_modemlog/Android.bp index f509320..6f50d3f 100644 --- a/modem/dump_modemlog/Android.bp +++ b/modem/dump_modemlog/Android.bp @@ -5,6 +5,7 @@ package { rust_binary { name: "dump_modem", srcs: ["dump_modem.rs"], + rustlibs: ["librustutils"], vendor: true, relative_install_path: "dump", } diff --git a/modem/dump_modemlog/dump_modem.rs b/modem/dump_modemlog/dump_modem.rs index d9af7eb..820c043 100644 --- a/modem/dump_modemlog/dump_modem.rs +++ b/modem/dump_modemlog/dump_modem.rs @@ -3,6 +3,7 @@ //! The dump_modem binary is used to capture kernel/userspace logs in bugreport use std::fs; +use std::str::FromStr; const MODEM_STAT: &str = "/data/vendor/modem_stat/debug.txt"; const SSRDUMP_DIR: &str = "/data/vendor/ssrdump"; @@ -10,6 +11,7 @@ const RFSD_ERR_LOG_DIR: &str = "/data/vendor/log/rfsd"; const WAKEUP_EVENTS: &str = "/sys/devices/platform/cpif/wakeup_events"; const CPIF_LOGBUFFER: &str = "/dev/logbuffer_cpif"; const PCIE_EVENT_STATS: &str = "/sys/devices/platform/cpif/modem/pcie_event_stats"; +const KERNEL_METRICS_DIR: &str = "/sys/kernel/pixel_metrics/modem"; fn handle_io_error(file: &str, err: std::io::Error) { match err.kind() { @@ -57,6 +59,13 @@ fn print_matching_files_in_dir(dir: &str, filename: &str) { } } +fn get_property(key: &str, default_value: i32) -> i32 { + let value = rustutils::system_properties::read(key) + .unwrap_or(None) + .unwrap_or(default_value.to_string()); + i32::from_str(&value).unwrap_or(default_value) +} + // Capture modem stat log if it exists fn modem_stat() { println!("------ Modem Stat ------"); @@ -99,6 +108,27 @@ fn pcie_event_stats() { println!(); } +// Capture kernel metrics stats if the sysfs attribute exists +fn print_kernel_metrics() { + println!("------ Kernel Metrics ------"); + + let file_list = vec![ + "modem_boot_duration", + "modem_wakeup_ap", + "pcie_link_state", + "pcie_link_duration", + "pcie_link_stats", + "pcie_link_updown", + ]; + + for file in file_list { + println!("------ {} ------", file); + let file_path = format!("{}/{}", KERNEL_METRICS_DIR, file); + print_file_and_handle_error(&file_path); + println!(); + } +} + fn main() { modem_stat(); modem_ssr_history(); @@ -106,4 +136,9 @@ fn main() { wakeup_events(); cpif_logbuffer(); pcie_event_stats(); + + let prop_value = get_property("persist.vendor.modem.qms.kernel_metrics_collection", 0); + if prop_value == 1 { + print_kernel_metrics(); + } } diff --git a/modem/dump_modemlog/sepolicy/dump_modem.te b/modem/dump_modemlog/sepolicy/dump_modem.te index 2ffa351..ab49c25 100644 --- a/modem/dump_modemlog/sepolicy/dump_modem.te +++ b/modem/dump_modemlog/sepolicy/dump_modem.te @@ -1,3 +1,4 @@ +# Sepolicy for dump_modem pixel_bugreport(dump_modem) allow dump_modem modem_stat_data_file:dir search; @@ -10,3 +11,4 @@ allow dump_modem vendor_rfsd_log_file:file r_file_perms; allow dump_modem vendor_toolbox_exec:file execute_no_trans; allow dump_modem sysfs_dump_modem:file r_file_perms; allow dump_modem logbuffer_device:chr_file r_file_perms; +get_prop(dump_modem, vendor_modem_prop) diff --git a/modem/dump_modemlog/sepolicy/genfs_contexts b/modem/dump_modemlog/sepolicy/genfs_contexts index 98a8fc5..d5776ee 100644 --- a/modem/dump_modemlog/sepolicy/genfs_contexts +++ b/modem/dump_modemlog/sepolicy/genfs_contexts @@ -1,2 +1,8 @@ -genfscon sysfs /devices/platform/cpif/wakeup_events u:object_r:sysfs_dump_modem:s0 -genfscon sysfs /devices/platform/cpif/modem/pcie_event_stats u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /devices/platform/cpif/wakeup_events u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /devices/platform/cpif/modem/pcie_event_stats u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /kernel/pixel_metrics/modem/modem_boot_duration u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /kernel/pixel_metrics/modem/modem_wakeup_ap u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_state u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_duration u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_stats u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_updown u:object_r:sysfs_dump_modem:s0 From 677274ccf12509b2b6c26b869fb427bb8179e9bc Mon Sep 17 00:00:00 2001 From: "Naresh Kumar Podishetty (xWF)" Date: Thu, 9 Jan 2025 22:12:35 -0800 Subject: [PATCH 10/41] Revert "modem: Add kernel metrics log to bugreport" This reverts commit 92ce682a8eb18d66792a91be62b6766d4d6faeca. Reason for revert: Change-Id: I5db1d095aa0960c7445f390b68d7dbe293ecc4b3 --- modem/dump_modemlog/Android.bp | 1 - modem/dump_modemlog/dump_modem.rs | 35 --------------------- modem/dump_modemlog/sepolicy/dump_modem.te | 2 -- modem/dump_modemlog/sepolicy/genfs_contexts | 10 ++---- 4 files changed, 2 insertions(+), 46 deletions(-) diff --git a/modem/dump_modemlog/Android.bp b/modem/dump_modemlog/Android.bp index 6f50d3f..f509320 100644 --- a/modem/dump_modemlog/Android.bp +++ b/modem/dump_modemlog/Android.bp @@ -5,7 +5,6 @@ package { rust_binary { name: "dump_modem", srcs: ["dump_modem.rs"], - rustlibs: ["librustutils"], vendor: true, relative_install_path: "dump", } diff --git a/modem/dump_modemlog/dump_modem.rs b/modem/dump_modemlog/dump_modem.rs index 820c043..d9af7eb 100644 --- a/modem/dump_modemlog/dump_modem.rs +++ b/modem/dump_modemlog/dump_modem.rs @@ -3,7 +3,6 @@ //! The dump_modem binary is used to capture kernel/userspace logs in bugreport use std::fs; -use std::str::FromStr; const MODEM_STAT: &str = "/data/vendor/modem_stat/debug.txt"; const SSRDUMP_DIR: &str = "/data/vendor/ssrdump"; @@ -11,7 +10,6 @@ const RFSD_ERR_LOG_DIR: &str = "/data/vendor/log/rfsd"; const WAKEUP_EVENTS: &str = "/sys/devices/platform/cpif/wakeup_events"; const CPIF_LOGBUFFER: &str = "/dev/logbuffer_cpif"; const PCIE_EVENT_STATS: &str = "/sys/devices/platform/cpif/modem/pcie_event_stats"; -const KERNEL_METRICS_DIR: &str = "/sys/kernel/pixel_metrics/modem"; fn handle_io_error(file: &str, err: std::io::Error) { match err.kind() { @@ -59,13 +57,6 @@ fn print_matching_files_in_dir(dir: &str, filename: &str) { } } -fn get_property(key: &str, default_value: i32) -> i32 { - let value = rustutils::system_properties::read(key) - .unwrap_or(None) - .unwrap_or(default_value.to_string()); - i32::from_str(&value).unwrap_or(default_value) -} - // Capture modem stat log if it exists fn modem_stat() { println!("------ Modem Stat ------"); @@ -108,27 +99,6 @@ fn pcie_event_stats() { println!(); } -// Capture kernel metrics stats if the sysfs attribute exists -fn print_kernel_metrics() { - println!("------ Kernel Metrics ------"); - - let file_list = vec![ - "modem_boot_duration", - "modem_wakeup_ap", - "pcie_link_state", - "pcie_link_duration", - "pcie_link_stats", - "pcie_link_updown", - ]; - - for file in file_list { - println!("------ {} ------", file); - let file_path = format!("{}/{}", KERNEL_METRICS_DIR, file); - print_file_and_handle_error(&file_path); - println!(); - } -} - fn main() { modem_stat(); modem_ssr_history(); @@ -136,9 +106,4 @@ fn main() { wakeup_events(); cpif_logbuffer(); pcie_event_stats(); - - let prop_value = get_property("persist.vendor.modem.qms.kernel_metrics_collection", 0); - if prop_value == 1 { - print_kernel_metrics(); - } } diff --git a/modem/dump_modemlog/sepolicy/dump_modem.te b/modem/dump_modemlog/sepolicy/dump_modem.te index ab49c25..2ffa351 100644 --- a/modem/dump_modemlog/sepolicy/dump_modem.te +++ b/modem/dump_modemlog/sepolicy/dump_modem.te @@ -1,4 +1,3 @@ -# Sepolicy for dump_modem pixel_bugreport(dump_modem) allow dump_modem modem_stat_data_file:dir search; @@ -11,4 +10,3 @@ allow dump_modem vendor_rfsd_log_file:file r_file_perms; allow dump_modem vendor_toolbox_exec:file execute_no_trans; allow dump_modem sysfs_dump_modem:file r_file_perms; allow dump_modem logbuffer_device:chr_file r_file_perms; -get_prop(dump_modem, vendor_modem_prop) diff --git a/modem/dump_modemlog/sepolicy/genfs_contexts b/modem/dump_modemlog/sepolicy/genfs_contexts index d5776ee..98a8fc5 100644 --- a/modem/dump_modemlog/sepolicy/genfs_contexts +++ b/modem/dump_modemlog/sepolicy/genfs_contexts @@ -1,8 +1,2 @@ -genfscon sysfs /devices/platform/cpif/wakeup_events u:object_r:sysfs_dump_modem:s0 -genfscon sysfs /devices/platform/cpif/modem/pcie_event_stats u:object_r:sysfs_dump_modem:s0 -genfscon sysfs /kernel/pixel_metrics/modem/modem_boot_duration u:object_r:sysfs_dump_modem:s0 -genfscon sysfs /kernel/pixel_metrics/modem/modem_wakeup_ap u:object_r:sysfs_dump_modem:s0 -genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_state u:object_r:sysfs_dump_modem:s0 -genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_duration u:object_r:sysfs_dump_modem:s0 -genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_stats u:object_r:sysfs_dump_modem:s0 -genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_updown u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /devices/platform/cpif/wakeup_events u:object_r:sysfs_dump_modem:s0 +genfscon sysfs /devices/platform/cpif/modem/pcie_event_stats u:object_r:sysfs_dump_modem:s0 From 30664a16046d67235170ed96b0625b76a097fdef Mon Sep 17 00:00:00 2001 From: George Chang Date: Mon, 13 Jan 2025 20:38:14 +0800 Subject: [PATCH 11/41] gs-common: nfc: Add rules for vendor_init avc: denied { set } for property=persist.vendor.nfc.streset pid=340 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_nfc_prop:s0 tclass=property_service permissive=1 Bug: 388949600 Bug: 381405365 Flag: EXEMPT update sepolicy Test: SELinuxUncheckedDenialBootTest Change-Id: If34f3ea1229ed8025c56ce6a8cf315218ae5a86f --- nfc/sepolicy_st21nfc/vendor_init.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 nfc/sepolicy_st21nfc/vendor_init.te diff --git a/nfc/sepolicy_st21nfc/vendor_init.te b/nfc/sepolicy_st21nfc/vendor_init.te new file mode 100644 index 0000000..7de90e2 --- /dev/null +++ b/nfc/sepolicy_st21nfc/vendor_init.te @@ -0,0 +1,2 @@ +# NFC vendor property +set_prop(vendor_init, vendor_nfc_prop) From fed627115e5b535cf0de38916af99ff1fd6b4994 Mon Sep 17 00:00:00 2001 From: Kai Hsieh Date: Tue, 14 Jan 2025 11:23:04 +0800 Subject: [PATCH 12/41] Include GIA only on needed, expose GIA permission only if the target service exists Flag: EXEMPT, bugfix only. Bug: 388685884 Test: Factory, AOSP and Pixel build success. Test: Pixel System Service can access GIA features on Pixel device builds. Test: GIA exists on factory builds. Change-Id: I12f55f1ce1c717da6d6c45edbb92854f7efa53e5 Signed-off-by: Kai Hsieh --- input/gia/gia.mk | 24 +++++++++++++------- input/gia/sepolicy-pixelsystemservice/gia.te | 8 +++++++ input/gia/sepolicy/gia.te | 7 ------ 3 files changed, 24 insertions(+), 15 deletions(-) create mode 100644 input/gia/sepolicy-pixelsystemservice/gia.te diff --git a/input/gia/gia.mk b/input/gia/gia.mk index ea079ca..d46fa96 100644 --- a/input/gia/gia.mk +++ b/input/gia/gia.mk @@ -1,11 +1,19 @@ -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy +# GIA is not designed for AOSP +ifeq (,$(filter aosp_%, $(TARGET_PRODUCT))) + BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy -PRODUCT_PACKAGES += gia -PRODUCT_PACKAGES += com.google.input.gia.giaservicemanager + # If Pixel System Service exists, allow it to access GIA + ifeq (,$(filter factory_%, $(TARGET_PRODUCT))) + BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy-pixelsystemservice + endif -PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces -PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core -PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core-servicemanager + PRODUCT_PACKAGES += gia + PRODUCT_PACKAGES += com.google.input.gia.giaservicemanager -DEVICE_MANIFEST_FILE += device/google/gs-common/input/gia/aidl/manifest.xml -DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/input/gia/aidl/compatibility_matrix.xml + PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces + PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core + PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core-servicemanager + + DEVICE_MANIFEST_FILE += device/google/gs-common/input/gia/aidl/manifest.xml + DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/input/gia/aidl/compatibility_matrix.xml +endif diff --git a/input/gia/sepolicy-pixelsystemservice/gia.te b/input/gia/sepolicy-pixelsystemservice/gia.te new file mode 100644 index 0000000..d7313cc --- /dev/null +++ b/input/gia/sepolicy-pixelsystemservice/gia.te @@ -0,0 +1,8 @@ +# SEPolicies to be configured only if and only if Pixel System Service exists on the device + +# allow pixelsystemservice_app to communicate with gia +binder_use(pixelsystemservice_app) +hal_client_domain(pixelsystemservice_app, hal_gia) + +# allow gia to execute callback for pixelsystemservice_app +binder_call(gia, pixelsystemservice_app) diff --git a/input/gia/sepolicy/gia.te b/input/gia/sepolicy/gia.te index a0244d2..2c84e7c 100644 --- a/input/gia/sepolicy/gia.te +++ b/input/gia/sepolicy/gia.te @@ -16,10 +16,3 @@ hal_server_domain(gia, hal_gia) # allow gia for accessing touch related system file-nodes allow gia sysfs_touch_gti:dir r_dir_perms; allow gia sysfs_touch_gti:file rw_file_perms; - -# allow pixelsystemservice_app to communicate with gia -binder_use(pixelsystemservice_app) -hal_client_domain(pixelsystemservice_app, hal_gia) - -# allow gia to execute callback for pixelsystemservice_app -binder_call(gia, pixelsystemservice_app) From 3e2cacbc1ecd4a4e1c7f25df09e1f53a18743bef Mon Sep 17 00:00:00 2001 From: Piotr Klasa Date: Wed, 8 Jan 2025 15:12:53 +0100 Subject: [PATCH 13/41] move common init perf settings to gs_common MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Test: Verified if all values ​​of transferred settings are as they should be after rebooting the device, and and checked that there are no new selinux errors for hal_power_default Bug: 335874870 Flag: EXEMPT not supported by this component yet Change-Id: Ic544aa854962b0d975316113abbe798e34288155 --- performance/init.pixel-perf.rc | 54 ++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/performance/init.pixel-perf.rc b/performance/init.pixel-perf.rc index 4899417..e30d38f 100644 --- a/performance/init.pixel-perf.rc +++ b/performance/init.pixel-perf.rc @@ -13,6 +13,12 @@ # limitations under the License. on init + # Set teo as cpu idle governor + write /sys/devices/system/cpu/cpuidle/current_governor teo + + # RT uclamp setting + write /proc/sys/kernel/sched_util_clamp_min_rt_default 0 + chown system system /proc/vendor_sched/groups/bg/set_task_group chown system system /proc/vendor_sched/groups/cam/set_task_group chown system system /proc/vendor_sched/groups/fg/set_task_group @@ -186,3 +192,51 @@ on init write /sys/devices/system/cpu/cpu6/cpufreq/sched_pixel/down_rate_limit_us 500 write /sys/devices/system/cpu/cpu7/cpufreq/sched_pixel/down_rate_limit_us 500 write /sys/devices/system/cpu/cpu8/cpufreq/sched_pixel/down_rate_limit_us 500 + + write /proc/vendor_sched/groups/cam/prefer_idle 1 + write /proc/vendor_sched/groups/cam/uclamp_min 1 + + chown system system /dev/cpuset/cgroup.procs + + # Add a boost for NNAPI HAL + write /proc/vendor_sched/groups/nnapi/prefer_idle 0 + write /proc/vendor_sched/groups/nnapi/uclamp_min 512 + +on property:sys.boot_completed=1 + + # Setup scheduler parameters + write /proc/vendor_sched/min_granularity_ns 1000000 + write /proc/vendor_sched/latency_ns 8000000 + write /proc/vendor_sched/max_load_balance_interval 1 + write /proc/vendor_sched/enable_hrtick 1 + + # Setup final cpu.uclamp + write /proc/vendor_sched/groups/ta/uclamp_min 1 + write /proc/vendor_sched/groups/fg/uclamp_min 0 + write /proc/vendor_sched/groups/sys/prefer_idle 0 + + # Set ug group + write /proc/vendor_sched/groups/bg/ug 0 + write /proc/vendor_sched/groups/sys_bg/ug 0 + write /proc/vendor_sched/groups/ota/ug 0 + write /proc/vendor_sched/groups/dex2oat/ug 1 + write /proc/vendor_sched/groups/ta/ug 1 + + # Set bg group throttle + write /proc/vendor_sched/ug_bg_group_throttle ${persist.device_config.vendor_system_native.ug_bg_group_throttle:-308} + + # Disable PMU freq limit + write /sys/devices/system/cpu/cpufreq/policy0/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy1/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy2/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy3/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy4/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy5/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy6/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy7/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy8/sched_pixel/pmu_limit_enable 1 + write /proc/vendor_sched/pmu_poll_enable 0 + + # Set priority task name and boost value + write /proc/vendor_sched/priority_task_name "ExoPlayer:Place" + write /proc/vendor_sched/priority_task_boost_value 742 From b7aa4a2742789e99ee58ce7c93c6be2a5ac7be19 Mon Sep 17 00:00:00 2001 From: Kai Hsieh Date: Tue, 7 Jan 2025 17:37:43 +0800 Subject: [PATCH 14/41] Add SEPolicy allowing GIA to communicate with Suez service Attached AVC error log in commit message: ``` [ 68.276362] SELinux: avc: denied { find } for pid=6775 uid=0 name=android.frameworks.stats.IStats/default scontext=u:r:gia:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1 [ 68.280115] type=1400 audit(1736239951.684:21): avc: denied { call } for comm="binder:6775_3" scontext=u:r:gia:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1 ``` Flag: build.RELEASE_PIXEL_GIA_ENABLED Test: Manualy, check `dmesg` to make sure that the cooresponding service can be started normally. Bug: 369965212 Change-Id: I26d4b324f1359b1b895ea8d3fd51c0877098c5ea Signed-off-by: Kai Hsieh --- input/gia/gia.mk | 4 ++-- input/gia/sepolicy/gia.te | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/input/gia/gia.mk b/input/gia/gia.mk index d46fa96..febac5b 100644 --- a/input/gia/gia.mk +++ b/input/gia/gia.mk @@ -1,8 +1,8 @@ -# GIA is not designed for AOSP +# When not AOSP target ifeq (,$(filter aosp_%, $(TARGET_PRODUCT))) BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy - # If Pixel System Service exists, allow it to access GIA + # When not factory target ifeq (,$(filter factory_%, $(TARGET_PRODUCT))) BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy-pixelsystemservice endif diff --git a/input/gia/sepolicy/gia.te b/input/gia/sepolicy/gia.te index 2c84e7c..4a310ea 100644 --- a/input/gia/sepolicy/gia.te +++ b/input/gia/sepolicy/gia.te @@ -16,3 +16,7 @@ hal_server_domain(gia, hal_gia) # allow gia for accessing touch related system file-nodes allow gia sysfs_touch_gti:dir r_dir_perms; allow gia sysfs_touch_gti:file rw_file_perms; + +# allow gia for collecting device stats +allow gia fwk_stats_service:service_manager find; +binder_call(gia, stats_service_server); From cb1a8297c34aa62fc2635b1b43b698e09ad1566f Mon Sep 17 00:00:00 2001 From: Bowen Lai Date: Fri, 3 Jan 2025 03:16:24 +0000 Subject: [PATCH 15/41] Set up access control rule for aocxd avc: 12-25 14:34:43.292 root 7005 7005 W binder:7005_1: type=1400 audit(0.0:23): avc: denied { call } for scontext=u:r:aocxd:s0 tcontext=u:r:aocxdallowdomain:s0:c512,c768 tclass=binder permissive=0 11-27 14:56:33.645 1000 422 422 E SELinux : avc: denied { find } for pid=7360 uid=10267 name=aocx.IAocx/default scontext=u:r:aocxdallowdomain:s0:c512,c768 tcontext=u:object_r:aocx:s0 tclass=service_manager permissive=0 Test: make -j64 Bug: 385663354 Flag: EXEMPT bugfix Change-Id: I7888e89710cfb671fb26180f8b2bc3152e1ced89 --- aoc/aoc.mk | 4 +++- aoc/sepolicy/allowlist/aocxd_neverallow.te | 11 +++++++++++ aoc/sepolicy/allowlist/aocxdallowdomain.te | 6 ++++++ aoc/sepolicy/allowlist/attributes | 2 ++ 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 aoc/sepolicy/allowlist/aocxd_neverallow.te create mode 100644 aoc/sepolicy/allowlist/aocxdallowdomain.te create mode 100644 aoc/sepolicy/allowlist/attributes diff --git a/aoc/aoc.mk b/aoc/aoc.mk index 13d849c..2a0a449 100644 --- a/aoc/aoc.mk +++ b/aoc/aoc.mk @@ -1,4 +1,6 @@ -BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy +BOARD_VENDOR_SEPOLICY_DIRS += \ + device/google/gs-common/aoc/sepolicy \ + device/google/gs-common/aoc/sepolicy/allowlist PRODUCT_PACKAGES += dump_aoc \ aocd \ diff --git a/aoc/sepolicy/allowlist/aocxd_neverallow.te b/aoc/sepolicy/allowlist/aocxd_neverallow.te new file mode 100644 index 0000000..50170a2 --- /dev/null +++ b/aoc/sepolicy/allowlist/aocxd_neverallow.te @@ -0,0 +1,11 @@ +# set up rule to control the access to aocxd +neverallow { + domain + -hwservicemanager + -servicemanager + -vndservicemanager + -system_suspend_server + -dumpstate + -hal_audio_default + -aocxdallowdomain +} aocxd:binder { call transfer }; diff --git a/aoc/sepolicy/allowlist/aocxdallowdomain.te b/aoc/sepolicy/allowlist/aocxdallowdomain.te new file mode 100644 index 0000000..9637c04 --- /dev/null +++ b/aoc/sepolicy/allowlist/aocxdallowdomain.te @@ -0,0 +1,6 @@ +# Aocx AIDL service +allow aocxdallowdomain aocx:service_manager find; + +binder_call(aocxdallowdomain, aocxd) +# Allow aocxd asynchronous callback to aocxdallowdomain +binder_call(aocxd, aocxdallowdomain) diff --git a/aoc/sepolicy/allowlist/attributes b/aoc/sepolicy/allowlist/attributes new file mode 100644 index 0000000..b0440ca --- /dev/null +++ b/aoc/sepolicy/allowlist/attributes @@ -0,0 +1,2 @@ +# Allow domain to access aocx HAL API +attribute aocxdallowdomain; From ed91971d1a556239c1db29058dffaa9fd9b62d7b Mon Sep 17 00:00:00 2001 From: YiKai Peng Date: Wed, 1 Jan 2025 19:27:39 -0800 Subject: [PATCH 16/41] gs-common: wlc: update compatibility matrix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: 375156879 Test: Manual Flag: EXEMPT HAL interface change Change-Id: I446505624af157d7e723b7ba0203d51b5529b8d1 Signed-off-by: YiKai Peng --- wireless_charger/compatibility_matrix.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wireless_charger/compatibility_matrix.xml b/wireless_charger/compatibility_matrix.xml index 5185344..78e29ce 100644 --- a/wireless_charger/compatibility_matrix.xml +++ b/wireless_charger/compatibility_matrix.xml @@ -1,7 +1,7 @@ vendor.google.wireless_charger - 1-2 + 1-3 IWirelessCharger default From 23425fbc5493b1e186007c3b07cbfb17cc6a4927 Mon Sep 17 00:00:00 2001 From: Vilas Bhat Date: Fri, 3 Jan 2025 18:08:52 +0000 Subject: [PATCH 17/41] 16KB: Move copy_efs_file_to_data script to gs-common There are 4 partitions that are flashed at the factory and use F2FS fs with 4KB block size: - /dev/block/by-name/efs - /dev/block/by-name/efs_backup - /dev/block/by-name/modem_userdata - /dev/block/by-name/persist These partitions can NOT be mounted by 16KB kernels because F2FS expects BLOCK_SIZE == PAGE_SIZE. In order for the files in these partitions to be accessible to 16KB kernels, the dump.f2fs tool is used. This change will perform these steps at boot time ONLY for 16KB mode. For every partition (efs/efs_backup/modem_userdata/persist): 1. Use dump.f2fs to copy the content of the partition to /data/vendor/copied/.img. 2. If the copy was succesfull, rename /data/vendor/copied/.img to /data/vendor/copied/ 3. fsync the content of the directory /data/vendor/copied/. After the content of the partitions is in /data/vendor/copied, bind-mount the partitions to the directory /mnt/vendor. See conf/fstab.efs.from_data. Note: This change ONLY applies to 16KB kernels. This change does not modify the original partitions. Test: Boot test and Enable16kbTest for Pixel 8 & Pixel 9 targets Fingerprint and Phone Calls work in 16KB mode Bug: 383151792 Flag: EXEMPT bugfix Change-Id: Ib67fd8678f8bd97bd50663657046c28137bd4435 --- 16kb/16kb.mk | 22 +++++++++++++++++++ 16kb/Android.bp | 13 ++++++++++++ 16kb/copy_efs_files_to_data.sh | 39 ++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 16kb/16kb.mk create mode 100644 16kb/Android.bp create mode 100644 16kb/copy_efs_files_to_data.sh diff --git a/16kb/16kb.mk b/16kb/16kb.mk new file mode 100644 index 0000000..96bfd89 --- /dev/null +++ b/16kb/16kb.mk @@ -0,0 +1,22 @@ +# +# Copyright (C) 2025 The Android Open-Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +####################################################################### +# WARNING: Any rule defined here automatically gets inherited for +# *BOTH* 4 KB and 16 KB targets where this file is included. +####################################################################### + +PRODUCT_PACKAGES += copy_efs_files_to_data diff --git a/16kb/Android.bp b/16kb/Android.bp new file mode 100644 index 0000000..e9bd6ac --- /dev/null +++ b/16kb/Android.bp @@ -0,0 +1,13 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +// Filesystem: Copy efs/efs_backup/modem_userdata to /data partition +// so that they can be accessed under 16K mode. By default, these partitions +// are 4K F2FS , which can't be mounted under 16K mode. +// (b/293313353) +sh_binary { + name: "copy_efs_files_to_data", + src: "copy_efs_files_to_data.sh", + vendor: true, +} diff --git a/16kb/copy_efs_files_to_data.sh b/16kb/copy_efs_files_to_data.sh new file mode 100644 index 0000000..e1d2204 --- /dev/null +++ b/16kb/copy_efs_files_to_data.sh @@ -0,0 +1,39 @@ +#!/vendor/bin/sh + +CHECKPOINT_DIR=/data/vendor/copied + +export BIN_DIR=/vendor/bin + +$BIN_DIR/mkdir -p $CHECKPOINT_DIR + +function copy_files_to_data() +{ + block_device=$1 + partition_name=$(basename $1) + mount_point=$2 + tmpdir=$CHECKPOINT_DIR/$partition_name.img + build_checkpoint=$CHECKPOINT_DIR/$partition_name + if [ ! -e $build_checkpoint ]; then + $BIN_DIR/rm -rf $tmpdir + $BIN_DIR/mkdir -p $tmpdir + $BIN_DIR/dump.f2fs -rfPLo $tmpdir $block_device + if [ $? -ne 0 ]; then + echo "Failed to $BIN_DIR/dump.f2fs -rfPLo $tmpdir $block_device" + return + fi + $BIN_DIR/mv $tmpdir $build_checkpoint + if [ $? -ne 0 ]; then + echo "mv $tmpdir $build_checkpoint" + return + fi + $BIN_DIR/fsync `dirname $build_checkpoint` + fi + echo "Successfully copied $mount_point to $build_checkpoint" +} + +copy_files_to_data "/dev/block/by-name/efs" "/mnt/vendor/efs" +copy_files_to_data "/dev/block/by-name/efs_backup" "/mnt/vendor/efs_backup" +copy_files_to_data "/dev/block/by-name/modem_userdata" "/mnt/vendor/modem_userdata" +copy_files_to_data "/dev/block/by-name/persist" "/mnt/vendor/persist" + +$BIN_DIR/fsync /data/vendor/copied From 0594fa2887b2d97077fb59a57d45aff963b25756 Mon Sep 17 00:00:00 2001 From: "Priyanka Advani (xWF)" Date: Thu, 16 Jan 2025 16:50:35 -0800 Subject: [PATCH 18/41] Revert "16KB: Move copy_efs_file_to_data script to gs-common" Revert submission 31155502-move_copy_efs_script Reason for revert: Droidmonitor created revert due to b/390502519. Will be verifying through ABTD before submission. Reverted changes: /q/submissionid:31155502-move_copy_efs_script Change-Id: Iba1b7ffca817e2750481f44c86a38b083b795353 --- 16kb/16kb.mk | 22 ------------------- 16kb/Android.bp | 13 ------------ 16kb/copy_efs_files_to_data.sh | 39 ---------------------------------- 3 files changed, 74 deletions(-) delete mode 100644 16kb/16kb.mk delete mode 100644 16kb/Android.bp delete mode 100644 16kb/copy_efs_files_to_data.sh diff --git a/16kb/16kb.mk b/16kb/16kb.mk deleted file mode 100644 index 96bfd89..0000000 --- a/16kb/16kb.mk +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright (C) 2025 The Android Open-Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -####################################################################### -# WARNING: Any rule defined here automatically gets inherited for -# *BOTH* 4 KB and 16 KB targets where this file is included. -####################################################################### - -PRODUCT_PACKAGES += copy_efs_files_to_data diff --git a/16kb/Android.bp b/16kb/Android.bp deleted file mode 100644 index e9bd6ac..0000000 --- a/16kb/Android.bp +++ /dev/null @@ -1,13 +0,0 @@ -package { - default_applicable_licenses: ["Android-Apache-2.0"], -} - -// Filesystem: Copy efs/efs_backup/modem_userdata to /data partition -// so that they can be accessed under 16K mode. By default, these partitions -// are 4K F2FS , which can't be mounted under 16K mode. -// (b/293313353) -sh_binary { - name: "copy_efs_files_to_data", - src: "copy_efs_files_to_data.sh", - vendor: true, -} diff --git a/16kb/copy_efs_files_to_data.sh b/16kb/copy_efs_files_to_data.sh deleted file mode 100644 index e1d2204..0000000 --- a/16kb/copy_efs_files_to_data.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/vendor/bin/sh - -CHECKPOINT_DIR=/data/vendor/copied - -export BIN_DIR=/vendor/bin - -$BIN_DIR/mkdir -p $CHECKPOINT_DIR - -function copy_files_to_data() -{ - block_device=$1 - partition_name=$(basename $1) - mount_point=$2 - tmpdir=$CHECKPOINT_DIR/$partition_name.img - build_checkpoint=$CHECKPOINT_DIR/$partition_name - if [ ! -e $build_checkpoint ]; then - $BIN_DIR/rm -rf $tmpdir - $BIN_DIR/mkdir -p $tmpdir - $BIN_DIR/dump.f2fs -rfPLo $tmpdir $block_device - if [ $? -ne 0 ]; then - echo "Failed to $BIN_DIR/dump.f2fs -rfPLo $tmpdir $block_device" - return - fi - $BIN_DIR/mv $tmpdir $build_checkpoint - if [ $? -ne 0 ]; then - echo "mv $tmpdir $build_checkpoint" - return - fi - $BIN_DIR/fsync `dirname $build_checkpoint` - fi - echo "Successfully copied $mount_point to $build_checkpoint" -} - -copy_files_to_data "/dev/block/by-name/efs" "/mnt/vendor/efs" -copy_files_to_data "/dev/block/by-name/efs_backup" "/mnt/vendor/efs_backup" -copy_files_to_data "/dev/block/by-name/modem_userdata" "/mnt/vendor/modem_userdata" -copy_files_to_data "/dev/block/by-name/persist" "/mnt/vendor/persist" - -$BIN_DIR/fsync /data/vendor/copied From 0ec2cdae265c26ac1be6f162778d8b309bb42f39 Mon Sep 17 00:00:00 2001 From: Vilas Bhat Date: Thu, 16 Jan 2025 17:01:13 -0800 Subject: [PATCH 19/41] Revert "Revert "16KB: Move copy_efs_file_to_data script to gs-co..." Revert submission 31345232-revert-31155502-move_copy_efs_script-IXYVMGOHBR Reason for revert: Re-submitting with fix for breaking target Reverted changes: /q/submissionid:31345232-revert-31155502-move_copy_efs_script-IXYVMGOHBR Bug: 383151792 Flag: EXEMPT bugfix Change-Id: I6ae4d5f26325e0cf732792483e056132226633e2 --- 16kb/16kb.mk | 22 +++++++++++++++++++ 16kb/Android.bp | 13 ++++++++++++ 16kb/copy_efs_files_to_data.sh | 39 ++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 16kb/16kb.mk create mode 100644 16kb/Android.bp create mode 100644 16kb/copy_efs_files_to_data.sh diff --git a/16kb/16kb.mk b/16kb/16kb.mk new file mode 100644 index 0000000..96bfd89 --- /dev/null +++ b/16kb/16kb.mk @@ -0,0 +1,22 @@ +# +# Copyright (C) 2025 The Android Open-Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +####################################################################### +# WARNING: Any rule defined here automatically gets inherited for +# *BOTH* 4 KB and 16 KB targets where this file is included. +####################################################################### + +PRODUCT_PACKAGES += copy_efs_files_to_data diff --git a/16kb/Android.bp b/16kb/Android.bp new file mode 100644 index 0000000..e9bd6ac --- /dev/null +++ b/16kb/Android.bp @@ -0,0 +1,13 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +// Filesystem: Copy efs/efs_backup/modem_userdata to /data partition +// so that they can be accessed under 16K mode. By default, these partitions +// are 4K F2FS , which can't be mounted under 16K mode. +// (b/293313353) +sh_binary { + name: "copy_efs_files_to_data", + src: "copy_efs_files_to_data.sh", + vendor: true, +} diff --git a/16kb/copy_efs_files_to_data.sh b/16kb/copy_efs_files_to_data.sh new file mode 100644 index 0000000..e1d2204 --- /dev/null +++ b/16kb/copy_efs_files_to_data.sh @@ -0,0 +1,39 @@ +#!/vendor/bin/sh + +CHECKPOINT_DIR=/data/vendor/copied + +export BIN_DIR=/vendor/bin + +$BIN_DIR/mkdir -p $CHECKPOINT_DIR + +function copy_files_to_data() +{ + block_device=$1 + partition_name=$(basename $1) + mount_point=$2 + tmpdir=$CHECKPOINT_DIR/$partition_name.img + build_checkpoint=$CHECKPOINT_DIR/$partition_name + if [ ! -e $build_checkpoint ]; then + $BIN_DIR/rm -rf $tmpdir + $BIN_DIR/mkdir -p $tmpdir + $BIN_DIR/dump.f2fs -rfPLo $tmpdir $block_device + if [ $? -ne 0 ]; then + echo "Failed to $BIN_DIR/dump.f2fs -rfPLo $tmpdir $block_device" + return + fi + $BIN_DIR/mv $tmpdir $build_checkpoint + if [ $? -ne 0 ]; then + echo "mv $tmpdir $build_checkpoint" + return + fi + $BIN_DIR/fsync `dirname $build_checkpoint` + fi + echo "Successfully copied $mount_point to $build_checkpoint" +} + +copy_files_to_data "/dev/block/by-name/efs" "/mnt/vendor/efs" +copy_files_to_data "/dev/block/by-name/efs_backup" "/mnt/vendor/efs_backup" +copy_files_to_data "/dev/block/by-name/modem_userdata" "/mnt/vendor/modem_userdata" +copy_files_to_data "/dev/block/by-name/persist" "/mnt/vendor/persist" + +$BIN_DIR/fsync /data/vendor/copied From c8609b7e8bae5821d734525294b8c8bf0b974146 Mon Sep 17 00:00:00 2001 From: Ocean Chen Date: Fri, 17 Jan 2025 06:48:20 +0000 Subject: [PATCH 20/41] gs-common: add pixelstats-vendor package and sepolicy This commit adds the `pixelstats-vendor` package to the build `BOARD_SEPOLICY_DIRS` to include the corresponding sepolicy rules. Bug: 374323691 Test: forrest build Flag: EXEMPT refactor Change-Id: If85375f9ad3a1cb7f6301f9ad4c94f14ac8dc54e --- pixelstats/pixelstats.mk | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 pixelstats/pixelstats.mk diff --git a/pixelstats/pixelstats.mk b/pixelstats/pixelstats.mk new file mode 100644 index 0000000..d0c9603 --- /dev/null +++ b/pixelstats/pixelstats.mk @@ -0,0 +1,4 @@ +# Reliability reporting +PRODUCT_PACKAGES += pixelstats-vendor + +BOARD_SEPOLICY_DIRS += device/google/gs-common/pixelstats/sepolicy From 3d542c3f9646c7b1a139ab80383b7a4f41f1a8a2 Mon Sep 17 00:00:00 2001 From: Hyungwoo Yang Date: Sun, 19 Jan 2025 22:21:10 +0000 Subject: [PATCH 21/41] Fix version mismatch in vintf manifest file vintf manifest version doesn't match with acutal implementation. Bug: 390520103 Test: atest vts_treble_vintf_vendor_test Flag: EXEMPT vintf manifest version change Change-Id: I25f77dcb6e2a344e44560ee9bcd408d650d7ae27 Signed-off-by: Hyungwoo Yang --- touch/twoshay/aidl/compatibility_matrix_gs101.xml | 2 +- touch/twoshay/aidl/manifest_gs101.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/touch/twoshay/aidl/compatibility_matrix_gs101.xml b/touch/twoshay/aidl/compatibility_matrix_gs101.xml index 4144ee5..848051e 100644 --- a/touch/twoshay/aidl/compatibility_matrix_gs101.xml +++ b/touch/twoshay/aidl/compatibility_matrix_gs101.xml @@ -1,7 +1,7 @@ com.google.input - 2-4 + 2-5 ITouchContextService default diff --git a/touch/twoshay/aidl/manifest_gs101.xml b/touch/twoshay/aidl/manifest_gs101.xml index 3972367..a8e389d 100644 --- a/touch/twoshay/aidl/manifest_gs101.xml +++ b/touch/twoshay/aidl/manifest_gs101.xml @@ -1,7 +1,7 @@ com.google.input - 4 + 5 ITouchContextService default From dc83bcf6a538676a2d7668165710a9f694b3f982 Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Mon, 20 Jan 2025 16:19:52 +0800 Subject: [PATCH 22/41] RamdumpService: Fix the SELinux errors from introducing Firebase Analytics. Fix the SELinux errors from introducing Firebase Analytics (ag/30936923): 01-16 10:44:12.432 W/ScionFrontendAp( 4336): type=1400 audit(0.0:17): avc: denied { read } for name="PrebuiltGmsCoreNext_DynamiteLoader.apk" dev="dm-59" ino=7119 scontext=u:r:ramdump_app:s0:c18,c257,c512,c768 tcontext=u:object_r:privapp_data_file:s0:c512,c768 tclass=lnk_file permissive=0 bug=b/385858590 app=com.android.ramdump 01-20 15:41:03.180 10754-10754 W/ScionFrontendAp: type=1400 audit(0.0:342): avc: denied { execute } for path="/data/user_de/10/com.google.android.gms/app_chimera/m/00000067/oat/arm64/PrebuiltGmsCoreNext_DynamiteLoader.odex" dev="dm-54" ino=80602 scontext=u:r:ramdump_app:s0:c13,c257,c522,c768 tcontext=u:object_r:privapp_data_file:s0:c522,c768 tclass=file permissive=0 Bug: 386149375 Flag: EXEMPT bugfix Change-Id: Ia10a5585ebc8f4e895d4dc6ecf0d8cd4dc727ac8 --- ramdump_and_coredump/sepolicy/ramdump_app.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ramdump_and_coredump/sepolicy/ramdump_app.te b/ramdump_and_coredump/sepolicy/ramdump_app.te index 9eebc98..674786b 100644 --- a/ramdump_and_coredump/sepolicy/ramdump_app.te +++ b/ramdump_and_coredump/sepolicy/ramdump_app.te @@ -9,6 +9,10 @@ userdebug_or_eng(` allow ramdump_app app_api_service:service_manager find; + # For Firebase Analytics + allow ramdump_app privapp_data_file:file x_file_perms; + allow ramdump_app privapp_data_file:lnk_file r_file_perms; + allow ramdump_app ramdump_vendor_data_file:file create_file_perms; allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms; From 51357e032284d84b389bfb025d370497fc1a1491 Mon Sep 17 00:00:00 2001 From: Yi-Yo Chiang Date: Thu, 9 Jan 2025 18:26:49 +0800 Subject: [PATCH 23/41] insmod-sh: Allow writing to kmsg modprobe would log errors to /dev/kmsg, need to explicit allow this. ``` avc: denied { write } for comm="modprobe" name="kmsg" dev="tmpfs" ino=5 scontext=u:r:insmod-sh:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 ``` Bug: 388717752 Test: DeviceBootTest#SELinuxUncheckedDenialBootTest Change-Id: I49a3e6a9f76f20151034cb00f772247b0e9c668e --- insmod/init.module.rc | 1 + insmod/sepolicy/insmod-sh.te | 3 +++ 2 files changed, 4 insertions(+) diff --git a/insmod/init.module.rc b/insmod/init.module.rc index de23b5b..a106d11 100644 --- a/insmod/init.module.rc +++ b/insmod/init.module.rc @@ -8,3 +8,4 @@ service insmod_sh /vendor/bin/insmod.sh /vendor/etc/init.common.cfg group root system disabled oneshot + file /dev/kmsg w diff --git a/insmod/sepolicy/insmod-sh.te b/insmod/sepolicy/insmod-sh.te index ba82b0a..3a1d91a 100644 --- a/insmod/sepolicy/insmod-sh.te +++ b/insmod/sepolicy/insmod-sh.te @@ -12,3 +12,6 @@ allow insmod-sh vendor_toolbox_exec:file execute_no_trans; set_prop(insmod-sh, vendor_device_prop) dontaudit insmod-sh proc_cmdline:file r_file_perms; + +# Allow modprobe to log to kmsg. +allow insmod-sh kmsg_device:chr_file w_file_perms; From d88ced0ff83be1005285dcbb8d476ea50ddc1fb7 Mon Sep 17 00:00:00 2001 From: Piotr Klasa Date: Fri, 17 Jan 2025 09:05:39 -0800 Subject: [PATCH 24/41] Revert "move common init perf settings to gs_common" Revert submission 31215196-move_common_init_perf_settings_to_gscommon Reason for revert: Power Regression Reverted changes: /q/submissionid:31215196-move_common_init_perf_settings_to_gscommon Bug: 390502171 Change-Id: I9b11900fd61e7f7abae52597aef41f5ab3c8ebd0 --- performance/init.pixel-perf.rc | 54 ---------------------------------- 1 file changed, 54 deletions(-) diff --git a/performance/init.pixel-perf.rc b/performance/init.pixel-perf.rc index e30d38f..4899417 100644 --- a/performance/init.pixel-perf.rc +++ b/performance/init.pixel-perf.rc @@ -13,12 +13,6 @@ # limitations under the License. on init - # Set teo as cpu idle governor - write /sys/devices/system/cpu/cpuidle/current_governor teo - - # RT uclamp setting - write /proc/sys/kernel/sched_util_clamp_min_rt_default 0 - chown system system /proc/vendor_sched/groups/bg/set_task_group chown system system /proc/vendor_sched/groups/cam/set_task_group chown system system /proc/vendor_sched/groups/fg/set_task_group @@ -192,51 +186,3 @@ on init write /sys/devices/system/cpu/cpu6/cpufreq/sched_pixel/down_rate_limit_us 500 write /sys/devices/system/cpu/cpu7/cpufreq/sched_pixel/down_rate_limit_us 500 write /sys/devices/system/cpu/cpu8/cpufreq/sched_pixel/down_rate_limit_us 500 - - write /proc/vendor_sched/groups/cam/prefer_idle 1 - write /proc/vendor_sched/groups/cam/uclamp_min 1 - - chown system system /dev/cpuset/cgroup.procs - - # Add a boost for NNAPI HAL - write /proc/vendor_sched/groups/nnapi/prefer_idle 0 - write /proc/vendor_sched/groups/nnapi/uclamp_min 512 - -on property:sys.boot_completed=1 - - # Setup scheduler parameters - write /proc/vendor_sched/min_granularity_ns 1000000 - write /proc/vendor_sched/latency_ns 8000000 - write /proc/vendor_sched/max_load_balance_interval 1 - write /proc/vendor_sched/enable_hrtick 1 - - # Setup final cpu.uclamp - write /proc/vendor_sched/groups/ta/uclamp_min 1 - write /proc/vendor_sched/groups/fg/uclamp_min 0 - write /proc/vendor_sched/groups/sys/prefer_idle 0 - - # Set ug group - write /proc/vendor_sched/groups/bg/ug 0 - write /proc/vendor_sched/groups/sys_bg/ug 0 - write /proc/vendor_sched/groups/ota/ug 0 - write /proc/vendor_sched/groups/dex2oat/ug 1 - write /proc/vendor_sched/groups/ta/ug 1 - - # Set bg group throttle - write /proc/vendor_sched/ug_bg_group_throttle ${persist.device_config.vendor_system_native.ug_bg_group_throttle:-308} - - # Disable PMU freq limit - write /sys/devices/system/cpu/cpufreq/policy0/sched_pixel/pmu_limit_enable 1 - write /sys/devices/system/cpu/cpufreq/policy1/sched_pixel/pmu_limit_enable 1 - write /sys/devices/system/cpu/cpufreq/policy2/sched_pixel/pmu_limit_enable 1 - write /sys/devices/system/cpu/cpufreq/policy3/sched_pixel/pmu_limit_enable 1 - write /sys/devices/system/cpu/cpufreq/policy4/sched_pixel/pmu_limit_enable 1 - write /sys/devices/system/cpu/cpufreq/policy5/sched_pixel/pmu_limit_enable 1 - write /sys/devices/system/cpu/cpufreq/policy6/sched_pixel/pmu_limit_enable 1 - write /sys/devices/system/cpu/cpufreq/policy7/sched_pixel/pmu_limit_enable 1 - write /sys/devices/system/cpu/cpufreq/policy8/sched_pixel/pmu_limit_enable 1 - write /proc/vendor_sched/pmu_poll_enable 0 - - # Set priority task name and boost value - write /proc/vendor_sched/priority_task_name "ExoPlayer:Place" - write /proc/vendor_sched/priority_task_boost_value 742 From 6cda4c1c19c22e60a62e7560cb2dcab0e89c93f2 Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Tue, 21 Jan 2025 07:33:36 +0800 Subject: [PATCH 25/41] storage: fix userdata_exp.ai partition selinux error avc: denied { write } for comm="init" name="sda34" dev="tmpfs" ino=1296 scontext=u:r:init:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=1 Bug: 361093433 Test: boot without issue Change-Id: I0c74eb19172f39c44fc2ca61ba0bb8e38c808556 Signed-off-by: Randall Huang --- storage/sepolicy/init.te | 1 + 1 file changed, 1 insertion(+) diff --git a/storage/sepolicy/init.te b/storage/sepolicy/init.te index 464ca4b..aa6d415 100644 --- a/storage/sepolicy/init.te +++ b/storage/sepolicy/init.te @@ -1,4 +1,5 @@ # init allow init sysfs_scsi_devices_0000:file w_file_perms; +allow init userdata_exp_block_device:blk_file write; dontaudit init intelligence_data_file:dir mounton; From 3e78c36e5fc02c76ca0a59d17da7bdb6857ed005 Mon Sep 17 00:00:00 2001 From: Martin Yan Date: Mon, 20 Jan 2025 19:05:32 -0800 Subject: [PATCH 26/41] Revert "Add Bluetooth extension HAL - CCO" This reverts commit b25c089c599f7dbaeb3e000416a6748213d868aa. Reason for revert: For now, adding Cco results in VTS failed, need to modify the version as well. We'll modify both this CL and aidl version in xml after we enable Cco. Bug: 361443653 Change-Id: Ib4f84c749f626d3274eba4ad63ecca366715d128 --- bcmbt/compatibility_matrix.xml | 4 ---- bcmbt/manifest_bluetooth.xml | 1 - bcmbt/sepolicy/service_contexts | 1 - 3 files changed, 6 deletions(-) diff --git a/bcmbt/compatibility_matrix.xml b/bcmbt/compatibility_matrix.xml index 54eda4b..65b0c6d 100644 --- a/bcmbt/compatibility_matrix.xml +++ b/bcmbt/compatibility_matrix.xml @@ -26,9 +26,5 @@ IBluetoothEwp default - - IBluetoothCco - default - diff --git a/bcmbt/manifest_bluetooth.xml b/bcmbt/manifest_bluetooth.xml index 3dc3f88..a72f1c9 100644 --- a/bcmbt/manifest_bluetooth.xml +++ b/bcmbt/manifest_bluetooth.xml @@ -23,6 +23,5 @@ IBluetoothExt/default IBluetoothFinder/default IBluetoothSar/default - IBluetoothCco/default diff --git a/bcmbt/sepolicy/service_contexts b/bcmbt/sepolicy/service_contexts index e91eb1e..4aecc90 100644 --- a/bcmbt/sepolicy/service_contexts +++ b/bcmbt/sepolicy/service_contexts @@ -5,4 +5,3 @@ vendor.google.bluetooth_ext.IBluetoothCcc/default u:o vendor.google.bluetooth_ext.IBluetoothEwp/default u:object_r:hal_bluetooth_coexistence_service:s0 vendor.google.bluetooth_ext.IBluetoothExt/default u:object_r:hal_bluetooth_coexistence_service:s0 vendor.google.bluetooth_ext.IBluetoothFinder/default u:object_r:hal_bluetooth_coexistence_service:s0 -vendor.google.bluetooth_ext.IBluetoothCco/default u:object_r:hal_bluetooth_coexistence_service:s0 From 9b6b7e35b9327473c0d356e5615d230395ab260f Mon Sep 17 00:00:00 2001 From: YiKai Peng Date: Sun, 19 Jan 2025 23:05:11 -0800 Subject: [PATCH 27/41] gs-common: wlc: add tx update permission for hal_googlebattery Bug: 391056983 Test: trigger tx fwupdate Flag: vendor.google.wireless_charger.service.flags.enable_service Change-Id: I66e5fe88d43b8e33e3548d642f7ba89d63c96051 Signed-off-by: YiKai Peng --- wireless_charger/sepolicy/hal_googlebattery.te | 2 ++ wireless_charger/sepolicy/hal_wlcservice.te | 3 ++- wireless_charger/sepolicy/property.te | 3 ++- wireless_charger/sepolicy/property_contexts | 3 ++- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/wireless_charger/sepolicy/hal_googlebattery.te b/wireless_charger/sepolicy/hal_googlebattery.te index 6fda60f..6c9d3fb 100644 --- a/wireless_charger/sepolicy/hal_googlebattery.te +++ b/wireless_charger/sepolicy/hal_googlebattery.te @@ -1,2 +1,4 @@ +# wlc permission for googlebattery r_dir_file(hal_googlebattery, sysfs_wlc) allow hal_googlebattery sysfs_wlc:file rw_file_perms; +set_prop(hal_googlebattery, vendor_wlcservice_prop) diff --git a/wireless_charger/sepolicy/hal_wlcservice.te b/wireless_charger/sepolicy/hal_wlcservice.te index 6eba2ef..bcda19d 100644 --- a/wireless_charger/sepolicy/hal_wlcservice.te +++ b/wireless_charger/sepolicy/hal_wlcservice.te @@ -1,3 +1,4 @@ +# wlcservice hal type and permission type hal_wlcservice, domain; type hal_wlcservice_exec, exec_type, vendor_file_type, file_type; @@ -8,7 +9,7 @@ allow hal_wlcservice vendor_wlc_file:file create_file_perms; allow hal_wlcservice hal_wireless_charger_service:service_manager find; allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms }; -get_prop(hal_wlcservice, vendor_wlcservice_test_prop) +set_prop(hal_wlcservice, vendor_wlcservice_prop) binder_call(hal_wlcservice, servicemanager) add_service(hal_wlcservice, hal_wlcservice_service) diff --git a/wireless_charger/sepolicy/property.te b/wireless_charger/sepolicy/property.te index b8ddbdf..7cf9903 100644 --- a/wireless_charger/sepolicy/property.te +++ b/wireless_charger/sepolicy/property.te @@ -1 +1,2 @@ -vendor_internal_prop(vendor_wlcservice_test_prop) +# wlcservice property +vendor_internal_prop(vendor_wlcservice_prop) diff --git a/wireless_charger/sepolicy/property_contexts b/wireless_charger/sepolicy/property_contexts index 8cf8f70..9055e69 100644 --- a/wireless_charger/sepolicy/property_contexts +++ b/wireless_charger/sepolicy/property_contexts @@ -1 +1,2 @@ -vendor.wlcservice.test.authentication u:object_r:vendor_wlcservice_test_prop:s0 exact bool +vendor.wlcservice.test.authentication u:object_r:vendor_wlcservice_prop:s0 exact bool +vendor.wlcservice.fwupdate.tx u:object_r:vendor_wlcservice_prop:s0 exact enum 0 1 2 3 From 894727003b8b991815719e53b89392f38e72da01 Mon Sep 17 00:00:00 2001 From: Jerry Pai Date: Tue, 21 Jan 2025 01:57:41 -0800 Subject: [PATCH 28/41] Revert^2 "Add Bluetooth extension HAL - CCO" This reverts commit 3e78c36e5fc02c76ca0a59d17da7bdb6857ed005. Reason for revert: build break ERROR: files are incompatible: The following instances are in the device manifest but not specified in framework compatibility matrix: vendor.google.bluetooth_ext.IBluetoothCco/default (@1) Bug: 361443653 Change-Id: I59f325ad1d8af5fca54cc9bb8a6208c5c8c20939 --- bcmbt/compatibility_matrix.xml | 4 ++++ bcmbt/manifest_bluetooth.xml | 1 + bcmbt/sepolicy/service_contexts | 1 + 3 files changed, 6 insertions(+) diff --git a/bcmbt/compatibility_matrix.xml b/bcmbt/compatibility_matrix.xml index 65b0c6d..54eda4b 100644 --- a/bcmbt/compatibility_matrix.xml +++ b/bcmbt/compatibility_matrix.xml @@ -26,5 +26,9 @@ IBluetoothEwp default + + IBluetoothCco + default + diff --git a/bcmbt/manifest_bluetooth.xml b/bcmbt/manifest_bluetooth.xml index a72f1c9..3dc3f88 100644 --- a/bcmbt/manifest_bluetooth.xml +++ b/bcmbt/manifest_bluetooth.xml @@ -23,5 +23,6 @@ IBluetoothExt/default IBluetoothFinder/default IBluetoothSar/default + IBluetoothCco/default diff --git a/bcmbt/sepolicy/service_contexts b/bcmbt/sepolicy/service_contexts index 4aecc90..e91eb1e 100644 --- a/bcmbt/sepolicy/service_contexts +++ b/bcmbt/sepolicy/service_contexts @@ -5,3 +5,4 @@ vendor.google.bluetooth_ext.IBluetoothCcc/default u:o vendor.google.bluetooth_ext.IBluetoothEwp/default u:object_r:hal_bluetooth_coexistence_service:s0 vendor.google.bluetooth_ext.IBluetoothExt/default u:object_r:hal_bluetooth_coexistence_service:s0 vendor.google.bluetooth_ext.IBluetoothFinder/default u:object_r:hal_bluetooth_coexistence_service:s0 +vendor.google.bluetooth_ext.IBluetoothCco/default u:object_r:hal_bluetooth_coexistence_service:s0 From a61947b1c545cf3a06e996e7d02fd6c0c3e14c0f Mon Sep 17 00:00:00 2001 From: Vilas Bhat Date: Fri, 17 Jan 2025 23:59:25 +0000 Subject: [PATCH 29/41] 16KB: Move CopyEfsTest to device/google/gs-common Additional changes 1. Android.bp lint/formatting error was resolved. 2. The regex pattern on line 78 in CopyEfsTest.java: "line.split("(? + + + + diff --git a/16kb/CopyEfsTest/src/com/android/test/CopyEfsTest.java b/16kb/CopyEfsTest/src/com/android/test/CopyEfsTest.java new file mode 100644 index 0000000..0f87513 --- /dev/null +++ b/16kb/CopyEfsTest/src/com/android/test/CopyEfsTest.java @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2025 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; +import org.junit.Before; +import org.junit.After; + +import android.platform.test.annotations.AppModeFull; + +import com.android.tradefed.device.DeviceNotAvailableException; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; +import com.android.tradefed.testtype.junit4.BaseHostJUnit4Test; +import com.android.tradefed.testtype.junit4.DeviceTestRunOptions; +import com.android.tradefed.util.CommandResult; +import com.android.tradefed.util.RunUtil; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.io.BufferedReader; +import java.io.StringReader; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CopyEfsTest extends BaseHostJUnit4Test { + + @Before + public void setUp() throws Exception { + getDevice().enableAdbRoot(); + + getDevice().executeShellCommand("rm -rf /data/local/tmp/efs_test"); + getDevice().executeShellCommand("mkdir -p /data/local/tmp/efs_test/mnt"); + getDevice().executeShellCommand("mkdir -p /data/local/tmp/efs_test/dump"); + } + + @Test + @AppModeFull + public void copyEfsTest() throws Exception { + assumeTrue(getDevice().executeShellCommand("getconf PAGESIZE").trim().equals("4096")); + + testDumpF2FS("efs"); + testDumpF2FS("efs_backup"); + testDumpF2FS("modem_userdata"); + testDumpF2FS("persist"); + } + + private CommandResult RunAndCheckAdbCmd(String cmd) throws DeviceNotAvailableException { + CommandResult r = getDevice().executeShellV2Command(cmd); + assertEquals("Failed to run " + cmd, Integer.valueOf(0), r.getExitCode()); + return r; + } + + // Remove timestamps because ls on device does not support --time-style. + // Format is [permissions] [links] [uid] [gid] [size] time [name/symlink] + // time may vary greatly in formatting + // symlinks will be of the form a -> b + // So we can check for -> in the second to last spot to determine what position the timestamp ends at + // Remove totals because on disk block usage may change depending on filesystem + private String removeTimestamps(String input) { + StringBuilder output = new StringBuilder(); + for (String line : input.split("\n")) { + String[] tokens = line.split("(?")) + name_offset = 3; + for (int i=0; i= 5 && i < tokens.length - name_offset) + continue; + if (i != 0) + output.append(" "); + output.append(tokens[i]); + } + output.append("\n"); + } + return output.toString(); + } + + private void testDumpF2FS(String name) throws Exception { + RunAndCheckAdbCmd(String.format("cp /dev/block/by-name/%s /data/local/tmp/efs_test/%s.img", name, name)); + + // The device was mounted r/w. To get a clean image, we run fsck, and then mount to allow mount time fixes to happen. + // We can then dump and mount read only to ensure the contents should be the same. + RunAndCheckAdbCmd(String.format("fsck.f2fs -f /data/local/tmp/efs_test/%s.img", name)); + RunAndCheckAdbCmd(String.format("mount /data/local/tmp/efs_test/%s.img /data/local/tmp/efs_test/mnt", name)); + RunAndCheckAdbCmd("umount /data/local/tmp/efs_test/mnt"); + + RunAndCheckAdbCmd(String.format("dump.f2fs -rfPLo /data/local/tmp/efs_test/dump /data/local/tmp/efs_test/%s.img", name)); + RunAndCheckAdbCmd(String.format("mount -r /data/local/tmp/efs_test/%s.img /data/local/tmp/efs_test/mnt", name)); + + CommandResult r = RunAndCheckAdbCmd("diff -rq --no-dereference /data/local/tmp/efs_test/mnt /data/local/tmp/efs_test/dump"); + assertEquals(r.getStdout(), ""); + + String ls_cmd = "cd /data/local/tmp/efs_test/%s;ls -AlnR ."; + CommandResult mnt_ls = RunAndCheckAdbCmd(String.format(ls_cmd, "mnt")); + CommandResult dump_ls = RunAndCheckAdbCmd(String.format(ls_cmd, "dump")); + assertEquals(removeTimestamps(mnt_ls.getStdout()), removeTimestamps(dump_ls.getStdout())); + + getDevice().executeShellCommand("umount /data/local/tmp/efs_test/mnt"); + getDevice().executeShellCommand("rm -rf /data/local/tmp/efs_test/dump/*"); + getDevice().executeShellCommand("rm /data/local/tmp/efs_test/" + name + ".img"); + } + + @After + public void tearDown() throws Exception { + getDevice().executeShellCommand("umount /data/local/tmp/efs_test/mnt"); + getDevice().executeShellCommand("rm -rf /data/local/tmp/efs_test"); + } +} From 728e059b698fc66d949aac76e11533265543c06d Mon Sep 17 00:00:00 2001 From: Zheng Pan Date: Wed, 22 Jan 2025 14:59:13 -0800 Subject: [PATCH 30/41] Revert "Set up access control rule for aocxd" Revert submission 31133794-aocx_sepolicy Reason for revert: http://b/391697603 build break Reverted changes: /q/submissionid:31133794-aocx_sepolicy Change-Id: I602d3ba880931a045146f216075f7baca513f0f3 --- aoc/aoc.mk | 4 +--- aoc/sepolicy/allowlist/aocxd_neverallow.te | 11 ----------- aoc/sepolicy/allowlist/aocxdallowdomain.te | 6 ------ aoc/sepolicy/allowlist/attributes | 2 -- 4 files changed, 1 insertion(+), 22 deletions(-) delete mode 100644 aoc/sepolicy/allowlist/aocxd_neverallow.te delete mode 100644 aoc/sepolicy/allowlist/aocxdallowdomain.te delete mode 100644 aoc/sepolicy/allowlist/attributes diff --git a/aoc/aoc.mk b/aoc/aoc.mk index 2a0a449..13d849c 100644 --- a/aoc/aoc.mk +++ b/aoc/aoc.mk @@ -1,6 +1,4 @@ -BOARD_VENDOR_SEPOLICY_DIRS += \ - device/google/gs-common/aoc/sepolicy \ - device/google/gs-common/aoc/sepolicy/allowlist +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy PRODUCT_PACKAGES += dump_aoc \ aocd \ diff --git a/aoc/sepolicy/allowlist/aocxd_neverallow.te b/aoc/sepolicy/allowlist/aocxd_neverallow.te deleted file mode 100644 index 50170a2..0000000 --- a/aoc/sepolicy/allowlist/aocxd_neverallow.te +++ /dev/null @@ -1,11 +0,0 @@ -# set up rule to control the access to aocxd -neverallow { - domain - -hwservicemanager - -servicemanager - -vndservicemanager - -system_suspend_server - -dumpstate - -hal_audio_default - -aocxdallowdomain -} aocxd:binder { call transfer }; diff --git a/aoc/sepolicy/allowlist/aocxdallowdomain.te b/aoc/sepolicy/allowlist/aocxdallowdomain.te deleted file mode 100644 index 9637c04..0000000 --- a/aoc/sepolicy/allowlist/aocxdallowdomain.te +++ /dev/null @@ -1,6 +0,0 @@ -# Aocx AIDL service -allow aocxdallowdomain aocx:service_manager find; - -binder_call(aocxdallowdomain, aocxd) -# Allow aocxd asynchronous callback to aocxdallowdomain -binder_call(aocxd, aocxdallowdomain) diff --git a/aoc/sepolicy/allowlist/attributes b/aoc/sepolicy/allowlist/attributes deleted file mode 100644 index b0440ca..0000000 --- a/aoc/sepolicy/allowlist/attributes +++ /dev/null @@ -1,2 +0,0 @@ -# Allow domain to access aocx HAL API -attribute aocxdallowdomain; From 924237f464a6e2244b1d8fa029f3eb793e09874e Mon Sep 17 00:00:00 2001 From: Piotr Klasa Date: Wed, 22 Jan 2025 11:29:10 +0000 Subject: [PATCH 31/41] move common init perf settings to gs_common MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit compared to ag/31352563 I did not transfer the settings for "write /sys/devices/system/cpu/cpuidle/current_governor teo", which caused the problem Test: Verified if all values ​​of transferred settings are as they should be after rebooting the device, and and checked that there are no new selinux errors for hal_power_default, verified all metrics that caused power regression in the previous commit on abtd Bug: 335874870 Flag: EXEMPT not supported by this component yet Change-Id: If340ce8e8d3f3493045077470f8aa5560f9b313e --- performance/init.pixel-perf.rc | 51 ++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/performance/init.pixel-perf.rc b/performance/init.pixel-perf.rc index 4899417..ceb0a89 100644 --- a/performance/init.pixel-perf.rc +++ b/performance/init.pixel-perf.rc @@ -186,3 +186,54 @@ on init write /sys/devices/system/cpu/cpu6/cpufreq/sched_pixel/down_rate_limit_us 500 write /sys/devices/system/cpu/cpu7/cpufreq/sched_pixel/down_rate_limit_us 500 write /sys/devices/system/cpu/cpu8/cpufreq/sched_pixel/down_rate_limit_us 500 + + # RT uclamp setting + write /proc/sys/kernel/sched_util_clamp_min_rt_default 0 + + write /proc/vendor_sched/groups/cam/prefer_idle 1 + write /proc/vendor_sched/groups/cam/uclamp_min 1 + + chown system system /dev/cpuset/cgroup.procs + + # Add a boost for NNAPI HAL + write /proc/vendor_sched/groups/nnapi/prefer_idle 0 + write /proc/vendor_sched/groups/nnapi/uclamp_min 512 + +on property:sys.boot_completed=1 + + # Setup scheduler parameters + write /proc/vendor_sched/min_granularity_ns 1000000 + write /proc/vendor_sched/latency_ns 8000000 + write /proc/vendor_sched/max_load_balance_interval 1 + write /proc/vendor_sched/enable_hrtick 1 + + # Setup final cpu.uclamp + write /proc/vendor_sched/groups/ta/uclamp_min 1 + write /proc/vendor_sched/groups/fg/uclamp_min 0 + write /proc/vendor_sched/groups/sys/prefer_idle 0 + + # Set ug group + write /proc/vendor_sched/groups/bg/ug 0 + write /proc/vendor_sched/groups/sys_bg/ug 0 + write /proc/vendor_sched/groups/ota/ug 0 + write /proc/vendor_sched/groups/dex2oat/ug 1 + write /proc/vendor_sched/groups/ta/ug 1 + + # Set bg group throttle + write /proc/vendor_sched/ug_bg_group_throttle ${persist.device_config.vendor_system_native.ug_bg_group_throttle:-308} + + # Disable PMU freq limit + write /sys/devices/system/cpu/cpufreq/policy0/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy1/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy2/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy3/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy4/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy5/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy6/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy7/sched_pixel/pmu_limit_enable 1 + write /sys/devices/system/cpu/cpufreq/policy8/sched_pixel/pmu_limit_enable 1 + write /proc/vendor_sched/pmu_poll_enable 0 + + # Set priority task name and boost value + write /proc/vendor_sched/priority_task_name "ExoPlayer:Place" + write /proc/vendor_sched/priority_task_boost_value 742 From f329ce7a918888a3109d59aa0ccaca050251a956 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Wed, 22 Jan 2025 20:11:51 -0800 Subject: [PATCH 32/41] Fix selinux permission denials [ 9.280675] type=1400 audit(1737659534.344:11): avc: denied { mounton } for comm="init" path="/data/vendor/intelligence" dev="dm-59" ino=490 scontext=u:r:init:s0 tcontext=u:object_r:intelligence_data_file:s0 tclass=dir permissive=0 Bug: 391452461 Flag: EXEMPT bugfix Change-Id: I355c61bd2c5bb5af6d463cf84a3fc80093b16550 Signed-off-by: Jaegeuk Kim --- storage/sepolicy/init.te | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/storage/sepolicy/init.te b/storage/sepolicy/init.te index aa6d415..321a7ad 100644 --- a/storage/sepolicy/init.te +++ b/storage/sepolicy/init.te @@ -1,5 +1,4 @@ # init allow init sysfs_scsi_devices_0000:file w_file_perms; allow init userdata_exp_block_device:blk_file write; - -dontaudit init intelligence_data_file:dir mounton; +allow init intelligence_data_file:dir mounton; From 6151bff500d7a2fc9464a3008fa05685e88c8e57 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Fri, 24 Jan 2025 18:02:28 -0800 Subject: [PATCH 33/41] Fix UFS err_stats Bug: 392193452 Change-Id: I159f5bcfb8de1b33f46ba860b4436d1dfc6907f2 Signed-off-by: Jaegeuk Kim --- storage/dump_storage.cpp | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/storage/dump_storage.cpp b/storage/dump_storage.cpp index 272b1ee..d40d963 100644 --- a/storage/dump_storage.cpp +++ b/storage/dump_storage.cpp @@ -27,7 +27,6 @@ #define F2FS_FSCK_TIME_PROPERTY "ro.boottime.init.fsck.data" #define F2FS_MNT_TIME_PROPERTY "ro.boottime.init.mount.data" -#define BOOTDEVICE_PROPERTY "ro.boot.bootdevice" #define BUILD_TYPE_PROPERTY "ro.build.type" void read_buffer(int buf_id, int total_len, const char* path) @@ -90,24 +89,10 @@ int main() { if (statdir) { dirent *stat_entry; while ((stat_entry = readdir(statdir.get())) != nullptr) { - std::string ufs_err_stats_path(stat_entry->d_name); - if (!strcmp(ufs_err_stats_path.c_str(), ".") - || !strcmp(ufs_err_stats_path.c_str(), "..")) - continue; - std::string bootdevice = android::base::GetProperty( - BOOTDEVICE_PROPERTY, ""); - std::string err_stat_path = "/sys/devices/platform/"; - err_stat_path.append(bootdevice.c_str()); - err_stat_path.append("/err_stats/"); - err_stat_path.append(ufs_err_stats_path.c_str()); - std::ifstream err_stat_file(err_stat_path); - if (err_stat_file.is_open()) { - std::string err_stat_atom; - err_stat_file >> err_stat_atom; - printf("%s:%s\n", ufs_err_stats_path.c_str(), - err_stat_atom.c_str()); - err_stat_file.close(); - } + std::string stat_name(stat_entry->d_name); + if (stat_name == "." || stat_name == "..") continue; + dumpFileContent(stat_name.c_str(), + (ufs_err_stats_path + stat_name).c_str()); } } From 7bd70d06d76e6a032501581d08beb5567e75a731 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Fri, 24 Jan 2025 17:47:41 -0800 Subject: [PATCH 34/41] Dump F2FS disk_map and UFS phy version [ 91.358748] type=1400 audit(1737771651.492:274): avc: denied { search } for comm="dump_storage" name="f2fs" dev="proc" ino=4026532053 scontext=u:r:dump_storage:s0 tcontext=u:object_r:proc_f2fs:s0 tclass=dir permissive=0 [ 49.564560] type=1400 audit(1737778106.496:153): avc: denied { read } for comm="dump_storage" name="f2fs" dev="proc" ino=4026532053 scontext=u:r:dump_storage:s0 tcontext=u:object_r:proc_f2fs:s0 tclass=dir permissive=0 [ 91.358930] type=1400 audit(1737771651.492:275): avc: denied { read } for comm="dump_storage" name="phy_version" dev="sysfs" ino=109125 scontext=u:r:dump_storage:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 [ 91.359249] type=1400 audit(1737771651.492:276): avc: denied { read } for comm="dump_storage" name="phy_release_date" dev="sysfs" ino=109126 scontext=u:r:dump_storage:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 392193452 Flag: EXEMPT bugfix Change-Id: I8e174e378064a94681f74a88ee13b4461527076a Signed-off-by: Jaegeuk Kim --- storage/dump_storage.cpp | 20 ++++++++++++++++++++ storage/sepolicy/dump_storage.te | 4 ++++ 2 files changed, 24 insertions(+) diff --git a/storage/dump_storage.cpp b/storage/dump_storage.cpp index d40d963..2367d4c 100644 --- a/storage/dump_storage.cpp +++ b/storage/dump_storage.cpp @@ -67,11 +67,31 @@ int main() { int mnt_time = android::base::GetIntProperty(F2FS_MNT_TIME_PROPERTY, 0); printf("--- F2FS - checkpoint=disable time (ms) ---\n%d\n\n", mnt_time); + const std::string f2fs_proc_path("/proc/fs/f2fs/"); + std::unique_ptr procdir( + opendir(f2fs_proc_path.c_str()), closedir); + if (procdir) { + dirent *proc_entry; + while ((proc_entry = readdir(procdir.get())) != nullptr) { + std::string proc_name(proc_entry->d_name); + if (proc_name == "." || proc_name == ".." || + strncmp(proc_name.c_str(), "dm-", 3)) + continue; + dumpFileContent(("F2FS - " + proc_name).c_str(), + (f2fs_proc_path + proc_name + "/disk_map").c_str()); + } + } + //UFS dumpFileContent("UFS model", "/sys/block/sda/device/model"); dumpFileContent("UFS rev", "/sys/block/sda/device/rev"); dumpFileContent("UFS size", "/sys/block/sda/size"); + dumpFileContent("UFS phy version", + "/dev/sys/block/bootdevice/pixel/phy_version"); + dumpFileContent("UFS phy release_date", + "/dev/sys/block/bootdevice/pixel/phy_release_date"); + dumpFileContent("UFS Slow IO Read", "/dev/sys/block/bootdevice/slowio_read_cnt"); dumpFileContent("UFS Slow IO Write", diff --git a/storage/sepolicy/dump_storage.te b/storage/sepolicy/dump_storage.te index 7a5f563..67c4b9a 100644 --- a/storage/sepolicy/dump_storage.te +++ b/storage/sepolicy/dump_storage.te @@ -4,6 +4,10 @@ pixel_bugreport(dump_storage) # adb bugreport allow dump_storage sysfs_scsi_devices_0000:dir r_dir_perms; allow dump_storage sysfs_scsi_devices_0000:file r_file_perms; +allow dump_storage sysfs:file r_file_perms; + +allow dump_storage proc_f2fs:dir r_dir_perms; +allow dump_storage proc_f2fs:file r_file_perms; # adb bugreport userdebug_or_eng(` From b1072785ba5a99035b9c21f46f8e3eced2ac82b6 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Sat, 25 Jan 2025 13:50:16 -0800 Subject: [PATCH 35/41] Allow write for restorecon [ 8345.125689] type=1400 audit(1737841652.160:245): avc: denied { write } for comm="kworker/u16:2" path="/dev/block/sda34" dev="tmpfs" ino=1060 scontext=u:r:kernel:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=0 Bug: 361093433 Flag: EXEMPT bugfix Change-Id: Ia03cddd6eebe9b8875bdbd1a8eb3a67f51269032 Signed-off-by: Jaegeuk Kim --- storage/sepolicy/kernel.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/sepolicy/kernel.te b/storage/sepolicy/kernel.te index 55882ed..b9712b1 100644 --- a/storage/sepolicy/kernel.te +++ b/storage/sepolicy/kernel.te @@ -1,3 +1,3 @@ # for intelligence service -allow kernel userdata_exp_block_device:blk_file read; +allow kernel userdata_exp_block_device:blk_file { read write }; From 5201b558580ed9f50a3e2990dc5cbb881c1433e2 Mon Sep 17 00:00:00 2001 From: Qais Yousef Date: Mon, 27 Jan 2025 18:22:54 +0000 Subject: [PATCH 36/41] init.pixel-perf.rc: Setup default rampup multiplier and util_est Bug: 335874870 Flag: EXEMPT not supported for init.rc files Signed-off-by: Qais Yousef Change-Id: I41f1235e8c6f1ec57af3962c2a6cbc9707444917 --- performance/init.pixel-perf.rc | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/performance/init.pixel-perf.rc b/performance/init.pixel-perf.rc index ceb0a89..0d555ce 100644 --- a/performance/init.pixel-perf.rc +++ b/performance/init.pixel-perf.rc @@ -187,6 +187,37 @@ on init write /sys/devices/system/cpu/cpu7/cpufreq/sched_pixel/down_rate_limit_us 500 write /sys/devices/system/cpu/cpu8/cpufreq/sched_pixel/down_rate_limit_us 500 + # Default rampup multiplier setup + write /proc/vendor_sched/groups/bg/rampup_multiplier 0 + write /proc/vendor_sched/groups/cam/rampup_multiplier 1 + write /proc/vendor_sched/groups/cam_power/rampup_multiplier 1 + write /proc/vendor_sched/groups/dex2oat/rampup_multiplier 0 + write /proc/vendor_sched/groups/fg/rampup_multiplier 1 + write /proc/vendor_sched/groups/fg_wi/rampup_multiplier 1 + write /proc/vendor_sched/groups/nnapi/rampup_multiplier 0 + write /proc/vendor_sched/groups/ota/rampup_multiplier 0 + write /proc/vendor_sched/groups/rt/rampup_multiplier 0 + write /proc/vendor_sched/groups/sf/rampup_multiplier 1 + write /proc/vendor_sched/groups/sys/rampup_multiplier 0 + write /proc/vendor_sched/groups/sys_bg/rampup_multiplier 0 + write /proc/vendor_sched/groups/ta/rampup_multiplier 1 + write /proc/vendor_sched/adpf_rampup_multiplier 4 + + # Default util_est setup + write /proc/vendor_sched/groups/bg/disable_util_est 1 + write /proc/vendor_sched/groups/cam/disable_util_est 0 + write /proc/vendor_sched/groups/cam_power/disable_util_est 0 + write /proc/vendor_sched/groups/dex2oat/disable_util_est 1 + write /proc/vendor_sched/groups/fg/disable_util_est 0 + write /proc/vendor_sched/groups/fg_wi/disable_util_est 0 + write /proc/vendor_sched/groups/nnapi/disable_util_est 1 + write /proc/vendor_sched/groups/ota/disable_util_est 1 + write /proc/vendor_sched/groups/rt/disable_util_est 1 + write /proc/vendor_sched/groups/sf/disable_util_est 0 + write /proc/vendor_sched/groups/sys/disable_util_est 1 + write /proc/vendor_sched/groups/sys_bg/disable_util_est 1 + write /proc/vendor_sched/groups/ta/disable_util_est 0 + # RT uclamp setting write /proc/sys/kernel/sched_util_clamp_min_rt_default 0 From 7cbab2dea5176e46fb31f543fd05e95bfc9921c8 Mon Sep 17 00:00:00 2001 From: Taylor Nelms Date: Wed, 29 Jan 2025 17:13:35 -0500 Subject: [PATCH 37/41] display: add drm_atomic_state to debug-build bugreport AVC Error Log Justification: [ 157.933663] type=1400 audit(1738255720.900:459): avc: denied { read } for comm="dump_pixel_disp" name="state" dev="debugfs" ino=105961 scontext=u:r:dump_pixel_display:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 Bug: 393355365 Test: `adb bugreport`, check for "DRM State" entry Flag: EXEMPT bugfix Change-Id: Ibbf3fe022863644ecc137ab28d3a2409e701e104 Signed-off-by: Taylor Nelms --- display/pixel/dump_display.cpp | 1 + display/sepolicy/pixel/genfs_contexts | 1 + 2 files changed, 2 insertions(+) diff --git a/display/pixel/dump_display.cpp b/display/pixel/dump_display.cpp index 1014977..b4a2d25 100644 --- a/display/pixel/dump_display.cpp +++ b/display/pixel/dump_display.cpp @@ -19,6 +19,7 @@ int main() { setbuf(stdout, NULL); dumpFileContent("CRTC-0 status", "/sys/kernel/debug/dri/0/crtc-0/status"); + dumpFileContent("DRM State", "/sys/kernel/debug/dri/0/state"); runCommand("libdisplaycolor", "/vendor/bin/dumpsys displaycolor -v"); dumpFileContent("Primary panel name", "/sys/class/drm/card0/device/primary-panel/panel_name"); diff --git a/display/sepolicy/pixel/genfs_contexts b/display/sepolicy/pixel/genfs_contexts index 7c46278..4237cc5 100644 --- a/display/sepolicy/pixel/genfs_contexts +++ b/display/sepolicy/pixel/genfs_contexts @@ -1,3 +1,4 @@ genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0 +genfscon debugfs /dri/0/state u:object_r:vendor_dri_debugfs:s0 genfscon sysfs /module/drm/parameters/debug u:object_r:sysfs_display:s0 From 25b66183cf2bdae1cb07a12ebc70c3ad3a1e1ebe Mon Sep 17 00:00:00 2001 From: Dinesh Yadav Date: Fri, 24 Jan 2025 07:00:51 +0000 Subject: [PATCH 38/41] Allow tachyon service to make binder calls to gca This permission is needed for tachyon service to call callbacks shared by clients of gxp/edgetpu device for tensor G5. As tachyon is present in pixel 6 where google_camera_app is not defined, I need to assign it here. AVC Error seen when tachyon tries accessing GCA: 01-22 11:40:03.212 6987 6987 W com.google.edge: type=1400 audit(0.0:17): avc: denied { call } for scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:google_camera_app:s0:c145,c256,c512,c768 tclass=binder permissive=0 01-23 07:12:26.424 4166 4166 W com.google.edge: type=1400 audit(0.0:254): avc: denied { call } for scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:debug_camera_app:s0:c67,c257,c512,c768 tclass=binder permissive=0 Bug:391537620 Flag: EXEMPT updates device sepolicy only Change-Id: I9dd78bd941b0de9057606409fd18632cc76f56b0 --- gcam_app/sepolicy/vendor/debug_camera_app.te | 3 +++ gcam_app/sepolicy/vendor/google_camera_app.te | 2 ++ 2 files changed, 5 insertions(+) diff --git a/gcam_app/sepolicy/vendor/debug_camera_app.te b/gcam_app/sepolicy/vendor/debug_camera_app.te index 8cac086..61029b6 100644 --- a/gcam_app/sepolicy/vendor/debug_camera_app.te +++ b/gcam_app/sepolicy/vendor/debug_camera_app.te @@ -12,5 +12,8 @@ userdebug_or_eng(` # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. # allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; + + # Allows tachyon_service to communicate with GCA-Eng via binder. + binder_call(edgetpu_tachyon_server, debug_camera_app); ') diff --git a/gcam_app/sepolicy/vendor/google_camera_app.te b/gcam_app/sepolicy/vendor/google_camera_app.te index a1c3ddb..67287b6 100644 --- a/gcam_app/sepolicy/vendor/google_camera_app.te +++ b/gcam_app/sepolicy/vendor/google_camera_app.te @@ -11,3 +11,5 @@ allow google_camera_app edgetpu_device:chr_file { read write ioctl }; # Allows GCA to access the hw_jpeg /dev/video12. #allow google_camera_app hw_jpg_device:chr_file rw_file_perms; +# Allows tachyon service to communicate with google_camera_app via binder. +binder_call(edgetpu_tachyon_server, google_camera_app); From 7f468a902fedabe3dede9f7d0825480b05eb225d Mon Sep 17 00:00:00 2001 From: Charlie Lin Date: Mon, 3 Feb 2025 07:06:54 +0000 Subject: [PATCH 39/41] Add astd sepolicy to gs-common for P26 factory builds Bug: 391090956 Bug: 393999182 Flag: EXEMPT bugFix Test: Compile successful. Change-Id: Idfcbf96a52326b613684b680676f5213136f2326 --- astd/astd.mk | 9 +++++++++ astd/sepolicy/astd.te | 10 ++++++++++ astd/sepolicy/file_contexts | 3 +++ 3 files changed, 22 insertions(+) create mode 100644 astd/astd.mk create mode 100644 astd/sepolicy/astd.te create mode 100644 astd/sepolicy/file_contexts diff --git a/astd/astd.mk b/astd/astd.mk new file mode 100644 index 0000000..0dfa4f9 --- /dev/null +++ b/astd/astd.mk @@ -0,0 +1,9 @@ +# This module is only for factory targets, please include this makefile +# with check: +# +# ifneq ($(filter factory_%,$(TARGET_PRODUCT)),) +# include device/google/gs-common/astd/astd.mk +# endif +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/astd/sepolicy + +PRODUCT_PACKAGES_DEBUG += astd diff --git a/astd/sepolicy/astd.te b/astd/sepolicy/astd.te new file mode 100644 index 0000000..815e832 --- /dev/null +++ b/astd/sepolicy/astd.te @@ -0,0 +1,10 @@ +# astd service +type astd, domain; +type astd_exec, exec_type, file_type, system_file_type; + +typeattribute astd coredomain; + +userdebug_or_eng(` + init_daemon_domain(astd) +') + diff --git a/astd/sepolicy/file_contexts b/astd/sepolicy/file_contexts new file mode 100644 index 0000000..17ac54c --- /dev/null +++ b/astd/sepolicy/file_contexts @@ -0,0 +1,3 @@ +/system_ext/bin/astc u:object_r:astd_exec:s0 +/system_ext/bin/astd u:object_r:astd_exec:s0 + From 6e31d8db91317b5339e7b959dca8069a0aa05f88 Mon Sep 17 00:00:00 2001 From: Martin Yan Date: Wed, 22 Jan 2025 05:34:20 +0000 Subject: [PATCH 40/41] Adjust the version set in manifest xml and matrix xml Bug: 361443653 Test: m and build pass Flag: EXEMPT, this feature is related to CS which is controlled by com.android.bluetooth.flags.channel_sounding_in_stack Change-Id: I2f2f46cfd15ce0104a6309c8032f7f4ef5ba267a --- bcmbt/bluetooth.mk | 2 +- bcmbt/compatibility_matrix.xml | 2 +- bcmbt/manifest_bluetooth.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bcmbt/bluetooth.mk b/bcmbt/bluetooth.mk index 18c066b..a2fb3ab 100644 --- a/bcmbt/bluetooth.mk +++ b/bcmbt/bluetooth.mk @@ -4,7 +4,7 @@ PRODUCT_PACKAGES += \ android.hardware.bluetooth.finder-V1-ndk.so \ android.hardware.bluetooth.ranging-V1-ndk.so \ android.hardware.bluetooth-service.bcmbtlinux \ - vendor.google.bluetooth_ext-V1-ndk.so \ + vendor.google.bluetooth_ext-V3-ndk.so \ bt_vendor.conf \ android.hardware.bluetooth.prebuilt.xml \ android.hardware.bluetooth_le.prebuilt.xml diff --git a/bcmbt/compatibility_matrix.xml b/bcmbt/compatibility_matrix.xml index 54eda4b..47928f4 100644 --- a/bcmbt/compatibility_matrix.xml +++ b/bcmbt/compatibility_matrix.xml @@ -1,7 +1,7 @@ vendor.google.bluetooth_ext - 1 + 1-3 IBluetoothFinder default diff --git a/bcmbt/manifest_bluetooth.xml b/bcmbt/manifest_bluetooth.xml index 3dc3f88..54e5541 100644 --- a/bcmbt/manifest_bluetooth.xml +++ b/bcmbt/manifest_bluetooth.xml @@ -16,7 +16,7 @@ vendor.google.bluetooth_ext - 1 + 3 IBTChannelAvoidance/default IBluetoothCcc/default IBluetoothEwp/default From 9409c3382ea15bfa99362a958b083f0558e0280b Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Wed, 5 Feb 2025 20:12:47 -0800 Subject: [PATCH 41/41] Fix comment Bug: 378120929 Flag: build.RELEASE_PIXEL_VENDOR_INTELLIGENCE_AID Change-Id: I20b1fb2eb21d0db63c69d9eb30e89b0a824540f8 Signed-off-by: Jaegeuk Kim --- storage/storage_intelligence.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/storage/storage_intelligence.sh b/storage/storage_intelligence.sh index 03d2ca7..509f12e 100755 --- a/storage/storage_intelligence.sh +++ b/storage/storage_intelligence.sh @@ -1,8 +1,6 @@ #!/vendor/bin/sh # -# The script belongs to the feature of UFS FFU via OTA: go/p23-ffu-ota -# Its purpose is to copy the corresponding firmware into partition for UFS FFU. - +# The script belongs to the feature of AI preload feature, go/gemini-package property="persist.vendor.intelligence" partition="/dev/block/by-name/userdata_exp.ai"