-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ9i73wAKCRDorT+BmrEO
eCi5AKCHAzJVFdsm++eJGXcPb6LbaKIGTQCcDiWODLyLOWCK64nt7tfCwTgUFCE=
=3OQU
-----END PGP SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgPpdpjxPACTIhnlvYz0GM4BR7FJ
+rYv3jMbfxNKD3JvcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQGzx1CwS4pcfih6dNJzdvsHLng+4M9qD8N/OatGRRJF0ck6x3Qwifdp45ItOlU7d0T
52HZvmRrb/FCpQQR9Z/QE=
-----END SSH SIGNATURE-----
Merge tag 'aml_tz6_351400020' into staging/lineage-23.0_merge-aml_tz6_351400020
aml_tz6_351400020 (13155446,com.google.android.go.tzdata6,com.google.android.tzdata6)
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ9i73wAKCRDorT+BmrEO
# eCi5AKCHAzJVFdsm++eJGXcPb6LbaKIGTQCcDiWODLyLOWCK64nt7tfCwTgUFCE=
# =3OQU
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue Mar 18 02:18:39 2025 EET
# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate]
# By Jaegeuk Kim (6) and others
# Via Android (Google) Code Review (55) and others
* tag 'aml_tz6_351400020': (74 commits)
Fix comment
Adjust the version set in manifest xml and matrix xml
Add astd sepolicy to gs-common for P26 factory builds
Allow tachyon service to make binder calls to gca
display: add drm_atomic_state to debug-build bugreport
init.pixel-perf.rc: Setup default rampup multiplier and util_est
Allow write for restorecon
Dump F2FS disk_map and UFS phy version
Fix UFS err_stats
Fix selinux permission denials
move common init perf settings to gs_common
Revert "Set up access control rule for aocxd"
16KB: Move CopyEfsTest to device/google/gs-common
Revert^2 "Add Bluetooth extension HAL - CCO"
gs-common: wlc: add tx update permission for hal_googlebattery
Revert "Add Bluetooth extension HAL - CCO"
storage: fix userdata_exp.ai partition selinux error
Revert "move common init perf settings to gs_common"
insmod-sh: Allow writing to kmsg
RamdumpService: Fix the SELinux errors from introducing Firebase Analytics.
...
Conflicts:
display/dump_pixel_display.mk
Change-Id: Iaa05ef7e62a7b8320f320ad4db482998863fe136
This sysconfig is about the apex (com.google.pixel.camera.hal). So it
should be installed with the apex, not in /product.
Bug: 375357389
Test: SysConfigTest#testVendorApexAllowlist
Change-Id: I551870fcff576527d3fdfff3d17a5e7b0ce198a9
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IssQAKCRDorT+BmrEO
eIS/AJ9ojetnDXDlslBpaDU7nNPVrNv+WgCeMKWKeHmJn6acS37FiZBS9+jvpec=
=JvPS
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEHrBYPudH862glXQBzJUERRm+ZmkFAmdY7O4XHG1rYmVzdGFz
QGxpbmVhZ2Vvcy5vcmcACgkQzJUERRm+ZmnGCw//XCwIcPsFqQSwygK76wo5ZsCO
Mex6U5SdmtBecQ2VmIZKofe4/HIog9Wne3GFE6Xjj1bZHxtp/W4uURp6BQ8LuqA5
zqhkzc/Ijz6W+8wJ7n4k+V+N33N9ZYrbxQdqmBbMzLO0kOv86vC0HbKHLLgvT5d4
yYTe3TmGUMXTysky8+Y5YJoIHXqy847ohsOg7yzo9wtEzNZpDXLjDCfp4H8Gei8c
RIw/g+P2WwXGEntlXMtt6lajLF5m2GOtGLL5S+IrtoskpISC6jOmnD+WDwG8VJRW
dts4yqRtB47uz53sLE618zOXE/Tz3Akppq73bJ9I5dk3qHCx7NBVy5HLFE8O6rJL
KVjMj88sMShd4wMbHEy+Sh0jVlcKXuxFJeU0MZ0bqoM5/MDDZXQvJDOOQK7noQHS
RGnsXFwgZnLZEW375FJv4T8S19logSJqAYEkjSdrzU3oIUZqNgFHqQcGDLC8ukOc
79PbK53RvmzyEedYonH7Zn/ImGwmJxlyVey5jFX+O1S9RsVD4AyrgT1dn3s0KniK
1UiPi7sHBsL2yE4rp63UEysFZU9uj2gy3xf4PxBi97LV7mLUfE2YqsDwOrII82Ao
xjyEKTxSMADdwHHI15yf52eNRCf3eBakL54TbZZJ184FZYeTGvOpvc5yCuiITqm9
RauADk94HVdaaMJXyk4=
=l74W
-----END PGP SIGNATURE-----
Merge tag 'android-15.0.0_r6' into staging/lineage-22.0_merge-android-15.0.0_r6
Android 15.0.0 Release 6 (AP4A.241205.013)
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IssQAKCRDorT+BmrEO
# eIS/AJ9ojetnDXDlslBpaDU7nNPVrNv+WgCeMKWKeHmJn6acS37FiZBS9+jvpec=
# =JvPS
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri Dec 6 00:44:01 2024 EET
# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal]
# gpg: initial-contribution@android.com: Verified 2483 signatures in the past
# 3 years. Encrypted 4 messages in the past 2 years.
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78
# By Randall Huang (12) and others
# Via Android (Google) Code Review (58) and others
* tag 'android-15.0.0_r6': (91 commits)
gsc: Change the criteria for building GSC targets
sepolicy: remove irregular policy
Revert^2 "Allow devices that use HIDL to find AIDL radio_ext_service"
Revert "Allow devices that use HIDL to find AIDL radio_ext_service"
gs-common: add rules for euiccpixel_app
audio: allow set_prop for vendor_audio_prop_restricted
Allow devices that use HIDL to find AIDL radio_ext_service
Add sepolicy for NNAPI HAL to access hal_graphics_allocator_service, This is required for AHardwareBuffer allocation.
storage: fix ota selinux error
Storage: add sepolicy for recovery mode
Add sepolicy for gcam app
check_current_prebuilt: Symlink current prebuilt folder to android root
shamp: Update shared_modem_platform HAL version to 3
dumpstate: gsa: Add GSA logs to dumpstate
storage: fix vendor_init avc denied
storage: fix vold avc denied
storage: fix adb bugreport and refactor the existing rules
storage: fix PowerStats avc denied
storage: move sepolicy to common folder
shamp: Update shared_modem_platform HAL version to 2
...
Conflicts:
camera/lyric.mk
storage/init.storage.rc
Change-Id: I5ed6cff3b54261c949ec6ba60b32820b264b4ec2
These statements will be ignored if the packages are
unavailable, such as in the PDK build.
Bug: 380373922
Test: presubmit, check that tools exist in husky-userdebug
Flag: EXEMPT debug-only tool
Change-Id: Id3a524a6adaf1f719a23eb91ebad161ce0551af4
On select branches, like the camera-stability, the prebuilt directory is missing so we want to make sure that it is building from source even if the flags tell us that a prebuilt should be used.
Bug: 380099804
Change-Id: I8832451c1f7ff6d6de3c2991e9f63317966a2f83
Test: Make on camera-stability-dev and verify warning
Flag: EXEMPT (not applicable)
Also removes vendor_camera_isp_service from sepolicy.
Bug: 354335791
Test: make
FLAG: EXEMPT bugfix
Change-Id: I1d1d2dd113676d0df5efc55d3a2fa931e3b9d588
This flag controls whether Lyric apex can be located in the dist-directory.
Flag: dist_lyric_apex
Change-Id: I7a87b2e0b1c220955aafda28173533bd4f6bcd52
BUG: 352009541
Test: TH
Following ag/25368073 as reference with the same justification.
Bug: 312091052
Test: atest PersistentBackgroundCameraServicesTests
Flag: EXEMPT SEPolicy refactoring to make CHD happy
Change-Id: Ie33a6550e0df0fd13271a15afd5beaaccae50e45
Following ag/25368073 as reference with the same justification.
Bug: 312091052
Test: atest PersistentBackgroundCameraServicesTests
Flag: EXEMPT SEPolicy refactoring to make CHD happy
Change-Id: If8810323750c2149b4624f8deffee1cd5c1ce36e
Add a foldable concurrent selfie prebuilt
XML as the feature flag config file
Flag: com.google.pixel.camera.concurrent_foldable_dual_front
Bug: 333986739
Test: build pass
Change-Id: Idbacff0d8f97ad0047b334d5563c7e4d5d734182
State tracker proto file size is small, usually ~15KB. Collect 10 most recent
files to the bug reports.
Bug: 311086427
Test: adb bugreport
Change-Id: I5e43c85aaf40e33e9a578749121b0d3a750c209e
Multicam CPA file size is small, usually <50KB. Collect 10 most recent
files to the bug reports.
Bug: 310389222
Test: adb bugreport
Change-Id: I902fbdfa460a18fb3976d2fbfb4c1c0a716a4ab2
- In addition, add some more allowances
to more closely approximate a priv_app.
Especially, accessing the cache, media
storage and preloads.
Bug: 325326355
Test: I've tested that existing PCS doesn't break.
Change-Id: I045dd3e6d7587ba1bb405e57204d3cc7c9dc5f69
These CPA files are written on fatal errors in the camera
HAL GraphRunner.
Test: manual test that files attached to bugreport
Bug: 321993145
Change-Id: Ieeb84fbb6d52c95d5b123a7fff5c9b93c9d0fcbc
vendor_camera_binder_service is defined in vendor image, but this
property is required and used from the system image. This causes
Cuttlefish Hybrid Device to fail from sepolicy error. This change is to
move system-required property from vendor to product so it can be used
when vendor image is changed into generic one.
Bug: 309469924
Test: Build and boot succeeded with cheetah
Change-Id: Iea3e5be110498f759e268df8b7e5126b65b06a67
Bug: 299315760
Test: Tested with SEPolicy enforcement on and verified PCS could open
requested video stream.
Change-Id: I41af99531feb968015c46cdf67d8c2d03b243a93
Bug: 299315760
Test: Tested with SEPolicy enforcement on and verified PCS could perform
socket operations.
Change-Id: Idd9048da4bb3856666698bc0589dbc68aa74fd1a
As part of Treble, enforce that vendor's seapp_contexts can't label apps
using coredomains. Apps installed to system/system_ext/product should be
labeled with platform side sepolicy.
This change marks violating domains that need to be fixed.
Bug: 296512192
Test: build and see build log
Change-Id: I755657e538ada8807313bd0063c880264e4b79be
These are the minimum set of services that PCS needs to have access for
it to be able act as a media app and use Exoplayer for playing recorded
video files.
However, there'll be a follow up change to broaden the permissions to be
future proof and have greater flexibility as a media app, which will let
PCS to be updated via Play Store without the worry of a missing SEPolicy
config that is common among media apps.
Bug: 287069860
Test: m && flashall
Change-Id: I956219faacbc0c1b649cb638cede964480766718
- This allows us to register the CameraIdRemapper
service through servicemanager and allows PCS
to find it.
Bug: 287069860
Test: m
Change-Id: Ic7f778c4f173caa1ce389c9ad39a14433afc3133
- :* will associate the context with the individual
services, which might start in their own processes.
Bug: 280340307
Test: m
Change-Id: I0cc183ae07f18a2fc8e3c2caf960654296eeab53
Allows the Camera HAL to start a new ISP Service.
avc message:
07-31 17:08:46.990 536 536 E SELinux : avc: denied { add } for
pid=8308 uid=1000 name=com.google.pixel.camera.isp.IIspService/default
scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=0
Bug: 293447476
Test: verify no avc errors and ISP Service starts
Test: atest liblyric.services_isp_service_test
Change-Id: Icbd07820d3323c09868d0249c1ef9d7f2952751e
-Add custom domain for our sysprops, of the forms
-vendor.camera.pbcs.debug.*
-persist.vendor.camera.pbcs.debug.*
-Example: vendor.camera.pbcs.debug.enable_lyricconfigprovider
-This domain will be system + vendor_init writable
-Allow PBCS to read those sysprops
We should now be able to gate our features in PBCS and merge in
successfully. For local dev, we can do:
adb root && adb shell setprop <prop> 1
Bug: 280340307
Test: android.os.SystemProperties.get() works successfully in
LyricConfigProvider for vendor.camera.pbcs.debug.* props
Change-Id: I4b151f606883c0ae32f99b5f75b70b5d4e228f1d
- Introduce service_context for ILyricConfigProvider service
- Allow adding the ILyricConfigProvider to the service manager.
- Allow HAL to find ILyricConfigProvider from servicemanager
- Allow all proceses in com.google.pixel.services:* to have the same domain as the app (vendor_pbcs_app)
-- We'll be running services in their own processes so this
is needed.
- TODO: binder_call(vendor_pbcs_app, vendor_pcs_app);
Allow PBCS appdomain to make binder calls into PCS appdomain
after ag/24030784 lands.
Bug: 280340307
Test: We can successfully start and register the LyricConfigProvider service with the servicemanager.
Change-Id: Ia0a74065e98761e48aa041bf7f2f34188017cee4
Revert submission 24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Reason for revert: Relanding the original topic after copying the certificates under `device/google` for `without-vendor` branches
Reverted changes: /q/submissionid:24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Bug: 287069860
Test: m && flashall && dev test with Open Camera and Camera2 Ext
Change-Id: I7f9a759ca7b5538441de451eb80f20b3cb1e30a9
Revert submission 24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Reason for revert: Relanding the original topic after copying the certificates under `device/google` for `without-vendor` branches
Reverted changes: /q/submissionid:24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL
Bug: 287069860
Test: m && flashall
Change-Id: Ic6ef3d67a518500f0db2cb8c537a3934e64d366b
Lab devices don't do factory reset. So we see 'avc: denied' logs
everynow and then. The fix disables the related audits to avoid any
false negatives.
Bug: 287069860
Test: m && flashall && check for 'avc: denied { write }'
Change-Id: I4f98af849b99f4ece737c85a23e22b817677d917
