diff --git a/aoc/dump_aoc.cpp b/aoc/dump_aoc.cpp
index b3827c8..baf056e 100644
--- a/aoc/dump_aoc.cpp
+++ b/aoc/dump_aoc.cpp
@@ -29,9 +29,10 @@ int main() {
runCommand("AoC logging wake", "timeout 0.1 cat /sys/devices/platform/*.aoc/control/logging_wakeup");
runCommand("AoC hotword wake", "timeout 0.1 cat /sys/devices/platform/*.aoc/control/hotword_wakeup");
runCommand("AoC memory exception wake", "timeout 0.1 cat /sys/devices/platform/*.aoc/control/memory_exception");
- runCommand("AoC memory votes", "timeout 0.1 cat /sys/devices/platform/*.aoc/control/memory_votes_a32");
- runCommand("AoC memory votes", "timeout 0.1 cat /sys/devices/platform/*.aoc/control/memory_votes_ff1");
+ runCommand("AoC memory votes", "timeout 0.5 cat /sys/devices/platform/*.aoc/control/memory_votes_a32");
+ runCommand("AoC memory votes", "timeout 0.5 cat /sys/devices/platform/*.aoc/control/memory_votes_ff1");
runCommand("clean AoC buffer","echo ' ' > /dev/acd-debug; timeout 0.1 cat /dev/acd-debug");
+ runCommand("AoC DVFS (A32)", "echo 'dbg info -c 1 DVFSA32' > /dev/acd-debug; timeout 0.1 cat /dev/acd-debug");
runCommand("AoC DVFS (FF1)", "echo 'dbg info -c 2 DVFSFF1' > /dev/acd-debug; timeout 0.1 cat /dev/acd-debug");
runCommand("AoC Monitor Mode Status", "echo 'monitor_mode status' > /dev/acd-debug; timeout 0.1 cat /dev/acd-debug");
return 0;
diff --git a/aoc/sepolicy/aocxd.te b/aoc/sepolicy/aocxd.te
index bcfcd7b..2eedf48 100644
--- a/aoc/sepolicy/aocxd.te
+++ b/aoc/sepolicy/aocxd.te
@@ -26,3 +26,6 @@ add_service(aocxd, aocx);
# allow managing thread priority
allow aocxd self:global_capability_class_set sys_nice;
+
+allow aocxd dumpstate:fd use;
+allow aocxd dumpstate:fifo_file write;
diff --git a/aoc/sepolicy/dumpstate.te b/aoc/sepolicy/dumpstate.te
new file mode 100644
index 0000000..5b89fe1
--- /dev/null
+++ b/aoc/sepolicy/dumpstate.te
@@ -0,0 +1,2 @@
+# Allow dumpstate to talk to aocxd over binder
+binder_call(dumpstate, aocxd)
diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts
index c43bc75..73293f7 100644
--- a/aoc/sepolicy/file_contexts
+++ b/aoc/sepolicy/file_contexts
@@ -28,7 +28,12 @@
/dev/acd-audio_ap_offload_tx u:object_r:aoc_device:s0
/dev/acd-mel_processor u:object_r:aoc_device:s0
/dev/acd-aocx_control u:object_r:aoc_device:s0
+/dev/acd-aocx_inject[0-9]* u:object_r:aoc_device:s0
+/dev/acd-aocx_tapout[0-9]* u:object_r:aoc_device:s0
/dev/acd-mc_headpos u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_ctl u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_tx u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_rx u:object_r:aoc_device:s0
# AoC vendor binaries
/vendor/bin/aocd u:object_r:aocd_exec:s0
diff --git a/aoc/sepolicy/service.te b/aoc/sepolicy/service.te
new file mode 100644
index 0000000..502b28d
--- /dev/null
+++ b/aoc/sepolicy/service.te
@@ -0,0 +1 @@
+type aocx, service_manager_type;
diff --git a/aoc/sepolicy/vndservice_contexts b/aoc/sepolicy/service_contexts
similarity index 100%
rename from aoc/sepolicy/vndservice_contexts
rename to aoc/sepolicy/service_contexts
diff --git a/aoc/sepolicy/vndservice.te b/aoc/sepolicy/vndservice.te
deleted file mode 100644
index 01c2436..0000000
--- a/aoc/sepolicy/vndservice.te
+++ /dev/null
@@ -1 +0,0 @@
-type aocx, vndservice_manager_type;
diff --git a/audio/aidl.mk b/audio/aidl.mk
index b8fd96b..e06ac0b 100644
--- a/audio/aidl.mk
+++ b/audio/aidl.mk
@@ -6,9 +6,6 @@ PRODUCT_PACKAGES += \
android.hardware.audio.service-aidl.aoc \
vendor.google.whitechapel.audio.hal.parserservice \
-# AIDL software effects. These are the effects supporting in all projects.
-# For the project-specific effects, such as haptic generator, please add them
-# to makefile in the project's device folder.
PRODUCT_PACKAGES += \
libvisualizeraidl \
libbundleaidl \
@@ -16,6 +13,7 @@ PRODUCT_PACKAGES += \
libdynamicsprocessingaidl \
libloudnessenhanceraidl \
libdownmixaidl \
+ libhapticgeneratoraidl \
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/aidl
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/hdmi_audio
diff --git a/audio/aidl/device_framework_matrix_product.xml b/audio/aidl/device_framework_matrix_product.xml
index 10b6e4b..3079aab 100644
--- a/audio/aidl/device_framework_matrix_product.xml
+++ b/audio/aidl/device_framework_matrix_product.xml
@@ -9,7 +9,7 @@
vendor.google.whitechapel.audio.extension
- 1
+ 2
IAudioExtension
default
diff --git a/audio/sepolicy/aidl/hal_audio_default.te b/audio/sepolicy/aidl/hal_audio_default.te
index 2512a17..1ae90c7 100644
--- a/audio/sepolicy/aidl/hal_audio_default.te
+++ b/audio/sepolicy/aidl/hal_audio_default.te
@@ -1 +1,4 @@
add_service(hal_audio_default, hal_audio_ext_service)
+# Allow audio-hal to register battery_mitigation service
+allow hal_audio_default hal_battery_mitigation_service:service_manager find;
+binder_call(hal_audio_default, battery_mitigation)
diff --git a/audio/sepolicy/common/genfs_contexts b/audio/sepolicy/common/genfs_contexts
index eaa0c71..c4a3120 100644
--- a/audio/sepolicy/common/genfs_contexts
+++ b/audio/sepolicy/common/genfs_contexts
@@ -21,3 +21,4 @@ genfscon sysfs /devices/platform/audiometrics/call_count u:ob
genfscon sysfs /devices/platform/audiometrics/offload_effects_id u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/offload_effects_duration u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/bt_usage u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/audiometrics/speaker_version u:object_r:sysfs_pixelstats:s0
diff --git a/audio/sepolicy/common/hal_audio_default.te b/audio/sepolicy/common/hal_audio_default.te
index bfe72b1..fac4f1a 100644
--- a/audio/sepolicy/common/hal_audio_default.te
+++ b/audio/sepolicy/common/hal_audio_default.te
@@ -12,6 +12,8 @@ allow hal_audio_default aoc_device:chr_file rw_file_perms;
allow hal_audio_default amcs_device:file rw_file_perms;
allow hal_audio_default amcs_device:chr_file rw_file_perms;
allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
+allow hal_audio_default sysfs_extcon:dir search;
+allow hal_audio_default sysfs_extcon:file r_file_perms;
#allow access to aoc and kernel boottime
allow hal_audio_default sysfs_aoc:dir { search };
diff --git a/audio/sepolicy/common/property.te b/audio/sepolicy/common/property.te
index e2ffcd1..2287b84 100644
--- a/audio/sepolicy/common/property.te
+++ b/audio/sepolicy/common/property.te
@@ -1,2 +1,5 @@
# Audio
vendor_internal_prop(vendor_audio_prop)
+
+# The property for Audio App
+vendor_restricted_prop(vendor_audio_prop_restricted)
diff --git a/audio/sepolicy/common/property_contexts b/audio/sepolicy/common/property_contexts
index 1749ac8..96e678c 100644
--- a/audio/sepolicy/common/property_contexts
+++ b/audio/sepolicy/common/property_contexts
@@ -9,3 +9,6 @@ vendor.audiodump.encode.disable u:object_r:vendor_audio_prop:s0
vendor.audiodump.log.cca.updated u:object_r:vendor_audio_prop:s0
vendor.audiodump.cca.config u:object_r:vendor_audio_prop:s0
vendor.audio_hal.aidl.enable u:object_r:vendor_audio_prop:s0
+
+# for audio app
+persist.vendor.app.audio. u:object_r:vendor_audio_prop_restricted:s0
diff --git a/audio/sepolicy/common/vendor_init.te b/audio/sepolicy/common/vendor_init.te
index 26f3fa8..1562d45 100644
--- a/audio/sepolicy/common/vendor_init.te
+++ b/audio/sepolicy/common/vendor_init.te
@@ -1,2 +1,5 @@
# Audio property
set_prop(vendor_init, vendor_audio_prop)
+
+# Audio App property
+set_prop(vendor_init, vendor_audio_prop_restricted)
diff --git a/battery_mitigation/sepolicy/vendor/battery_mitigation.te b/battery_mitigation/sepolicy/vendor/battery_mitigation.te
index 7552bd2..30b314c 100644
--- a/battery_mitigation/sepolicy/vendor/battery_mitigation.te
+++ b/battery_mitigation/sepolicy/vendor/battery_mitigation.te
@@ -24,6 +24,8 @@ allow battery_mitigation sysfs_bcl:lnk_file r_file_perms;
allow battery_mitigation sysfs_thermal:lnk_file r_file_perms;
allow battery_mitigation mitigation_vendor_data_file:dir rw_dir_perms;
allow battery_mitigation mitigation_vendor_data_file:file create_file_perms;
+allow battery_mitigation dumpstate:fd use;
+allow battery_mitigation dumpstate:fifo_file rw_file_perms;
# Allow battery_mitigation to use Binder IPC so that service manager can notify it for callbacks
binder_use(battery_mitigation)
@@ -31,3 +33,6 @@ binder_use(battery_mitigation)
wakelock_use(battery_mitigation)
# Allow battery_mitigation to run aidl service
add_service(battery_mitigation, hal_battery_mitigation_service)
+# Allow battery_mitigation to run audio mitigation callback
+binder_call(battery_mitigation, hal_audio_default)
+binder_call(battery_mitigation, servicemanager)
diff --git a/battery_mitigation/sepolicy/vendor/dumpstate.te b/battery_mitigation/sepolicy/vendor/dumpstate.te
new file mode 100644
index 0000000..b3bb1d4
--- /dev/null
+++ b/battery_mitigation/sepolicy/vendor/dumpstate.te
@@ -0,0 +1,3 @@
+# To call battery_mitigation hal
+allow dumpstate hal_battery_mitigation_service:service_manager find;
+binder_call(dumpstate, battery_mitigation);
diff --git a/battery_mitigation/sepolicy/vendor/service.te b/battery_mitigation/sepolicy/vendor/service.te
index 3ffe254..f0c7e9d 100644
--- a/battery_mitigation/sepolicy/vendor/service.te
+++ b/battery_mitigation/sepolicy/vendor/service.te
@@ -1 +1 @@
-type hal_battery_mitigation_service, protected_service, hal_service_type, service_manager_type;
+type hal_battery_mitigation_service, hal_service_type, service_manager_type;
diff --git a/bcmbt/bluetooth.mk b/bcmbt/bluetooth.mk
index eb6a29b..18c066b 100644
--- a/bcmbt/bluetooth.mk
+++ b/bcmbt/bluetooth.mk
@@ -1,6 +1,8 @@
PRODUCT_SOONG_NAMESPACES += vendor/broadcom/bluetooth
PRODUCT_PACKAGES += \
android.hardware.bluetooth-V1-ndk.so \
+ android.hardware.bluetooth.finder-V1-ndk.so \
+ android.hardware.bluetooth.ranging-V1-ndk.so \
android.hardware.bluetooth-service.bcmbtlinux \
vendor.google.bluetooth_ext-V1-ndk.so \
bt_vendor.conf \
@@ -9,6 +11,7 @@ PRODUCT_PACKAGES += \
BOARD_SEPOLICY_DIRS += device/google/gs-common/bcmbt/sepolicy
+BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
DEVICE_MANIFEST_FILE += device/google/gs-common/bcmbt/manifest_bluetooth.xml
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/bcmbt/compatibility_matrix.xml
diff --git a/bcmbt/compatibility_matrix.xml b/bcmbt/compatibility_matrix.xml
index 1a63ccf..65b0c6d 100644
--- a/bcmbt/compatibility_matrix.xml
+++ b/bcmbt/compatibility_matrix.xml
@@ -6,7 +6,6 @@
IBluetoothFinder
default
- IBluetoothFinder/default
IBluetoothCcc
default
diff --git a/bcmbt/manifest_bluetooth.xml b/bcmbt/manifest_bluetooth.xml
index f14112c..a72f1c9 100644
--- a/bcmbt/manifest_bluetooth.xml
+++ b/bcmbt/manifest_bluetooth.xml
@@ -4,6 +4,16 @@
1
IBluetoothHci/default
+
+ android.hardware.bluetooth.finder
+ 1
+ IBluetoothFinder/default
+
+
+ android.hardware.bluetooth.ranging
+ 1
+ IBluetoothChannelSounding/default
+
vendor.google.bluetooth_ext
1
diff --git a/betterbug/betterbug.mk b/betterbug/betterbug.mk
new file mode 100644
index 0000000..906933d
--- /dev/null
+++ b/betterbug/betterbug.mk
@@ -0,0 +1,8 @@
+# When neither AOSP nor factory targets
+ifeq (,$(filter aosp_% factory_%, $(TARGET_PRODUCT)))
+ PRODUCT_PACKAGES += BetterBugStub
+ PRODUCT_PACKAGES_DEBUG += BetterBug
+endif
+
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/private
diff --git a/betterbug/sepolicy/product/private/better_bug_app.te b/betterbug/sepolicy/product/private/better_bug_app.te
new file mode 100644
index 0000000..26e0565
--- /dev/null
+++ b/betterbug/sepolicy/product/private/better_bug_app.te
@@ -0,0 +1,47 @@
+typeattribute better_bug_app coredomain;
+
+app_domain(better_bug_app)
+net_domain(better_bug_app)
+
+allow better_bug_app app_api_service:service_manager find;
+allow better_bug_app mediaserver_service:service_manager find;
+allow better_bug_app radio_service:service_manager find;
+allow better_bug_app system_api_service:service_manager find;
+
+allow better_bug_app privapp_data_file:file execute;
+allow better_bug_app privapp_data_file:lnk_file r_file_perms;
+allow better_bug_app shell_data_file:file r_file_perms;
+allow better_bug_app shell_data_file:dir r_dir_perms;
+
+# Allow traceur to pass file descriptors through a content provider to betterbug
+allow better_bug_app trace_data_file:file { getattr read };
+
+# Allow betterbug to read profile reports generated by profcollect.
+userdebug_or_eng(`
+ allow better_bug_app profcollectd_data_file:file r_file_perms;
+')
+
+# Allow BetterBug access to WM traces attributes
+allow better_bug_app wm_trace_data_file:dir r_dir_perms;
+allow better_bug_app wm_trace_data_file:file getattr;
+
+# Allow the bug reporting frontend to read the presence and timestamp of the
+# trace attached to the bugreport (but not its contents, which will go in the
+# usual bugreport .zip file). This is used by the bug reporting UI to tell if
+# the bugreport will contain a system trace or not while the bugreport is still
+# in progress.
+allow better_bug_app perfetto_traces_bugreport_data_file:dir r_dir_perms;
+allow better_bug_app perfetto_traces_bugreport_data_file:file { getattr };
+
+# Allow BetterBug to receive Perfetto traces through the framework
+# (i.e. TracingServiceProxy) and sendfile them into their private
+# directories for reporting when network and battery conditions are
+# appropriate.
+allow better_bug_app perfetto:fd use;
+allow better_bug_app perfetto_traces_data_file:file { read getattr };
+
+# Allow BetterBug to set property to start vendor.touch_dumpstate
+set_prop(better_bug_app, ctl_start_prop)
+
+# Allow BetterBug to read system boot reason
+get_prop(better_bug_app, system_boot_reason_prop)
diff --git a/betterbug/sepolicy/product/private/seapp_contexts b/betterbug/sepolicy/product/private/seapp_contexts
new file mode 100644
index 0000000..77fe3e1
--- /dev/null
+++ b/betterbug/sepolicy/product/private/seapp_contexts
@@ -0,0 +1,2 @@
+# BetterBug
+user=_app isPrivApp=true name=com.google.android.apps.internal.betterbug domain=better_bug_app type=privapp_data_file levelFrom=user
diff --git a/betterbug/sepolicy/product/public/better_bug_app.te b/betterbug/sepolicy/product/public/better_bug_app.te
new file mode 100644
index 0000000..9a14782
--- /dev/null
+++ b/betterbug/sepolicy/product/public/better_bug_app.te
@@ -0,0 +1 @@
+type better_bug_app, domain;
diff --git a/camera/Android.bp b/camera/Android.bp
index d615e6a..e845678 100644
--- a/camera/Android.bp
+++ b/camera/Android.bp
@@ -12,8 +12,8 @@ cc_binary {
],
shared_libs: [
"libbase",
- "libdump",
- "liblog",
+ "libdump",
+ "liblog",
],
vendor: true,
relative_install_path: "dump",
@@ -26,3 +26,11 @@ prebuilt_etc {
src: "vendor.android.hardware.camera.preview-dis.xml",
sub_dir: "permissions",
}
+
+prebuilt_etc {
+ name: "concurrent_foldable_dual_front_xml",
+ vendor: true,
+ filename: "com.google.pixel.camera.concurrent_foldable_dual_front.xml",
+ src: "com.google.pixel.camera.concurrent_foldable_dual_front.xml",
+ sub_dir: "permissions",
+}
diff --git a/camera/com.google.pixel.camera.concurrent_foldable_dual_front.xml b/camera/com.google.pixel.camera.concurrent_foldable_dual_front.xml
new file mode 100644
index 0000000..e2dda0e
--- /dev/null
+++ b/camera/com.google.pixel.camera.concurrent_foldable_dual_front.xml
@@ -0,0 +1,7 @@
+
+
+
+
+
+
diff --git a/camera/dump_camera.cpp b/camera/dump_camera.cpp
index 5a0229b..6aa3414 100644
--- a/camera/dump_camera.cpp
+++ b/camera/dump_camera.cpp
@@ -42,12 +42,15 @@ int main() {
// Attach multiple latest sessions (in case the user is running concurrent
// sessions or starts a new session after the one with performance issues).
dumpLogs(kCameraLogDir.data(), cameraDestDir.c_str(), 10, "session-ended-");
+ dumpLogs(kCameraLogDir.data(), cameraDestDir.c_str(), 10, "multicam-");
dumpLogs(kCameraLogDir.data(), cameraDestDir.c_str(), 5, "high-drop-rate-");
dumpLogs(kCameraLogDir.data(), cameraDestDir.c_str(), 5, "watchdog-");
dumpLogs(kCameraLogDir.data(), cameraDestDir.c_str(), 5, "camera-ended-");
dumpLogs(kCameraLogDir.data(), cameraDestDir.c_str(), 5, "fatal-error-");
dumpLogs(kGraphStateDumpDir.data(), cameraDestDir.c_str(), 5,
"hal_graph_state_");
+ dumpLogs(kCameraLogDir.data(), cameraDestDir.c_str(), 10,
+ "fd_state_tracker-");
return 0;
}
diff --git a/camera/lyric.mk b/camera/lyric.mk
index e3feab3..7762f4d 100644
--- a/camera/lyric.mk
+++ b/camera/lyric.mk
@@ -11,13 +11,8 @@ ifneq ($(wildcard vendor/google/services/LyricCameraHAL/src),)
$(call soong_config_set,gch,hwl_library,lyric)
endif
-# Check if we're in PDK build
-ifeq ($(wildcard vendor/google/camera),)
-# If vendor/google/camera doesn't exist, it's a PDK build.
-$(call soong_config_set,lyric,pdk_build,true)
-else
-# Otherwise, it's an internal Google build.
-$(call soong_config_set,lyric,pdk_build,false)
+# Check if we're in the internal build
+ifneq ($(wildcard vendor/google/camera),)
PRODUCT_SOONG_NAMESPACES += \
vendor/google/camera \
diff --git a/camera/sepolicy/vendor/hal_camera_default.te b/camera/sepolicy/vendor/hal_camera_default.te
index 4c9aa05..9e7b105 100644
--- a/camera/sepolicy/vendor/hal_camera_default.te
+++ b/camera/sepolicy/vendor/hal_camera_default.te
@@ -8,5 +8,6 @@ binder_call(hal_camera_default, vendor_pbcs_app);
binder_call(hal_camera_default, vendor_pcs_app);
-# Allow Lyric HAL to start ISP Service
+# Allow Lyric HAL to start ISP Service and Image Processing HAL
add_service(hal_camera_default, vendor_camera_isp_service)
+add_service(hal_camera_default, vendor_image_processing_hal_service)
diff --git a/camera/sepolicy/vendor/service.te b/camera/sepolicy/vendor/service.te
index 87a1d93..35887ba 100644
--- a/camera/sepolicy/vendor/service.te
+++ b/camera/sepolicy/vendor/service.te
@@ -5,3 +5,5 @@ type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_serv
type vendor_camera_isp_service, hal_service_type, protected_service, service_manager_type;
type vendor_camera_cameraidremapper_service, hal_service_type, protected_service, service_manager_type;
+
+type vendor_image_processing_hal_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/vendor/service_contexts b/camera/sepolicy/vendor/service_contexts
index 1bcaab8..9f5e335 100644
--- a/camera/sepolicy/vendor/service_contexts
+++ b/camera/sepolicy/vendor/service_contexts
@@ -5,3 +5,5 @@ com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/defaul
com.google.pixel.camera.isp.IIspService/default u:object_r:vendor_camera_isp_service:s0
com.google.pixel.camera.services.cameraidremapper.ICameraIdRemapper/default u:object_r:vendor_camera_cameraidremapper_service:s0
+
+com.google.android.imageprocessing.IImageProcessingHal u:object_r:vendor_image_processing_hal_service:s0
diff --git a/dauntless/gsc.mk b/dauntless/gsc.mk
index 0c4985f..188d9f9 100644
--- a/dauntless/gsc.mk
+++ b/dauntless/gsc.mk
@@ -9,7 +9,6 @@ PRODUCT_PACKAGES += \
android.hardware.weaver-service.citadel \
android.hardware.authsecret-service.citadel \
android.hardware.oemlock-service.citadel \
- android.hardware.identity@1.0-service.citadel \
init_citadel \
android.hardware.strongbox_keystore.xml \
android.hardware.security.keymint-service.citadel \
diff --git a/edgetpu/sepolicy/device.te b/edgetpu/sepolicy/device.te
index 9296ba5..78e918a 100644
--- a/edgetpu/sepolicy/device.te
+++ b/edgetpu/sepolicy/device.te
@@ -1,2 +1,2 @@
# EdgeTPU device (DarwiNN)
-type edgetpu_device, dev_type, mlstrustedobject;
+type edgetpu_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
diff --git a/edgetpu/sepolicy/edgetpu_app_service.te b/edgetpu/sepolicy/edgetpu_app_service.te
index 271805e..838f476 100644
--- a/edgetpu/sepolicy/edgetpu_app_service.te
+++ b/edgetpu/sepolicy/edgetpu_app_service.te
@@ -38,3 +38,12 @@ binder_call(edgetpu_app_server, edgetpu_vendor_server);
# Allow EdgeTPU service to log to stats service. (metrics)
allow edgetpu_app_server fwk_stats_service:service_manager find;
+
+# Allow mlock without size restriction
+allow edgetpu_app_server self:capability ipc_lock;
+
+# Need to effectively read file mapped file when mmap + mlocked.
+allow edgetpu_app_server privapp_data_file:file { map read};
+
+# For shell level testing of mlock
+allow edgetpu_app_server shell_data_file:file { map read};
diff --git a/edgetpu/sepolicy/edgetpu_tachyon_service.te b/edgetpu/sepolicy/edgetpu_tachyon_service.te
index 5ead23b..da34353 100644
--- a/edgetpu/sepolicy/edgetpu_tachyon_service.te
+++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te
@@ -49,3 +49,14 @@ get_prop(edgetpu_tachyon_server, vendor_edgetpu_runtime_prop)
get_prop(edgetpu_tachyon_server, vendor_hetero_runtime_prop)
# Allow Tachyon service to read EdgeTPU CPU scheduler properties
get_prop(edgetpu_tachyon_server, vendor_edgetpu_cpu_scheduler_prop)
+
+# Allow mlock without size restriction
+allow edgetpu_tachyon_server self:capability ipc_lock;
+
+# Need to effectively read file mapped file when mmap + mlocked.
+allow edgetpu_tachyon_server privapp_data_file:file { map read};
+
+# For shell level testing of mlock
+userdebug_or_eng(`
+ allow edgetpu_tachyon_server shell_data_file:file { map read};
+')
diff --git a/edgetpu/sepolicy/file_contexts b/edgetpu/sepolicy/file_contexts
index 0cada88..6190fcf 100644
--- a/edgetpu/sepolicy/file_contexts
+++ b/edgetpu/sepolicy/file_contexts
@@ -15,8 +15,10 @@
/vendor/lib64/libmetrics_logger\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0
# EdgeTPU runtime libraries
-/vendor/lib64/com\.google\.edgetpu_app_service-V[1-3]-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V[1-4]-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
+# EdgeTPU Tachyon libraries
+/vendor/lib64/libedgetpu_tachyon\.google\.so u:object_r:same_process_hal_file:s0
# EdgeTPU data files
/data/vendor/hal_neuralnetworks_darwinn(/.*)? u:object_r:hal_neuralnetworks_darwinn_data_file:s0
@@ -27,3 +29,6 @@
# Tachyon service
/vendor/bin/hw/com\.google\.edgetpu.tachyon-service u:object_r:edgetpu_tachyon_server_exec:s0
+
+# libfmq.so is dynamically loaded by the Tachyon client-side library libedgetpu_tachyon.google.so
+/vendor/lib64/libfmq\.so u:object_r:same_process_hal_file:s0
diff --git a/edgetpu/sepolicy/hal_audio_default.te b/edgetpu/sepolicy/hal_audio_default.te
index 523770c..4d58e0b 100644
--- a/edgetpu/sepolicy/hal_audio_default.te
+++ b/edgetpu/sepolicy/hal_audio_default.te
@@ -12,7 +12,19 @@ binder_call(hal_audio_default, edgetpu_app_server)
# Allow audio HAL to read tflite Darwinn delegate properties
get_prop(hal_audio_default, vendor_tflite_delegate_prop)
+
+# Allow audio HAL to read DarwiNN runtime properties
get_prop(hal_audio_default, vendor_edgetpu_runtime_prop)
+# Allow audio HAL to read hetero runtime properties
+get_prop(hal_audio_default, vendor_hetero_runtime_prop)
+
# Allow DMA Buf access.
allow hal_audio_default dmabuf_system_heap_device:chr_file r_file_perms;
+
+# Allow audio HAL to connect to the stats service for logging EdgeTpu metrics.
+allow hal_audio_default fwk_stats_service:service_manager find;
+
+# Allow audio HAL to send EdgeTpu trace packets to Perfetto.
+# Enable for prod devices, see: go/darwinn-perfetto-critical-events
+perfetto_producer(hal_audio_default)
diff --git a/edgetpu/sepolicy/priv_app.te b/edgetpu/sepolicy/priv_app.te
index a9b49c3..579cc61 100644
--- a/edgetpu/sepolicy/priv_app.te
+++ b/edgetpu/sepolicy/priv_app.te
@@ -7,3 +7,6 @@ allow priv_app edgetpu_nnapi_service:service_manager find;
# Allows privileged applications to access the EdgeTPU device, except open,
# which is guarded by the EdgeTPU service.
allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+# Allows EdgeTPU Tachyon service to call the app.
+binder_call(edgetpu_tachyon_server, priv_app);
diff --git a/edgetpu/sepolicy/service.te b/edgetpu/sepolicy/service.te
index b1a5409..5ea2006 100644
--- a/edgetpu/sepolicy/service.te
+++ b/edgetpu/sepolicy/service.te
@@ -4,4 +4,4 @@ type edgetpu_dba_service, app_api_service, service_manager_type, isolated_comput
type edgetpu_tachyon_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
# EdgeTPU binder service type declaration.
-type edgetpu_app_service, service_manager_type;
+type edgetpu_app_service, service_manager_type, isolated_compute_allowed_service;
diff --git a/edgetpu/sepolicy/untrusted_app_all.te b/edgetpu/sepolicy/untrusted_app_all.te
index 9abec61..3c92900 100644
--- a/edgetpu/sepolicy/untrusted_app_all.te
+++ b/edgetpu/sepolicy/untrusted_app_all.te
@@ -5,3 +5,5 @@ allow untrusted_app_all edgetpu_app_service:service_manager find;
# by the EdgeTPU service.
allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };
+# Allows EdgeTPU Tachyon service to call the app.
+binder_call(edgetpu_tachyon_server, untrusted_app_all);
diff --git a/fingerprint/Android.bp b/fingerprint/Android.bp
new file mode 100644
index 0000000..b5bd008
--- /dev/null
+++ b/fingerprint/Android.bp
@@ -0,0 +1,21 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+ name: "dump_fingerprint",
+ srcs: ["dump_fingerprint.cpp"],
+ init_rc: ["init.fingerprint.dump.rc"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libdump",
+ "liblog",
+ ],
+ vendor: true,
+ relative_install_path: "dump",
+}
diff --git a/fingerprint/dump_fingerprint.cpp b/fingerprint/dump_fingerprint.cpp
new file mode 100644
index 0000000..1c8c7cd
--- /dev/null
+++ b/fingerprint/dump_fingerprint.cpp
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include
+#include
+#include
+#include
+#include
+
+static constexpr const char *kTombstonesDirPath = "/data/vendor/tombstones/fingerprint/";
+
+int main() {
+ printf("------ Fingerprint tombstones ------\n");
+ std::unique_ptr tombstones_dir(opendir(kTombstonesDirPath), closedir);
+ if (tombstones_dir) {
+ dirent *entry;
+ while ((entry = readdir(tombstones_dir.get())) != nullptr) {
+ std::string file_name(entry->d_name);
+ if (!strcmp(file_name.c_str(), ".") || !strcmp(file_name.c_str(), ".."))
+ continue;
+ std::string file_path(kTombstonesDirPath + file_name);
+ dumpFileContent(file_name.c_str(), file_path.c_str());
+ }
+ }
+
+ return 0;
+}
diff --git a/fingerprint/fingerprint.mk b/fingerprint/fingerprint.mk
new file mode 100644
index 0000000..fb3ceda
--- /dev/null
+++ b/fingerprint/fingerprint.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/fingerprint/sepolicy
+
+PRODUCT_PACKAGES += dump_fingerprint
diff --git a/fingerprint/init.fingerprint.dump.rc b/fingerprint/init.fingerprint.dump.rc
new file mode 100644
index 0000000..f00cdc4
--- /dev/null
+++ b/fingerprint/init.fingerprint.dump.rc
@@ -0,0 +1,2 @@
+on post-fs-data
+ mkdir /data/vendor/tombstones/fingerprint 0770 system system
diff --git a/fingerprint/sepolicy/dump_fingerprint.te b/fingerprint/sepolicy/dump_fingerprint.te
new file mode 100644
index 0000000..9af033b
--- /dev/null
+++ b/fingerprint/sepolicy/dump_fingerprint.te
@@ -0,0 +1,5 @@
+pixel_bugreport(dump_fingerprint)
+
+allow dump_fingerprint fingerprint_vendor_data_file:dir r_dir_perms;
+allow dump_fingerprint fingerprint_vendor_data_file:file r_file_perms;
+
diff --git a/fingerprint/sepolicy/file_contexts b/fingerprint/sepolicy/file_contexts
new file mode 100644
index 0000000..a035703
--- /dev/null
+++ b/fingerprint/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/dump/dump_fingerprint u:object_r:dump_fingerprint_exec:s0
+/data/vendor/tombstones/fingerprint(/.*)? u:object_r:fingerprint_vendor_data_file:s0
diff --git a/fingerprint/sepolicy/hal_fingerprint.te b/fingerprint/sepolicy/hal_fingerprint.te
new file mode 100644
index 0000000..6e1af7e
--- /dev/null
+++ b/fingerprint/sepolicy/hal_fingerprint.te
@@ -0,0 +1 @@
+allow hal_fingerprint trusty_log_device:chr_file r_file_perms;
diff --git a/gear/dumpstate_v3/Android.bp b/gear/dumpstate_v3/Android.bp
new file mode 100644
index 0000000..d1ab29c
--- /dev/null
+++ b/gear/dumpstate_v3/Android.bp
@@ -0,0 +1,29 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+ name: "android.hardware.dumpstate.3-service",
+ srcs: [
+ "Dumpstate.cpp",
+ "service.cpp",
+ ],
+ init_rc: ["android.hardware.dumpstate.3-service.rc"],
+ vintf_fragments: ["android.hardware.dumpstate.3-service.xml"],
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libbinder_ndk",
+ "libcutils",
+ "libdumpstateutil",
+ "liblog",
+ "libutils",
+ "libdump",
+ "android.hardware.dumpstate-V1-ndk",
+ ],
+ vendor: true,
+ relative_install_path: "hw",
+}
diff --git a/gear/dumpstate_v3/Dumpstate.cpp b/gear/dumpstate_v3/Dumpstate.cpp
new file mode 100644
index 0000000..31df2c7
--- /dev/null
+++ b/gear/dumpstate_v3/Dumpstate.cpp
@@ -0,0 +1,230 @@
+/*
+ * Copyright 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "dumpstate_device"
+#define ATRACE_TAG ATRACE_TAG_ALWAYS
+
+#include
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include "Dumpstate.h"
+
+#include "DumpstateUtil.h"
+
+#define HW_REVISION "ro.boot.hardware.revision"
+
+using android::os::dumpstate::CommandOptions;
+using android::os::dumpstate::DumpFileToFd;
+using android::os::dumpstate::PropertiesHelper;
+using android::os::dumpstate::RunCommandToFd;
+
+namespace aidl {
+namespace android {
+namespace hardware {
+namespace dumpstate {
+
+typedef std::chrono::time_point timepoint_t;
+
+const char kVerboseLoggingProperty[] = "persist.vendor.verbose_logging_enabled";
+
+timepoint_t startSection(int fd, const std::string §ionName) {
+ ATRACE_BEGIN(sectionName.c_str());
+ ::android::base::WriteStringToFd(
+ "\n"
+ "------ Section start: " + sectionName + " ------\n"
+ "\n", fd);
+ return std::chrono::steady_clock::now();
+}
+
+void endSection(int fd, const std::string §ionName, timepoint_t startTime) {
+ ATRACE_END();
+ auto endTime = std::chrono::steady_clock::now();
+ auto elapsedMsec = std::chrono::duration_cast
+ (endTime - startTime).count();
+
+ ::android::base::WriteStringToFd(
+ "\n"
+ "------ Section end: " + sectionName + " ------\n"
+ "Elapsed msec: " + std::to_string(elapsedMsec) + "\n"
+ "\n", fd);
+}
+
+// Dump data requested by an argument to the "dump" interface, or help info
+// if the specified section is not supported.
+void Dumpstate::dumpTextSection(int fd, const std::string §ionName) {
+ bool dumpAll = (sectionName == kAllSections);
+ std::string dumpFiles;
+ struct dirent **dirent_list = NULL;
+ int num_entries = scandir("/vendor/bin/dump", &dirent_list, 0, (int (*)(const struct dirent **, const struct dirent **)) alphasort);
+ if (!dirent_list) {
+ ALOGE("Unable to scan dir: /vendor/bin/dump\n");
+ return;
+ } else if (num_entries <= 0) {
+ ALOGE("No file is found.\n");
+ return;
+ }
+ // Execute all or designated programs under vendor/bin/dump/
+ for (int i = 0; i < num_entries; i++) {
+ if (dirent_list[i]->d_name[0] == '.') {
+ continue;
+ }
+ std::string bin(dirent_list[i]->d_name);
+ dumpFiles = dumpFiles + " " + bin;
+ if (dumpAll || sectionName == bin) {
+ auto startTime = startSection(fd, bin);
+ RunCommandToFd(fd, "/vendor/bin/dump/"+bin, {"/vendor/bin/dump/"+bin}, CommandOptions::WithTimeout(15).Build());
+ endSection(fd, bin, startTime);
+ if (!dumpAll) {
+ return;
+ }
+ }
+ }
+
+ if (dumpAll) {
+ RunCommandToFd(fd, "VENDOR PROPERTIES", {"/vendor/bin/getprop"});
+ return;
+ }
+
+ // An unsupported section was requested on the command line
+ ::android::base::WriteStringToFd("Unrecognized text section: " + sectionName + "\n", fd);
+ ::android::base::WriteStringToFd("Try \"" + kAllSections + "\" or one of the following:", fd);
+ ::android::base::WriteStringToFd(dumpFiles, fd);
+ ::android::base::WriteStringToFd("\nNote: sections with attachments (e.g. dump_soc) are"
+ "not available from the command line.\n", fd);
+ while (num_entries--) {
+ free(dirent_list[num_entries]);
+ }
+ free(dirent_list);
+}
+
+void Dumpstate::dumpLogSection(int fd, int fd_bin)
+{
+ std::string logDir = MODEM_LOG_DIRECTORY;
+ const std::string logCombined = logDir + "/combined_logs.tar";
+ const std::string logAllDir = logDir + "/all_logs";
+
+ RunCommandToFd(fd, "MKDIR LOG", {"/vendor/bin/mkdir", "-p", logAllDir.c_str()}, CommandOptions::WithTimeout(2).Build());
+
+ dumpTextSection(fd, kAllSections);
+
+ RunCommandToFd(fd, "TAR LOG", {"/vendor/bin/tar", "cvf", logCombined.c_str(), "-C", logAllDir.c_str(), "."}, CommandOptions::WithTimeout(20).Build());
+ RunCommandToFd(fd, "CHG PERM", {"/vendor/bin/chmod", "a+w", logCombined.c_str()}, CommandOptions::WithTimeout(2).Build());
+
+ std::vector buffer(65536);
+ ::android::base::unique_fd fdLog(TEMP_FAILURE_RETRY(open(logCombined.c_str(), O_RDONLY | O_CLOEXEC | O_NONBLOCK)));
+
+ if (fdLog >= 0) {
+ while (1) {
+ ssize_t bytes_read = TEMP_FAILURE_RETRY(read(fdLog, buffer.data(), buffer.size()));
+
+ if (bytes_read == 0) {
+ break;
+ } else if (bytes_read < 0) {
+ ALOGD("read(%s): %s\n", logCombined.c_str(), strerror(errno));
+ break;
+ }
+
+ ssize_t result = TEMP_FAILURE_RETRY(write(fd_bin, buffer.data(), bytes_read));
+
+ if (result != bytes_read) {
+ ALOGD("Failed to write %zd bytes, actually written: %zd", bytes_read, result);
+ break;
+ }
+ }
+ }
+
+ RunCommandToFd(fd, "RM LOG DIR", { "/vendor/bin/rm", "-r", logAllDir.c_str()}, CommandOptions::WithTimeout(2).Build());
+ RunCommandToFd(fd, "RM LOG", { "/vendor/bin/rm", logCombined.c_str()}, CommandOptions::WithTimeout(2).Build());
+}
+
+ndk::ScopedAStatus Dumpstate::dumpstateBoard(const std::vector<::ndk::ScopedFileDescriptor>& in_fds,
+ IDumpstateDevice::DumpstateMode in_mode,
+ int64_t in_timeoutMillis) {
+ ATRACE_BEGIN("dumpstateBoard");
+ // Unused arguments.
+ (void) in_timeoutMillis;
+
+ if (in_mode < IDumpstateDevice::DumpstateMode::FULL || in_mode > IDumpstateDevice::DumpstateMode::PROTO) {
+ ALOGE("Invalid mode: %d\n", in_mode);
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT, "Invalid mode");
+ }
+
+ if (in_fds.size() < 1) {
+ ALOGE("no FDs\n");
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
+ "No file descriptor");
+ }
+
+ int fd = in_fds[0].get();
+ if (fd < 0) {
+ ALOGE("invalid FD: %d\n", fd);
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
+ "Invalid file descriptor");
+ }
+
+ if (in_fds.size() < 2) {
+ ALOGE("no FD for dumpstate_board binary\n");
+ dumpTextSection(fd, "");
+ } else {
+ int fd_bin = in_fds[1].get();
+ dumpLogSection(fd, fd_bin);
+ }
+
+ ATRACE_END();
+ return ndk::ScopedAStatus::ok();
+}
+
+ndk::ScopedAStatus Dumpstate::setVerboseLoggingEnabled(bool in_enable) {
+ ::android::base::SetProperty(kVerboseLoggingProperty, in_enable ? "true" : "false");
+ return ndk::ScopedAStatus::ok();
+}
+
+ndk::ScopedAStatus Dumpstate::getVerboseLoggingEnabled(bool* _aidl_return) {
+ *_aidl_return = ::android::base::GetBoolProperty(kVerboseLoggingProperty, false);
+ return ndk::ScopedAStatus::ok();
+}
+
+// Since AIDLs that support the dump() interface are automatically invoked during
+// bugreport generation and we don't want to generate a second copy of the same
+// data that will go into dumpstate_board.txt, this function will only do
+// something if it is called with an option, e.g.
+// dumpsys android.hardware.dumpstate.IDumpstateDevice/default all
+//
+// Also, note that sections which generate attachments and/or binary data when
+// included in a bugreport are not available through the dump() interface.
+binder_status_t Dumpstate::dump(int fd, const char** args, uint32_t numArgs) {
+
+ if (numArgs != 1) {
+ return STATUS_OK;
+ }
+
+ dumpTextSection(fd, static_cast(args[0]));
+
+ fsync(fd);
+ return STATUS_OK;
+}
+
+} // namespace dumpstate
+} // namespace hardware
+} // namespace android
+} // namespace aidl
diff --git a/gear/dumpstate_v3/Dumpstate.h b/gear/dumpstate_v3/Dumpstate.h
new file mode 100644
index 0000000..787b774
--- /dev/null
+++ b/gear/dumpstate_v3/Dumpstate.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include
+#include
+#include
+
+namespace aidl {
+namespace android {
+namespace hardware {
+namespace dumpstate {
+
+class Dumpstate : public BnDumpstateDevice {
+ public:
+ ::ndk::ScopedAStatus dumpstateBoard(const std::vector<::ndk::ScopedFileDescriptor>& in_fds,
+ IDumpstateDevice::DumpstateMode in_mode,
+ int64_t in_timeoutMillis) override;
+
+ ::ndk::ScopedAStatus getVerboseLoggingEnabled(bool* _aidl_return) override;
+
+ ::ndk::ScopedAStatus setVerboseLoggingEnabled(bool in_enable) override;
+
+ binder_status_t dump(int fd, const char** args, uint32_t numArgs) override;
+
+ private:
+ const std::string kAllSections = "all";
+
+ void dumpTextSection(int fd, std::string const& sectionName);
+ void dumpLogSection(int fd, int fdModem);
+
+ //bool getVerboseLoggingEnabledImpl();
+ //::ndk::ScopedAStatus dumpstateBoardImpl(const int fd, const bool full);
+};
+
+} // namespace dumpstate
+} // namespace hardware
+} // namespace android
+} // namespace aidl
diff --git a/gear/dumpstate_v3/aidl.mk b/gear/dumpstate_v3/aidl.mk
new file mode 100644
index 0000000..bcecb78
--- /dev/null
+++ b/gear/dumpstate_v3/aidl.mk
@@ -0,0 +1,4 @@
+PRODUCT_SOONG_NAMESPACES += device/google/gs-common/gear/dumpstate_v3
+PRODUCT_PACKAGES += android.hardware.dumpstate.3-service
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gear/dumpstate_v3/sepolicy
+
diff --git a/gear/dumpstate_v3/android.hardware.dumpstate.3-service.rc b/gear/dumpstate_v3/android.hardware.dumpstate.3-service.rc
new file mode 100644
index 0000000..0a80e0c
--- /dev/null
+++ b/gear/dumpstate_v3/android.hardware.dumpstate.3-service.rc
@@ -0,0 +1,5 @@
+service vendor.dumpstate-default /vendor/bin/hw/android.hardware.dumpstate.3-service
+ class hal
+ user system
+ group system shell
+ interface aidl android.hardware.dumpstate.IDumpstateDevice/default
diff --git a/gear/dumpstate_v3/android.hardware.dumpstate.3-service.xml b/gear/dumpstate_v3/android.hardware.dumpstate.3-service.xml
new file mode 100644
index 0000000..5e51b28
--- /dev/null
+++ b/gear/dumpstate_v3/android.hardware.dumpstate.3-service.xml
@@ -0,0 +1,9 @@
+
+
+ android.hardware.dumpstate
+
+ IDumpstateDevice
+ default
+
+
+
diff --git a/gear/dumpstate_v3/sepolicy/file.te b/gear/dumpstate_v3/sepolicy/file.te
new file mode 100644
index 0000000..1777353
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/file.te
@@ -0,0 +1,6 @@
+# dumpstate packing directory
+type radio_vendor_data_file, file_type, data_file_type;
+userdebug_or_eng(`
+ typeattribute radio_vendor_data_file mlstrustedobject;
+')
+
diff --git a/gear/dumpstate_v3/sepolicy/file_contexts b/gear/dumpstate_v3/sepolicy/file_contexts
new file mode 100644
index 0000000..da10e76
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/file_contexts
@@ -0,0 +1,5 @@
+# generic dumpstate for pixel
+/vendor/bin/hw/android\.hardware\.dumpstate\.3-service u:object_r:hal_dumpstate_default_exec:s0
+
+/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
+
diff --git a/gear/dumpstate_v3/sepolicy/hal_dumpstate_default.te b/gear/dumpstate_v3/sepolicy/hal_dumpstate_default.te
new file mode 100644
index 0000000..06ebb75
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/hal_dumpstate_default.te
@@ -0,0 +1,7 @@
+# required permission to use tar to pack dumpsate_board.bin
+allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
+allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
+allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
+allow hal_dumpstate_default shell_data_file:file getattr;
+set_prop(hal_dumpstate_default, vendor_logger_prop)
+
diff --git a/gear/dumpstate_v3/sepolicy/property.te b/gear/dumpstate_v3/sepolicy/property.te
new file mode 100644
index 0000000..c6f5a4f
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/property.te
@@ -0,0 +1,3 @@
+# verbose property
+vendor_internal_prop(vendor_logger_prop)
+
diff --git a/gear/dumpstate_v3/sepolicy/property_contexts b/gear/dumpstate_v3/sepolicy/property_contexts
new file mode 100644
index 0000000..5ead16f
--- /dev/null
+++ b/gear/dumpstate_v3/sepolicy/property_contexts
@@ -0,0 +1,3 @@
+# verbose property name
+persist.vendor.verbose_logging_enabled u:object_r:vendor_logger_prop:s0
+
diff --git a/gear/dumpstate_v3/service.cpp b/gear/dumpstate_v3/service.cpp
new file mode 100644
index 0000000..53dc8ac
--- /dev/null
+++ b/gear/dumpstate_v3/service.cpp
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#define LOG_TAG "android.hardware.dumpstate.3-service"
+
+#include "Dumpstate.h"
+
+#include
+#include
+#include
+
+using aidl::android::hardware::dumpstate::Dumpstate;
+
+int main() {
+ ABinderProcess_setThreadPoolMaxThreadCount(0);
+ std::shared_ptr dumpstate = ndk::SharedRefBase::make();
+
+ const std::string instance = std::string() + Dumpstate::descriptor + "/default";
+ binder_status_t status =
+ AServiceManager_addService(dumpstate->asBinder().get(), instance.c_str());
+ CHECK_EQ(status, STATUS_OK);
+
+ ABinderProcess_joinThreadPool();
+ return EXIT_FAILURE; // Unreachable
+}
diff --git a/gps/lsi/s5400.mk b/gps/lsi/s5400.mk
deleted file mode 100644
index 1bfc88e..0000000
--- a/gps/lsi/s5400.mk
+++ /dev/null
@@ -1,19 +0,0 @@
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/lsi/sepolicy
-
-PRODUCT_SOONG_NAMESPACES += \
- vendor/samsung_slsi/gps/s5400
-
-PRODUCT_PACKAGES += \
- android.hardware.location.gps.prebuilt.xml \
- gnssd \
- android.hardware.gnss-service \
- ca.pem \
- gnss_check.sh \
- kepler.bin
-
-ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
- PRODUCT_VENDOR_PROPERTIES += vendor.gps.aol.enabled=true
-endif
-
-# Enable Pixel GNSS HAL
-include device/google/gs-common/gps/pixel/pixel_gnss_hal.mk
\ No newline at end of file
diff --git a/gps/lsi/sepolicy/device.te b/gps/lsi/sepolicy/device.te
new file mode 100644
index 0000000..15d049f
--- /dev/null
+++ b/gps/lsi/sepolicy/device.te
@@ -0,0 +1 @@
+type vendor_gnss_device, dev_type;
diff --git a/gps/lsi/sepolicy/file.te b/gps/lsi/sepolicy/file.te
deleted file mode 100644
index af9582b..0000000
--- a/gps/lsi/sepolicy/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type vendor_gps_file, file_type, data_file_type;
diff --git a/gps/lsi/sepolicy/file_contexts b/gps/lsi/sepolicy/file_contexts
index 9840eab..e6af3b1 100644
--- a/gps/lsi/sepolicy/file_contexts
+++ b/gps/lsi/sepolicy/file_contexts
@@ -7,6 +7,4 @@
/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
/vendor/bin/hw/spad u:object_r:spad_exec:s0
/vendor/bin/hw/android.hardware.gnss-service u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
-# keep only one rule and use eGNSS one
-# /data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
+/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
diff --git a/gps/lsi/sepolicy/gnssd.te b/gps/lsi/sepolicy/gnssd.te
index 56ab51f..a293b95 100644
--- a/gps/lsi/sepolicy/gnssd.te
+++ b/gps/lsi/sepolicy/gnssd.te
@@ -31,3 +31,6 @@ set_prop(gnssd, vendor_gps_prop)
# Read RIL property
get_prop(gnssd, vendor_rild_prop)
+
+# Read modme state
+allow gnssd sysfs_modem_state:file r_file_perms;
diff --git a/gps/pixel/device_framework_matrix_product.xml b/gps/pixel/device_framework_matrix_product.xml
deleted file mode 100644
index 2c93444..0000000
--- a/gps/pixel/device_framework_matrix_product.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
- android.hardware.gnss
- 3
-
- IGnss
- vendor
-
-
-
diff --git a/gps/pixel/pixel_gnss_hal.mk b/gps/pixel/pixel_gnss_hal.mk
deleted file mode 100644
index b0edff7..0000000
--- a/gps/pixel/pixel_gnss_hal.mk
+++ /dev/null
@@ -1,15 +0,0 @@
-# Include this file to enable Pixel GNSS HAL
-
-$(call soong_config_set, pixel_gnss, enable_pixel_gnss_aidl_service, true)
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/pixel/sepolicy
-
-PRODUCT_PACKAGES += \
- android.hardware.gnss-service.pixel
-
-PRODUCT_VENDOR_PROPERTIES += \
- persist.vendor.gps.hal.service.name=vendor
-
-# Compatibility matrix
-DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += \
- device/google/gs-common/gps/pixel/device_framework_matrix_product.xml
diff --git a/gps/pixel/sepolicy/file.te b/gps/pixel/sepolicy/file.te
deleted file mode 100644
index 79e95ab..0000000
--- a/gps/pixel/sepolicy/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type sysfs_modem_state, sysfs_type, fs_type;
diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te
index 512ecc9..cc63702 100644
--- a/gps/pixel/sepolicy/hal_gnss_pixel.te
+++ b/gps/pixel/sepolicy/hal_gnss_pixel.te
@@ -1,9 +1,3 @@
-type hal_gnss_pixel, domain;
-hal_server_domain(hal_gnss_pixel, hal_gnss)
-
-type hal_gnss_pixel_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_gnss_pixel)
-
#IPC between pixel and vendor HAL
binder_call(hal_gnss_pixel, hal_gnss_default)
@@ -12,3 +6,18 @@ allow hal_gnss_pixel sysfs_modem_state:file r_file_perms;
#Toggle coredump node
allow hal_gnss_pixel sysfs_gps:file rw_file_perms;
+
+# Allow access to CHRE multiclient HAL.
+get_prop(hal_gnss_pixel, vendor_chre_hal_prop)
+
+# Allow binder to CHRE.
+binder_call(hal_gnss_pixel, hal_contexthub_default)
+allow hal_gnss_pixel hal_contexthub_service:service_manager find;
+
+# Allow connect to gnss service
+allow hal_gnss_pixel vendor_gps_file:dir create_dir_perms;
+allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;
+
+# Allow access ssrdump information
+allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
diff --git a/gpu/sepolicy/service_contexts b/gpu/sepolicy/service_contexts
new file mode 100644
index 0000000..88ee08c
--- /dev/null
+++ b/gpu/sepolicy/service_contexts
@@ -0,0 +1,4 @@
+# Note that native/passthrough HALs use the "{type}/{instance}" pattern from
+# SEPolicy perspective and are looked up via the corresponding filename
+# "{type}.{instance}.so".
+mapper/pixel u:object_r:hal_graphics_mapper_service:s0
diff --git a/gs_watchdogd/gs_watchdogd.cpp b/gs_watchdogd/gs_watchdogd.cpp
index 59b089c..82e01d0 100644
--- a/gs_watchdogd/gs_watchdogd.cpp
+++ b/gs_watchdogd/gs_watchdogd.cpp
@@ -14,9 +14,11 @@
* limitations under the License.
*/
+#include
#include
#include
#include
+#include
#include
#include
@@ -26,21 +28,28 @@
#include
#include
-#define DEV_GLOB "/sys/devices/platform/*.watchdog_cl0/watchdog/watchdog*"
+#include
+#include
+
+#define DEV_GLOB "/sys/devices/platform/*.watchdog_cl*/watchdog/watchdog*"
+
+#define DEFAULT_INTERVAL 10s
+#define DEFAULT_MARGIN 10s
using android::base::Basename;
using android::base::StringPrintf;
+using std::literals::chrono_literals::operator""s;
int main(int argc, char** argv) {
android::base::InitLogging(argv, &android::base::KernelLogger);
- int interval = 10;
- if (argc >= 2) interval = atoi(argv[1]);
+ std::chrono::seconds interval = argc >= 2
+ ? std::chrono::seconds(atoi(argv[1])) : DEFAULT_INTERVAL;
+ std::chrono::seconds margin = argc >= 3
+ ? std::chrono::seconds(atoi(argv[2])) : DEFAULT_MARGIN;
- int margin = 10;
- if (argc >= 3) margin = atoi(argv[2]);
-
- LOG(INFO) << "gs_watchdogd started (interval " << interval << ", margin " << margin << ")!";
+ LOG(INFO) << "gs_watchdogd started (interval " << interval.count()
+ << ", margin " << margin.count() << ")!";
glob_t globbuf;
int ret = glob(DEV_GLOB, GLOB_MARK, nullptr, &globbuf);
@@ -49,40 +58,42 @@ int main(int argc, char** argv) {
return 1;
}
- if (globbuf.gl_pathc > 1) {
- PLOG(WARNING) << "Multiple watchdog dev path found by " << DEV_GLOB;
- }
+ std::vector wdt_dev_fds;
- std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[0]).c_str());
- globfree(&globbuf);
+ for (size_t i = 0; i < globbuf.gl_pathc; i++) {
+ std::chrono::seconds timeout = interval + margin;
+ int timeout_secs = timeout.count();
+ std::string dev_path = StringPrintf("/dev/%s", Basename(globbuf.gl_pathv[i]).c_str());
- int fd = open(dev_path.c_str(), O_RDWR | O_CLOEXEC);
- if (fd == -1) {
- PLOG(ERROR) << "Failed to open " << dev_path;
- return 1;
- }
+ int fd = TEMP_FAILURE_RETRY(open(dev_path.c_str(), O_RDWR | O_CLOEXEC));
+ if (fd == -1) {
+ PLOG(ERROR) << "Failed to open " << dev_path;
+ return 1;
+ }
- int timeout = interval + margin;
- ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout);
- if (ret) {
- PLOG(ERROR) << "Failed to set timeout to " << timeout;
- ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout);
+ wdt_dev_fds.emplace_back(fd);
+ ret = ioctl(fd, WDIOC_SETTIMEOUT, &timeout_secs);
if (ret) {
- PLOG(ERROR) << "Failed to get timeout";
- } else {
- if (timeout > margin) {
- interval = timeout - margin;
+ PLOG(ERROR) << "Failed to set timeout to " << timeout_secs;
+ ret = ioctl(fd, WDIOC_GETTIMEOUT, &timeout_secs);
+ if (ret) {
+ PLOG(ERROR) << "Failed to get timeout";
} else {
- interval = 1;
+ interval = timeout > margin ? timeout - margin : 1s;
+ LOG(WARNING) << "Adjusted interval to timeout returned by driver: "
+ << "timeout " << timeout_secs
+ << ", interval " << interval.count()
+ << ", margin " << margin.count();
}
- LOG(WARNING) << "Adjusted interval to timeout returned by driver: "
- << "timeout " << timeout << ", interval " << interval << ", margin "
- << margin;
}
}
+ globfree(&globbuf);
+
while (true) {
- write(fd, "", 1);
- sleep(interval);
+ for (const auto& fd : wdt_dev_fds) {
+ TEMP_FAILURE_RETRY(write(fd, "", 1));
+ }
+ sleep(interval.count());
}
}
diff --git a/gxp/dump_gxp.cpp b/gxp/dump_gxp.cpp
index 518a44a..5d9f28a 100644
--- a/gxp/dump_gxp.cpp
+++ b/gxp/dump_gxp.cpp
@@ -17,7 +17,7 @@
#include
#include
-#define maxGxpDebugDumps 3
+#define maxGxpDebugDumps 4
int main() {
/* TODO(b/277094681): Set default value to false around device beta milestone. */
diff --git a/gyotaku_app/dump/dump_gyotaku.cpp b/gyotaku_app/dump/dump_gyotaku.cpp
index 62c2a57..0f22e68 100644
--- a/gyotaku_app/dump/dump_gyotaku.cpp
+++ b/gyotaku_app/dump/dump_gyotaku.cpp
@@ -19,7 +19,7 @@
#define GYOTAKU_DIRECTORY "/data/vendor/gyotaku/andlog"
#define GYOTAKU_ANDROID_LOG_PREFIX "android_"
-
+#define GYOTAKU_ODPM_LOG_PREFIX "odpm_"
#define maxFileLogsNumber 30
int main() {
@@ -30,6 +30,7 @@ int main() {
}
dumpLogs(GYOTAKU_DIRECTORY, outputDir.c_str(), maxFileLogsNumber, GYOTAKU_ANDROID_LOG_PREFIX);
+ dumpLogs(GYOTAKU_DIRECTORY, outputDir.c_str(), maxFileLogsNumber, GYOTAKU_ODPM_LOG_PREFIX);
return 0;
}
diff --git a/gyotaku_app/fingerprint/gyotaku_app.te b/gyotaku_app/fingerprint/gyotaku_app.te
new file mode 100644
index 0000000..f6475f5
--- /dev/null
+++ b/gyotaku_app/fingerprint/gyotaku_app.te
@@ -0,0 +1,19 @@
+# Specific build for fingerprint
+type gyotaku_app, domain;
+
+app_domain(gyotaku_app)
+net_domain(gyotaku_app)
+
+# For Gyotaku app common use
+allow gyotaku_app app_api_service:service_manager find;
+allow gyotaku_app privapp_data_file:lnk_file read;
+allow gyotaku_app system_app_data_file:dir create_dir_perms;
+allow gyotaku_app system_app_data_file:file create_file_perms;
+
+# For getproperty isDebuggable use
+get_prop(gyotaku_app, userdebug_or_eng_prop)
+
+# For access /data/vendor/misc fingerprint use.
+allow gyotaku_app vendor_misc_data_file:dir search;
+allow gyotaku_app vendor_fingerprint_data_file:dir r_dir_perms;
+allow gyotaku_app vendor_fingerprint_data_file:file r_file_perms;
diff --git a/gyotaku_app/fingerprint/seapp_contexts b/gyotaku_app/fingerprint/seapp_contexts
new file mode 100644
index 0000000..b1c6248
--- /dev/null
+++ b/gyotaku_app/fingerprint/seapp_contexts
@@ -0,0 +1,2 @@
+# Gyotaku app
+user=system seinfo=platform name=com.google.android.apps.internal.gyotaku domain=gyotaku_app type=system_app_data_file levelFrom=all
diff --git a/gyotaku_app/gyotaku_fingerprint.mk b/gyotaku_app/gyotaku_fingerprint.mk
new file mode 100644
index 0000000..051b88e
--- /dev/null
+++ b/gyotaku_app/gyotaku_fingerprint.mk
@@ -0,0 +1,5 @@
+# Specific build for fingerprint
+PRODUCT_PACKAGES_DEBUG += \
+ Gyotaku
+
+BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/fingerprint
diff --git a/insmod/16k/Android.bp b/insmod/16k/Android.bp
new file mode 100644
index 0000000..975c5dc
--- /dev/null
+++ b/insmod/16k/Android.bp
@@ -0,0 +1,14 @@
+
+soong_namespace {
+}
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+sh_binary {
+ name: "insmod.sh",
+ src: "insmod.sh",
+ init_rc: ["init.module.rc"],
+ vendor: true,
+}
diff --git a/insmod/init.module.rc b/insmod/16k/init.module.rc
similarity index 100%
rename from insmod/init.module.rc
rename to insmod/16k/init.module.rc
diff --git a/insmod/16k/insmod.sh b/insmod/16k/insmod.sh
new file mode 100644
index 0000000..8ec8199
--- /dev/null
+++ b/insmod/16k/insmod.sh
@@ -0,0 +1,119 @@
+#!/vendor/bin/sh
+
+#############################################################
+### init.insmod.cfg format: ###
+### ----------------------------------------------------- ###
+### [insmod|setprop|enable/moprobe|wait] [path|prop name] ###
+### ... ###
+#############################################################
+
+modules_dir=
+system_modules_dir=
+vendor_modules_dir=
+
+
+pagesize=$(getconf PAGESIZE)
+# bootoption=$(getprop ro.product.build.16k_page.enabled)
+# We do not need to check ro.product.build.16k_page.enabled , because this
+# version of insmod.sh will only be used if PRODUCT_16K_DEVELOPER_OPTION
+# is set to true
+
+if [ "$pagesize" != "4096" ] ; then
+ echo "Device has page size $pagesize , skip loading modules from vendor_dlkm/system_dlkm because all modules are stored on vendor_boot"
+ setprop vendor.common.modules.ready 1
+ setprop vendor.device.modules.ready 1
+ setprop vendor.all.modules.ready 1
+ setprop vendor.all.devices.ready 1
+ return 0
+fi
+
+
+for dir in system vendor; do
+ for f in /${dir}/lib/modules/*/modules.dep /${dir}/lib/modules/modules.dep; do
+ if [[ -f "$f" ]]; then
+ if [[ "${dir}" == "system" ]]; then
+ system_modules_dir="$(dirname "$f")"
+ else
+ vendor_modules_dir="$(dirname "$f")"
+ modules_dir=${vendor_modules_dir}
+ fi
+ break
+ fi
+ done
+done
+
+if [[ -z "${system_modules_dir}" ]]; then
+ echo "Unable to locate system kernel modules directory" 2>&1
+fi
+
+if [[ -z "${vendor_modules_dir}" ]]; then
+ echo "Unable to locate vendor kernel modules directory" 2>&1
+ exit 1
+fi
+
+# imitates wait_for_file() in init
+wait_for_file()
+{
+ filename="${1}"
+ timeout="${2:-5}"
+
+ expiry=$(($(date "+%s")+timeout))
+ while [[ ! -e "${filename}" ]] && [[ "$(date "+%s")" -le "${expiry}" ]]
+ do
+ sleep 0.01
+ done
+}
+
+if [ $# -eq 1 ]; then
+ cfg_file=$1
+else
+ # Set property even if there is no insmod config
+ # to unblock early-boot trigger
+ setprop vendor.common.modules.ready 1
+ setprop vendor.device.modules.ready 1
+ setprop vendor.all.modules.ready 1
+ setprop vendor.all.devices.ready 1
+ exit 1
+fi
+
+if [ -f $cfg_file ]; then
+ while IFS="|" read -r action arg
+ do
+ case $action in
+ "insmod") insmod $arg ;;
+ "setprop") setprop $arg 1 ;;
+ "enable") echo 1 > $arg ;;
+ "condinsmod")
+ prop=$(echo $arg | cut -d '|' -f 1)
+ module1=$(echo $arg | cut -d '|' -f 2)
+ module2=$(echo $arg | cut -d '|' -f 3)
+ value=$(getprop $prop)
+ if [[ ${value} == "true" ]]; then
+ insmod ${vendor_modules_dir}/${module1}
+ else
+ insmod ${vendor_modules_dir}/${module2}
+ fi
+ ;;
+ "modprobe")
+ case ${arg} in
+ "system -b *" | "system -b")
+ modules_dir=${system_modules_dir}
+ arg="-b --all=${system_modules_dir}/modules.load" ;;
+ "system *" | "system")
+ modules_dir=${system_modules_dir}
+ arg="--all=${system_modules_dir}/modules.load" ;;
+ "-b *" | "-b" | "vendor -b *" | "vendor -b")
+ modules_dir=${vendor_modules_dir}
+ arg="-b --all=${vendor_modules_dir}/modules.load" ;;
+ "*" | "" | "vendor *" | "vendor")
+ modules_dir=${vendor_modules_dir}
+ arg="--all=${vendor_modules_dir}/modules.load" ;;
+ esac
+ if [[ -d "${modules_dir}" ]]; then
+ modprobe -a -d "${modules_dir}" $arg
+ fi
+ ;;
+ "wait") wait_for_file $arg ;;
+ esac
+ done < $cfg_file
+fi
diff --git a/insmod/4k/Android.bp b/insmod/4k/Android.bp
new file mode 100644
index 0000000..ddfec40
--- /dev/null
+++ b/insmod/4k/Android.bp
@@ -0,0 +1,13 @@
+
+soong_namespace {
+}
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+sh_binary {
+ name: "insmod.sh",
+ src: "insmod.sh",
+ init_rc: ["init.module.rc"],
+ vendor: true,
+}
diff --git a/insmod/4k/init.module.rc b/insmod/4k/init.module.rc
new file mode 100644
index 0000000..de23b5b
--- /dev/null
+++ b/insmod/4k/init.module.rc
@@ -0,0 +1,10 @@
+on init
+ # Loading common kernel modules in background
+ start insmod_sh
+
+service insmod_sh /vendor/bin/insmod.sh /vendor/etc/init.common.cfg
+ class main
+ user root
+ group root system
+ disabled
+ oneshot
diff --git a/insmod/insmod.sh b/insmod/4k/insmod.sh
similarity index 87%
rename from insmod/insmod.sh
rename to insmod/4k/insmod.sh
index 03843f5..8cac37e 100755
--- a/insmod/insmod.sh
+++ b/insmod/4k/insmod.sh
@@ -66,6 +66,17 @@ if [ -f $cfg_file ]; then
"insmod") insmod $arg ;;
"setprop") setprop $arg 1 ;;
"enable") echo 1 > $arg ;;
+ "condinsmod")
+ prop=$(echo $arg | cut -d '|' -f 1)
+ module1=$(echo $arg | cut -d '|' -f 2)
+ module2=$(echo $arg | cut -d '|' -f 3)
+ value=$(getprop $prop)
+ if [[ ${value} == "true" ]]; then
+ insmod ${vendor_modules_dir}/${module1}
+ else
+ insmod ${vendor_modules_dir}/${module2}
+ fi
+ ;;
"modprobe")
case ${arg} in
"system -b *" | "system -b")
diff --git a/insmod/Android.bp b/insmod/Android.bp
index eed35ec..143e777 100644
--- a/insmod/Android.bp
+++ b/insmod/Android.bp
@@ -2,13 +2,6 @@ package {
default_applicable_licenses: ["Android-Apache-2.0"],
}
-sh_binary {
- name: "insmod.sh",
- src: "insmod.sh",
- init_rc: ["init.module.rc"],
- vendor: true,
-}
-
prebuilt_etc {
name: "init.common.cfg",
src: "init.common.cfg",
diff --git a/insmod/insmod.mk b/insmod/insmod.mk
index aa2261a..0d8da9e 100644
--- a/insmod/insmod.mk
+++ b/insmod/insmod.mk
@@ -1,3 +1,9 @@
+ifeq (true,$(PRODUCT_16K_DEVELOPER_OPTION))
+PRODUCT_SOONG_NAMESPACES += device/google/gs-common/insmod/16k
+else
+PRODUCT_SOONG_NAMESPACES += device/google/gs-common/insmod/4k
+endif
+
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/insmod/sepolicy
PRODUCT_PACKAGES += \
insmod.sh \
diff --git a/modem/shared_modem_platform/compatibility_matrix.xml b/modem/shared_modem_platform/compatibility_matrix.xml
new file mode 100644
index 0000000..5019c3e
--- /dev/null
+++ b/modem/shared_modem_platform/compatibility_matrix.xml
@@ -0,0 +1,11 @@
+
+
+
+ com.google.pixel.shared_modem_platform
+ 1
+
+ ISharedModemPlatform
+ default
+
+
+
diff --git a/modem/shared_modem_platform/sepolicy/attributes b/modem/shared_modem_platform/sepolicy/attributes
new file mode 100644
index 0000000..2cc802d
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/attributes
@@ -0,0 +1 @@
+hal_attribute(shared_modem_platform)
diff --git a/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te b/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te
new file mode 100644
index 0000000..8771563
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te
@@ -0,0 +1,8 @@
+# Allow binder connection from client to server
+binder_call(hal_shared_modem_platform_client, hal_shared_modem_platform_server)
+
+# Allow client to find the service, server to register the service
+hal_attribute_service(hal_shared_modem_platform, hal_shared_modem_platform_service)
+
+# Allow binder communication from server to service_manager
+binder_use(hal_shared_modem_platform_server)
diff --git a/modem/shared_modem_platform/sepolicy/service.te b/modem/shared_modem_platform/sepolicy/service.te
new file mode 100644
index 0000000..390fde6
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/service.te
@@ -0,0 +1 @@
+type hal_shared_modem_platform_service, hal_service_type, service_manager_type;
diff --git a/modem/shared_modem_platform/sepolicy/service_contexts b/modem/shared_modem_platform/sepolicy/service_contexts
new file mode 100644
index 0000000..58232f7
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/service_contexts
@@ -0,0 +1,2 @@
+# Bind Shared Modem Platform AIDL service name to the SELinux type.
+com.google.pixel.shared_modem_platform.ISharedModemPlatform/default u:object_r:hal_shared_modem_platform_service:s0
diff --git a/modem/shared_modem_platform/shared_modem_platform.mk b/modem/shared_modem_platform/shared_modem_platform.mk
new file mode 100644
index 0000000..3f50c37
--- /dev/null
+++ b/modem/shared_modem_platform/shared_modem_platform.mk
@@ -0,0 +1,11 @@
+# This file is not included in `modem.mk` since this is included at the
+# beginning of each `device.mk` file, and so will be called before
+# `SHARED_MODEM_PLATFORM_VENDOR` is defined later in the file.
+SOONG_CONFIG_NAMESPACES += shared_modem_platform
+SOONG_CONFIG_shared_modem_platform += \
+ vendor
+SOONG_CONFIG_shared_modem_platform_vendor := $(SHARED_MODEM_PLATFORM_VENDOR)
+
+PRODUCT_PACKAGES += shared_modem_platform
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/shared_modem_platform/compatibility_matrix.xml
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy
diff --git a/mte/fullmte-pixel.mk b/mte/fullmte-pixel.mk
index 6cc525d..ac2aba8 100644
--- a/mte/fullmte-pixel.mk
+++ b/mte/fullmte-pixel.mk
@@ -3,6 +3,3 @@ include build/make/target/product/fullmte.mk
PRODUCT_MODULE_BUILD_FROM_SOURCE := true
BOARD_KERNEL_CMDLINE += bootloader.pixel.MTE_FORCE_ON
-# TODO(b/324412910): Remove this when the stack-buffer-overflow is fixed.
-PRODUCT_PRODUCT_PROPERTIES += \
- arm64.memtag.process.android.hardware.composer.hwc3-service.pixel=off
\ No newline at end of file
diff --git a/performance/Android.bp b/performance/Android.bp
index 6eee7c4..5c0e0b2 100644
--- a/performance/Android.bp
+++ b/performance/Android.bp
@@ -5,13 +5,14 @@ package {
cc_binary {
name: "dump_perf",
srcs: ["dump_perf.cpp"],
+ init_rc: ["init.pixel-mm-gs.rc"],
cflags: [
"-Wall",
"-Wextra",
"-Werror",
],
shared_libs: [
- "libdump",
+ "libdump",
],
vendor: true,
relative_install_path: "dump",
diff --git a/performance/dump_perf.cpp b/performance/dump_perf.cpp
index aa742f1..d2989ad 100644
--- a/performance/dump_perf.cpp
+++ b/performance/dump_perf.cpp
@@ -18,5 +18,8 @@
int main() {
dumpFileContent("VENDOR PROC DUMP", "/proc/vendor_sched/dump_task");
+ dumpFileContent("BTS scenario", "/sys/kernel/debug/bts/scenario");
+ dumpFileContent("BTS vc", "/sys/kernel/debug/bts/vc");
+ dumpFileContent("BTS status", "/sys/kernel/debug/bts/status");
return 0;
}
diff --git a/performance/init.pixel-mm-gs.rc b/performance/init.pixel-mm-gs.rc
new file mode 100644
index 0000000..9bc12e9
--- /dev/null
+++ b/performance/init.pixel-mm-gs.rc
@@ -0,0 +1,20 @@
+# Copyright (C) 2024 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+on init
+ # adjust PCP high level
+ write /proc/sys/vm/percpu_pagelist_high_fraction 430
+
+ # disable proactive compaction
+ write /proc/sys/vm/compaction_proactiveness 0
diff --git a/performance/sepolicy/dump_perf.te b/performance/sepolicy/dump_perf.te
index 15c4f6e..befe9ba 100644
--- a/performance/sepolicy/dump_perf.te
+++ b/performance/sepolicy/dump_perf.te
@@ -1,3 +1,7 @@
pixel_bugreport(dump_perf)
allow dump_perf proc_vendor_sched:file r_file_perms;
+userdebug_or_eng(`
+ allow dump_perf vendor_bts_debugfs:dir r_dir_perms;
+ allow dump_perf vendor_bts_debugfs:file r_file_perms;
+')
diff --git a/performance/sepolicy/file.te b/performance/sepolicy/file.te
new file mode 100644
index 0000000..8e16bbf
--- /dev/null
+++ b/performance/sepolicy/file.te
@@ -0,0 +1,2 @@
+type sysfs_pakills, fs_type, sysfs_type;
+type vendor_bts_debugfs, fs_type, debugfs_type;
diff --git a/performance/sepolicy/genfs_contexts b/performance/sepolicy/genfs_contexts
index 000c41b..041021c 100644
--- a/performance/sepolicy/genfs_contexts
+++ b/performance/sepolicy/genfs_contexts
@@ -1 +1,3 @@
genfscon proc /sys/kernel/sched_pelt_multiplier u:object_r:proc_sched:s0
+genfscon sysfs /kernel/vendor_mm/pa_kill u:object_r:sysfs_pakills:s0
+genfscon debugfs /bts u:object_r:vendor_bts_debugfs:s0
diff --git a/performance/sepolicy/hal_power_default.te b/performance/sepolicy/hal_power_default.te
new file mode 100644
index 0000000..763862d
--- /dev/null
+++ b/performance/sepolicy/hal_power_default.te
@@ -0,0 +1,2 @@
+allow hal_power_default sysfs_pakills:file rw_file_perms;
+allow hal_power_default sysfs_pakills:dir r_dir_perms;
diff --git a/performance/sepolicy/vendor_init.te b/performance/sepolicy/vendor_init.te
new file mode 100644
index 0000000..fefecb1
--- /dev/null
+++ b/performance/sepolicy/vendor_init.te
@@ -0,0 +1,3 @@
+# MM
+allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms;
+
diff --git a/pixelsupport/pixelsupport.mk b/pixelsupport/pixelsupport.mk
new file mode 100644
index 0000000..068c94f
--- /dev/null
+++ b/pixelsupport/pixelsupport.mk
@@ -0,0 +1,5 @@
+PRODUCT_PACKAGES += PixelSupportPrebuilt
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/pixelsupport/sepolicy/vendor
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/pixelsupport/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/pixelsupport/sepolicy/product/private
diff --git a/pixelsupport/sepolicy/product/private/certs/pixelsupport.x509.pem b/pixelsupport/sepolicy/product/private/certs/pixelsupport.x509.pem
new file mode 100644
index 0000000..40c874d
--- /dev/null
+++ b/pixelsupport/sepolicy/product/private/certs/pixelsupport.x509.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIGBzCCA++gAwIBAgIVAJriiL3+mR75mIC8e0Xqoz59LduNMA0GCSqGSIb3DQEBCwUAMIGSMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
+MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxLjAsBgNVBAMMJWNvbV9nb29n
+bGVfYW5kcm9pZF9hcHBzX3BpeGVsX3N1cHBvcnQwIBcNMjIxMjEyMTM1MDA3WhgPMjA1MjEyMTIx
+MzUwMDdaMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91
+bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxLjAsBgNV
+BAMMJWNvbV9nb29nbGVfYW5kcm9pZF9hcHBzX3BpeGVsX3N1cHBvcnQwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCSWvRumhZOIAZmWKcuVjc1l3OIIWc/nSRVnsfdzeRqK0jwVFcTqMDs
+kmZtEj/UTW+N91ExRzWvAQ027AcE7TGF3X2iKKAfpSB0fpVQato5RIzOrRbwgAzsIvBdVtExqSNk
+5vh8xJ0azHt6Jn77gW03Mq7AL55Si5q3vU1meeGBPD/YWeqd/oNhPfe0kAHdNnnTOnN6SBxSeO8r
+YukV4XYJ3BxgWD1sm2NI8kZ+OGAooBFflZYXoY6NVfLXm6jsqWnooAok7CrNxZc/wstiwd8yYX6f
+6R1Trox3a9xOy7E+6Rig0XhbWm4pbp3Zu0OLArUalbQ1cjd1qFy6q9maieBn14ad+UtLNOUjCx91
+hLWg/mdpYCvArQb3bBDJdjYfdoo7Q8F9QW3JrFrbIeBezM4TTdK9v/sM4+1OxEo6vwMKQM9Ata/H
+Mn89a4nFHgRqGIMKK8zh0Eob+OwiBakviVhAI1o7IONujcJ2hfuyHNPZb8sT0Rewxtw2fD/Jwj+l
+ADmlXWw553geFcwP1SqOC6j/XOeazSvV4ccCME2VZqIE4pmL+RUr+cgAyQHXPZnet74C7K9sNRV6
+JluS6inqP4lKp7gSFuVrQNYHawNPVinbeTLYEu+df3m3yrHAUpaSvsSUC6qQVWCs0sI8PC6A1+bV
+DXMsIYRvrSnmtN75vOECaQIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTODyZ1S/is
+Y/2ZuMl8B1M6kFiJwDAfBgNVHSMEGDAWgBTODyZ1S/isY/2ZuMl8B1M6kFiJwDANBgkqhkiG9w0B
+AQsFAAOCAgEAL26IGjeu8Q5tn/b4vfYa+7bRUwozAJA9Buyduw/4wVG6rIAkpEsghkgnoOvyjD72
+ncbCkDoBV3a1PLw2W/bMQWfZvYScOzc2yFwcR9LdQIiEYmtgnwuJHnqc2MDsh+MDeclblyBYfIQQ
+bpZ0JArKalSmDyul0QIcfHq+RKmGAzC3bx0xigclIZJxXEG4tyQylttnqNodAEqYdhMMRajI3w9t
+61QwqNv1KTGJt1sC2Q7NyzbZJo02Kwu711Dw6KnVgHaGKC2sRIixsvjm2s6f9/CcVasuLopkJnyl
+epPeD2jHwHdE4/c2K5ZVQeZ+R0pIOEBKwg1AVkn+/UTbhpjYCkEGP09e8T45Y+//eMlrbORJAbji
+H5cfD9aSO2z4slN4B4w+Fw9Kn+a7bsN2xhv7lvAgQ92aq9g/YS1YysZ7kSoCpmKl7rN+0V/RGRVP
+ab2Cb0C3+JewTnOAF30e7zVs9Vaq3oTAV4XFYNiDRUBU/rvv8EIZKcBdufFJmCGYUpmm1EQQdsTt
+mFMPEh5I4Qd0sy+HKvLjThcMGHqDX0bCeXkbFZdj0GXPOOt5LX8NZBdnsbVgENrZml318uLEj3ZU
+DlojsfsTlVcs5eIPX6Dkx0OdgVcMAXnLF+vjP/ygWuLqiPFPCrZD1b+2g2P9Yip3e221tuyca42b
+q3bvQEBwOsA=
+-----END CERTIFICATE-----
diff --git a/pixelsupport/sepolicy/product/private/keys.conf b/pixelsupport/sepolicy/product/private/keys.conf
new file mode 100644
index 0000000..eff6067
--- /dev/null
+++ b/pixelsupport/sepolicy/product/private/keys.conf
@@ -0,0 +1,2 @@
+[@PIXELSUPPORT]
+ALL : device/google/gs-common/pixelsupport/sepolicy/product/private/certs/pixelsupport.x509.pem
diff --git a/pixelsupport/sepolicy/product/private/mac_permissions.xml b/pixelsupport/sepolicy/product/private/mac_permissions.xml
new file mode 100644
index 0000000..cb8d42a
--- /dev/null
+++ b/pixelsupport/sepolicy/product/private/mac_permissions.xml
@@ -0,0 +1,27 @@
+
+
+
+
+
+
+
+
+
diff --git a/pixelsupport/sepolicy/product/private/pixelsupport_app.te b/pixelsupport/sepolicy/product/private/pixelsupport_app.te
new file mode 100644
index 0000000..be6f7dd
--- /dev/null
+++ b/pixelsupport/sepolicy/product/private/pixelsupport_app.te
@@ -0,0 +1,11 @@
+typeattribute pixelsupport_app coredomain;
+
+app_domain(pixelsupport_app)
+# Access the network.
+net_domain(pixelsupport_app)
+# Access bluetooth.
+bluetooth_domain(pixelsupport_app)
+
+allow pixelsupport_app app_api_service:service_manager find;
+allow pixelsupport_app radio_service:service_manager find;
+
diff --git a/pixelsupport/sepolicy/product/private/seapp_contexts b/pixelsupport/sepolicy/product/private/seapp_contexts
new file mode 100644
index 0000000..f16a054
--- /dev/null
+++ b/pixelsupport/sepolicy/product/private/seapp_contexts
@@ -0,0 +1,2 @@
+# Pixel Support App
+user=_app seinfo=PixelSupport name=com.google.android.apps.pixel.support domain=pixelsupport_app type=app_data_file isPrivApp=true levelFrom=user
diff --git a/pixelsupport/sepolicy/product/public/pixelsupport_app.te b/pixelsupport/sepolicy/product/public/pixelsupport_app.te
new file mode 100644
index 0000000..1846ac9
--- /dev/null
+++ b/pixelsupport/sepolicy/product/public/pixelsupport_app.te
@@ -0,0 +1,2 @@
+type pixelsupport_app, domain;
+
diff --git a/pixelsupport/sepolicy/vendor/pixelsupport_app.te b/pixelsupport/sepolicy/vendor/pixelsupport_app.te
new file mode 100644
index 0000000..e3b380c
--- /dev/null
+++ b/pixelsupport/sepolicy/vendor/pixelsupport_app.te
@@ -0,0 +1,2 @@
+set_prop(pixelsupport_app, vendor_gti_prop)
+
diff --git a/radio/sepolicy/file.te b/radio/sepolicy/file.te
index 02d0209..95b24c0 100644
--- a/radio/sepolicy/file.te
+++ b/radio/sepolicy/file.te
@@ -1,6 +1,9 @@
# Data
type tcpdump_vendor_data_file, file_type, data_file_type;
+# Modem
+type sysfs_modem_state, sysfs_type, fs_type;
+
userdebug_or_eng(`
typeattribute tcpdump_vendor_data_file mlstrustedobject;
')
diff --git a/gps/pixel/sepolicy/genfs_contexts b/radio/sepolicy/genfs_contexts
similarity index 99%
rename from gps/pixel/sepolicy/genfs_contexts
rename to radio/sepolicy/genfs_contexts
index 494aa97..039f329 100644
--- a/gps/pixel/sepolicy/genfs_contexts
+++ b/radio/sepolicy/genfs_contexts
@@ -1,2 +1,3 @@
# modem state node
genfscon sysfs /devices/platform/cpif/modem_state u:object_r:sysfs_modem_state:s0
+
diff --git a/ramdump/ramdump.mk b/ramdump/ramdump.mk
deleted file mode 100644
index 5b34a67..0000000
--- a/ramdump/ramdump.mk
+++ /dev/null
@@ -1,3 +0,0 @@
-PRODUCT_PACKAGES_DEBUG += dump_ramdump
-
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/ramdump/sepolicy
diff --git a/ramdump/sepolicy/file_contexts b/ramdump/sepolicy/file_contexts
deleted file mode 100644
index 726f69d..0000000
--- a/ramdump/sepolicy/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# dumpstate
-/vendor/bin/dump/dump_ramdump u:object_r:dump_ramdump_exec:s0
diff --git a/ramdump/Android.bp b/ramdump_and_coredump/Android.bp
similarity index 100%
rename from ramdump/Android.bp
rename to ramdump_and_coredump/Android.bp
diff --git a/ramdump/dump_ramdump.cpp b/ramdump_and_coredump/dump_ramdump.cpp
similarity index 100%
rename from ramdump/dump_ramdump.cpp
rename to ramdump_and_coredump/dump_ramdump.cpp
diff --git a/ramdump_and_coredump/ramdump_and_coredump.mk b/ramdump_and_coredump/ramdump_and_coredump.mk
new file mode 100644
index 0000000..d7a819f
--- /dev/null
+++ b/ramdump_and_coredump/ramdump_and_coredump.mk
@@ -0,0 +1,18 @@
+PRODUCT_PACKAGES += \
+ sscoredump \
+
+PRODUCT_PACKAGES_DEBUG += \
+ dump_ramdump \
+ ramdump \
+
+# When neither AOSP nor factory targets
+ifeq (,$(filter aosp_% factory_%, $(TARGET_PRODUCT)))
+ PRODUCT_PACKAGES += SSRestartDetector
+ PRODUCT_PACKAGES_DEBUG += RamdumpUploader
+endif
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/ramdump_and_coredump/sepolicy
+
+# sscoredump
+PRODUCT_PROPERTY_OVERRIDES += vendor.debug.ssrdump.type=sscoredump
+PRODUCT_SOONG_NAMESPACES += vendor/google/tools/subsystem-coredump
diff --git a/ramdump_and_coredump/sepolicy/bug_map b/ramdump_and_coredump/sepolicy/bug_map
new file mode 100644
index 0000000..0554746
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/bug_map
@@ -0,0 +1,3 @@
+ramdump vendor_hw_plat_prop file b/161103878
+ramdump public_vendor_default_prop file b/161103878
+ramdump proc_bootconfig file b/181615626
diff --git a/ramdump_and_coredump/sepolicy/device.te b/ramdump_and_coredump/sepolicy/device.te
new file mode 100644
index 0000000..7614dd4
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/device.te
@@ -0,0 +1 @@
+type sscoredump_device, dev_type;
diff --git a/ramdump/sepolicy/dump_ramdump.te b/ramdump_and_coredump/sepolicy/dump_ramdump.te
similarity index 100%
rename from ramdump/sepolicy/dump_ramdump.te
rename to ramdump_and_coredump/sepolicy/dump_ramdump.te
diff --git a/ramdump_and_coredump/sepolicy/file.te b/ramdump_and_coredump/sepolicy/file.te
new file mode 100644
index 0000000..10c3171
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/file.te
@@ -0,0 +1,15 @@
+# ramdump: file
+type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_fs, fusefs_type, data_file_type, mlstrustedobject;
+
+# sscoredump: file
+type sscoredump_vendor_data_coredump_file, file_type, data_file_type, mlstrustedobject;
+type sscoredump_vendor_data_crashinfo_file, file_type, data_file_type, mlstrustedobject;
+
+# sscoredump: sysfs
+type sysfs_sscoredump_level, sysfs_type, fs_type; # sscoredump level
+type sysfs_sscoredump_subsystem_report_count, sysfs_type, fs_type; # subsystem report_count: per device explicit path
+
+# ssr_detector_app
+type sscoredump_vendor_data_logcat_file, file_type, data_file_type, mlstrustedobject;
diff --git a/ramdump_and_coredump/sepolicy/file_contexts b/ramdump_and_coredump/sepolicy/file_contexts
new file mode 100644
index 0000000..747fc02
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/file_contexts
@@ -0,0 +1,17 @@
+# dump_ramdump
+/vendor/bin/dump/dump_ramdump u:object_r:dump_ramdump_exec:s0
+
+# ramdump
+/data/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
+/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
+/vendor/bin/ramdump u:object_r:ramdump_exec:s0
+/vendor/bin/ramdump32 u:object_r:ramdump_exec:s0
+
+# sscoredump
+/data/vendor/ssrdump(/.*)? u:object_r:sscoredump_vendor_data_crashinfo_file:s0
+/data/vendor/ssrdump/coredump(/.*)? u:object_r:sscoredump_vendor_data_coredump_file:s0
+/dev/sscd_.* u:object_r:sscoredump_device:s0
+/vendor/bin/sscoredump u:object_r:sscoredump_exec:s0
+
+# ssr_detector_app
+/data/vendor/ssrdump/logcat(/.*)? u:object_r:sscoredump_vendor_data_logcat_file:s0
diff --git a/ramdump_and_coredump/sepolicy/genfs_contexts b/ramdump_and_coredump/sepolicy/genfs_contexts
new file mode 100644
index 0000000..5a6e494
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/genfs_contexts
@@ -0,0 +1 @@
+genfscon sysfs /class/sscoredump/level u:object_r:sysfs_sscoredump_level:s0
diff --git a/ramdump_and_coredump/sepolicy/property.te b/ramdump_and_coredump/sepolicy/property.te
new file mode 100644
index 0000000..e708b5a
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/property.te
@@ -0,0 +1,2 @@
+# ramdump
+vendor_internal_prop(vendor_ramdump_prop)
diff --git a/ramdump_and_coredump/sepolicy/property_contexts b/ramdump_and_coredump/sepolicy/property_contexts
new file mode 100644
index 0000000..a50f5a9
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/property_contexts
@@ -0,0 +1,3 @@
+# ramdump
+ro.boot.ramdump u:object_r:vendor_ramdump_prop:s0
+vendor.debug.ramdump. u:object_r:vendor_ramdump_prop:s0
diff --git a/ramdump_and_coredump/sepolicy/ramdump.te b/ramdump_and_coredump/sepolicy/ramdump.te
new file mode 100644
index 0000000..d66139f
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/ramdump.te
@@ -0,0 +1,48 @@
+type ramdump_exec, exec_type, vendor_file_type, file_type;
+type ramdump, domain;
+
+userdebug_or_eng(`
+ init_daemon_domain(ramdump)
+
+ set_prop(ramdump, vendor_ramdump_prop)
+
+ # f2fs set pin file requires sys_admin
+ allow ramdump self:capability { sys_admin sys_rawio };
+
+ allow ramdump ramdump_vendor_data_file:dir create_dir_perms;
+ allow ramdump ramdump_vendor_data_file:file create_file_perms;
+ allow ramdump proc_cmdline:file r_file_perms;
+
+ allow ramdump block_device:dir search;
+ allow ramdump misc_block_device:blk_file rw_file_perms;
+ allow ramdump userdata_block_device:blk_file rw_file_perms;
+
+ # Allow ReadDefaultFstab().
+ read_fstab(ramdump)
+
+ # read /fstab.${ro.hardware}
+ allow ramdump rootfs:file r_file_perms;
+
+ r_dir_file(ramdump, sysfs_type)
+
+ # To access statsd.
+ hwbinder_use(ramdump)
+ get_prop(ramdump, hwservicemanager_prop)
+ get_prop(ramdump, boot_status_prop)
+ allow ramdump fwk_stats_hwservice:hwservice_manager find;
+ binder_call(ramdump, stats_service_server)
+ allow ramdump fwk_stats_service:service_manager find;
+ binder_use(ramdump)
+
+ # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump.
+ allow ramdump fuse:filesystem relabelfrom;
+ allow ramdump fuse_device:chr_file rw_file_perms;
+ allow ramdump mnt_vendor_file:dir r_dir_perms;
+ allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
+ allow ramdump ramdump_vendor_fs:filesystem { mount unmount relabelfrom relabelto };
+ allow ramdump_vendor_mnt_file ramdump_vendor_fs:filesystem associate;
+
+ # Access new Stats AIDL APIs (ag/13714907).
+ allow ramdump fwk_stats_service:service_manager find;
+ binder_call(ramdump, servicemanager)
+')
diff --git a/ramdump_and_coredump/sepolicy/ramdump_app.te b/ramdump_and_coredump/sepolicy/ramdump_app.te
new file mode 100644
index 0000000..85d4bfd
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/ramdump_app.te
@@ -0,0 +1,26 @@
+type ramdump_app, domain;
+
+userdebug_or_eng(`
+ app_domain(ramdump_app)
+
+ allow ramdump_app app_api_service:service_manager find;
+
+ allow ramdump_app ramdump_vendor_data_file:file create_file_perms;
+ allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms;
+
+ set_prop(ramdump_app, vendor_ramdump_prop)
+ get_prop(ramdump_app, system_boot_reason_prop)
+
+ # To access ramdumpfs.
+ allow ramdump_app mnt_vendor_file:dir search;
+ allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms;
+ allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms;
+
+ # To access subsystem ramdump files and dirs.
+ allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+ allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+ allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+ allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms;
+ allow ramdump_app sscoredump_vendor_data_logcat_file:dir r_dir_perms;
+ allow ramdump_app sscoredump_vendor_data_logcat_file:file r_file_perms;
+')
diff --git a/ramdump_and_coredump/sepolicy/seapp_contexts b/ramdump_and_coredump/sepolicy/seapp_contexts
new file mode 100644
index 0000000..2618216
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/seapp_contexts
@@ -0,0 +1,5 @@
+# ramdump_app
+user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
+
+# ssr_detector_app
+user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user
diff --git a/ramdump_and_coredump/sepolicy/sscoredump.te b/ramdump_and_coredump/sepolicy/sscoredump.te
new file mode 100644
index 0000000..70d6e1b
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/sscoredump.te
@@ -0,0 +1,18 @@
+type sscoredump, domain;
+type sscoredump_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(sscoredump)
+
+set_prop(sscoredump, vendor_ssrdump_prop)
+
+allow sscoredump device:dir r_dir_perms;
+allow sscoredump sscoredump_device:chr_file rw_file_perms;
+allow sscoredump sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
+allow sscoredump sscoredump_vendor_data_crashinfo_file:file create_file_perms;
+allow sscoredump sysfs_sscoredump_subsystem_report_count:file r_file_perms;
+
+userdebug_or_eng(`
+ allow sscoredump sysfs_sscoredump_level:file rw_file_perms;
+ allow sscoredump sscoredump_vendor_data_coredump_file:dir create_dir_perms;
+ allow sscoredump sscoredump_vendor_data_coredump_file:file create_file_perms;
+')
diff --git a/ramdump_and_coredump/sepolicy/ssr_detector_app.te b/ramdump_and_coredump/sepolicy/ssr_detector_app.te
new file mode 100644
index 0000000..ffd612a
--- /dev/null
+++ b/ramdump_and_coredump/sepolicy/ssr_detector_app.te
@@ -0,0 +1,27 @@
+type ssr_detector_app, domain;
+
+app_domain(ssr_detector_app)
+allow ssr_detector_app app_api_service:service_manager find;
+allow ssr_detector_app radio_service:service_manager find;
+
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:file create_file_perms;
+
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+
+userdebug_or_eng(`
+ allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+ allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms;
+ allow ssr_detector_app sscoredump_vendor_data_logcat_file:dir create_dir_perms;
+ allow ssr_detector_app sscoredump_vendor_data_logcat_file:file create_file_perms;
+ get_prop(ssr_detector_app, vendor_aoc_prop)
+ allow ssr_detector_app sysfs_sjtag:dir r_dir_perms;
+ allow ssr_detector_app sysfs_sjtag:file rw_file_perms;
+ allow ssr_detector_app proc_vendor_sched:dir search;
+ allow ssr_detector_app proc_vendor_sched:file rw_file_perms;
+ allow ssr_detector_app cgroup:file write;
+')
+
+get_prop(ssr_detector_app, vendor_ssrdump_prop)
+get_prop(ssr_detector_app, vendor_wifi_version)
diff --git a/recorder/recorder.mk b/recorder/recorder.mk
new file mode 100644
index 0000000..87620da
--- /dev/null
+++ b/recorder/recorder.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/vendor
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/recorder/sepolicy/product/private
diff --git a/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem b/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem
new file mode 100644
index 0000000..833c86b
--- /dev/null
+++ b/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF+zCCA+OgAwIBAgIVAJFfB9eQ7J1w93C6aGBchm77ysA3MA0GCSqGSIb3DQEBCwUAMIGNMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
+MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxKTAnBgNVBAMMIGNvbV9nb29n
+bGVfYW5kcm9pZF9hcHBzX3JlY29yZGVyMB4XDTE5MDIxNTE1NDQxMloXDTQ5MDIxNTE1NDQxMlow
+gY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBW
+aWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEpMCcGA1UEAwwgY29t
+X2dvb2dsZV9hbmRyb2lkX2FwcHNfcmVjb3JkZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCFSs/DqyyRbMD2mEHxxv+DDnV7V8j/RUB43aZXC11kKbLAD/E8/WxV+e9frFoXlzXepK4m
+FliWHyLWNSUmFwVxl2JsrkxUJ4QWXIpw9azHkW9kO5r/VPTXCBAZn80qqaqHlzplHbflxLiQc+zv
+lWEg7HJPBMMMFC3yCYfhLbDrriZdMnT4mHMLUo24TzO2znv7c7SDBWQ57lAsdRB0OX+N4DfBXvUR
+QLUO9FazerGdcK58KHkxgo3ZHY3c2+efkfCkZUgu6HKLwA24O2e0/iYmC7vQTItGYCCyzbdlXDix
+t0YgpsdcsOtVSJLwv6movtAX9JGsrGkvZR9Ffa52Vfc+vW0yqahHxVFJ5VD6UrrQpkWjonrsIbHb
+RLQ05ZM735kd4NWrxgS0sDwdfvhmsj29Ag3q/cuIpG/+x37+vmTlMKggeqxSxoQ4RwGyZuvyb8PB
+/lCf6r6bAYyr88oAs03ATz3RqRH38rkHmFp5Cdf488tw2Wj6vB/JqnfPN8woslle0hUIkqH7Ezna
+0zF79yov7oePFdqr++khDHrrMQziwIk2PN+V0MLGQpmX5FF47Zmprtzvu52QN2f5rnKq2HSfBG0i
+FqZ8/iAEnUsCngVObHaASPxXq1AKiy3iEJaLDjFhGbQk9mbj9o/RHb0kyorI3d90PU8ss8xNsUnm
+pXa4sQIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRXxQfB1H79Hq56Ld1GUrRRfzWo
+ojAfBgNVHSMEGDAWgBRXxQfB1H79Hq56Ld1GUrRRfzWoojANBgkqhkiG9w0BAQsFAAOCAgEARATw
+47mgvvLpdLTPzjORUSLBWXS2WdH43o9tPBNOaLBVRWiua2OyMp8F+nbxm4y/3djGuXsn5S2F12jp
+7xQZcBU4c21vF/ttio/spnnkPBnf0nKndTLoKt4Tpcxq4vnyqyXlBJHIybh+bbc6HVTYM6n8k4vw
+KReUjEjCXAxZ8vWjTgSOAtDrHkaez3tOkACMFmRv+JP1zNG32chLG+8K0/pyLsnknloPAk02Btoc
+t7FI4XKtS/9Z9oipMHfWg8fjI4vRXqiiAR4ctf9EgxcwHY/KVX8RJxsAXMgl65e7qGagbfTWCbHl
+MnRnapjLKkvJKPiIbBx/xdgUoOxdugwL6XPfzg4THQzAiduCgxkDs/H3SQWem6VBZ57KSuudJsop
+s5hb7GS2Hqb5F3YHAlSGQxvj37mDTzbuTH3paqzPwSgnqw0jnkGl//f2osw/mqfD5msDLk4UcmpQ
+IeC10ofhF7hzaZOGwMg8VGzsMR5M154haxj6Y2NFEir6ylz/stPrelkwDvMIDgIororj2Bj7TkWu
++EABNAr8h9yTsJEvxayNMk96U+Rn2LKMZilJdf00SILpr6IFTD8uvRwLIHSCjSbd9C8kkAqbqKs4
+VCg5HPLHjxyXgWOAK1IeqqnryaFPjLqa2RsG6UL+UtIjC6eWMsWOfvRRrpTU21mo2Koc0MI=
+-----END CERTIFICATE-----
diff --git a/recorder/sepolicy/product/private/google_recorder_app.te b/recorder/sepolicy/product/private/google_recorder_app.te
new file mode 100644
index 0000000..ac308aa
--- /dev/null
+++ b/recorder/sepolicy/product/private/google_recorder_app.te
@@ -0,0 +1,16 @@
+app_domain(google_recorder_app)
+net_domain(google_recorder_app)
+
+get_prop(google_recorder_app, graphics_config_writable_prop)
+
+allow google_recorder_app app_api_service:service_manager find;
+allow google_recorder_app audioserver_service:service_manager find;
+allow google_recorder_app mediaextractor_service:service_manager find;
+allow google_recorder_app mediametrics_service:service_manager find;
+allow google_recorder_app mediaserver_service:service_manager find;
+
+allow google_recorder_app privapp_data_file:lnk_file r_file_perms;
+allow google_recorder_app privapp_data_file:file execute;
+
+# Library code may try to access default properties, but should be denied
+dontaudit google_recorder_app default_prop:file read;
diff --git a/recorder/sepolicy/product/private/keys.conf b/recorder/sepolicy/product/private/keys.conf
new file mode 100644
index 0000000..9dad2f5
--- /dev/null
+++ b/recorder/sepolicy/product/private/keys.conf
@@ -0,0 +1,2 @@
+[@GOOGLERECORDER]
+ALL : device/google/gs-common/recorder/sepolicy/product/private/certs/com_google_android_apps_recorder.x509.pem
diff --git a/recorder/sepolicy/product/private/mac_permissions.xml b/recorder/sepolicy/product/private/mac_permissions.xml
new file mode 100644
index 0000000..b1d21bf
--- /dev/null
+++ b/recorder/sepolicy/product/private/mac_permissions.xml
@@ -0,0 +1,27 @@
+
+
+
+
+
+
+
+
+
diff --git a/recorder/sepolicy/product/private/seapp_contexts b/recorder/sepolicy/product/private/seapp_contexts
new file mode 100644
index 0000000..f264927
--- /dev/null
+++ b/recorder/sepolicy/product/private/seapp_contexts
@@ -0,0 +1,2 @@
+# Google Recorder
+user=_app isPrivApp=true seinfo=GoogleRecorder name=com.google.android.apps.recorder domain=google_recorder_app type=app_data_file levelFrom=all
diff --git a/recorder/sepolicy/product/public/google_recorder_app.te b/recorder/sepolicy/product/public/google_recorder_app.te
new file mode 100644
index 0000000..b718e12
--- /dev/null
+++ b/recorder/sepolicy/product/public/google_recorder_app.te
@@ -0,0 +1 @@
+type google_recorder_app, domain;
diff --git a/recorder/sepolicy/vendor/google_recorder_app.te b/recorder/sepolicy/vendor/google_recorder_app.te
new file mode 100644
index 0000000..e140678
--- /dev/null
+++ b/recorder/sepolicy/vendor/google_recorder_app.te
@@ -0,0 +1 @@
+get_prop(google_recorder_app, vendor_audio_prop_restricted)
diff --git a/sota_app/factoryota-watch.mk b/sota_app/factoryota-watch.mk
new file mode 100644
index 0000000..3107a1c
--- /dev/null
+++ b/sota_app/factoryota-watch.mk
@@ -0,0 +1,4 @@
+PRODUCT_PACKAGES += \
+ FactoryOtaWearPrebuilt
+
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/sota_app/sepolicy/system_ext
diff --git a/storage/init.storage.rc b/storage/init.storage.rc
index 2516177..9e4acd4 100644
--- a/storage/init.storage.rc
+++ b/storage/init.storage.rc
@@ -14,11 +14,14 @@ on default_storage_mode
# F2FS
write /dev/sys/fs/by-name/userdata/data_io_flag 8
write /dev/sys/fs/by-name/userdata/node_io_flag 8
+ write /dev/sys/fs/by-name/userdata/max_io_bytes 524288
+ write /dev/sys/fs/by-name/userdata/min_hot_blocks 0
# Block
write /dev/sys/block/by-name/rootdisk/queue/iostats 1
write /dev/sys/block/by-name/rootdisk/queue/nr_requests 128
write /dev/sys/block/by-name/rootdisk/queue/rq_affinity 2
+ write /dev/sys/block/by-name/zoned_device/queue/rq_affinity 2
# UFS
write /dev/sys/block/bootdevice/clkgate_enable 1
@@ -35,7 +38,7 @@ on init
# Block
write /dev/sys/block/by-name/rootdisk/queue/iostats 0
- write /sys/sys/block/by-name/rootdisk/queue/nr_requests 256
+ write /dev/sys/block/by-name/rootdisk/queue/nr_requests 256
# UFS
write /dev/sys/block/bootdevice/clkgate_enable 0
diff --git a/storage/sepolicy/device.te b/storage/sepolicy/device.te
new file mode 100644
index 0000000..e0968f9
--- /dev/null
+++ b/storage/sepolicy/device.te
@@ -0,0 +1,2 @@
+# Userdata Exp block device.
+type userdata_exp_block_device, dev_type;
diff --git a/storage/sepolicy/e2fs.te b/storage/sepolicy/e2fs.te
new file mode 100644
index 0000000..c280cb7
--- /dev/null
+++ b/storage/sepolicy/e2fs.te
@@ -0,0 +1 @@
+allow e2fs userdata_exp_block_device:blk_file rw_file_perms;
diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts
index ecca954..ff863db 100644
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@@ -3,3 +3,4 @@
/dev/sg[0-9] u:object_r:sg_device:s0
/data/vendor/storage(/.*)? u:object_r:dump_storage_data_file:s0
/vendor/bin/sg_read_buffer u:object_r:sg_util_exec:s0
+/dev/block/by-name/userdata_exp.* u:object_r:userdata_exp_block_device:s0
diff --git a/storage/sepolicy/fsck.te b/storage/sepolicy/fsck.te
new file mode 100644
index 0000000..2043199
--- /dev/null
+++ b/storage/sepolicy/fsck.te
@@ -0,0 +1 @@
+allow fsck userdata_exp_block_device:blk_file rw_file_perms;
diff --git a/storage/sepolicy/vold.te b/storage/sepolicy/vold.te
index 1d743b5..3d35589 100644
--- a/storage/sepolicy/vold.te
+++ b/storage/sepolicy/vold.te
@@ -1,4 +1,8 @@
allow vold sysfs_scsi_devices_0000:file rw_file_perms;
+# Access userdata_exp block device.
+allow vold userdata_exp_block_device:blk_file rw_file_perms;
+allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
+
dontaudit vold dumpstate:fifo_file rw_file_perms;
dontaudit vold dumpstate:fd use ;
diff --git a/thermal/dump/dump_thermal.sh b/thermal/dump/dump_thermal.sh
index 288d34d..bd3aad9 100644
--- a/thermal/dump/dump_thermal.sh
+++ b/thermal/dump/dump_thermal.sh
@@ -34,6 +34,8 @@ done
echo 'TMU state:'
cat /sys/module/gs_thermal/parameters/tmu_reg_dump_state
+echo 'TMU intpend:'
+cat /sys/module/gs_thermal/parameters/tmu_reg_dump_intpend
echo 'TMU current temperature:'
cat /sys/module/gs_thermal/parameters/tmu_reg_dump_current_temp
echo 'TMU_TOP rise thresholds:'
diff --git a/thermal/sepolicy/thermal_hal/hal_thermal_default.te b/thermal/sepolicy/thermal_hal/hal_thermal_default.te
index 45ccf3a..41a0f5e 100644
--- a/thermal/sepolicy/thermal_hal/hal_thermal_default.te
+++ b/thermal/sepolicy/thermal_hal/hal_thermal_default.te
@@ -5,6 +5,7 @@ allow hal_thermal_default thermal_link_device:dir r_dir_perms;
allow hal_thermal_default proc_stat:file r_file_perms;
allow hal_thermal_default self:netlink_generic_socket create_socket_perms_no_ioctl;
allow hal_thermal_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow hal_thermal_default sysfs_gpu:file r_file_perms;
hal_client_domain(hal_thermal_default, hal_power);
diff --git a/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te
index a6430f1..df699fc 100644
--- a/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te
+++ b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te
@@ -9,5 +9,5 @@ userdebug_or_eng(`
allow pixel-thermal-control-sh sysfs_thermal:file rw_file_perms;
allow pixel-thermal-control-sh sysfs_thermal:lnk_file r_file_perms;
allow pixel-thermal-control-sh thermal_link_device:dir r_dir_perms;
- get_prop(pixel-thermal-control-sh, vendor_thermal_prop)
+ set_prop(pixel-thermal-control-sh, vendor_thermal_prop)
')
diff --git a/touch/gti/Android.bp b/touch/gti/Android.bp
index c066d0d..d22a5a4 100644
--- a/touch/gti/Android.bp
+++ b/touch/gti/Android.bp
@@ -17,3 +17,35 @@ sh_binary {
vendor: true,
sub_dir: "dump",
}
+
+cc_binary {
+ name: "touch_gti_ical",
+ srcs: ["touch_gti_ical.cpp"],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ shared_libs: [
+ "libbase",
+ "libcutils",
+ "liblog",
+ ],
+ vendor: true,
+}
+
+sh_binary {
+ name: "predump_gti0.sh",
+ src: "dump_gti0.sh",
+ init_rc: ["init.touch.gti0.rc"],
+ vendor: true,
+ sub_dir: "dump_touch",
+}
+
+sh_binary {
+ name: "predump_gti1.sh",
+ src: "dump_gti1.sh",
+ init_rc: ["init.touch.gti1.rc"],
+ vendor: true,
+ sub_dir: "dump_touch",
+}
diff --git a/touch/gti/gti.mk b/touch/gti/gti.mk
index 171534f..2aab821 100644
--- a/touch/gti/gti.mk
+++ b/touch/gti/gti.mk
@@ -1,3 +1,5 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/gti/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/gti/ical/sepolicy
PRODUCT_PACKAGES += dump_gti0.sh
+PRODUCT_PACKAGES += touch_gti_ical
diff --git a/touch/gti/gti_dual.mk b/touch/gti/gti_dual.mk
index f56645d..d6b7602 100644
--- a/touch/gti/gti_dual.mk
+++ b/touch/gti/gti_dual.mk
@@ -1,5 +1,6 @@
include device/google/gs-common/touch/gti/gti.mk
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/gti/sepolicy_gti_dual
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/gti/ical/sepolicy_gti_dual
PRODUCT_PACKAGES += dump_gti1.sh
diff --git a/touch/gti/ical/sepolicy/file_contexts b/touch/gti/ical/sepolicy/file_contexts
new file mode 100644
index 0000000..9bd59c3
--- /dev/null
+++ b/touch/gti/ical/sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/touch_gti_ical u:object_r:gti_ical_exec:s0
diff --git a/touch/gti/ical/sepolicy/gti_ical.te b/touch/gti/ical/sepolicy/gti_ical.te
new file mode 100644
index 0000000..228782c
--- /dev/null
+++ b/touch/gti/ical/sepolicy/gti_ical.te
@@ -0,0 +1,8 @@
+type gti_ical, domain;
+type gti_ical_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(gti_ical)
+
+allow gti_ical sysfs_touch_gti:file rw_file_perms;
+allow gti_ical sysfs_touch_gti:dir search;
+
+set_prop(gti_ical, vendor_gti_prop)
diff --git a/touch/gti/ical/sepolicy/property.te b/touch/gti/ical/sepolicy/property.te
new file mode 100644
index 0000000..2a71d74
--- /dev/null
+++ b/touch/gti/ical/sepolicy/property.te
@@ -0,0 +1 @@
+system_public_prop(vendor_gti_prop)
diff --git a/touch/gti/ical/sepolicy/property_contexts b/touch/gti/ical/sepolicy/property_contexts
new file mode 100644
index 0000000..e3badcd
--- /dev/null
+++ b/touch/gti/ical/sepolicy/property_contexts
@@ -0,0 +1 @@
+vendor.touch.gti0. u:object_r:vendor_gti_prop:s0
diff --git a/touch/gti/ical/sepolicy/vendor_init.te b/touch/gti/ical/sepolicy/vendor_init.te
new file mode 100644
index 0000000..ed0ebda
--- /dev/null
+++ b/touch/gti/ical/sepolicy/vendor_init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_gti_prop)
diff --git a/touch/gti/ical/sepolicy_gti_dual/property_contexts b/touch/gti/ical/sepolicy_gti_dual/property_contexts
new file mode 100644
index 0000000..c3530ff
--- /dev/null
+++ b/touch/gti/ical/sepolicy_gti_dual/property_contexts
@@ -0,0 +1 @@
+vendor.touch.gti1. u:object_r:vendor_gti_prop:s0
diff --git a/touch/gti/init.touch.gti0.rc b/touch/gti/init.touch.gti0.rc
index 31856ea..5f8318e 100644
--- a/touch/gti/init.touch.gti0.rc
+++ b/touch/gti/init.touch.gti0.rc
@@ -24,3 +24,15 @@ on property:sys.boot_completed=1
chown system system /proc/goog_touch_interface/gti.0/ss_base
chown system system /proc/goog_touch_interface/gti.0/ss_diff
chown system system /proc/goog_touch_interface/gti.0/ss_raw
+
+on property:vendor.touch.gti0.ical=*
+ setprop vendor.touch.gti0.ical.state init
+ start touch_gti0_ical
+ wait_for_prop vendor.touch.gti0.ical.state done
+
+service touch_gti0_ical /vendor/bin/touch_gti_ical 0 ${vendor.touch.gti0.ical}
+ class main
+ user system
+ group system shell
+ disabled
+ oneshot
diff --git a/touch/gti/init.touch.gti1.rc b/touch/gti/init.touch.gti1.rc
index a4de328..ba99210 100644
--- a/touch/gti/init.touch.gti1.rc
+++ b/touch/gti/init.touch.gti1.rc
@@ -24,3 +24,15 @@ on property:sys.boot_completed=1
chown system system /proc/goog_touch_interface/gti.1/ss_base
chown system system /proc/goog_touch_interface/gti.1/ss_diff
chown system system /proc/goog_touch_interface/gti.1/ss_raw
+
+on property:vendor.touch.gti1.ical=*
+ setprop vendor.touch.gti1.ical.state init
+ start touch_gti1_ical
+ wait_for_prop vendor.touch.gti1.ical.state done
+
+service touch_gti1_ical /vendor/bin/touch_gti_ical 1 ${vendor.touch.gti1.ical}
+ class main
+ user system
+ group system shell
+ disabled
+ oneshot
diff --git a/touch/gti/predump_gti.mk b/touch/gti/predump_gti.mk
new file mode 100644
index 0000000..ae25254
--- /dev/null
+++ b/touch/gti/predump_gti.mk
@@ -0,0 +1,7 @@
+include device/google/gs-common/touch/predump/predump_touch.mk
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/gti/predump_sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/gti/ical/sepolicy
+
+PRODUCT_PACKAGES += predump_gti0.sh
+PRODUCT_PACKAGES += touch_gti_ical
diff --git a/touch/gti/predump_gti_dual.mk b/touch/gti/predump_gti_dual.mk
new file mode 100644
index 0000000..b7f2efc
--- /dev/null
+++ b/touch/gti/predump_gti_dual.mk
@@ -0,0 +1,6 @@
+include device/google/gs-common/touch/gti/predump_gti.mk
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/gti/predump_sepolicy_gti_dual
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/gti/ical/sepolicy_gti_dual
+
+PRODUCT_PACKAGES += predump_gti1.sh
diff --git a/touch/gti/predump_sepolicy/file.te b/touch/gti/predump_sepolicy/file.te
new file mode 100644
index 0000000..c3900f0
--- /dev/null
+++ b/touch/gti/predump_sepolicy/file.te
@@ -0,0 +1,3 @@
+type proc_touch_gti, proc_type, fs_type;
+type sysfs_touch_gti, sysfs_type, fs_type;
+
diff --git a/touch/gti/predump_sepolicy/file_contexts b/touch/gti/predump_sepolicy/file_contexts
new file mode 100644
index 0000000..6d8ca17
--- /dev/null
+++ b/touch/gti/predump_sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/dump_touch/predump_gti0\.sh u:object_r:predump_touch_exec:s0
diff --git a/touch/gti/predump_sepolicy/genfs_contexts b/touch/gti/predump_sepolicy/genfs_contexts
new file mode 100644
index 0000000..45d3b53
--- /dev/null
+++ b/touch/gti/predump_sepolicy/genfs_contexts
@@ -0,0 +1,4 @@
+# Touch
+genfscon sysfs /devices/virtual/goog_touch_interface u:object_r:sysfs_touch_gti:s0
+genfscon proc /goog_touch_interface u:object_r:proc_touch_gti:s0
+
diff --git a/touch/gti/predump_sepolicy/predump_touch.te b/touch/gti/predump_sepolicy/predump_touch.te
new file mode 100644
index 0000000..7c1f408
--- /dev/null
+++ b/touch/gti/predump_sepolicy/predump_touch.te
@@ -0,0 +1,4 @@
+allow predump_touch proc_touch_gti:dir r_dir_perms;
+allow predump_touch proc_touch_gti:file rw_file_perms;
+allow predump_touch sysfs_touch_gti:dir r_dir_perms;
+allow predump_touch sysfs_touch_gti:file rw_file_perms;
\ No newline at end of file
diff --git a/touch/gti/predump_sepolicy_gti_dual/file_contexts b/touch/gti/predump_sepolicy_gti_dual/file_contexts
new file mode 100644
index 0000000..02a300a
--- /dev/null
+++ b/touch/gti/predump_sepolicy_gti_dual/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/dump_touch/predump_gti1\.sh u:object_r:predump_touch_exec:s0
+
diff --git a/touch/gti/sepolicy/file_contexts b/touch/gti/sepolicy/file_contexts
index 5c429b7..2fce7f5 100644
--- a/touch/gti/sepolicy/file_contexts
+++ b/touch/gti/sepolicy/file_contexts
@@ -1,2 +1 @@
/vendor/bin/dump/dump_gti0\.sh u:object_r:dump_gti_exec:s0
-
diff --git a/touch/gti/touch_gti_ical.cpp b/touch/gti/touch_gti_ical.cpp
new file mode 100644
index 0000000..9b5eed5
--- /dev/null
+++ b/touch/gti/touch_gti_ical.cpp
@@ -0,0 +1,141 @@
+/*
+ ** Copyright 2024, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+#define LOG_TAG "touch_gti_ical"
+
+#include
+#include
+#include
+#include
+#ifdef __ANDROID__
+#include
+#include
+#else
+#define property_set
+#define property_get
+#define ALOGI printf
+#define ALOGW printf
+#endif
+
+int main(int argc, char *argv[])
+{
+ char *line = NULL;
+ size_t len = 0;
+ FILE *ical_fd;
+ const char *ical_override_cmd_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.override.cmd",
+ [1] = "vendor.touch.gti1.ical.override.cmd",
+ };
+ const char *ical_override_result_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.override.result",
+ [1] = "vendor.touch.gti1.ical.override.result",
+ };
+ const char *ical_write_history_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.write.history",
+ [1] = "vendor.touch.gti1.ical.write.history",
+ };
+ const char *ical_state_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.state",
+ [1] = "vendor.touch.gti1.ical.state",
+ };
+ const char *ical_result_prop[2] = {
+ [0] = "vendor.touch.gti0.ical.result",
+ [1] = "vendor.touch.gti1.ical.result",
+ };
+ const char *ical_sysfs[2] = {
+ [0] = "/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate",
+ [1] = "/sys/devices/virtual/goog_touch_interface/gti.1/interactive_calibrate",
+ };
+ const char *ical_override_cmd_prop_path = ical_override_cmd_prop[0];
+ const char *ical_override_result_prop_path = ical_override_result_prop[0];
+ const char *ical_write_history_prop_path = ical_write_history_prop[0];
+ const char *ical_state_prop_path = ical_state_prop[0];
+ const char *ical_result_prop_path = ical_result_prop[0];
+ const char *ical_sysfs_path = ical_sysfs[0];
+ const char ical_override_all_cmd_prop_val[PROPERTY_VALUE_MAX] = "xxx";
+ char ical_override_cmd_prop_val[PROPERTY_VALUE_MAX] = "\0";
+ char ical_override_result_prop_val[PROPERTY_VALUE_MAX] = "\0";
+ char ical_write_history_prop_val[PROPERTY_VALUE_MAX] = "\0";
+
+ if (argc < 3) {
+ ALOGW("No target dev or command for interactive_calibrate sysfs.\n");
+ property_set(ical_state_prop[0], "done");
+ property_set(ical_state_prop[1], "done");
+ return 0;
+ }
+
+ if (strncmp(argv[1], "1", strlen(argv[1])) == 0 ||
+ strncmp(argv[1], "gti1", strlen(argv[1])) == 0 ||
+ strncmp(argv[1], "gti.1", strlen(argv[1])) == 0) {
+ ical_override_cmd_prop_path = ical_override_cmd_prop[1];
+ ical_override_result_prop_path = ical_override_result_prop[1];
+ ical_write_history_prop_path = ical_write_history_prop[1];
+ ical_state_prop_path = ical_state_prop[1];
+ ical_result_prop_path = ical_result_prop[1];
+ ical_sysfs_path = ical_sysfs[1];
+ }
+
+ property_get(ical_override_cmd_prop_path, ical_override_cmd_prop_val, NULL);
+ property_get(ical_override_result_prop_path, ical_override_result_prop_val, "0 - -2147483648");
+ property_get(ical_write_history_prop_path, ical_write_history_prop_val, NULL);
+
+ property_set(ical_result_prop_path, "na");
+ property_set(ical_state_prop_path, "running");
+ if (access(ical_sysfs_path, F_OK | R_OK | W_OK)) {
+ ALOGW("Can't access %s\n", ical_sysfs_path);
+ property_set(ical_state_prop_path, "done");
+ return 0;
+ }
+
+ ical_fd = fopen(ical_sysfs_path, "r+");
+ if (ical_fd == NULL) {
+ ALOGW("Can't fopen %s\n", ical_sysfs_path);
+ property_set(ical_state_prop_path, "done");
+ return 0;
+ }
+
+ if (strncmp(argv[2], "read", strlen(argv[2])) == 0) {
+ getline(&line, &len, ical_fd);
+ if (line != NULL) {
+ property_set(ical_state_prop_path, "read");
+ if (strncmp(ical_override_cmd_prop_val,
+ ical_write_history_prop_val,
+ strlen(ical_write_history_prop_path)) == 0 ||
+ strncasecmp(ical_override_cmd_prop_val,
+ ical_override_all_cmd_prop_val,
+ strlen(ical_override_all_cmd_prop_val)) == 0) {
+ property_set(ical_result_prop_path, ical_override_result_prop_val);
+ ALOGW("read(original): %s => %s",
+ ical_sysfs_path, line);
+ ALOGW("read(override): %s => %s",
+ ical_sysfs_path, ical_override_result_prop_val);
+ } else {
+ property_set(ical_result_prop_path, line);
+ ALOGI("read: %s => %s", ical_sysfs_path, line);
+ }
+ free(line);
+ }
+ } else {
+ property_set(ical_write_history_prop_path, argv[2]);
+ property_set(ical_state_prop_path, argv[2]);
+ fwrite(argv[2], 1, strlen(argv[2]), ical_fd);
+ ALOGI("write: %s => %s\n", argv[2], ical_sysfs_path);
+ }
+ property_set(ical_state_prop_path, "done");
+
+ fclose(ical_fd);
+ return 0;
+}
+
diff --git a/touch/predump/Android.bp b/touch/predump/Android.bp
new file mode 100644
index 0000000..7d2adda
--- /dev/null
+++ b/touch/predump/Android.bp
@@ -0,0 +1,17 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+sh_binary {
+ name: "predump_touch.sh",
+ src: "predump_touch.sh",
+ init_rc: ["init.touch.predump.rc"],
+ vendor: true,
+}
+
+sh_binary {
+ name: "dump_touch.sh",
+ src: "dump_touch.sh",
+ vendor: true,
+ sub_dir: "dump",
+}
diff --git a/touch/predump/dump_touch.sh b/touch/predump/dump_touch.sh
new file mode 100644
index 0000000..889c283
--- /dev/null
+++ b/touch/predump/dump_touch.sh
@@ -0,0 +1,25 @@
+#!/vendor/bin/sh
+
+DIR=/data/vendor/dump_touch
+LOCKFILE="$DIR"/dumping
+LOGFILE="$DIR"/dump.log
+
+if [ ! -f $LOCKFILE ]
+then
+ echo "-----------------------------------------------------"
+ echo "Error : PreDump Touch Logs couldn't be found."
+ echo "-----------------------------------------------------"
+ exit 2
+fi
+
+state=$(cat $LOCKFILE)
+if [ "$state" != 2 ]
+then
+ echo "Unexpected state! Expected 2 but found ${state}" >> $LOGFILE
+fi
+
+cat $LOGFILE
+echo "" > $LOGFILE
+
+echo 0 > $LOCKFILE
+
diff --git a/touch/predump/init.touch.predump.rc b/touch/predump/init.touch.predump.rc
new file mode 100644
index 0000000..aa93c82
--- /dev/null
+++ b/touch/predump/init.touch.predump.rc
@@ -0,0 +1,12 @@
+service vendor.touch_dumpstate /vendor/bin/predump_touch.sh
+ class main
+ user system
+ group system shell
+ disabled
+ oneshot
+
+on post-fs-data
+ mkdir /data/vendor/dump_touch 0775 system system
+
+on property:init.svc.dumpstatez=running
+ start vendor.touch_dumpstate
diff --git a/touch/predump/predump_touch.mk b/touch/predump/predump_touch.mk
new file mode 100644
index 0000000..1a6efb2
--- /dev/null
+++ b/touch/predump/predump_touch.mk
@@ -0,0 +1,4 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/predump/sepolicy
+
+PRODUCT_PACKAGES += predump_touch.sh
+PRODUCT_PACKAGES += dump_touch.sh
diff --git a/touch/predump/predump_touch.sh b/touch/predump/predump_touch.sh
new file mode 100644
index 0000000..6a0c738
--- /dev/null
+++ b/touch/predump/predump_touch.sh
@@ -0,0 +1,44 @@
+#!/vendor/bin/sh
+
+DIR=/data/vendor/dump_touch
+SCRIPT_DIR=/vendor/bin/dump_touch
+LOCKFILE="$DIR"/dumping
+LOGFILE="$DIR"/dump.log
+
+if [ ! -f $LOCKFILE ]
+then
+#Init Setup
+ echo 0 > $LOCKFILE
+ echo "" > $LOGFILE
+ chmod 660 $LOCKFILE
+ chmod 660 $LOGFILE
+fi
+
+echo $(date) >> $LOGFILE
+
+state=$(cat $LOCKFILE)
+if [ "$state" != 0 ]
+then
+ echo "Unexpected state! Expected 0 but found ${state}" >> $LOGFILE
+fi
+
+echo 1 > $LOCKFILE
+
+for entry in "$SCRIPT_DIR"/*.sh
+do
+ echo "----------------------------------" >> $LOGFILE
+ echo "$entry" >> $LOGFILE
+ echo "----------------------------------" >> $LOGFILE
+ sh $entry >> $LOGFILE
+ echo "----------------------------------" >> $LOGFILE
+done
+
+state=$(cat $LOCKFILE)
+if [ "$state" != 1 ]
+then
+ echo "Unexpected state! Expected 1 but found ${state}" >> $LOGFILE
+fi
+
+echo 2 > $LOCKFILE
+
+
diff --git a/touch/predump/sepolicy/dump_touch.te b/touch/predump/sepolicy/dump_touch.te
new file mode 100644
index 0000000..d383882
--- /dev/null
+++ b/touch/predump/sepolicy/dump_touch.te
@@ -0,0 +1,5 @@
+pixel_bugreport(dump_touch)
+
+allow dump_touch vendor_touch_dump_file:dir r_dir_perms;
+allow dump_touch vendor_touch_dump_file:file rw_file_perms;
+allow dump_touch vendor_toolbox_exec:file execute_no_trans;
diff --git a/touch/predump/sepolicy/file.te b/touch/predump/sepolicy/file.te
new file mode 100644
index 0000000..9be89f1
--- /dev/null
+++ b/touch/predump/sepolicy/file.te
@@ -0,0 +1 @@
+type vendor_touch_dump_file, file_type, data_file_type;
diff --git a/touch/predump/sepolicy/file_contexts b/touch/predump/sepolicy/file_contexts
new file mode 100644
index 0000000..0a1ef36
--- /dev/null
+++ b/touch/predump/sepolicy/file_contexts
@@ -0,0 +1,5 @@
+/vendor/bin/predump_touch\.sh u:object_r:predump_touch_exec:s0
+/vendor/bin/dump/dump_touch\.sh u:object_r:dump_touch_exec:s0
+/data/vendor/dump_touch/dump\.log u:object_r:vendor_touch_dump_file:s0
+/data/vendor/dump_touch/dumping u:object_r:vendor_touch_dump_file:s0
+/data/vendor/dump_touch u:object_r:vendor_touch_dump_file:s0
diff --git a/touch/predump/sepolicy/predump_touch.te b/touch/predump/sepolicy/predump_touch.te
new file mode 100644
index 0000000..edf473b
--- /dev/null
+++ b/touch/predump/sepolicy/predump_touch.te
@@ -0,0 +1,9 @@
+type predump_touch, domain;
+type predump_touch_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(predump_touch)
+
+allow predump_touch vendor_touch_dump_file:dir rw_dir_perms;
+allow predump_touch vendor_touch_dump_file:file create_file_perms;
+
+allow predump_touch vendor_toolbox_exec:file execute_no_trans;
+allow predump_touch vendor_shell_exec:file execute_no_trans;
diff --git a/touch/syna/Android.bp b/touch/syna/Android.bp
index 46475d8..d34ee95 100644
--- a/touch/syna/Android.bp
+++ b/touch/syna/Android.bp
@@ -10,3 +10,10 @@ sh_binary {
sub_dir: "dump",
}
+sh_binary {
+ name: "predump_syna.sh",
+ src: "dump_syna.sh",
+ init_rc: ["init.touch.syna.rc"],
+ vendor: true,
+ sub_dir: "dump_touch",
+}
diff --git a/touch/syna/predump_sepolicy/file.te b/touch/syna/predump_sepolicy/file.te
new file mode 100644
index 0000000..3e53ec3
--- /dev/null
+++ b/touch/syna/predump_sepolicy/file.te
@@ -0,0 +1,2 @@
+type sysfs_touch, sysfs_type, fs_type;
+
diff --git a/touch/syna/predump_sepolicy/file_contexts b/touch/syna/predump_sepolicy/file_contexts
new file mode 100644
index 0000000..37dec52
--- /dev/null
+++ b/touch/syna/predump_sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/dump_touch/predump_syna\.sh u:object_r:predump_touch_exec:s0
+
diff --git a/touch/syna/predump_sepolicy/genfs_contexts b/touch/syna/predump_sepolicy/genfs_contexts
new file mode 100644
index 0000000..f2e675f
--- /dev/null
+++ b/touch/syna/predump_sepolicy/genfs_contexts
@@ -0,0 +1,3 @@
+genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/synaptics_tcm.0/sysfs u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/platform/111c0000.spi/spi_master/spi19/spi19.0/synaptics_tcm.0/sysfs u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/sysfs u:object_r:sysfs_touch:s0
diff --git a/touch/syna/predump_sepolicy/predump_touch.te b/touch/syna/predump_sepolicy/predump_touch.te
new file mode 100644
index 0000000..8564ec9
--- /dev/null
+++ b/touch/syna/predump_sepolicy/predump_touch.te
@@ -0,0 +1,5 @@
+
+allow predump_touch sysfs_touch:dir r_dir_perms;
+allow predump_touch sysfs_touch:file rw_file_perms;
+
+get_prop(predump_touch, vendor_touch_dump_path_prop)
diff --git a/touch/syna/predump_sepolicy/property.te b/touch/syna/predump_sepolicy/property.te
new file mode 100644
index 0000000..5484690
--- /dev/null
+++ b/touch/syna/predump_sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_touch_dump_path_prop)
diff --git a/touch/syna/predump_sepolicy/property_contexts b/touch/syna/predump_sepolicy/property_contexts
new file mode 100644
index 0000000..524cc8b
--- /dev/null
+++ b/touch/syna/predump_sepolicy/property_contexts
@@ -0,0 +1 @@
+ro.vendor.touch.dump. u:object_r:vendor_touch_dump_path_prop:s0
diff --git a/touch/syna/predump_sepolicy/vendor_init.te b/touch/syna/predump_sepolicy/vendor_init.te
new file mode 100644
index 0000000..74a6666
--- /dev/null
+++ b/touch/syna/predump_sepolicy/vendor_init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_touch_dump_path_prop)
diff --git a/touch/syna/predump_syna19.mk b/touch/syna/predump_syna19.mk
new file mode 100644
index 0000000..e896fb7
--- /dev/null
+++ b/touch/syna/predump_syna19.mk
@@ -0,0 +1,5 @@
+PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.sys=/sys/class/spi_master/spi19/spi19.0/synaptics_tcm.0/sysfs
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/syna/predump_sepolicy
+
+PRODUCT_PACKAGES += predump_syna.sh
diff --git a/touch/syna/predump_syna20.mk b/touch/syna/predump_syna20.mk
new file mode 100644
index 0000000..e331956
--- /dev/null
+++ b/touch/syna/predump_syna20.mk
@@ -0,0 +1,5 @@
+PRODUCT_VENDOR_PROPERTIES += ro.vendor.touch.dump.sys=/sys/devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/sysfs
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/syna/predump_sepolicy
+
+PRODUCT_PACKAGES += predump_syna.sh
diff --git a/touch/twoshay/sepolicy/device.te b/touch/twoshay/sepolicy/device.te
new file mode 100644
index 0000000..d3ce622
--- /dev/null
+++ b/touch/twoshay/sepolicy/device.te
@@ -0,0 +1 @@
+type touch_offload_device, dev_type;
diff --git a/touch/twoshay/sepolicy/dumpstate.te b/touch/twoshay/sepolicy/dumpstate.te
new file mode 100644
index 0000000..90f14b8
--- /dev/null
+++ b/touch/twoshay/sepolicy/dumpstate.te
@@ -0,0 +1,2 @@
+allow dumpstate touch_context_service:service_manager find;
+binder_call(dumpstate, twoshay)
diff --git a/touch/twoshay/sepolicy/file_contexts b/touch/twoshay/sepolicy/file_contexts
new file mode 100644
index 0000000..09728be
--- /dev/null
+++ b/touch/twoshay/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/dev/touch_offload u:object_r:touch_offload_device:s0
+/vendor/bin/twoshay u:object_r:twoshay_exec:s0
diff --git a/touch/twoshay/sepolicy/hal_dumpstate_default.te b/touch/twoshay/sepolicy/hal_dumpstate_default.te
new file mode 100644
index 0000000..81edc36
--- /dev/null
+++ b/touch/twoshay/sepolicy/hal_dumpstate_default.te
@@ -0,0 +1,2 @@
+allow hal_dumpstate_default touch_context_service:service_manager find;
+binder_call(hal_dumpstate_default, twoshay)
diff --git a/touch/twoshay/sepolicy/platform_app.te b/touch/twoshay/sepolicy/platform_app.te
new file mode 100644
index 0000000..ac997a9
--- /dev/null
+++ b/touch/twoshay/sepolicy/platform_app.te
@@ -0,0 +1,4 @@
+allow platform_app gril_antenna_tuning_service:service_manager find;
+allow platform_app screen_protector_detector_service:service_manager find;
+allow platform_app touch_context_service:service_manager find;
+binder_call(platform_app, twoshay)
diff --git a/touch/twoshay/sepolicy/service.te b/touch/twoshay/sepolicy/service.te
new file mode 100644
index 0000000..4aa064d
--- /dev/null
+++ b/touch/twoshay/sepolicy/service.te
@@ -0,0 +1,3 @@
+type gril_antenna_tuning_service, service_manager_type, hal_service_type;
+type screen_protector_detector_service, service_manager_type, hal_service_type;
+type touch_context_service, service_manager_type, hal_service_type;
diff --git a/touch/twoshay/sepolicy/service_contexts b/touch/twoshay/sepolicy/service_contexts
new file mode 100644
index 0000000..f6aa1db
--- /dev/null
+++ b/touch/twoshay/sepolicy/service_contexts
@@ -0,0 +1,3 @@
+com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
+com.google.input.algos.gril.IGrilAntennaTuningService/default u:object_r:gril_antenna_tuning_service:s0
+com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0
diff --git a/touch/twoshay/sepolicy/twoshay.te b/touch/twoshay/sepolicy/twoshay.te
new file mode 100644
index 0000000..cd317a0
--- /dev/null
+++ b/touch/twoshay/sepolicy/twoshay.te
@@ -0,0 +1,27 @@
+type twoshay, domain;
+type twoshay_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(twoshay)
+
+allow twoshay touch_offload_device:chr_file rw_file_perms;
+allow twoshay twoshay:capability sys_nice;
+
+binder_use(twoshay)
+add_service(twoshay, gril_antenna_tuning_service)
+add_service(twoshay, screen_protector_detector_service)
+add_service(twoshay, touch_context_service)
+
+binder_call(twoshay, platform_app)
+
+allow twoshay fwk_stats_service:service_manager find;
+binder_call(twoshay, stats_service_server)
+
+# Allow dumpsys output in bugreports.
+allow twoshay dumpstate:fd use;
+allow twoshay dumpstate:fifo_file write;
+
+# b/198755236
+dontaudit twoshay twoshay:capability dac_override;
+
+# b/226830650
+dontaudit twoshay boot_status_prop:file read;
diff --git a/touch/twoshay/twoshay.mk b/touch/twoshay/twoshay.mk
new file mode 100644
index 0000000..bae0975
--- /dev/null
+++ b/touch/twoshay/twoshay.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/twoshay/sepolicy
+PRODUCT_PACKAGES += twoshay
+PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces vendor/google/input/twoshay
diff --git a/tts/de-de/de-de-x-multi-r45.zvoice b/tts/de-de/de-de-x-multi-r51.zvoice
similarity index 66%
rename from tts/de-de/de-de-x-multi-r45.zvoice
rename to tts/de-de/de-de-x-multi-r51.zvoice
index 9fca341..8ca49a3 100644
Binary files a/tts/de-de/de-de-x-multi-r45.zvoice and b/tts/de-de/de-de-x-multi-r51.zvoice differ
diff --git a/tts/es-es/es-es-x-multi-r45.zvoice b/tts/es-es/es-es-x-multi-r50.zvoice
similarity index 56%
rename from tts/es-es/es-es-x-multi-r45.zvoice
rename to tts/es-es/es-es-x-multi-r50.zvoice
index 2e7cb61..b42cae9 100644
Binary files a/tts/es-es/es-es-x-multi-r45.zvoice and b/tts/es-es/es-es-x-multi-r50.zvoice differ
diff --git a/tts/fr-fr/fr-fr-x-multi-r46.zvoice b/tts/fr-fr/fr-fr-x-multi-r51.zvoice
similarity index 68%
rename from tts/fr-fr/fr-fr-x-multi-r46.zvoice
rename to tts/fr-fr/fr-fr-x-multi-r51.zvoice
index 9287d91..2e3c160 100644
Binary files a/tts/fr-fr/fr-fr-x-multi-r46.zvoice and b/tts/fr-fr/fr-fr-x-multi-r51.zvoice differ
diff --git a/tts/it-it/it-it-x-multi-r42.zvoice b/tts/it-it/it-it-x-multi-r47.zvoice
similarity index 58%
rename from tts/it-it/it-it-x-multi-r42.zvoice
rename to tts/it-it/it-it-x-multi-r47.zvoice
index a794804..78dce63 100644
Binary files a/tts/it-it/it-it-x-multi-r42.zvoice and b/tts/it-it/it-it-x-multi-r47.zvoice differ
diff --git a/tts/ja-jp/ja-jp-x-multi-r44.zvoice b/tts/ja-jp/ja-jp-x-multi-r49.zvoice
similarity index 64%
rename from tts/ja-jp/ja-jp-x-multi-r44.zvoice
rename to tts/ja-jp/ja-jp-x-multi-r49.zvoice
index 0d562b2..c2f8c80 100644
Binary files a/tts/ja-jp/ja-jp-x-multi-r44.zvoice and b/tts/ja-jp/ja-jp-x-multi-r49.zvoice differ
diff --git a/tts/voice_packs.mk b/tts/voice_packs.mk
index 0bb6d1a..7b95af9 100644
--- a/tts/voice_packs.mk
+++ b/tts/voice_packs.mk
@@ -15,8 +15,8 @@
# Voice packs for Text-To-Speech
PRODUCT_COPY_FILES += \
- device/google/gs-common/tts/ja-jp/ja-jp-x-multi-r44.zvoice:product/tts/google/ja-jp/ja-jp-x-multi-r44.zvoice\
- device/google/gs-common/tts/fr-fr/fr-fr-x-multi-r46.zvoice:product/tts/google/fr-fr/fr-fr-x-multi-r46.zvoice\
- device/google/gs-common/tts/de-de/de-de-x-multi-r45.zvoice:product/tts/google/de-de/de-de-x-multi-r45.zvoice\
- device/google/gs-common/tts/it-it/it-it-x-multi-r42.zvoice:product/tts/google/it-it/it-it-x-multi-r42.zvoice\
- device/google/gs-common/tts/es-es/es-es-x-multi-r45.zvoice:product/tts/google/es-es/es-es-x-multi-r45.zvoice
+ device/google/gs-common/tts/ja-jp/ja-jp-x-multi-r49.zvoice:product/tts/google/ja-jp/ja-jp-x-multi-r49.zvoice\
+ device/google/gs-common/tts/fr-fr/fr-fr-x-multi-r51.zvoice:product/tts/google/fr-fr/fr-fr-x-multi-r51.zvoice\
+ device/google/gs-common/tts/de-de/de-de-x-multi-r51.zvoice:product/tts/google/de-de/de-de-x-multi-r51.zvoice\
+ device/google/gs-common/tts/it-it/it-it-x-multi-r47.zvoice:product/tts/google/it-it/it-it-x-multi-r47.zvoice\
+ device/google/gs-common/tts/es-es/es-es-x-multi-r50.zvoice:product/tts/google/es-es/es-es-x-multi-r50.zvoice
diff --git a/umfw_stat/dump_umfw_stat.cpp b/umfw_stat/dump_umfw_stat.cpp
index 627144b..6c3594d 100644
--- a/umfw_stat/dump_umfw_stat.cpp
+++ b/umfw_stat/dump_umfw_stat.cpp
@@ -27,13 +27,13 @@ int main() {
// Dump AoC statistics.
// TODO(b/272300997): Add timeouts for requests.
runCommand("AoC A32 statistics",
- "timeout 5 /vendor/bin/umfw_stat_tool -s aoc:1 get_all");
+ "timeout 0.5 /vendor/bin/umfw_stat_tool -s aoc:1 get_all");
runCommand("AoC FF1 statistics",
- "timeout 5 /vendor/bin/umfw_stat_tool -s aoc:2 get_all");
+ "timeout 0.5 /vendor/bin/umfw_stat_tool -s aoc:2 get_all");
runCommand("AoC HF0 statistics",
- "timeout 5 /vendor/bin/umfw_stat_tool -s aoc:3 get_all");
+ "timeout 0.5 /vendor/bin/umfw_stat_tool -s aoc:3 get_all");
runCommand("AoC HF1 statistics",
- "timeout 5 /vendor/bin/umfw_stat_tool -s aoc:4 get_all");
+ "timeout 0.5 /vendor/bin/umfw_stat_tool -s aoc:4 get_all");
return 0;
}
diff --git a/widevine/widevine.mk b/widevine/widevine.mk
index 420806e..c59c7b9 100644
--- a/widevine/widevine.mk
+++ b/widevine/widevine.mk
@@ -1,13 +1,4 @@
PRODUCT_PACKAGES += \
android.hardware.drm-service.clearkey \
-ifdef RELEASE_PACKAGE_WIDEVINE
- PRODUCT_PACKAGES += $(RELEASE_PACKAGE_WIDEVINE)
- ifneq ($(wildcard vendor/google/dev-keystore),)
- $(call soong_config_set,widevine,use_devkey,true)
- endif
- PRODUCT_VENDOR_LINKER_CONFIG_FRAGMENTS += \
- vendor/widevine/libwvdrmengine/apex/device/linker.config.json
-else
- -include vendor/widevine/libwvdrmengine/apex/device/device.mk
-endif
\ No newline at end of file
+-include vendor/widevine/libwvdrmengine/apex/device/device.mk
\ No newline at end of file
diff --git a/wireless_charger/compatibility_matrix.xml b/wireless_charger/compatibility_matrix.xml
index 7d18cd9..b760b1d 100644
--- a/wireless_charger/compatibility_matrix.xml
+++ b/wireless_charger/compatibility_matrix.xml
@@ -7,4 +7,12 @@
default
+
+ vendor.google.wireless_charger.service
+ 1
+
+ IWlcService
+ default
+
+
diff --git a/wireless_charger/sepolicy/dumpstate.te b/wireless_charger/sepolicy/dumpstate.te
new file mode 100644
index 0000000..3c5fac3
--- /dev/null
+++ b/wireless_charger/sepolicy/dumpstate.te
@@ -0,0 +1 @@
+binder_call(dumpstate, hal_wlcservice)
diff --git a/wireless_charger/sepolicy/file.te b/wireless_charger/sepolicy/file.te
new file mode 100644
index 0000000..6dd54c8
--- /dev/null
+++ b/wireless_charger/sepolicy/file.te
@@ -0,0 +1 @@
+type vendor_wlc_file, file_type, data_file_type;
diff --git a/wireless_charger/sepolicy/file_contexts b/wireless_charger/sepolicy/file_contexts
index 004c7a1..98796a9 100644
--- a/wireless_charger/sepolicy/file_contexts
+++ b/wireless_charger/sepolicy/file_contexts
@@ -1 +1,5 @@
/vendor/bin/hw/vendor\.google\.wireless_charger-default u:object_r:hal_wireless_charger_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger\.service-default u:object_r:hal_wlcservice_exec:s0
+
+# Data
+/data/vendor/wireless_charger(/.*)? u:object_r:vendor_wlc_file:s0
diff --git a/wireless_charger/sepolicy/hal_wireless_charger.te b/wireless_charger/sepolicy/hal_wireless_charger.te
index 7ab8d83..b5ed734 100644
--- a/wireless_charger/sepolicy/hal_wireless_charger.te
+++ b/wireless_charger/sepolicy/hal_wireless_charger.te
@@ -17,3 +17,4 @@ userdebug_or_eng(`
binder_call(hal_wireless_charger, platform_app)
binder_call(hal_wireless_charger, system_app)
+binder_call(hal_wireless_charger, hal_wlcservice)
diff --git a/wireless_charger/sepolicy/hal_wlcservice.te b/wireless_charger/sepolicy/hal_wlcservice.te
new file mode 100644
index 0000000..eadb593
--- /dev/null
+++ b/wireless_charger/sepolicy/hal_wlcservice.te
@@ -0,0 +1,18 @@
+type hal_wlcservice, domain;
+type hal_wlcservice_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_wlcservice)
+
+allow hal_wlcservice vendor_wlc_file:dir create_dir_perms;
+allow hal_wlcservice vendor_wlc_file:file create_file_perms;
+allow hal_wlcservice hal_wireless_charger_service:service_manager find;
+allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms };
+
+binder_call(hal_wlcservice, servicemanager)
+add_service(hal_wlcservice, hal_wlcservice_service)
+
+userdebug_or_eng(`
+ domain_auto_trans(shell, hal_wlcservice_exec, hal_wlcservice)
+')
+
+binder_call(hal_wlcservice, hal_wireless_charger)
diff --git a/wireless_charger/sepolicy/service.te b/wireless_charger/sepolicy/service.te
new file mode 100644
index 0000000..8f8d87b
--- /dev/null
+++ b/wireless_charger/sepolicy/service.te
@@ -0,0 +1 @@
+type hal_wlcservice_service, hal_service_type, protected_service, service_manager_type;
diff --git a/wireless_charger/sepolicy/service_contexts b/wireless_charger/sepolicy/service_contexts
index 5813e35..ed2faba 100644
--- a/wireless_charger/sepolicy/service_contexts
+++ b/wireless_charger/sepolicy/service_contexts
@@ -1 +1,2 @@
vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0
+vendor.google.wireless_charger.service.IWlcService/default u:object_r:hal_wlcservice_service:s0
diff --git a/wireless_charger/sepolicy/servicemanager.te b/wireless_charger/sepolicy/servicemanager.te
new file mode 100644
index 0000000..74d7244
--- /dev/null
+++ b/wireless_charger/sepolicy/servicemanager.te
@@ -0,0 +1 @@
+binder_call(servicemanager, hal_wlcservice)
diff --git a/wireless_charger/wireless_charger.mk b/wireless_charger/wireless_charger.mk
index acf5fc1..a2dc27c 100644
--- a/wireless_charger/wireless_charger.mk
+++ b/wireless_charger/wireless_charger.mk
@@ -1,5 +1,6 @@
PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces
PRODUCT_PACKAGES += vendor.google.wireless_charger-default
+PRODUCT_PACKAGES += vendor.google.wireless_charger.service-default
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/wireless_charger/compatibility_matrix.xml
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/wireless_charger/sepolicy