nehemiah-zb/lineage_patches_unified
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit, syncing up to v115

Browse Source
This commit is contained in:
AndyCGYan 2019-08-08 02:52:03 +00:00
commit b71d406ba3
91 changed files with 7298 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
patches/platform_bionic/0001-Implement-per-process-target-SDK-version-override.patch Normal file
View File

@ -0,0 +1,39 @@
From 797014d839df40582233e5f13c0fed93c3c178be Mon Sep 17 00:00:00 2001
From: Danny Baumann <dannybaumann@web.de>
Date: Wed, 29 Aug 2018 11:21:52 +0200
Subject: [PATCH 1/4] Implement per-process target SDK version override.
Change-Id: I65bbdbe96541d8aacdd4de125cdb9c1435129413
This is only partial cherry-pick. Value won't be set via Android.bp
---
linker/linker.cpp | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/linker/linker.cpp b/linker/linker.cpp
index c78b9aba6..0ce60dfb2 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp
@@ -3860,7 +3860,18 @@ std::vector<android_namespace_t*> init_default_namespaces(const char* executable
// somain and ld_preloads are added to these namespaces after LD_PRELOAD libs are linked
}
- set_application_target_sdk_version(config->target_sdk_version());
+ uint32_t target_sdk = config->target_sdk_version();
+#ifdef SDK_VERSION_OVERRIDES
+ for (const auto& entry : android::base::Split(SDK_VERSION_OVERRIDES, " ")) {
+ auto splitted = android::base::Split(entry, "=");
+ if (splitted.size() == 2 && splitted[0] == executable_path) {
+ target_sdk = static_cast<uint32_t>(std::stoul(splitted[1]));
+ break;
+ }
+ }
+ DEBUG("Target SDK for %s = %d", executable_path, target_sdk);
+#endif
+ set_application_target_sdk_version(target_sdk);
std::vector<android_namespace_t*> created_namespaces;
created_namespaces.reserve(namespaces.size());
--
2.17.1

56
patches/platform_bionic/0002-Actually-restore-pre-P-mutex-behavior.patch Normal file
View File

@ -0,0 +1,56 @@
From 41b7ba117ad6ecf8080ecd3f8de5fee3e4cdb9d9 Mon Sep 17 00:00:00 2001
From: Ethan Chen <intervigil@gmail.com>
Date: Tue, 25 Sep 2018 00:11:05 -0700
Subject: [PATCH 2/4] Actually restore pre-P mutex behavior
Apps built against versions < P may not actually expect the EBUSY return
code, and may crash or otherwise misbehave. Check for target SDK
versions earlier than P when performing the IsMutexDestroyed check so
any invocation of HandleUsingDestroyedMutex is bypassed and pre-P mutex
behavior is restored.
See 9e989f12d1186231d97dac6d038db7955acebdf3 for the change that
introduced this new behavior.
Change-Id: I45f8882c9527c63eed1ef5820a5004b8958d58ea
---
libc/bionic/pthread_mutex.cpp | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/libc/bionic/pthread_mutex.cpp b/libc/bionic/pthread_mutex.cpp
index 7f48972b1..9355a6030 100644
--- a/libc/bionic/pthread_mutex.cpp
+++ b/libc/bionic/pthread_mutex.cpp
@@ -781,17 +781,22 @@ static int MutexLockWithTimeout(pthread_mutex_internal_t* mutex, bool use_realti
} // namespace NonPI
-static inline __always_inline bool IsMutexDestroyed(uint16_t mutex_state) {
- return mutex_state == 0xffff;
-}
-
// Inlining this function in pthread_mutex_lock() adds the cost of stack frame instructions on
// ARM64. So make it noinline.
-static int __attribute__((noinline)) HandleUsingDestroyedMutex(pthread_mutex_t* mutex,
- const char* function_name) {
+static inline __attribute__((noinline)) bool IsMutexDestroyed(uint16_t mutex_state) {
+ // Checking for mutex destruction is a P-specific behavior. Bypass the
+ // check if the SDK version precedes P, so that no change in behavior
+ // that may cause crashes is introduced.
if (bionic_get_application_target_sdk_version() >= __ANDROID_API_P__) {
- __fortify_fatal("%s called on a destroyed mutex (%p)", function_name, mutex);
+ return mutex_state == 0xffff;
+ } else {
+ return false;
}
+}
+
+static int __always_inline HandleUsingDestroyedMutex(pthread_mutex_t* mutex,
+ const char* function_name) {
+ __fortify_fatal("%s called on a destroyed mutex (%p)", function_name, mutex);
return EBUSY;
}
--
2.17.1

33
patches/platform_bionic/0003-bionic-Use-legacy-pthread_mutex_init-behavior-on-pre.patch Normal file
View File

@ -0,0 +1,33 @@
From 520a3bdfe3f5918880bbf6d0c190229ec84e173d Mon Sep 17 00:00:00 2001
From: nx111 <gd.zhangdz@gmail.com>
Date: Wed, 3 Oct 2018 16:58:19 +0800
Subject: [PATCH 3/4] bionic: Use legacy pthread_mutex_init() behavior on pre-P
API levels
* Google's changes to pthread_mutex_init is breaking RIL
on certain Samsung devices like klte and hlte
* To resolve this, add a check for their new additions
to only apply the new behavior for P and higher APIs
Change-Id: I41335c5c436fa28a66d044e6634466556dfd7f95
---
libc/bionic/pthread_mutex.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libc/bionic/pthread_mutex.cpp b/libc/bionic/pthread_mutex.cpp
index 9355a6030..517e52688 100644
--- a/libc/bionic/pthread_mutex.cpp
+++ b/libc/bionic/pthread_mutex.cpp
@@ -526,7 +526,8 @@ int pthread_mutex_init(pthread_mutex_t* mutex_interface, const pthread_mutexattr
return EINVAL;
}
- if (((*attr & MUTEXATTR_PROTOCOL_MASK) >> MUTEXATTR_PROTOCOL_SHIFT) == PTHREAD_PRIO_INHERIT) {
+ if (((*attr & MUTEXATTR_PROTOCOL_MASK) >> MUTEXATTR_PROTOCOL_SHIFT) == PTHREAD_PRIO_INHERIT
+ && bionic_get_application_target_sdk_version() >= __ANDROID_API_P__) {
#if !defined(__LP64__)
if (state & MUTEX_SHARED_MASK) {
return EINVAL;
--
2.17.1

37
patches/platform_bionic/0004-Read-SDK-version-override-from-property.patch Normal file
View File

@ -0,0 +1,37 @@
From 3809fd785286428028b76bc19e6ed6797b7ca81f Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 3 Jan 2019 17:50:03 +0100
Subject: [PATCH 4/4] Read SDK version override from property
Change-Id: I88ca5d0bde15ee4f2b2bd1255e98f9592973dbf9
---
linker/linker.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/linker/linker.cpp b/linker/linker.cpp
index 0ce60dfb2..f8c692cf7 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp
@@ -3861,7 +3861,9 @@ std::vector<android_namespace_t*> init_default_namespaces(const char* executable
}
uint32_t target_sdk = config->target_sdk_version();
-#ifdef SDK_VERSION_OVERRIDES
+
+ std::string sdkVersionOverrides = android::base::GetProperty("persist.sys.phh.sdk_override", "");
+ static const char *SDK_VERSION_OVERRIDES = sdkVersionOverrides.c_str();
for (const auto& entry : android::base::Split(SDK_VERSION_OVERRIDES, " ")) {
auto splitted = android::base::Split(entry, "=");
if (splitted.size() == 2 && splitted[0] == executable_path) {
@@ -3870,7 +3872,7 @@ std::vector<android_namespace_t*> init_default_namespaces(const char* executable
}
}
DEBUG("Target SDK for %s = %d", executable_path, target_sdk);
-#endif
+
set_application_target_sdk_version(target_sdk);
std::vector<android_namespace_t*> created_namespaces;
--
2.17.1

53
patches/platform_build/0001-Revert-Remove-root-folder-bt_firmware-in-GSI.patch Normal file
View File

@ -0,0 +1,53 @@
From d7fa115dcb7aaf33a6a16b676742513e5539fd85 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 27 Mar 2018 23:26:49 +0200
Subject: [PATCH] Revert "Remove root folder bt_firmware in GSI"
This reverts commit 292b8433cb48ef4ceb2330e57e11b8f644d9d1ee.
Essential 8.1 firmware requires this
---
target/board/generic_arm64_ab/BoardConfig.mk | 2 +-
target/board/generic_arm64_ab/sepolicy/file.te | 1 +
target/board/generic_arm64_ab/sepolicy/file_contexts | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/target/board/generic_arm64_ab/BoardConfig.mk b/target/board/generic_arm64_ab/BoardConfig.mk
index 88b90a8fb..b67c3b31d 100644
--- a/target/board/generic_arm64_ab/BoardConfig.mk
+++ b/target/board/generic_arm64_ab/BoardConfig.mk
@@ -33,7 +33,7 @@ TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
# TODO(jiyong) These might be SoC specific.
-BOARD_ROOT_EXTRA_FOLDERS += firmware firmware/radio persist
+BOARD_ROOT_EXTRA_FOLDERS += bt_firmware firmware firmware/radio persist
BOARD_ROOT_EXTRA_SYMLINKS += /vendor/lib/dsp:/dsp
BOARD_ROOT_EXTRA_SYMLINKS += /vendor/firmware_mnt/image:/firmware/image
BOARD_ROOT_EXTRA_SYMLINKS += /vendor/firmware_mnt/verinfo:/firmware/verinfo
diff --git a/target/board/generic_arm64_ab/sepolicy/file.te b/target/board/generic_arm64_ab/sepolicy/file.te
index 7adfdfa4e..46455339a 100644
--- a/target/board/generic_arm64_ab/sepolicy/file.te
+++ b/target/board/generic_arm64_ab/sepolicy/file.te
@@ -1,5 +1,6 @@
# TODO(b/36764215): remove this file when the generic system image
# no longer has these directories
+type bt_firmware_file, file_type;
type persist_file, file_type;
# Default type for anything under /firmware.
diff --git a/target/board/generic_arm64_ab/sepolicy/file_contexts b/target/board/generic_arm64_ab/sepolicy/file_contexts
index 0a80559e1..92a4ff872 100644
--- a/target/board/generic_arm64_ab/sepolicy/file_contexts
+++ b/target/board/generic_arm64_ab/sepolicy/file_contexts
@@ -2,6 +2,7 @@
# no longer has these directories. They are specific to QCOM.
# /
+/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
/tombstones u:object_r:rootfs:s0
/dsp u:object_r:rootfs:s0
--
2.17.1

25
patches/platform_build/0002-Set-ro.build.fingerprint-in-system-etc-prop.default.patch Normal file
View File

@ -0,0 +1,25 @@
From 98915840a5635fcd2f319012861cf5da1df8f54a Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 5 Mar 2018 22:27:50 +0100
Subject: [PATCH 2/2] Set ro.build.fingerprint in system/etc/prop.default
Change-Id: Idceb2a160f70b36aa6806ae60cbfb325367f3b75
---
core/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/core/Makefile b/core/Makefile
index 0a2f6e39d..059aa98c2 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -176,6 +176,7 @@ $(INSTALLED_DEFAULT_PROP_TARGET): $(intermediate_system_build_prop)
$(hide) echo ro.bootimage.build.date=`$(DATE_FROM_FILE)`>>$@
$(hide) echo ro.bootimage.build.date.utc=`$(DATE_FROM_FILE) +%s`>>$@
$(hide) echo ro.bootimage.build.fingerprint="$(BUILD_FINGERPRINT_FROM_FILE)">>$@
+ $(hide) echo ro.build.fingerprint="$(BUILD_FINGERPRINT_FROM_FILE)">>$@
$(hide) build/make/tools/post_process_props.py $@
ifdef property_overrides_split_enabled
$(hide) mkdir -p $(TARGET_ROOT_OUT)
--
2.17.1

27
patches/platform_external_selinux/0001-Enable-multipl_decls-by-default.-This-is-needed-beca.patch Normal file
View File

@ -0,0 +1,27 @@
From f0fb4b89c52f3dc4971be0ddfc07ae2b51c40f4a Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Fri, 2 Mar 2018 22:49:55 +0100
Subject: [PATCH 1/4] Enable multipl_decls by default. This is needed because
8.0 init doesn't add -m
Change-Id: I43dc661d519f7b8576d72a828d8cbd444592bf5e
---
secilc/secilc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/secilc/secilc.c b/secilc/secilc.c
index 0be6975b..e30572e5 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -90,7 +90,7 @@ int main(int argc, char *argv[])
int target = SEPOL_TARGET_SELINUX;
int mls = -1;
int disable_dontaudit = 0;
- int multiple_decls = 0;
+ int multiple_decls = 1;
int disable_neverallow = 0;
int preserve_tunables = 0;
int handle_unknown = -1;
--
2.17.1

26
patches/platform_external_selinux/0002-Increase-default-log_level-to-get-actual-selinux-err.patch Normal file
View File

@ -0,0 +1,26 @@
From 89372ddb9b8cb84fd5b5bcd607156995c43dc75e Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 9 Apr 2018 00:19:49 +0200
Subject: [PATCH 2/4] Increase default log_level to get actual selinux error in
kmsg
---
secilc/secilc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/secilc/secilc.c b/secilc/secilc.c
index e30572e5..4a1b09e1 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -101,7 +101,7 @@ int main(int argc, char *argv[])
int opt_index = 0;
char *fc_buf = NULL;
size_t fc_size;
- enum cil_log_level log_level = CIL_ERR;
+ enum cil_log_level log_level = CIL_WARN;
static struct option long_opts[] = {
{"help", no_argument, 0, 'h'},
{"verbose", no_argument, 0, 'v'},
--
2.17.1

40
patches/platform_external_selinux/0003-Kirin-Workaround-some-conflicting-Kirin-tether-SELin.patch Normal file
View File

@ -0,0 +1,40 @@
From e8790f87dd3498d95e82e091ab6929c0a89b2822 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 3 Dec 2018 20:54:54 +0100
Subject: [PATCH 3/4] ::Kirin:: Workaround some conflicting Kirin tether
SELinux context
Some Kirin devices declared some android.hardware.tetheroffload HALs,
but they didn't use AOSP contexts.
This leads to libselinux aborting when loading hwservice_contexts.
Workaround it the ugly way, by making them match.
This most likely kills tetheroffload for those devices.
---
libselinux/src/label_backends_android.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
index eaca5947..cf842188 100644
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@@ -62,6 +62,16 @@ static int nodups_specs(struct saved_data *data)
curr_spec->property_key)) {
if (strcmp(spec_arr[jj].lr.ctx_raw,
curr_spec->lr.ctx_raw)) {
+ if(strcmp(spec_arr[jj].lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
+ free(spec_arr[jj].lr.ctx_raw);
+ spec_arr[jj].lr.ctx_raw = "u:object_r:hal_tetheroffload_hwservice:s0";
+ continue;
+ }
+ if(strcmp(curr_spec->lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
+ free(curr_spec->lr.ctx_raw);
+ curr_spec->lr.ctx_raw = "u:object_r:hal_tetheroffload_hwservice:s0";
+ continue;
+ }
rc = -1;
errno = EINVAL;
selinux_log
--
2.17.1

31
patches/platform_external_selinux/0004-If-we-do-a-free-on-it-it-means-it-is-heap-allocated.patch Normal file
View File

@ -0,0 +1,31 @@
From 34a2e6145c9264a25f6c8b8f9bd966fe662d3e10 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 9 Apr 2019 08:50:45 +0200
Subject: [PATCH 4/4] If we do a free() on it, it means it is heap-allocated
---
libselinux/src/label_backends_android.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
index cf842188..ab92985b 100644
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@@ -64,12 +64,12 @@ static int nodups_specs(struct saved_data *data)
curr_spec->lr.ctx_raw)) {
if(strcmp(spec_arr[jj].lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
free(spec_arr[jj].lr.ctx_raw);
- spec_arr[jj].lr.ctx_raw = "u:object_r:hal_tetheroffload_hwservice:s0";
+ spec_arr[jj].lr.ctx_raw = strdup("u:object_r:hal_tetheroffload_hwservice:s0");
continue;
}
if(strcmp(curr_spec->lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
free(curr_spec->lr.ctx_raw);
- curr_spec->lr.ctx_raw = "u:object_r:hal_tetheroffload_hwservice:s0";
+ curr_spec->lr.ctx_raw = strdup("u:object_r:hal_tetheroffload_hwservice:s0");
continue;
}
rc = -1;
--
2.17.1

78
patches/platform_frameworks_av/0001-FIH-devices-Fix-Earpiece-audio-output.patch Normal file
View File

@ -0,0 +1,78 @@
From 59177bd162dbb442c5561ac128c83b111ea1112d Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 24 Apr 2018 00:14:28 +0200
Subject: [PATCH 1/8] FIH devices: Fix "Earpiece" audio output
On some FIH devices (confirmed on Razer, and probably on Aquos SS2),
Earpiece is not listed in attachedDevices, and devicePort's profile
mentions it is AUDIO_CHANNEL_IN_MONO, instead of AUDIO_CHANNEL_OUT_MONO.
Detect such cases (output device, but got only AUDIO_CHANNEL_IN_MONO),
and fix both channelMasks and attachedDevices
Change-Id: I4a88ba6d34d0fcd346eeea2ca903772f0271040a
---
.../managerdefinitions/src/Serializer.cpp | 25 ++++++++++++++++---
1 file changed, 22 insertions(+), 3 deletions(-)
diff --git a/services/audiopolicy/common/managerdefinitions/src/Serializer.cpp b/services/audiopolicy/common/managerdefinitions/src/Serializer.cpp
index a2531131d..380e2f82b 100644
--- a/services/audiopolicy/common/managerdefinitions/src/Serializer.cpp
+++ b/services/audiopolicy/common/managerdefinitions/src/Serializer.cpp
@@ -191,16 +191,25 @@ const char AudioProfileTraits::Attributes::name[] = "name";
const char AudioProfileTraits::Attributes::samplingRates[] = "samplingRates";
const char AudioProfileTraits::Attributes::format[] = "format";
const char AudioProfileTraits::Attributes::channelMasks[] = "channelMasks";
+static bool fixedEarpieceChannels = false;
status_t AudioProfileTraits::deserialize(_xmlDoc */*doc*/, const _xmlNode *root, PtrElement &profile,
- PtrSerializingCtx /*serializingContext*/)
+ PtrSerializingCtx serializingContext)
{
+ bool isOutput = serializingContext != nullptr;
string samplingRates = getXmlAttribute(root, Attributes::samplingRates);
string format = getXmlAttribute(root, Attributes::format);
string channels = getXmlAttribute(root, Attributes::channelMasks);
+ ChannelTraits::Collection channelsMask = channelMasksFromString(channels, ",");
+
+ //Some Foxconn devices have wrong earpiece channel mask, leading to no channel mask
+ if(channelsMask.size() == 1 && channelsMask[0] == AUDIO_CHANNEL_IN_MONO && isOutput) {
+ fixedEarpieceChannels = true;
+ channelsMask = channelMasksFromString("AUDIO_CHANNEL_OUT_MONO", ",");
+ }
profile = new Element(formatFromString(format, gDynamicFormat),
- channelMasksFromString(channels, ","),
+ channelsMask,
samplingRatesFromString(samplingRates, ","));
profile->setDynamicFormat(profile->getFormat() == gDynamicFormat);
@@ -326,7 +335,10 @@ status_t DevicePortTraits::deserialize(_xmlDoc *doc, const _xmlNode *root, PtrEl
}
AudioProfileTraits::Collection profiles;
- deserializeCollection<AudioProfileTraits>(doc, root, profiles, NULL);
+ if(audio_is_output_devices(type))
+ deserializeCollection<AudioProfileTraits>(doc, root, profiles, (PtrSerializingCtx)1);
+ else
+ deserializeCollection<AudioProfileTraits>(doc, root, profiles, NULL);
if (profiles.isEmpty()) {
sp <AudioProfile> dynamicProfile = new AudioProfile(gDynamicFormat,
ChannelsVector(), SampleRateVector());
@@ -491,6 +503,13 @@ status_t ModuleTraits::deserialize(xmlDocPtr doc, const xmlNode *root, PtrElemen
}
children = children->next;
}
+ if(fixedEarpieceChannels) {
+ sp<DeviceDescriptor> device =
+ module->getDeclaredDevices().getDeviceFromTagName(String8("Earpiece"));
+ if(device != 0)
+ ctx->addAvailableDevice(device);
+ fixedEarpieceChannels = false;
+ }
return NO_ERROR;
}
--
2.17.1

31
patches/platform_frameworks_av/0002-Fix-WiFi-Display-on-Huawei-devices-EMUI-8.0.patch Normal file
View File

@ -0,0 +1,31 @@
From e65aabfc0c18e3a113bcb4b720c50f5052c8f992 Mon Sep 17 00:00:00 2001
From: Alexander Pohl <pohl199885@gmail.com>
Date: Fri, 15 Jun 2018 19:58:07 +0200
Subject: [PATCH 2/8] Fix WiFi-Display on Huawei devices (EMUI 8.0)
Huaweis media stack doesn't handle intra-refresh-mode, so skip the error instead.
Thanks to Chris Vandomelen for pointing that out.
---
media/libstagefright/ACodec.cpp | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/media/libstagefright/ACodec.cpp b/media/libstagefright/ACodec.cpp
index 7f39d109f..ed54fb58a 100644
--- a/media/libstagefright/ACodec.cpp
+++ b/media/libstagefright/ACodec.cpp
@@ -4279,9 +4279,8 @@ status_t ACodec::setupAVCEncoderParameters(const sp<AMessage> &msg) {
if (msg->findInt32("intra-refresh-mode", &intraRefreshMode)) {
err = setCyclicIntraMacroblockRefresh(msg, intraRefreshMode);
if (err != OK) {
- ALOGE("Setting intra macroblock refresh mode (%d) failed: 0x%x",
- err, intraRefreshMode);
- return err;
+ ALOGE("setupAVCEncoderParameters(): set intra-refresh-mode failed, ignoring..");
+ //return err;
}
}
--
2.17.1

34
patches/platform_frameworks_av/0003-Kirin-Remove-lock-to-prevent-self-lock.patch Normal file
View File

@ -0,0 +1,34 @@
From 561f52484b84d28b4b0140705f7e2b63a45e3968 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 19 Aug 2018 22:59:06 +0200
Subject: [PATCH 3/8] ::Kirin:: Remove lock to prevent self-lock
With Huawei Camera HAL, we get the following call order:
cameraserver CameraService::enumerateProviders (*)
=> HAL ICameraProvider::getVendorTags
=> HAL ICameraProviderCallback::cameraDeviceStatusChange
=> cameraserver CameraService::addState
=> cameraserver CameraService::updateCameraNumAndIds (*)
The two functions marked with (*) take mServiceLock
Hence the safe-lock
---
services/camera/libcameraservice/CameraService.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index 2bf42b638..d62a71ab9 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -218,7 +218,7 @@ void CameraService::onNewProviderRegistered() {
}
void CameraService::updateCameraNumAndIds() {
- Mutex::Autolock l(mServiceLock);
+ //Mutex::Autolock l(mServiceLock);
mNumberOfCameras = mCameraProviderManager->getCameraCount();
mNormalDeviceIds =
mCameraProviderManager->getAPI1CompatibleCameraDeviceIds();
--
2.17.1

26
patches/platform_frameworks_av/0004-We-might-not-have-a-mFlashlight-at-this-state-but-th.patch Normal file
View File

@ -0,0 +1,26 @@
From 9b0b84e101f0785ec40246dd43be9ac0ab239dad Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 19 Aug 2018 23:05:26 +0200
Subject: [PATCH 4/8] We might not have a mFlashlight at this state, but that's
ok
---
services/camera/libcameraservice/CameraService.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index d62a71ab9..5bc9087b4 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -243,7 +243,7 @@ void CameraService::addStates(const String8 id) {
conflicting));
}
- if (mFlashlight->hasFlashUnit(id)) {
+ if (mFlashlight != nullptr && mFlashlight->hasFlashUnit(id)) {
Mutex::Autolock al(mTorchStatusMutex);
mTorchStatusMap.add(id, TorchModeStatus::AVAILABLE_OFF);
}
--
2.17.1

63
patches/platform_frameworks_av/0005-CameraService-Support-calling-addStates-in-enumerate.patch Normal file
View File

@ -0,0 +1,63 @@
From cfedf51d59df1471150afd71e3bce73199bf5c94 Mon Sep 17 00:00:00 2001
From: Artem Borisov <dedsa2002@gmail.com>
Date: Tue, 25 Sep 2018 12:39:22 +0300
Subject: [PATCH 5/8] CameraService: Support calling addStates in
enumerateProviders
Some pre-P camera HALs trigger onDeviceStatusChange callback during HAL init.
This is horribly wrong and causes a race condition between enumerateProviders
and onDeviceStatusChange. While it wasn't really harmful in O, in P call sequence
was changed and now this race condition leads to two problems: null pointer dereference
in addStates because mFlashlight is not initialized at a proper timing; mServiceLock
deadlock because updateCameraNumAndIds and enumerateProviders are called at the same time.
Moving addStates back to enumerateProviders makes the sequence more similar to O, and doesn't
let these two issues to happen.
Enable TARGET_CAMERA_NEEDS_ADD_STATES_IN_ENUMERATE when it is necessary.
@Dil3mm4 edit: Instead of TARGET_CAMERA_NEEDS_ADD_STATES_IN_ENUMERATE let's use a system property to make it more generic and suitable for GSI use.
Change-Id: Ife25b9753fdb679ab0c77f385e1b8527551a4711
---
.../camera/libcameraservice/CameraService.cpp | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index 5bc9087b4..88f7be83b 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -181,6 +181,21 @@ status_t CameraService::enumerateProviders() {
for (auto& cameraId : deviceIds) {
String8 id8 = String8(cameraId.c_str());
+
+ if (property_get_bool("persist.sys.camera.huawei", false)) {
+ bool cameraFound = false;
+ {
+ Mutex::Autolock lock(mCameraStatesLock);
+ auto iter = mCameraStates.find(id8);
+ if (iter != mCameraStates.end()) {
+ cameraFound = true;
+ }
+ }
+ if (!cameraFound) {
+ addStates(id8);
+ }
+ }
+
onDeviceStatusChanged(id8, CameraDeviceStatus::PRESENT);
}
@@ -279,8 +294,10 @@ void CameraService::onDeviceStatusChanged(const String8& id,
ALOGI("%s: Unknown camera ID %s, a new camera is added",
__FUNCTION__, id.string());
+ if (!property_get_bool("persist.sys.camera.huawei", false)) {
// First add as absent to make sure clients are notified below
addStates(id);
+ }
updateStatus(newStatus, id);
} else {
--
2.17.1

25
patches/platform_frameworks_av/0006-Revert-Set-rlimit-rtprio-for-cameraserver.patch Normal file
View File

@ -0,0 +1,25 @@
From 144fcb870b15c1247a50894737b639581fd0b772 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 9 Dec 2018 15:56:59 +0100
Subject: [PATCH 6/8] Revert "Set rlimit rtprio for cameraserver"
This reverts commit 4ae244cab4fe715fc2729e906b7dda3075fbbac3.
We need to revert this because some init/systems (Moto E5, G6) doesn't
like this instruction at all (read: this prevents boot)
---
camera/cameraserver/cameraserver.rc | 1 -
1 file changed, 1 deletion(-)
diff --git a/camera/cameraserver/cameraserver.rc b/camera/cameraserver/cameraserver.rc
index a9aae0b15..fea5a1d5c 100644
--- a/camera/cameraserver/cameraserver.rc
+++ b/camera/cameraserver/cameraserver.rc
@@ -4,4 +4,3 @@ service cameraserver /system/bin/cameraserver
group audio camera input drmrpc
ioprio rt 4
writepid /dev/cpuset/camera-daemon/tasks /dev/stune/top-app/tasks
- rlimit rtprio 10 10
--
2.17.1

41
patches/platform_frameworks_av/0007-av-stop-puller-before-releasing-encoder.patch Normal file
View File

@ -0,0 +1,41 @@
From 3b82cc2b277227e9b8643eee4b7892789612dc45 Mon Sep 17 00:00:00 2001
From: Aniket Kumar Lata <alata@quicinc.com>
Date: Fri, 18 Jan 2019 17:04:01 -0800
Subject: [PATCH 7/8] av: stop puller before releasing encoder
When encoder is released, it will no longer turn to media codec source
for fill-this-buffer. Hence, the buffer queue within puller will not be
cleared by encoder.
Stop mPuller before releasing encoder to avoid being stucked in
AudioSource::waitOutstandingEncodingFrames_l() if audiosource reset() is
invoked from SFRecorder destructor.
Bug: 123065628
Bug: 126286386
Bug: 126479652
Change-Id: I78ecb2207ae595784204bd6392311dc194af306d
Merged-In: I78ecb2207ae595784204bd6392311dc194af306d
(cherry picked from commit d4a26c4d124d68de235a9a838aec997859d9513e)
---
media/libstagefright/MediaCodecSource.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/media/libstagefright/MediaCodecSource.cpp b/media/libstagefright/MediaCodecSource.cpp
index 20881a4bb..29b5bcdc5 100644
--- a/media/libstagefright/MediaCodecSource.cpp
+++ b/media/libstagefright/MediaCodecSource.cpp
@@ -643,6 +643,10 @@ void MediaCodecSource::signalEOS(status_t err) {
output->mBufferQueue.clear();
output->mEncoderReachedEOS = true;
output->mErrorCode = err;
+ if (!(mFlags & FLAG_USE_SURFACE_INPUT)) {
+ mStopping = true;
+ mPuller->stop();
+ }
output->mCond.signal();
reachedEOS = true;
--
2.17.1

209
patches/platform_frameworks_av/0008-DO-NOT-MERGE-add-color-converter-for-NV12-to-RGB.patch Normal file
View File

@ -0,0 +1,209 @@
From d2b592c8780f122bf9d9939d93ae887bf770bc98 Mon Sep 17 00:00:00 2001
From: melvin xu <melvin.xu@spreadtrum.com>
Date: Tue, 18 Dec 2018 13:15:08 +0800
Subject: [PATCH 8/8] DO NOT MERGE: add color converter for NV12 to RGB
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
CTS-on-gsi test, CtsMediaTestCases -- android.media.cts.MediaMetadataRetrieverTest#testGetFrameAtIndex failed
CtsMediaTestCases -- android.media.cts.MediaMetadataRetrieverTest#testGetFramesAtIndex failed
CtsMediaTestCases -- android.media.cts.HeifWriterTest#testInputBitmap_Grid_Handler fail
CtsMediaTestCases -- android.media.cts.HeifWriterTest#testInputBitmap_Grid_NoHandler fail
CtsMediaTestCases -- android.media.cts.HeifWriterTest#testInputBitmap_NoGrid_Handler fail
CtsMediaTestCases -- android.media.cts.HeifWriterTest#testInputBitmap_NoGrid_NoHandler fail
[Android Version]:
VTS Version 9.0_r2
[CTS pachage version]
Suite / Plan VTS / cts-on-gsi
Suite / Build 9.0_R2
[device](Any device config may relate this failure)
unisoc's device
size:1080*1920
[bugzilla bugid] 117044023
[CTS Test PreCondition]
1.Language set to EN;
2.Keyguard set to none;
3.Enable GPS, Wifi network, USB debugging, Stay awake, Allow mock locations.
4.CTS version is VTS / cts-on-gsi 9.0_r2
[CTS Test Step]:
1 ./vts-tradefed
2 run cts-on-gsi
[Expected Result ]:
This case will pass.
[Testing Result]:
case failed:
CtsMediaTestCases
android.media.cts.MediaMetadataRetrieverTest#testGetFrameAtIndex failed
android.media.cts.MediaMetadataRetrieverTest#testGetFramesAtIndex failed
android.media.cts.HeifWriterTest#testInputBitmap_Grid_Handler fail
android.media.cts.HeifWriterTest#testInputBitmap_Grid_NoHandler fail
android.media.cts.HeifWriterTest#testInputBitmap_NoGrid_Handler fail
android.media.cts.HeifWriterTest#testInputBitmap_NoGrid_NoHandler fail
[Analysize]:
log:
07-30 12:21:07.795 364 489 E FrameDecoder: Unable to convert from format 0x00000015 to 0x7f00a000
07-30 12:21:07.795 364 489 E FrameDecoder: failed to get video frame (err -1010)
From the log, we find the testcase is related with colorformat.
Bug #117044023
[root cause]:
1. we can get below information from source code:
OMX_COLOR_FormatYUV420SemiPlanar = 0x00000015 ;
OMX_COLOR_Format32BitRGBA8888 = 0x7f00a000;
“ MediaMetadataRetrieverTest#testGetFrameAtIndex” cts case requires the color format of the frame data to be OMX_COLOR_Format32BitRGBA8888 color format.
Frameworks\av\media\libstagefright\colorconversion\ColorConverter.cpp
bool ColorConverter::isValid() const {
……
case OMX_COLOR_FormatYUV420Planar:
return mDstFormat == OMX_COLOR_Format16bitRGB565
|| mDstFormat == OMX_COLOR_Format32BitRGBA8888
|| mDstFormat == OMX_COLOR_Format32bitBGRA8888;
case OMX_COLOR_FormatYUV420SemiPlanar:
case OMX_TI_COLOR_FormatYUV420PackedSemiPlanar:
return mDstFormat == OMX_COLOR_Format16bitRGB565;
……}
ColorConverter does not support color format conversion from OMX_COLOR_FormatYUV420SemiPlanar to OMX_COLOR_Format32BitRGBA8888.
2. The input data of this case should be OMX_COLOR_Format32BitRGBA8888 color format, and the ColorConverter in frameworks only support color format conversion from OMX_COLOR_FormatYUV420Planar to OMX_COLOR_Format32BitRGBA8888, does not support from OMX_COLOR_FormatYUV420SemiPlanar to OMX_COLOR_Format32BitRGBA8888.
But the video hardware decoder of Unisoc device can output YUV data with OMX_COLOR_FormatYUV420SemiPlanar color format, it can not output OMX_COLOR_FormatYUV420Planar color format. So this case failed.
[changes]:
Add a color conversion code to ColorConverter(Frameworks\av\media\libstagefright\colorconversion\ColorConverter.cpp, the patch is listed below). Enable ColorConverter to support color conversion from OMX_COLOR_FormatYUV420SemiPlanar to OMX_COLOR_Format32BitRGBA8888.
Because the hardware decoder of Spreadtrum phone does not support OMX_COLOR_FormatYUV420Planar. we need the ColorConverter in frameworks support color format conversion from OMX_COLOR_FormatYUV420SemiPlanar to OMX_COLOR_Format32BitRGBA8888.
We will request to waive for this. Could you help us or give us a waiver? Thanks a lot.
[side effects]:No
[self test]: pass
[download normally]:Yes
[power on/off normally]:Yes
[do common repository/branch inspection]:Yes
[is there dependence]:No
[confirm dependent commit]:No
[board]: unisoc device
[change_type ] fix
[tag_product ] common
[test Case]:as testing steps
[reviewers]: wenan.hu
[Patch Link]:
https://android-review.googlesource.com/c/platform/frameworks/av/+/773126
Change-Id: I882f3729a9620b4c5c456a3099b5e8809b4b5545
Signed-off-by: melvin xu <melvin.xu@spreadtrum.com>
(cherry picked from commit 565a545d08a88c1bb0ed87255f3a682001079efd)
---
.../colorconversion/ColorConverter.cpp | 45 ++++++++++++++++++-
.../media/stagefright/ColorConverter.h | 3 ++
2 files changed, 47 insertions(+), 1 deletion(-)
diff --git a/media/libstagefright/colorconversion/ColorConverter.cpp b/media/libstagefright/colorconversion/ColorConverter.cpp
index 05f4104b6..a1873bc5c 100644
--- a/media/libstagefright/colorconversion/ColorConverter.cpp
+++ b/media/libstagefright/colorconversion/ColorConverter.cpp
@@ -24,6 +24,8 @@
#include <media/stagefright/MediaErrors.h>
#include "libyuv/convert_from.h"
+#include "libyuv/convert_argb.h"
+#include "libyuv/planar_functions.h"
#include "libyuv/video_common.h"
#include <functional>
#include <sys/time.h>
@@ -70,10 +72,17 @@ bool ColorConverter::isValid() const {
case OMX_COLOR_FormatCbYCrY:
case OMX_QCOM_COLOR_FormatYVU420SemiPlanar:
- case OMX_COLOR_FormatYUV420SemiPlanar:
case OMX_TI_COLOR_FormatYUV420PackedSemiPlanar:
return mDstFormat == OMX_COLOR_Format16bitRGB565;
+ case OMX_COLOR_FormatYUV420SemiPlanar:
+#ifdef USE_LIBYUV
+ return mDstFormat == OMX_COLOR_Format16bitRGB565
+ || mDstFormat == OMX_COLOR_Format32BitRGBA8888;
+#else
+ return mDstFormat == OMX_COLOR_Format16bitRGB565;
+#endif
+
default:
return false;
}
@@ -200,7 +209,11 @@ status_t ColorConverter::convert(
break;
case OMX_COLOR_FormatYUV420SemiPlanar:
+#ifdef USE_LIBYUV
+ err = convertYUV420SemiPlanarUseLibYUV(src, dst);
+#else
err = convertYUV420SemiPlanar(src, dst);
+#endif
break;
case OMX_TI_COLOR_FormatYUV420PackedSemiPlanar:
@@ -313,6 +326,36 @@ status_t ColorConverter::convertYUV420PlanarUseLibYUV(
return OK;
}
+status_t ColorConverter::convertYUV420SemiPlanarUseLibYUV(
+ const BitmapParams &src, const BitmapParams &dst) {
+ uint8_t *dst_ptr = (uint8_t *)dst.mBits
+ + dst.mCropTop * dst.mStride + dst.mCropLeft * dst.mBpp;
+
+ const uint8_t *src_y =
+ (const uint8_t *)src.mBits + src.mCropTop * src.mStride + src.mCropLeft;
+
+ const uint8_t *src_u =
+ (const uint8_t *)src.mBits + src.mStride * src.mHeight
+ + src.mCropTop * src.mStride + src.mCropLeft;
+
+ switch (mDstFormat) {
+ case OMX_COLOR_Format16bitRGB565:
+ libyuv::NV12ToRGB565(src_y, src.mStride, src_u, src.mStride, (uint8 *)dst_ptr,
+ dst.mStride, src.cropWidth(), src.cropHeight());
+ break;
+
+ case OMX_COLOR_Format32BitRGBA8888:
+ libyuv::NV12ToARGB(src_y, src.mStride, src_u, src.mStride, (uint8 *)dst_ptr,
+ dst.mStride, src.cropWidth(), src.cropHeight());
+ break;
+
+ default:
+ return ERROR_UNSUPPORTED;
+ }
+
+ return OK;
+}
+
std::function<void (void *, void *, void *, size_t,
signed *, signed *, signed *, signed *)>
getReadFromSrc(OMX_COLOR_FORMATTYPE srcFormat) {
diff --git a/media/libstagefright/include/media/stagefright/ColorConverter.h b/media/libstagefright/include/media/stagefright/ColorConverter.h
index 5b3543de6..2d061113f 100644
--- a/media/libstagefright/include/media/stagefright/ColorConverter.h
+++ b/media/libstagefright/include/media/stagefright/ColorConverter.h
@@ -78,6 +78,9 @@ private:
status_t convertYUV420PlanarUseLibYUV(
const BitmapParams &src, const BitmapParams &dst);
+ status_t convertYUV420SemiPlanarUseLibYUV(
+ const BitmapParams &src, const BitmapParams &dst);
+
status_t convertYUV420Planar16(
const BitmapParams &src, const BitmapParams &dst);
--
2.17.1

37
patches/platform_frameworks_base/0001-Fix-backlight-control-on-Galaxy-S9.patch Normal file
View File

@ -0,0 +1,37 @@
From e3f08c02ab7d0bc5d0efcc9eb3ad98d9a3a98e32 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sat, 24 Mar 2018 08:01:48 +0100
Subject: [PATCH 01/31] Fix backlight control on Galaxy S9(+)
---
.../core/java/com/android/server/lights/LightsService.java | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index a94ed608b9c..762b0ae4037 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -21,6 +21,7 @@ import android.app.ActivityManager;
import android.content.Context;
import android.os.Handler;
import android.os.Message;
+import android.os.SystemProperties;
import android.os.Trace;
import android.provider.Settings;
import android.util.Slog;
@@ -52,6 +53,12 @@ public class LightsService extends SystemService {
return;
}
+ String fp = SystemProperties.get("ro.vendor.build.fingerprint", "hello");
+ if(fp.contains("starlte") || fp.contains("star2lte")) {
+ setLightLocked(brightness*100, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
+ return;
+ }
+
int color = brightness & 0x000000ff;
color = 0xff000000 | (color << 16) | (color << 8) | color;
setLightLocked(color, LIGHT_FLASH_NONE, 0, 0, brightnessMode);
--
2.17.1

52
patches/platform_frameworks_base/0003-Also-scan-system-overlay.patch Normal file
View File

@ -0,0 +1,52 @@
From 02189ad3927cb5a76cfc61e1a1ddcc254f649efe Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 1 May 2018 17:47:36 +0200
Subject: [PATCH 03/31] Also scan /system/overlay
Change-Id: Ib0223560606b80cdaaa986b159b34b4db0154589
---
core/jni/android_util_AssetManager.cpp | 6 +++++-
core/jni/fd_utils.cpp | 3 ++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/core/jni/android_util_AssetManager.cpp b/core/jni/android_util_AssetManager.cpp
index fa9f44557d3..1d3bf73eebb 100644
--- a/core/jni/android_util_AssetManager.cpp
+++ b/core/jni/android_util_AssetManager.cpp
@@ -149,7 +149,7 @@ static void NativeVerifySystemIdmaps(JNIEnv* /*env*/, jclass /*clazz*/) {
}
// Generic idmap parameters
- const char* argv[8];
+ const char* argv[9];
int argc = 0;
struct stat st;
@@ -179,6 +179,10 @@ static void NativeVerifySystemIdmaps(JNIEnv* /*env*/, jclass /*clazz*/) {
argv[argc++] = AssetManager::PRODUCT_OVERLAY_DIR;
}
+ if(stat("/system/overlay", &st) == 0) {
+ argv[argc++] = "/system/overlay";
+ }
+
// Finally, invoke idmap (if any overlay directory exists)
if (argc > 5) {
execv(AssetManager::IDMAP_BIN, (char* const*)argv);
diff --git a/core/jni/fd_utils.cpp b/core/jni/fd_utils.cpp
index c5904e0e9e5..6548215772a 100644
--- a/core/jni/fd_utils.cpp
+++ b/core/jni/fd_utils.cpp
@@ -93,7 +93,8 @@ bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const {
|| android::base::StartsWith(path, kOverlaySubdir)
|| android::base::StartsWith(path, kVendorOverlayDir)
|| android::base::StartsWith(path, kSystemProductOverlayDir)
- || android::base::StartsWith(path, kProductOverlayDir))
+ || android::base::StartsWith(path, kProductOverlayDir)
+ || android::base::StartsWith(path, "/system/overlay"))
&& android::base::EndsWith(path, kApkSuffix)
&& path.find("/../") == std::string::npos) {
return true;
--
2.17.1

25
patches/platform_frameworks_base/0004-Don-t-crash-if-there-is-IR-HAL-is-not-declared.patch Normal file
View File

@ -0,0 +1,25 @@
From 3add0283fffb44feaee5251f76f985895f67adfe Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 17 May 2018 20:28:35 +0200
Subject: [PATCH] Don't crash if there is IR HAL is not declared
---
services/core/java/com/android/server/ConsumerIrService.java | 2 --
1 file changed, 2 deletions(-)
diff --git a/services/core/java/com/android/server/ConsumerIrService.java b/services/core/java/com/android/server/ConsumerIrService.java
index 53b9e913959..fcfb45659e5 100644
--- a/services/core/java/com/android/server/ConsumerIrService.java
+++ b/services/core/java/com/android/server/ConsumerIrService.java
@@ -52,8 +52,6 @@ public class ConsumerIrService extends IConsumerIrService.Stub {
if (!mHasNativeHal) {
throw new RuntimeException("FEATURE_CONSUMER_IR present, but no IR HAL loaded!");
}
- } else if (mHasNativeHal) {
- throw new RuntimeException("IR HAL present, but FEATURE_CONSUMER_IR is not set!");
}
mParameter = AudioSystem.getParameters("audio_capability#irda_support");
}
--
2.17.1

28
patches/platform_frameworks_base/0005-Fix-62.patch Normal file
View File

@ -0,0 +1,28 @@
From 103cb5d951a8f0bddf37d195aae16ed6761628c6 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Wed, 30 May 2018 14:05:30 +0200
Subject: [PATCH 05/31] Fix(?) #62
---
.../src/com/android/keyguard/KeyguardUpdateMonitor.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
index 8b48130297e..c704269c351 100644
--- a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -899,7 +899,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
@Override
public void onAuthenticationError(int errMsgId, CharSequence errString) {
- handleFingerprintError(errMsgId, errString.toString());
+ if(errString != null)
+ handleFingerprintError(errMsgId, errString.toString());
+ else
+ handleFingerprintError(errMsgId, "unknown error");
}
@Override
--
2.17.1

35
patches/platform_frameworks_base/0006-S9-brightness-override-only-for-screen.patch Normal file
View File

@ -0,0 +1,35 @@
From 28861679c6a9a4e89ea82e6b27c6092b5c49ce5c Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <pierre-hugues.husson@softathome.com>
Date: Thu, 7 Jun 2018 13:36:51 +0200
Subject: [PATCH 06/31] S9 brightness override only for screen
---
.../com/android/server/lights/LightsService.java | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index 762b0ae4037..eb25943fa6b 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -53,11 +53,13 @@ public class LightsService extends SystemService {
return;
}
- String fp = SystemProperties.get("ro.vendor.build.fingerprint", "hello");
- if(fp.contains("starlte") || fp.contains("star2lte")) {
- setLightLocked(brightness*100, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
- return;
- }
+ if(mId == 0) {
+ String fp = SystemProperties.get("ro.vendor.build.fingerprint", "hello");
+ if(fp.contains("starlte") || fp.contains("star2lte")) {
+ setLightLocked(brightness*100, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
+ return;
+ }
+ }
int color = brightness & 0x000000ff;
color = 0xff000000 | (color << 16) | (color << 8) | color;
--
2.17.1

35
patches/platform_frameworks_base/0007-WIP-Fix-OP6-brightness.patch Normal file
View File

@ -0,0 +1,35 @@
From b5722e3a8dcf58269bf681c991839d3a710dc8c2 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <pierre-hugues.husson@softathome.com>
Date: Thu, 7 Jun 2018 13:42:02 +0200
Subject: [PATCH 07/31] [WIP] Fix OP6 brightness
---
.../com/android/server/lights/LightsService.java | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index eb25943fa6b..a77af445ba6 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -59,6 +59,18 @@ public class LightsService extends SystemService {
setLightLocked(brightness*100, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
return;
}
+
+ boolean qcomExtendBrightness = SystemProperties.getBoolean("persist.extend.brightness", false);
+ int scale = SystemProperties.getInt("persist.display.max_brightness", 1023);
+ if(fp.contains("OnePlus6")) {
+ qcomExtendBrightness = true;
+ scale = 1023;
+ }
+
+ if(qcomExtendBrightness) {
+ setLightLocked(brightness * scale / 255, LIGHT_FLASH_NONE, 0, 0, brightnessMode);
+ return;
+ }
}
int color = brightness & 0x000000ff;
--
2.17.1

31
patches/platform_frameworks_base/0008-Try-to-make-brightness-more-generic-using-property-s.patch Normal file
View File

@ -0,0 +1,31 @@
From 93cce81e547a60374bceae91731f6e00f963f914 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 10 Jun 2018 22:54:55 +0200
Subject: [PATCH 08/31] Try to make brightness more generic using property set
by rw-system
---
.../core/java/com/android/server/lights/LightsService.java | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index a77af445ba6..4dc44de37cd 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -62,9 +62,11 @@ public class LightsService extends SystemService {
boolean qcomExtendBrightness = SystemProperties.getBoolean("persist.extend.brightness", false);
int scale = SystemProperties.getInt("persist.display.max_brightness", 1023);
- if(fp.contains("OnePlus6")) {
+ //This is set by vndk-detect
+ int qcomScale = SystemProperties.getInt("persist.sys.qcom-brightness", -1);
+ if(qcomScale != -1) {
qcomExtendBrightness = true;
- scale = 1023;
+ scale = qcomScale;
}
if(qcomExtendBrightness) {
--
2.17.1

35
patches/platform_frameworks_base/0009-property-matching-RROs-allow-to-prefix-the-value-wit.patch Normal file
View File

@ -0,0 +1,35 @@
From 10426a980185c4e9a73130c08ecfe22a9d83b0b6 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 12 Jun 2018 22:55:32 +0200
Subject: [PATCH 09/31] property-matching RROs: allow to prefix the value with
+ to do glob match instead of exact match
---
cmds/idmap/scan.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/cmds/idmap/scan.cpp b/cmds/idmap/scan.cpp
index d69dd79555a..2be6d23ac78 100644
--- a/cmds/idmap/scan.cpp
+++ b/cmds/idmap/scan.cpp
@@ -1,5 +1,6 @@
#include <dirent.h>
#include <inttypes.h>
+#include <fnmatch.h>
#include <sys/file.h>
#include <sys/stat.h>
@@ -92,6 +93,10 @@ namespace {
property_get(prop, propBuf, NULL);
val = strndup16to8(value.string(), value.size());
+ if(val[0]=='+') {
+ return fnmatch(val+1, propBuf, 0) != 0;
+ }
+
return (strcmp(propBuf, val) == 0);
}
--
2.17.1

25
patches/platform_frameworks_base/0010-Fix-typo-on-fnmatch-return-value-check.patch Normal file
View File

@ -0,0 +1,25 @@
From 2965fa2adb9cbd2ae3688097d9cf12aa73164379 Mon Sep 17 00:00:00 2001
From: Song Fuchang <song.fc@gmail.com>
Date: Sun, 17 Jun 2018 22:39:37 +0800
Subject: [PATCH 10/31] Fix typo on fnmatch return value check
---
cmds/idmap/scan.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmds/idmap/scan.cpp b/cmds/idmap/scan.cpp
index 2be6d23ac78..0acff23d031 100644
--- a/cmds/idmap/scan.cpp
+++ b/cmds/idmap/scan.cpp
@@ -94,7 +94,7 @@ namespace {
val = strndup16to8(value.string(), value.size());
if(val[0]=='+') {
- return fnmatch(val+1, propBuf, 0) != 0;
+ return fnmatch(val+1, propBuf, 0) == 0;
}
return (strcmp(propBuf, val) == 0);
--
2.17.1

27
patches/platform_frameworks_base/0011-Add-Qualcomm-starlte.patch Normal file
View File

@ -0,0 +1,27 @@
From 9e13de340e0d3a2a755f382ea3410ac488461236 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 25 Jun 2018 22:43:32 +0200
Subject: [PATCH 11/31] Add Qualcomm starlte
---
.../core/java/com/android/server/lights/LightsService.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index 4dc44de37cd..2886f2900d9 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -55,7 +55,9 @@ public class LightsService extends SystemService {
if(mId == 0) {
String fp = SystemProperties.get("ro.vendor.build.fingerprint", "hello");
- if(fp.contains("starlte") || fp.contains("star2lte")) {
+ if(
+ fp.contains("starlte") || fp.contains("star2lte") ||
+ fp.contains("starqlte") || fp.contains("star2qlte")) {
setLightLocked(brightness*100, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
return;
}
--
2.17.1

30
patches/platform_frameworks_base/0012-Galaxy-S9-remaining-of-HAL-onEnroll-is-actually-a-pe.patch Normal file
View File

@ -0,0 +1,30 @@
From 362f97b36ce15e8196caeff6c3e12f2e66e72c66 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 2 Jul 2018 23:36:39 +0200
Subject: [PATCH 12/31] [Galaxy S9] "remaining" of HAL onEnroll is actually a
percent of progress
---
.../com/android/server/fingerprint/FingerprintService.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java
index 06329e571b4..6f09433c002 100644
--- a/services/core/java/com/android/server/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java
@@ -1046,7 +1046,11 @@ public class FingerprintService extends SystemService implements IHwBinder.Death
mHandler.post(new Runnable() {
@Override
public void run() {
- handleEnrollResult(deviceId, fingerId, groupId, remaining);
+ int remaining2 = remaining;
+ String fp = android.os.SystemProperties.get("ro.vendor.build.fingerprint");
+ if(fp != null && (fp.contains("starlte") || fp.contains("star2lte") || fp.contains("starqlte") || fp.contains("star2qlte")))
+ remaining2 = 100 - remaining2;
+ handleEnrollResult(deviceId, fingerId, groupId, remaining2);
}
});
}
--
2.17.1

25
patches/platform_frameworks_base/0013-Show-APN-Settings-for-CDMA-carriers.patch Normal file
View File

@ -0,0 +1,25 @@
From 0327a2f5a82818ed894ccd35720e0dfc60b586a3 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 6 Aug 2018 12:49:00 +0200
Subject: [PATCH 13/31] Show APN Settings for CDMA carriers
---
telephony/java/android/telephony/CarrierConfigManager.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/telephony/java/android/telephony/CarrierConfigManager.java b/telephony/java/android/telephony/CarrierConfigManager.java
index 8487cb3e15d..83ab7776e12 100644
--- a/telephony/java/android/telephony/CarrierConfigManager.java
+++ b/telephony/java/android/telephony/CarrierConfigManager.java
@@ -2146,7 +2146,7 @@ public class CarrierConfigManager {
sDefaults.putBoolean(KEY_MDN_IS_ADDITIONAL_VOICEMAIL_NUMBER_BOOL, false);
sDefaults.putBoolean(KEY_OPERATOR_SELECTION_EXPAND_BOOL, true);
sDefaults.putBoolean(KEY_PREFER_2G_BOOL, true);
- sDefaults.putBoolean(KEY_SHOW_APN_SETTING_CDMA_BOOL, false);
+ sDefaults.putBoolean(KEY_SHOW_APN_SETTING_CDMA_BOOL, true);
sDefaults.putBoolean(KEY_SHOW_CDMA_CHOICES_BOOL, false);
sDefaults.putBoolean(KEY_SMS_REQUIRES_DESTINATION_NUMBER_CONVERSION_BOOL, false);
sDefaults.putBoolean(KEY_SHOW_ONSCREEN_DIAL_BUTTON_BOOL, true);
--
2.17.1

78
patches/platform_frameworks_base/0014-Change-SignalStrentgh-to-change-behaviour-based-on-p.patch Normal file
View File

@ -0,0 +1,78 @@
From 6fbb0fb1f4215e15531924b36e217710a7cb39e2 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 6 Aug 2018 20:01:44 +0200
Subject: [PATCH 14/31] Change SignalStrentgh to change behaviour based on
property
Change-Id: I940ed724047567ec5195ac93ea04574c3d92f70b
---
.../android/telephony/SignalStrength.java | 39 +++++++++++++------
1 file changed, 27 insertions(+), 12 deletions(-)
diff --git a/telephony/java/android/telephony/SignalStrength.java b/telephony/java/android/telephony/SignalStrength.java
index 4e5639683a7..ff906d330d4 100644
--- a/telephony/java/android/telephony/SignalStrength.java
+++ b/telephony/java/android/telephony/SignalStrength.java
@@ -854,6 +854,7 @@ public class SignalStrength implements Parcelable {
* RSRQ = quality of signal dB = Number of Resource blocks*RSRP/RSSI
* SNR = gain = signal/noise ratio = -10log P1/P2 dB
*/
+ String method = android.os.SystemProperties.get("persist.sys.signal.level", "default");
int rssiIconLevel = SIGNAL_STRENGTH_NONE_OR_UNKNOWN, rsrpIconLevel = -1, snrIconLevel = -1;
if (mLteRsrp > MAX_LTE_RSRP || mLteRsrp < MIN_LTE_RSRP) {
@@ -897,6 +898,32 @@ public class SignalStrength implements Parcelable {
+ rsrpIconLevel + " snrIconLevel:" + snrIconLevel
+ " lteRsrpBoost:" + mLteRsrpBoost);
+ /* Valid values are (0-63, 99) as defined in TS 36.331 */
+ // TODO the range here is probably supposed to be (0..31, 99). It's unclear if anyone relies
+ // on the current incorrect range check, so this will be fixed in a future release with more
+ // soak time
+ if (mLteSignalStrength > 63) rssiIconLevel = SIGNAL_STRENGTH_NONE_OR_UNKNOWN;
+ else if (mLteSignalStrength >= 12) rssiIconLevel = SIGNAL_STRENGTH_GREAT;
+ else if (mLteSignalStrength >= 8) rssiIconLevel = SIGNAL_STRENGTH_GOOD;
+ else if (mLteSignalStrength >= 5) rssiIconLevel = SIGNAL_STRENGTH_MODERATE;
+ else if (mLteSignalStrength >= 0) rssiIconLevel = SIGNAL_STRENGTH_POOR;
+
+ if (DBG) log("getLTELevel - rssi:" + mLteSignalStrength + " rssiIconLevel:"
+ + rssiIconLevel);
+
+ if("rsrp".equals(method)) {
+ if(rsrpIconLevel == -1) rsrpIconLevel = SIGNAL_STRENGTH_NONE_OR_UNKNOWN;
+ return rsrpIconLevel;
+ }
+ if("rssnr".equals(method)) {
+ if(snrIconLevel == -1) snrIconLevel = SIGNAL_STRENGTH_NONE_OR_UNKNOWN;
+ return snrIconLevel;
+ }
+ if("rssi".equals(method)) {
+ if(rssiIconLevel == -1) rssiIconLevel = SIGNAL_STRENGTH_NONE_OR_UNKNOWN;
+ return rssiIconLevel;
+ }
+
/* Choose a measurement type to use for notification */
if (snrIconLevel != -1 && rsrpIconLevel != -1) {
/*
@@ -911,18 +938,6 @@ public class SignalStrength implements Parcelable {
if (rsrpIconLevel != -1) return rsrpIconLevel;
- /* Valid values are (0-63, 99) as defined in TS 36.331 */
- // TODO the range here is probably supposed to be (0..31, 99). It's unclear if anyone relies
- // on the current incorrect range check, so this will be fixed in a future release with more
- // soak time
- if (mLteSignalStrength > 63) rssiIconLevel = SIGNAL_STRENGTH_NONE_OR_UNKNOWN;
- else if (mLteSignalStrength >= 12) rssiIconLevel = SIGNAL_STRENGTH_GREAT;
- else if (mLteSignalStrength >= 8) rssiIconLevel = SIGNAL_STRENGTH_GOOD;
- else if (mLteSignalStrength >= 5) rssiIconLevel = SIGNAL_STRENGTH_MODERATE;
- else if (mLteSignalStrength >= 0) rssiIconLevel = SIGNAL_STRENGTH_POOR;
-
- if (DBG) log("getLteLevel - rssi:" + mLteSignalStrength + " rssiIconLevel:"
- + rssiIconLevel);
return rssiIconLevel;
}
--
2.17.1

26
patches/platform_frameworks_base/0015-idmap-Don-t-silently-ignore-RROs-with-same-priority.patch Normal file
View File

@ -0,0 +1,26 @@
From fd9fd2e3c375308730c9de9319b01aa00383df2c Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 19 Aug 2018 10:51:06 +0200
Subject: [PATCH 15/31] idmap: Don't silently ignore RROs with same priority
Change-Id: I64a6899f1b30e0cd9e9a872b7ca83d831f038cbe
---
cmds/idmap/scan.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/cmds/idmap/scan.cpp b/cmds/idmap/scan.cpp
index 0acff23d031..d1dde52732f 100644
--- a/cmds/idmap/scan.cpp
+++ b/cmds/idmap/scan.cpp
@@ -29,6 +29,8 @@ namespace {
bool operator<(Overlay const& rhs) const
{
+ if(rhs.priority == priority)
+ return rhs.apk_path > apk_path;
return rhs.priority > priority;
}
--
2.17.1

24
patches/platform_frameworks_base/0016-Move-SysuiDarkThemeOverlay-to-system.patch Normal file
View File

@ -0,0 +1,24 @@
From 49e0279b8336c231788a44d97dc598224f87ead8 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 19 Aug 2018 10:57:21 +0200
Subject: [PATCH 16/31] Move SysuiDarkThemeOverlay to /system
Change-Id: I31b3edc5d1abcc1163a13e63c909fee9d27ff432
---
packages/overlays/SysuiDarkThemeOverlay/Android.mk | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/packages/overlays/SysuiDarkThemeOverlay/Android.mk b/packages/overlays/SysuiDarkThemeOverlay/Android.mk
index 7b277bcf035..89cfcf819c2 100644
--- a/packages/overlays/SysuiDarkThemeOverlay/Android.mk
+++ b/packages/overlays/SysuiDarkThemeOverlay/Android.mk
@@ -11,4 +11,5 @@ LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res
LOCAL_PACKAGE_NAME := SysuiDarkThemeOverlay
LOCAL_SDK_VERSION := current
-include $(BUILD_RRO_PACKAGE)
+LOCAL_IS_RUNTIME_RESOURCE_OVERLAY := true
+include $(BUILD_PACKAGE)
--
2.17.1

31
patches/platform_frameworks_base/0018-power-Disable-keyboard-button-lights-while-dozing-dr.patch Normal file
View File

@ -0,0 +1,31 @@
From 3ddb2daf5dc7ea8f6c14407b29db9b8ac3785d43 Mon Sep 17 00:00:00 2001
From: Steve Kondik <steve@cyngn.com>
Date: Sat, 3 Jan 2015 05:13:26 -0800
Subject: [PATCH 18/31] power: Disable keyboard/button lights while
dozing/dreaming
* With hardkeys and doze mode enabled, entering suspend results in
an epic battle over the lights. It's a bad situation. Disable
them when we're sleepy.
Change-Id: I7f1fc35a1573717d1ea101a07c4171d6f66d1553
---
.../core/java/com/android/server/power/PowerManagerService.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/power/PowerManagerService.java b/services/core/java/com/android/server/power/PowerManagerService.java
index 9b8584e055f..0620f2ecec0 100644
--- a/services/core/java/com/android/server/power/PowerManagerService.java
+++ b/services/core/java/com/android/server/power/PowerManagerService.java
@@ -1965,7 +1965,7 @@ public final class PowerManagerService extends SystemService
final long nextProfileTimeout = getNextProfileTimeoutLocked(now);
mUserActivitySummary = 0;
- if (mLastUserActivityTime >= mLastWakeTime) {
+ if (mWakefulness == WAKEFULNESS_AWAKE && mLastUserActivityTime >= mLastWakeTime) {
nextTimeout = mLastUserActivityTime
+ screenOffTimeout - screenDimDuration;
if (now < nextTimeout) {
--
2.17.1

42
patches/platform_frameworks_base/0020-Don-t-wake-IR-HAL-to-the-infinity-and-beyond.patch Normal file
View File

@ -0,0 +1,42 @@
From 6b4e5ef1cf72810d37a4fd649355be31d4ec86f9 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 21 Aug 2018 22:24:02 +0200
Subject: [PATCH] Don't wake IR HAL to the infinity and beyond
---
services/core/java/com/android/server/ConsumerIrService.java | 5 -----
services/core/jni/com_android_server_ConsumerIrService.cpp | 2 +-
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/services/core/java/com/android/server/ConsumerIrService.java b/services/core/java/com/android/server/ConsumerIrService.java
index fcfb45659e5..3a6a8cba509 100644
--- a/services/core/java/com/android/server/ConsumerIrService.java
+++ b/services/core/java/com/android/server/ConsumerIrService.java
@@ -48,11 +48,6 @@ public class ConsumerIrService extends IConsumerIrService.Stub {
mWakeLock.setReferenceCounted(true);
mHasNativeHal = halOpen();
- if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_CONSUMER_IR)) {
- if (!mHasNativeHal) {
- throw new RuntimeException("FEATURE_CONSUMER_IR present, but no IR HAL loaded!");
- }
- }
mParameter = AudioSystem.getParameters("audio_capability#irda_support");
}
diff --git a/services/core/jni/com_android_server_ConsumerIrService.cpp b/services/core/jni/com_android_server_ConsumerIrService.cpp
index 2ca348b3ae4..148fba9a688 100644
--- a/services/core/jni/com_android_server_ConsumerIrService.cpp
+++ b/services/core/jni/com_android_server_ConsumerIrService.cpp
@@ -36,7 +36,7 @@ static sp<IConsumerIr> mHal;
static jboolean halOpen(JNIEnv* /* env */, jobject /* obj */) {
// TODO(b/31632518)
- mHal = IConsumerIr::getService();
+ mHal = IConsumerIr::tryGetService();
return mHal != nullptr;
}
--
2.17.1

28
patches/platform_frameworks_base/0021-Switch-samsung-light-fingerprint-match-to-regexp-to-.patch Normal file
View File

@ -0,0 +1,28 @@
From c4e45f5f94e47109a6f65b4ea07b25626efbba34 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 23 Aug 2018 23:39:16 +0200
Subject: [PATCH 21/31] Switch samsung light fingerprint match to regexp, to
include Note9
---
.../core/java/com/android/server/lights/LightsService.java | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index 2886f2900d9..2ad38774b9d 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -55,9 +55,7 @@ public class LightsService extends SystemService {
if(mId == 0) {
String fp = SystemProperties.get("ro.vendor.build.fingerprint", "hello");
- if(
- fp.contains("starlte") || fp.contains("star2lte") ||
- fp.contains("starqlte") || fp.contains("star2qlte")) {
+ if(fp.matches(".*(crown|star)[q2]*lte.*")) {
setLightLocked(brightness*100, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
return;
}
--
2.17.1

30
patches/platform_frameworks_base/0022-Add-a-property-toggle-to-enable-high-brightness-rang.patch Normal file
View File

@ -0,0 +1,30 @@
From aac8a05b691bff6cb9081ea76d8e5c6f1e4fe70d Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 27 Aug 2018 00:47:13 +0200
Subject: [PATCH 22/31] Add a property toggle to enable high brightness range
on samsung device
---
.../core/java/com/android/server/lights/LightsService.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index 2ad38774b9d..89008ea3134 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -56,7 +56,11 @@ public class LightsService extends SystemService {
if(mId == 0) {
String fp = SystemProperties.get("ro.vendor.build.fingerprint", "hello");
if(fp.matches(".*(crown|star)[q2]*lte.*")) {
- setLightLocked(brightness*100, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
+ int newBrightness = brightness * 100;
+ if(SystemProperties.getBoolean("persist.sys.samsung.full_brightness", false)) {
+ newBrightness = (int) (brightness * 40960.0 / 255.0);
+ }
+ setLightLocked(newBrightness, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
return;
}
--
2.17.1

46
patches/platform_frameworks_base/0023-Add-a-property-to-override-pre-o-max-aspect-ratio.patch Normal file
View File

@ -0,0 +1,46 @@
From 491b9ace3db2e132949d7579ef5819f0f789a971 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Wed, 29 Aug 2018 11:05:54 +0200
Subject: [PATCH 23/31] Add a property to override pre-o max aspect ratio
---
.../core/java/com/android/server/am/ActivityRecord.java | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/am/ActivityRecord.java b/services/core/java/com/android/server/am/ActivityRecord.java
index 97ae3772ca3..5718c5ee8d0 100644
--- a/services/core/java/com/android/server/am/ActivityRecord.java
+++ b/services/core/java/com/android/server/am/ActivityRecord.java
@@ -161,6 +161,7 @@ import android.os.PersistableBundle;
import android.os.Process;
import android.os.RemoteException;
import android.os.SystemClock;
+import android.os.SystemProperties;
import android.os.UserHandle;
import android.os.storage.StorageManager;
import android.service.voice.IVoiceInteractionSession;
@@ -2354,7 +2355,7 @@ final class ActivityRecord extends ConfigurationContainer implements AppWindowCo
// TODO(b/36505427): Consider moving this method and similar ones to ConfigurationContainer.
private void computeBounds(Rect outBounds) {
outBounds.setEmpty();
- final float maxAspectRatio = info.maxAspectRatio;
+ float maxAspectRatio = info.maxAspectRatio;
final ActivityStack stack = getStack();
if (task == null || stack == null || task.inMultiWindowMode() || maxAspectRatio == 0
|| isInVrUiMode(getConfiguration())) {
@@ -2365,6 +2366,12 @@ final class ActivityRecord extends ConfigurationContainer implements AppWindowCo
return;
}
+ if(info.applicationInfo.targetSdkVersion < O) {
+ try {
+ maxAspectRatio = Float.parseFloat(SystemProperties.get("persist.sys.max_aspect_ratio.pre_o", ""));
+ } catch (Throwable t) {}
+ Log.d("PHH", "Overrode aspect ratio because pre-o to " + maxAspectRatio);
+ }
// We must base this on the parent configuration, because we set our override
// configuration's appBounds based on the result of this method. If we used our own
// configuration, it would be influenced by past invocations.
--
2.17.1

26
patches/platform_frameworks_base/0024-Add-japanese-S9.patch Normal file
View File

@ -0,0 +1,26 @@
From 8d199eba0c2e55725d0677ff4c949e48737af7e9 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 28 Aug 2018 20:39:26 +0200
Subject: [PATCH 24/31] Add japanese S9
---
.../core/java/com/android/server/lights/LightsService.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index 89008ea3134..47c1d9297fe 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -55,7 +55,8 @@ public class LightsService extends SystemService {
if(mId == 0) {
String fp = SystemProperties.get("ro.vendor.build.fingerprint", "hello");
- if(fp.matches(".*(crown|star)[q2]*lte.*")) {
+ if(fp.matches(".*(crown|star)[q2]*lte.*") ||
+ fp.matches(".*(SC-0[23]K|SCV3[89]).*")) {
int newBrightness = brightness * 100;
if(SystemProperties.getBoolean("persist.sys.samsung.full_brightness", false)) {
newBrightness = (int) (brightness * 40960.0 / 255.0);
--
2.17.1

36
patches/platform_frameworks_base/0025-Re-order-services-so-that-it-works-even-without-qtag.patch Normal file
View File

@ -0,0 +1,36 @@
From 0da5d5d1b6ced13bc25953f46db15ffd4ed839d3 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 8 Nov 2018 23:04:03 +0100
Subject: [PATCH 25/31] Re-order services so that it works even without qtaguid
---
.../com/android/server/net/NetworkPolicyManagerService.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index ab482bb2da9..c4a655d8447 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -708,6 +708,9 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "systemReady");
final int oldPriority = Process.getThreadPriority(Process.myTid());
try {
+ mUsageStats = LocalServices.getService(UsageStatsManagerInternal.class);
+ mNetworkStats = LocalServices.getService(NetworkStatsManagerInternal.class);
+
// Boost thread's priority during system server init
Process.setThreadPriority(Process.THREAD_PRIORITY_FOREGROUND);
if (!isBandwidthControlEnabled()) {
@@ -715,9 +718,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
return;
}
- mUsageStats = LocalServices.getService(UsageStatsManagerInternal.class);
- mNetworkStats = LocalServices.getService(NetworkStatsManagerInternal.class);
-
synchronized (mUidRulesFirstLock) {
synchronized (mNetworkPoliciesSecondLock) {
updatePowerSaveWhitelistUL();
--
2.17.1

26
patches/platform_frameworks_base/0026-Use-Samsung-fingerprint-percent-thingy-on-all-Samsun.patch Normal file
View File

@ -0,0 +1,26 @@
From e17a61b9abe4c8df29379b01f841c1be482bc9e7 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 9 Dec 2018 16:31:44 +0100
Subject: [PATCH 26/31] Use Samsung fingerprint percent thingy on all Samsung
devices
---
.../java/com/android/server/fingerprint/FingerprintService.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java
index 6f09433c002..8c2990b1999 100644
--- a/services/core/java/com/android/server/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java
@@ -1048,7 +1048,7 @@ public class FingerprintService extends SystemService implements IHwBinder.Death
public void run() {
int remaining2 = remaining;
String fp = android.os.SystemProperties.get("ro.vendor.build.fingerprint");
- if(fp != null && (fp.contains("starlte") || fp.contains("star2lte") || fp.contains("starqlte") || fp.contains("star2qlte")))
+ if(fp != null && (fp.startsWith("samsung/")))
remaining2 = 100 - remaining2;
handleEnrollResult(deviceId, fingerId, groupId, remaining2);
}
--
2.17.1

33
patches/platform_frameworks_base/0027-Different-value-for-astarqlte.-Probably-more-devices.patch Normal file
View File

@ -0,0 +1,33 @@
From 92d27ce6dc2a0b7c25ba154ed839a506cb7bbfa0 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 10 Mar 2019 19:35:06 +0100
Subject: [PATCH 27/31] Different value for astarqlte. Probably more devices to
add later
---
.../java/com/android/server/lights/LightsService.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index 47c1d9297fe..e5299e456f5 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -55,6 +55,15 @@ public class LightsService extends SystemService {
if(mId == 0) {
String fp = SystemProperties.get("ro.vendor.build.fingerprint", "hello");
+ if(fp.matches(".*astarqlte.*")) {
+ int newBrightness = brightness;
+ if(SystemProperties.getBoolean("persist.sys.samsung.full_brightness", false)) {
+ newBrightness = (int) (brightness * 365.0 / 255.0);
+ }
+ setLightLocked(newBrightness, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
+ return;
+ }
+
if(fp.matches(".*(crown|star)[q2]*lte.*") ||
fp.matches(".*(SC-0[23]K|SCV3[89]).*")) {
int newBrightness = brightness * 100;
--
2.17.1

329
patches/platform_frameworks_base/0028-Initial-support-of-in-display-fingerprint-sensor.patch Normal file
View File

@ -0,0 +1,329 @@
From 97bb347025b15447834a6ada3779f9795098efbe Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 24 Mar 2019 22:48:39 +0100
Subject: [PATCH] Initial support of in-display fingerprint sensor
Tested on Mi 9.
Here are the list of things that are device-specific:
- touchscreen control (possibly not needed for all devices)
- how to get position and size of green circle?
- fingerprint control (tell the fingerprint sensor the green circle is
ready, and what is its brightness)
---
services/core/Android.bp | 1 +
.../fingerprint/AuthenticationClient.java | 6 +
.../server/fingerprint/EnrollClient.java | 9 +
.../server/fingerprint/FacolaView.java | 192 ++++++++++++++++++
4 files changed, 208 insertions(+)
create mode 100644 services/core/java/com/android/server/fingerprint/FacolaView.java
diff --git a/services/core/Android.bp b/services/core/Android.bp
index 48be3c4921c..ab3d941bd26 100644
--- a/services/core/Android.bp
+++ b/services/core/Android.bp
@@ -45,6 +45,7 @@ java_library_static {
"android.hardware.configstore-V1.0-java",
"android.hardware.contexthub-V1.0-java",
"vendor.lineage.trust-V1.0-java",
+ "vendor.xiaomi.hardware.fingerprintextension-V1.0-java",
],
}
diff --git a/services/core/java/com/android/server/fingerprint/AuthenticationClient.java b/services/core/java/com/android/server/fingerprint/AuthenticationClient.java
index afd1a94bf50..f36ed9b38c6 100644
--- a/services/core/java/com/android/server/fingerprint/AuthenticationClient.java
+++ b/services/core/java/com/android/server/fingerprint/AuthenticationClient.java
@@ -54,6 +54,8 @@ public abstract class AuthenticationClient extends ClientMonitor {
private final FingerprintManager mFingerprintManager;
protected boolean mDialogDismissed;
+ private FacolaView mFacola;
+
// Receives events from SystemUI and handles them before forwarding them to FingerprintDialog
protected IBiometricPromptReceiver mDialogReceiver = new IBiometricPromptReceiver.Stub() {
@Override // binder call
@@ -96,6 +98,7 @@ public abstract class AuthenticationClient extends ClientMonitor {
mStatusBarService = statusBarService;
mFingerprintManager = (FingerprintManager) getContext()
.getSystemService(Context.FINGERPRINT_SERVICE);
+ mFacola = new FacolaView(context);
}
@Override
@@ -233,6 +236,7 @@ public abstract class AuthenticationClient extends ClientMonitor {
resetFailedAttempts();
onStop();
}
+ if(result == true) mFacola.hide();
return result;
}
@@ -246,6 +250,7 @@ public abstract class AuthenticationClient extends ClientMonitor {
Slog.w(TAG, "start authentication: no fingerprint HAL!");
return ERROR_ESRCH;
}
+ mFacola.show();
onStart();
try {
final int result = daemon.authenticate(mOpId, getGroupId());
@@ -279,6 +284,7 @@ public abstract class AuthenticationClient extends ClientMonitor {
return 0;
}
+ mFacola.hide();
onStop();
IBiometricsFingerprint daemon = getFingerprintDaemon();
if (daemon == null) {
diff --git a/services/core/java/com/android/server/fingerprint/EnrollClient.java b/services/core/java/com/android/server/fingerprint/EnrollClient.java
index c9efcf2fd68..4ce4ba0cfc8 100644
--- a/services/core/java/com/android/server/fingerprint/EnrollClient.java
+++ b/services/core/java/com/android/server/fingerprint/EnrollClient.java
@@ -29,10 +29,12 @@ import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
import java.util.Arrays;
+
/**
* A class to keep track of the enrollment state for a given client.
*/
public abstract class EnrollClient extends ClientMonitor {
+ private final FacolaView mFacola;
private static final long MS_PER_SEC = 1000;
private static final int ENROLLMENT_TIMEOUT_MS = 60 * 1000; // 1 minute
private byte[] mCryptoToken;
@@ -42,6 +44,7 @@ public abstract class EnrollClient extends ClientMonitor {
boolean restricted, String owner) {
super(context, halDeviceId, token, receiver, userId, groupId, restricted, owner);
mCryptoToken = Arrays.copyOf(cryptoToken, cryptoToken.length);
+ mFacola = new FacolaView(context);
}
@Override
@@ -69,6 +72,7 @@ public abstract class EnrollClient extends ClientMonitor {
MetricsLogger.action(getContext(), MetricsEvent.ACTION_FINGERPRINT_ENROLL);
try {
receiver.onEnrollResult(getHalDeviceId(), fpId, groupId, remaining);
+ if(remaining == 0) mFacola.hide();
return remaining == 0;
} catch (RemoteException e) {
Slog.w(TAG, "Failed to notify EnrollResult:", e);
@@ -83,6 +87,10 @@ public abstract class EnrollClient extends ClientMonitor {
Slog.w(TAG, "enroll: no fingerprint HAL!");
return ERROR_ESRCH;
}
+ Slog.w(TAG, "Starting enroll");
+
+ mFacola.show();
+
final int timeout = (int) (ENROLLMENT_TIMEOUT_MS / MS_PER_SEC);
try {
final int result = daemon.enroll(mCryptoToken, getGroupId(), timeout);
@@ -104,6 +112,7 @@ public abstract class EnrollClient extends ClientMonitor {
Slog.w(TAG, "stopEnroll: already cancelled!");
return 0;
}
+ mFacola.hide();
IBiometricsFingerprint daemon = getFingerprintDaemon();
if (daemon == null) {
Slog.w(TAG, "stopEnrollment: no fingerprint HAL!");
diff --git a/services/core/java/com/android/server/fingerprint/FacolaView.java b/services/core/java/com/android/server/fingerprint/FacolaView.java
new file mode 100644
index 00000000000..ec336fe337c
--- /dev/null
+++ b/services/core/java/com/android/server/fingerprint/FacolaView.java
@@ -0,0 +1,192 @@
+/**
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.fingerprint;
+
+import android.graphics.Canvas;
+import android.graphics.Color;
+import android.graphics.Paint;
+import android.content.Context;
+import android.view.View.OnTouchListener;
+import android.view.View;
+import android.widget.ImageView;
+import android.view.MotionEvent;
+import android.util.Slog;
+
+import android.view.WindowManager;
+import android.graphics.PixelFormat;
+import android.view.Gravity;
+
+import java.io.PrintWriter;
+
+import vendor.xiaomi.hardware.fingerprintextension.V1_0.IXiaomiFingerprint;
+
+import android.os.ServiceManager;
+
+public class FacolaView extends ImageView implements OnTouchListener {
+ private final int mX, mY, mW, mH;
+ private final Paint mPaintFingerprint = new Paint();
+ private final Paint mPaintShow = new Paint();
+ private IXiaomiFingerprint mXiaomiFingerprint = null;
+ private boolean mInsideCircle = false;
+ private final WindowManager.LayoutParams mParams = new WindowManager.LayoutParams();
+
+ private final static float UNTOUCHED_DIM = .1f;
+ private final static float TOUCHED_DIM = .9f;
+
+ private final WindowManager mWM;
+ FacolaView(Context context) {
+ super(context);
+
+ String[] location = android.os.SystemProperties.get("persist.vendor.sys.fp.fod.location.X_Y", "").split(",");
+ String[] size = android.os.SystemProperties.get("persist.vendor.sys.fp.fod.size.width_height", "").split(",");
+ if(size.length == 2 && location.length == 2) {
+ mX = Integer.parseInt(location[0]);
+ mY = Integer.parseInt(location[1]);
+ mW = Integer.parseInt(size[0]);
+ mH = Integer.parseInt(size[1]);
+ } else {
+ mX = -1;
+ mY = -1;
+ mW = -1;
+ mH = -1;
+ }
+
+ mPaintFingerprint.setAntiAlias(true);
+ mPaintFingerprint.setColor(Color.GREEN);
+
+ mPaintShow.setAntiAlias(true);
+ mPaintShow.setColor(Color.argb(0x18, 0x00, 0xff, 0x00));
+ setOnTouchListener(this);
+ mWM = (WindowManager) getContext().getSystemService(Context.WINDOW_SERVICE);
+ Slog.d("PHH-Enroll", "Created facola...");
+ try {
+ if(mW != -1)
+ mXiaomiFingerprint = IXiaomiFingerprint.getService();
+ } catch(Exception e) {
+ Slog.d("PHH-Enroll", "Failed getting xiaomi fingerprint service", e);
+ }
+ }
+
+ @Override
+ protected void onDraw(Canvas canvas) {
+ super.onDraw(canvas);
+ Slog.d("PHH-Enroll", "Drawing at " + mX + ", " + mY + ", " + mW + ", " + mH);
+ //TODO w!=h?
+ if(mInsideCircle) {
+ try {
+ int nitValue = 3;
+ if(mXiaomiFingerprint != null)
+ mXiaomiFingerprint.extCmd(0xa, nitValue);
+ } catch(Exception e) {
+ Slog.d("PHH-Enroll", "Failed calling xiaomi fp extcmd");
+ }
+
+ canvas.drawCircle(mW/2, mH/2, (float) (mW/2.0f), this.mPaintFingerprint);
+ } else {
+ try {
+ if(mXiaomiFingerprint != null)
+ mXiaomiFingerprint.extCmd(0xa, 0);
+ } catch(Exception e) {
+ Slog.d("PHH-Enroll", "Failed calling xiaomi fp extcmd");
+ }
+ canvas.drawCircle(mW/2, mH/2, (float) (mW/2.0f), this.mPaintShow);
+ }
+ }
+
+ @Override
+ public boolean onTouch(View v, MotionEvent event) {
+ float x = event.getAxisValue(MotionEvent.AXIS_X);
+ float y = event.getAxisValue(MotionEvent.AXIS_Y);
+
+ boolean newInside = (x > 0 && x < mW) && (y > 0 && y < mW);
+ if(event.getAction() == MotionEvent.ACTION_UP)
+ newInside = false;
+
+ Slog.d("PHH-Enroll", "Got action " + event.getAction() + ", x = " + x + ", y = " + y + ", inside = " + mInsideCircle + "/" + newInside);
+ if(newInside == mInsideCircle) return mInsideCircle;
+ mInsideCircle = newInside;
+
+ invalidate();
+
+ if(!mInsideCircle) {
+ mParams.screenBrightness = .0f;
+ mParams.dimAmount = UNTOUCHED_DIM;
+ mWM.updateViewLayout(this, mParams);
+ return false;
+ }
+
+ mParams.dimAmount = TOUCHED_DIM;
+ mParams.screenBrightness = 1.0f;
+ mWM.updateViewLayout(this, mParams);
+
+ return true;
+ }
+
+ public void show() {
+ if(mX == -1 || mY == -1 || mW == -1 || mH == -1) return;
+
+ try {
+ PrintWriter writer = new PrintWriter("/sys/devices/virtual/touch/tp_dev/fod_status", "UTF-8");
+ writer.println("1");
+ writer.close();
+ } catch(Exception e) {
+ Slog.d("PHH-Enroll", "Failed setting fod status for touchscreen");
+ }
+
+ mParams.x = mX;
+ mParams.y = mY;
+
+ mParams.height = mW;
+ mParams.width = mH;
+ mParams.format = PixelFormat.TRANSLUCENT;
+
+ mParams.type = WindowManager.LayoutParams.TYPE_VOLUME_OVERLAY;
+ mParams.setTitle("Fingerprint on display");
+ mParams.flags = WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE |
+ WindowManager.LayoutParams.FLAG_WATCH_OUTSIDE_TOUCH |
+ WindowManager.LayoutParams.FLAG_DIM_BEHIND |
+ WindowManager.LayoutParams.FLAG_LAYOUT_IN_SCREEN;
+ mParams.dimAmount = UNTOUCHED_DIM;
+
+ mParams.packageName = "android";
+
+ mParams.gravity = Gravity.TOP | Gravity.LEFT;
+ mWM.addView(this, mParams);
+
+ }
+
+ public void hide() {
+ if(mX == -1 || mY == -1 || mW == -1 || mH == -1) return;
+
+ try {
+ if(mXiaomiFingerprint != null)
+ mXiaomiFingerprint.extCmd(0xa, 0);
+ } catch(Exception e) {
+ Slog.d("PHH-Enroll", "Failed calling xiaomi fp extcmd");
+ }
+ try {
+ PrintWriter writer = new PrintWriter("/sys/devices/virtual/touch/tp_dev/fod_status", "UTF-8");
+ writer.println("0");
+ writer.close();
+ } catch(Exception e) {
+ Slog.d("PHH-Enroll", "Failed setting fod status for touchscreen");
+ }
+
+ Slog.d("PHH-Enroll", "Removed facola");
+ mWM.removeView(this);
+ }
+}
--
2.17.1

97
patches/platform_frameworks_base/0029-Support-new-samsung-light-hal.patch Normal file
View File

@ -0,0 +1,97 @@
From 1f08e24e33895eb7f56ff5540e07fc0759872c23 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 24 Mar 2019 23:05:14 +0100
Subject: [PATCH] Support new samsung light hal
---
services/core/jni/Android.bp | 1 +
...om_android_server_lights_LightsService.cpp | 27 +++++++++++++++++++
2 files changed, 28 insertions(+)
diff --git a/services/core/jni/Android.bp b/services/core/jni/Android.bp
index 5fd9496a5f8..ba6bccc2806 100644
--- a/services/core/jni/Android.bp
+++ b/services/core/jni/Android.bp
@@ -131,6 +131,7 @@ cc_defaults {
"android.frameworks.schedulerservice@1.0",
"android.frameworks.sensorservice@1.0",
"vendor.lineage.power@1.0",
+ "vendor.samsung.hardware.light@2.0",
],
static_libs: [
diff --git a/services/core/jni/com_android_server_lights_LightsService.cpp b/services/core/jni/com_android_server_lights_LightsService.cpp
index 01ddecaeff5..f42c49afaa6 100644
--- a/services/core/jni/com_android_server_lights_LightsService.cpp
+++ b/services/core/jni/com_android_server_lights_LightsService.cpp
@@ -23,6 +23,8 @@
#include <android/hardware/light/2.0/ILight.h>
#include <android/hardware/light/2.0/types.h>
+#include <vendor/samsung/hardware/light/2.0/ISecLight.h>
+#include <vendor/samsung/hardware/light/2.0/types.h>
#include <android-base/chrono_utils.h>
#include <utils/misc.h>
#include <utils/Log.h>
@@ -40,9 +42,13 @@ using Type = ::android::hardware::light::V2_0::Type;
template<typename T>
using Return = ::android::hardware::Return<T>;
+using ISecLight = ::vendor::samsung::hardware::light::V2_0::ISecLight;
+using SecType = ::vendor::samsung::hardware::light::V2_0::SecType;
+
class LightHal {
private:
static sp<ILight> sLight;
+ static sp<ISecLight> sSecLight;
static bool sLightInit;
LightHal() {}
@@ -58,6 +64,7 @@ public:
(sLight != nullptr && !sLight->ping().isOk())) {
// will return the hal if it exists the first time.
sLight = ILight::getService();
+ sSecLight = ISecLight::getService();
sLightInit = true;
if (sLight == nullptr) {
@@ -67,9 +74,14 @@ public:
return sLight;
}
+
+ static sp<ISecLight> getSecLight() {
+ return sSecLight;
+ }
};
sp<ILight> LightHal::sLight = nullptr;
+sp<ISecLight> LightHal::sSecLight = nullptr;
bool LightHal::sLightInit = false;
static bool validate(jint light, jint flash, jint brightness) {
@@ -183,6 +195,21 @@ static void setLight_native(
}
colorAlpha = (colorAlpha * brightnessLevel) / 0xFF;
colorARGB = (colorAlpha << 24) + (colorARGB & 0x00FFFFFF);
+ }
+
+ sp<ISecLight> secHal = LightHal::getSecLight();
+
+ if(secHal != nullptr) {
+ SecType type = static_cast<SecType>(light);
+ LightState state = constructState(
+ colorARGB, flashMode, onMS, offMS, brightnessMode);
+
+ {
+ android::base::Timer t;
+ Return<Status> ret = secHal->setLightSec(type, state);
+ processReturn(ret, static_cast<Type>(light), state);
+ if (t.duration() > 50ms) ALOGD("Excessive delay setting light");
+ }
}
Type type = static_cast<Type>(light);
--
2.17.1

28
patches/platform_frameworks_base/0030-Fix-backlight-on-S10-.-Add-an-additional-property-to.patch Normal file
View File

@ -0,0 +1,28 @@
From ab2af70136a6846a00cd6dab2a0fec3633921517 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Wed, 24 Apr 2019 20:09:53 +0200
Subject: [PATCH 30/31] Fix backlight on S10*. Add an additional property to
check, so testers can try it more easily
---
.../core/java/com/android/server/lights/LightsService.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index e5299e456f5..cd709880e11 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -64,7 +64,9 @@ public class LightsService extends SystemService {
return;
}
- if(fp.matches(".*(crown|star)[q2]*lte.*") ||
+ if(SystemProperties.getInt("persist.sys.phh.samsung_backlight", 0) == 1 ||
+ fp.matches(".*beyond.*lte.*") ||
+ fp.matches(".*(crown|star)[q2]*lte.*") ||
fp.matches(".*(SC-0[23]K|SCV3[89]).*")) {
int newBrightness = brightness * 100;
if(SystemProperties.getBoolean("persist.sys.samsung.full_brightness", false)) {
--
2.17.1

97
patches/platform_frameworks_base/0031-Delay-brightness-changes-so-that-dim-adjusted.patch Normal file
View File

@ -0,0 +1,97 @@
From d5ce6564e36fe4291e42f091b322f23c346d1215 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 6 May 2019 23:16:43 +0200
Subject: [PATCH 31/31] Delay brightness changes, so that dim adjusted
---
.../server/fingerprint/FacolaView.java | 28 +++++++++++++++++--
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/services/core/java/com/android/server/fingerprint/FacolaView.java b/services/core/java/com/android/server/fingerprint/FacolaView.java
index ec336fe337c..86f03360ad0 100644
--- a/services/core/java/com/android/server/fingerprint/FacolaView.java
+++ b/services/core/java/com/android/server/fingerprint/FacolaView.java
@@ -29,6 +29,8 @@ import android.util.Slog;
import android.view.WindowManager;
import android.graphics.PixelFormat;
import android.view.Gravity;
+import android.os.Handler;
+import android.os.Looper;
import java.io.PrintWriter;
@@ -47,10 +49,15 @@ public class FacolaView extends ImageView implements OnTouchListener {
private final static float UNTOUCHED_DIM = .1f;
private final static float TOUCHED_DIM = .9f;
+ private final Handler mMainHandler;
+ private boolean visible = false;
+
private final WindowManager mWM;
FacolaView(Context context) {
super(context);
+ mMainHandler = new Handler(Looper.getMainLooper());
+
String[] location = android.os.SystemProperties.get("persist.vendor.sys.fp.fod.location.X_Y", "").split(",");
String[] size = android.os.SystemProperties.get("persist.vendor.sys.fp.fod.size.width_height", "").split(",");
if(size.length == 2 && location.length == 2) {
@@ -89,8 +96,13 @@ public class FacolaView extends ImageView implements OnTouchListener {
if(mInsideCircle) {
try {
int nitValue = 3;
- if(mXiaomiFingerprint != null)
- mXiaomiFingerprint.extCmd(0xa, nitValue);
+ if(mXiaomiFingerprint != null) {
+ mMainHandler.postDelayed(() -> {
+ try {
+ mXiaomiFingerprint.extCmd(0xa, nitValue);
+ } catch(Exception e) {}
+ }, 60);
+ }
} catch(Exception e) {
Slog.d("PHH-Enroll", "Failed calling xiaomi fp extcmd");
}
@@ -123,8 +135,15 @@ public class FacolaView extends ImageView implements OnTouchListener {
invalidate();
if(!mInsideCircle) {
- mParams.screenBrightness = .0f;
mParams.dimAmount = UNTOUCHED_DIM;
+ //Changing Dim is instant, changing brightness isn't.
+ //Have a little pity of users' eyes and wait a bit
+ mMainHandler.postDelayed(() -> {
+ if(visible) {
+ mParams.screenBrightness = .0f;
+ mWM.updateViewLayout(this, mParams);
+ }
+ }, 100);
mWM.updateViewLayout(this, mParams);
return false;
}
@@ -133,6 +152,7 @@ public class FacolaView extends ImageView implements OnTouchListener {
mParams.screenBrightness = 1.0f;
mWM.updateViewLayout(this, mParams);
+
return true;
}
@@ -166,6 +186,7 @@ public class FacolaView extends ImageView implements OnTouchListener {
mParams.gravity = Gravity.TOP | Gravity.LEFT;
mWM.addView(this, mParams);
+ visible = true;
}
@@ -188,5 +209,6 @@ public class FacolaView extends ImageView implements OnTouchListener {
Slog.d("PHH-Enroll", "Removed facola");
mWM.removeView(this);
+ visible = false;
}
}
--
2.17.1

36
patches/platform_frameworks_base/0032-Check-for-null-path-in-getInternalPathForUser.patch Normal file
View File

@ -0,0 +1,36 @@
From 7fed750fff5a65329a32b851c46d3aaa856b2bed Mon Sep 17 00:00:00 2001
From: Jerry Zhang <zhangjerry@google.com>
Date: Wed, 6 Jun 2018 11:04:46 -0700
Subject: [PATCH 32/32] Check for null path in getInternalPathForUser
In some situations, path could be null resulting
in a crash.
Test: no crash
Bug: 109730998
Change-Id: I2ce0410162d1327905d690331f461f9187e20906
Merged-In: I2ce0410162d1327905d690331f461f9187e20906
(cherry picked from commit 6f6154bf0493cf66628c8f2418827fe54679b1eb)
(cherry picked from commit 30f63cf1f958cf5e8ee77875ac38c579a4a783d1)
---
core/java/android/os/storage/VolumeInfo.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/core/java/android/os/storage/VolumeInfo.java b/core/java/android/os/storage/VolumeInfo.java
index 8d4c3c3d3e6..8c7750242ef 100644
--- a/core/java/android/os/storage/VolumeInfo.java
+++ b/core/java/android/os/storage/VolumeInfo.java
@@ -312,7 +312,9 @@ public class VolumeInfo implements Parcelable {
* {@link android.Manifest.permission#WRITE_MEDIA_STORAGE}.
*/
public File getInternalPathForUser(int userId) {
- if (type == TYPE_PUBLIC) {
+ if (path == null) {
+ return null;
+ } else if (type == TYPE_PUBLIC) {
// TODO: plumb through cleaner path from vold
return new File(path.replace("/storage/", "/mnt/media_rw/"));
} else {
--
2.17.1

48
patches/platform_frameworks_base/0033-Make-samsung-light-HAL-more-overridable.patch Normal file
View File

@ -0,0 +1,48 @@
From 820e3cf51eaa918cee5c3c7bfe2fb240492eb7f8 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 2 Jul 2019 21:15:07 +0200
Subject: [PATCH 33/34] Make samsung light HAL more overridable
---
.../android/server/lights/LightsService.java | 24 ++++++++++++-------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/services/core/java/com/android/server/lights/LightsService.java b/services/core/java/com/android/server/lights/LightsService.java
index cd709880e11..ef1f3c17b1c 100644
--- a/services/core/java/com/android/server/lights/LightsService.java
+++ b/services/core/java/com/android/server/lights/LightsService.java
@@ -64,16 +64,22 @@ public class LightsService extends SystemService {
return;
}
- if(SystemProperties.getInt("persist.sys.phh.samsung_backlight", 0) == 1 ||
- fp.matches(".*beyond.*lte.*") ||
- fp.matches(".*(crown|star)[q2]*lte.*") ||
- fp.matches(".*(SC-0[23]K|SCV3[89]).*")) {
- int newBrightness = brightness * 100;
- if(SystemProperties.getBoolean("persist.sys.samsung.full_brightness", false)) {
- newBrightness = (int) (brightness * 40960.0 / 255.0);
+ int useSamsungBacklight = SystemProperties.getInt("persist.sys.phh.samsung_backlight", -1);
+ if(useSamsungBacklight != 0) {
+ if(useSamsungBacklight > 0 ||
+ fp.matches(".*beyond.*lte.*") ||
+ fp.matches(".*(crown|star)[q2]*lte.*") ||
+ fp.matches(".*(SC-0[23]K|SCV3[89]).*")) {
+ int ratio = 100;
+ if(useSamsungBacklight > 1)
+ ratio = useSamsungBacklight;
+ int newBrightness = brightness * ratio;
+ if(SystemProperties.getBoolean("persist.sys.samsung.full_brightness", false)) {
+ newBrightness = (int) (brightness * 40960.0 / 255.0);
+ }
+ setLightLocked(newBrightness, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
+ return;
}
- setLightLocked(newBrightness, LIGHT_FLASH_HARDWARE, 0, 0, brightnessMode);
- return;
}
boolean qcomExtendBrightness = SystemProperties.getBoolean("persist.extend.brightness", false);
--
2.17.1

27
patches/platform_frameworks_base/0034-Make-Samsung-fingerprint-broken-HAL-overridable.patch Normal file
View File

@ -0,0 +1,27 @@
From 91ea029c2c9686490d6c011708c4a298d236fa2b Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 2 Jul 2019 21:19:29 +0200
Subject: [PATCH 34/34] Make Samsung fingerprint broken HAL overridable
---
.../com/android/server/fingerprint/FingerprintService.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java
index 8c2990b1999..461fac50975 100644
--- a/services/core/java/com/android/server/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java
@@ -1047,8 +1047,9 @@ public class FingerprintService extends SystemService implements IHwBinder.Death
@Override
public void run() {
int remaining2 = remaining;
+ int overrideSamsung = android.os.SystemProperties.getInt("persist.sys.phh.samsung_fingerprint", -1);
String fp = android.os.SystemProperties.get("ro.vendor.build.fingerprint");
- if(fp != null && (fp.startsWith("samsung/")))
+ if(overrideSamsung == 1 || (overrideSamsung != 0 && fp != null && fp.startsWith("samsung/")))
remaining2 = 100 - remaining2;
handleEnrollResult(deviceId, fingerId, groupId, remaining2);
}
--
2.17.1

26
patches/platform_frameworks_native/0001-AOSP-8.0-8.1-didn-t-use-presentOrValidate-so-it-s-br.patch Normal file
View File

@ -0,0 +1,26 @@
From edeb825839b1c1e315b0194fa91a6c8c47f3331f Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 21:01:35 +0200
Subject: [PATCH 1/4] AOSP 8.0/8.1 didn't use presentOrValidate, so it's
broken. Don't use it
---
services/surfaceflinger/DisplayHardware/HWComposer.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/surfaceflinger/DisplayHardware/HWComposer.cpp b/services/surfaceflinger/DisplayHardware/HWComposer.cpp
index f5f7a821f..3c269ea1f 100644
--- a/services/surfaceflinger/DisplayHardware/HWComposer.cpp
+++ b/services/surfaceflinger/DisplayHardware/HWComposer.cpp
@@ -435,7 +435,7 @@ status_t HWComposer::prepare(DisplayDevice& displayDevice) {
// The check below is incorrect. We actually rely on HWC here to fall
// back to validate when there is any client layer.
displayData.validateWasSkipped = false;
- if (!displayData.hasClientComposition) {
+ if ((false)) { //!displayData.hasClientComposition) {
sp<android::Fence> outPresentFence;
uint32_t state = UINT32_MAX;
error = hwcDisplay->presentOrValidate(&numTypes, &numRequests, &outPresentFence , &state);
--
2.17.1

26
patches/platform_frameworks_native/0002-Ignore-usage-bits-verification.patch Normal file
View File

@ -0,0 +1,26 @@
From 12169a1da2a3ed976027784496035655aa5a5545 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 19 Aug 2018 23:07:24 +0200
Subject: [PATCH 2/4] Ignore usage bits verification
This didn't ignore as of 8.1, so we're ""safe""
---
libs/ui/Gralloc2.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/ui/Gralloc2.cpp b/libs/ui/Gralloc2.cpp
index b92cbf351..1c0e5d5ea 100644
--- a/libs/ui/Gralloc2.cpp
+++ b/libs/ui/Gralloc2.cpp
@@ -92,7 +92,7 @@ Gralloc2::Error Mapper::validateBufferDescriptorInfo(
if (descriptorInfo.usage & ~validUsageBits) {
ALOGE("buffer descriptor contains invalid usage bits 0x%" PRIx64,
descriptorInfo.usage & ~validUsageBits);
- return Error::BAD_VALUE;
+ //return Error::BAD_VALUE;
}
return Error::NONE;
}
--
2.17.1

42
patches/platform_frameworks_native/0003-Enable-fallback-to-old-ro.sf.hwrotation-property.patch Normal file
View File

@ -0,0 +1,42 @@
From bdded5a601c39eb445128bd6c5085970ffd6d4e5 Mon Sep 17 00:00:00 2001
From: phh <phh@phh.me>
Date: Wed, 22 Aug 2018 08:57:52 +0000
Subject: [PATCH] Enable fallback to old ro.sf.hwrotation property
---
services/surfaceflinger/SurfaceFlinger.cpp | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index dfeabc059..22d161b65 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -316,6 +316,25 @@ SurfaceFlinger::SurfaceFlinger() : SurfaceFlinger(SkipInitialization) {
}
ALOGV("Primary Display Orientation is set to %2d.", SurfaceFlinger::primaryDisplayOrientation);
+ if(primaryDisplayOrientation == V1_1::DisplayOrientation::ORIENTATION_0) {
+ int sfRotation = property_get_int32("ro.sf.hwrotation", -1);
+ switch(sfRotation) {
+ case 0:
+ SurfaceFlinger::primaryDisplayOrientation = DisplayState::eOrientationDefault;
+ break;
+ case 90:
+ SurfaceFlinger::primaryDisplayOrientation = DisplayState::eOrientation90;
+ break;
+ case 180:
+ SurfaceFlinger::primaryDisplayOrientation = DisplayState::eOrientation180;
+ break;
+ case 270:
+ SurfaceFlinger::primaryDisplayOrientation = DisplayState::eOrientation270;
+ break;
+ }
+ }
+ ALOGV("Primary Display Orientation is set to %2d.", SurfaceFlinger::primaryDisplayOrientation);
+
mPrimaryDispSync.init(SurfaceFlinger::hasSyncFramework, SurfaceFlinger::dispSyncPresentTimeOffset);
// debugging stuff...
--
2.17.1

74
patches/platform_frameworks_native/0004-device-Huawei-HWC-doesn-t-understand-0-0-0-0-fullscr.patch Normal file
View File

@ -0,0 +1,74 @@
From 399d13fc183a7fbd3118425c7cfecbb9a72ba9ce Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Fri, 5 Jan 2018 00:26:38 +0100
Subject: [PATCH 4/4] [device] ::Huawei:: HWC doesn't understand 0,0,0,0 ==
fullscreen damage. Set it to the whole visible surface
::Huawei:: Fix damage for Huawei compositor
For Huawei compositor, the damage area is a region on the screen.
But for SurfaceFlinger, this is a region on the source surface.
On Huawei devices, do the plane conversion.
This fixes several UI glitches, most notably GBoard.
---
services/surfaceflinger/BufferLayer.cpp | 8 +++++++-
services/surfaceflinger/SurfaceFlinger.cpp | 8 ++++++++
services/surfaceflinger/SurfaceFlinger.h | 3 +++
3 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/services/surfaceflinger/BufferLayer.cpp b/services/surfaceflinger/BufferLayer.cpp
index 7ac143219..2646af0c9 100644
--- a/services/surfaceflinger/BufferLayer.cpp
+++ b/services/surfaceflinger/BufferLayer.cpp
@@ -631,7 +631,13 @@ void BufferLayer::setPerFrameData(const sp<const DisplayDevice>& displayDevice)
visible.dump(LOG_TAG);
}
- error = hwcLayer->setSurfaceDamage(surfaceDamageRegion);
+ if(mFlinger->mDamageUsesScreenReference) {
+ const auto& frame = hwcInfo.displayFrame;
+ auto fullSource = Region(Rect(frame.left, frame.top, frame.right, frame.bottom));
+ error = hwcLayer->setSurfaceDamage(fullSource);
+ } else {
+ error = hwcLayer->setSurfaceDamage(surfaceDamageRegion);
+ }
if (error != HWC2::Error::None) {
ALOGE("[%s] Failed to set surface damage: %s (%d)", mName.string(),
to_string(error).c_str(), static_cast<int32_t>(error));
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index 860625525..2c6dc7f21 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -384,6 +384,14 @@ SurfaceFlinger::SurfaceFlinger() : SurfaceFlinger(SkipInitialization) {
// for production purposes later on.
setenv("TREBLE_TESTING_OVERRIDE", "true", true);
}
+
+ property_get("ro.hardware", value, "");
+ if(strstr(value, "hi3660")||
+ strstr(value, "hi6250") ||
+ strstr(value, "hi3670") ||
+ strstr(value, "kirin970")) {
+ mDamageUsesScreenReference = true;
+ }
}
void SurfaceFlinger::onFirstRef()
diff --git a/services/surfaceflinger/SurfaceFlinger.h b/services/surfaceflinger/SurfaceFlinger.h
index 0148ab675..367ea555a 100644
--- a/services/surfaceflinger/SurfaceFlinger.h
+++ b/services/surfaceflinger/SurfaceFlinger.h
@@ -852,6 +852,9 @@ private:
// Restrict layers to use two buffers in their bufferqueues.
bool mLayerTripleBufferingDisabled = false;
+ bool mDamageUsesScreenReference;
+
+
// these are thread safe
mutable std::unique_ptr<MessageQueue> mEventQueue{std::make_unique<impl::MessageQueue>()};
FrameTracker mAnimFrameTracker;
--
2.17.1

130
patches/platform_frameworks_opt_net_wifi/0001-Revert-SupplicantManager-Remove-ensure_config_file_e.patch Normal file
View File

@ -0,0 +1,130 @@
From 3f9d4b49279b6ef9dbef40ab2403b5fb238db5e3 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 16:59:12 +0200
Subject: [PATCH 1/3] Revert "SupplicantManager: Remove
|ensure_config_file_exists|"
This reverts commit f61dc8cd7dadda5741d6e4a1bb6b576ba89cc24b.
---
libwifi_system/supplicant_manager.cpp | 97 +++++++++++++++++++++++++++
1 file changed, 97 insertions(+)
diff --git a/libwifi_system/supplicant_manager.cpp b/libwifi_system/supplicant_manager.cpp
index 5667648b3..be0c33a8a 100644
--- a/libwifi_system/supplicant_manager.cpp
+++ b/libwifi_system/supplicant_manager.cpp
@@ -33,7 +33,89 @@ namespace wifi_system {
namespace {
const char kSupplicantInitProperty[] = "init.svc.wpa_supplicant";
+const char kSupplicantConfigTemplatePath[] =
+ "/etc/wifi/wpa_supplicant.conf";
+const char kSupplicantConfigFile[] = "/data/misc/wifi/wpa_supplicant.conf";
+const char kP2pConfigFile[] = "/data/misc/wifi/p2p_supplicant.conf";
const char kSupplicantServiceName[] = "wpa_supplicant";
+constexpr mode_t kConfigFileMode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP;
+
+int ensure_config_file_exists(const char* config_file) {
+ char buf[2048];
+ int srcfd, destfd;
+ int nread;
+ int ret;
+ std::string templatePath;
+
+ ret = access(config_file, R_OK | W_OK);
+ if ((ret == 0) || (errno == EACCES)) {
+ if ((ret != 0) && (chmod(config_file, kConfigFileMode) != 0)) {
+ LOG(ERROR) << "Cannot set RW to \"" << config_file << "\": "
+ << strerror(errno);
+ return false;
+ }
+ return true;
+ } else if (errno != ENOENT) {
+ LOG(ERROR) << "Cannot access \"" << config_file << "\": "
+ << strerror(errno);
+ return false;
+ }
+
+ std::string configPathSystem =
+ std::string("/system") + std::string(kSupplicantConfigTemplatePath);
+ std::string configPathVendor =
+ std::string("/vendor") + std::string(kSupplicantConfigTemplatePath);
+ srcfd = TEMP_FAILURE_RETRY(open(configPathSystem.c_str(), O_RDONLY));
+ templatePath = configPathSystem;
+ if (srcfd < 0) {
+ int errnoSystem = errno;
+ srcfd = TEMP_FAILURE_RETRY(open(configPathVendor.c_str(), O_RDONLY));
+ templatePath = configPathVendor;
+ if (srcfd < 0) {
+ int errnoVendor = errno;
+ LOG(ERROR) << "Cannot open \"" << configPathSystem << "\": "
+ << strerror(errnoSystem);
+ LOG(ERROR) << "Cannot open \"" << configPathVendor << "\": "
+ << strerror(errnoVendor);
+ return false;
+ }
+ }
+
+ destfd = TEMP_FAILURE_RETRY(open(config_file,
+ O_CREAT | O_RDWR,
+ kConfigFileMode));
+ if (destfd < 0) {
+ close(srcfd);
+ LOG(ERROR) << "Cannot create \"" << config_file << "\": "
+ << strerror(errno);
+ return false;
+ }
+
+ while ((nread = TEMP_FAILURE_RETRY(read(srcfd, buf, sizeof(buf)))) != 0) {
+ if (nread < 0) {
+ LOG(ERROR) << "Error reading \"" << templatePath
+ << "\": " << strerror(errno);
+ close(srcfd);
+ close(destfd);
+ unlink(config_file);
+ return false;
+ }
+ TEMP_FAILURE_RETRY(write(destfd, buf, nread));
+ }
+
+ close(destfd);
+ close(srcfd);
+
+ /* chmod is needed because open() didn't set permisions properly */
+ if (chmod(config_file, kConfigFileMode) < 0) {
+ LOG(ERROR) << "Error changing permissions of " << config_file
+ << " to 0660: " << strerror(errno);
+ unlink(config_file);
+ return false;
+ }
+
+ return true;
+}
} // namespace
@@ -49,6 +131,21 @@ bool SupplicantManager::StartSupplicant() {
return true;
}
+ /* Before starting the daemon, make sure its config file exists */
+ if (ensure_config_file_exists(kSupplicantConfigFile) < 0) {
+ LOG(ERROR) << "Wi-Fi will not be enabled";
+ return false;
+ }
+
+ /*
+ * Some devices have another configuration file for the p2p interface.
+ * However, not all devices have this, and we'll let it slide if it
+ * is missing. For devices that do expect this file to exist,
+ * supplicant will refuse to start and emit a good error message.
+ * No need to check for it here.
+ */
+ (void)ensure_config_file_exists(kP2pConfigFile);
+
/*
* Get a reference to the status property, so we can distinguish
* the case where it goes stopped => running => stopped (i.e.,
--
2.17.1

67
patches/platform_frameworks_opt_net_wifi/0002-Start-supplicant-later.patch Normal file
View File

@ -0,0 +1,67 @@
From c1cec4b4be592192cd8731048eeb0bc4dc4f8337 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Wed, 15 Aug 2018 00:04:45 +0200
Subject: [PATCH 2/3] Start supplicant later
Change-Id: I6a67baad486162415840006711fb6d8dbf96a66a
---
.../java/com/android/server/wifi/WifiNative.java | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/service/java/com/android/server/wifi/WifiNative.java b/service/java/com/android/server/wifi/WifiNative.java
index bc599c141..eb5e11aca 100644
--- a/service/java/com/android/server/wifi/WifiNative.java
+++ b/service/java/com/android/server/wifi/WifiNative.java
@@ -332,13 +332,15 @@ public class WifiNative {
}
/** Helper method invoked to start supplicant if there were no STA ifaces */
+ private boolean supplicantOn = false;
private boolean startSupplicant() {
synchronized (mLock) {
- if (!mIfaceMgr.hasAnyStaIface()) {
+ if (!mIfaceMgr.hasAnyStaIface() || !supplicantOn) {
if (!mWificondControl.enableSupplicant()) {
Log.e(TAG, "Failed to enable supplicant");
return false;
}
+ supplicantOn = true;
if (!waitForSupplicantConnection()) {
Log.e(TAG, "Failed to connect to supplicant");
return false;
@@ -363,6 +365,7 @@ public class WifiNative {
if (!mWificondControl.disableSupplicant()) {
Log.e(TAG, "Failed to disable supplicant");
}
+ supplicantOn = false;
}
}
}
@@ -852,11 +855,6 @@ public class WifiNative {
mWifiMetrics.incrementNumSetupClientInterfaceFailureDueToHal();
return null;
}
- if (!startSupplicant()) {
- Log.e(TAG, "Failed to start supplicant");
- mWifiMetrics.incrementNumSetupClientInterfaceFailureDueToSupplicant();
- return null;
- }
Iface iface = mIfaceMgr.allocateIface(Iface.IFACE_TYPE_STA);
if (iface == null) {
Log.e(TAG, "Failed to allocate new STA iface");
@@ -870,6 +868,12 @@ public class WifiNative {
mWifiMetrics.incrementNumSetupClientInterfaceFailureDueToHal();
return null;
}
+ Log.e(TAG, "Starting supplicant");
+ if (!startSupplicant()) {
+ Log.e(TAG, "Failed to start supplicant");
+ mWifiMetrics.incrementNumSetupClientInterfaceFailureDueToSupplicant();
+ return null;
+ }
if (mWificondControl.setupInterfaceForClientMode(iface.name) == null) {
Log.e(TAG, "Failed to setup iface in wificond on " + iface);
teardownInterface(iface.name);
--
2.17.1

94
patches/platform_frameworks_opt_net_wifi/0003-Support-hostap-on-O-O-MR1-vendors.patch Normal file
View File

@ -0,0 +1,94 @@
From a1f7086dc8ee1d379006c42eebbc88504c4cbeee Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <pierre-hugues.husson@softathome.com>
Date: Tue, 18 Sep 2018 17:05:07 +0200
Subject: [PATCH 3/3] Support hostap on O/O-MR1 vendors
Two issues are fixed here:
- some vendor HALs lied (because of Android behaviour) about ap interface name.
O/O-MR1 behaviour meant hostap/sta had same interface. So "wlan0" sound
quite a good guess
- doing multiple configureChip in one IWifi session wasn't allowed.
Now, it is a requirement to be supported, so most(all?) HALs don't
support it. force stop/start for every reconfiguration
---
.../android/server/wifi/HalDeviceManager.java | 22 +++++++++++++++++--
.../com/android/server/wifi/WifiNative.java | 15 ++++++++++++-
2 files changed, 34 insertions(+), 3 deletions(-)
diff --git a/service/java/com/android/server/wifi/HalDeviceManager.java b/service/java/com/android/server/wifi/HalDeviceManager.java
index 3c61217d7..68fc9ccfa 100644
--- a/service/java/com/android/server/wifi/HalDeviceManager.java
+++ b/service/java/com/android/server/wifi/HalDeviceManager.java
@@ -63,8 +63,8 @@ import java.util.Set;
*/
public class HalDeviceManager {
private static final String TAG = "HalDevMgr";
- private static final boolean VDBG = false;
- private boolean mDbg = false;
+ private static final boolean VDBG = true;
+ private boolean mDbg = true;
private static final int START_HAL_RETRY_INTERVAL_MS = 20;
// Number of attempts a start() is re-tried. A value of 0 means no retries after a single
@@ -224,6 +224,16 @@ public class HalDeviceManager {
*/
public IWifiStaIface createStaIface(boolean lowPrioritySta,
@Nullable InterfaceDestroyedListener destroyedListener, @Nullable Handler handler) {
+ //As of O and O-MR1, configureChip MUST BE after a startWifi
+ //Pie changed this to allow dynamic configureChip
+ //No O/O-MR1 HAL support that, so restart wifi HAL when we do that
+ if(android.os.SystemProperties.getInt("persist.sys.vndk", 28) < 28) {
+ Log.e(TAG, "createStaIface: Stopping wifi");
+ stopWifi();
+ Log.e(TAG, "createStaIface: Starting wifi");
+ startWifi();
+ Log.e(TAG, "createStaIface: Creating iface");
+ }
return (IWifiStaIface) createIface(IfaceType.STA, lowPrioritySta, destroyedListener,
handler);
}
@@ -233,6 +243,14 @@ public class HalDeviceManager {
*/
public IWifiApIface createApIface(@Nullable InterfaceDestroyedListener destroyedListener,
@Nullable Handler handler) {
+ //cf createStaIface
+ if(android.os.SystemProperties.getInt("persist.sys.vndk", 28) < 28) {
+ Log.e(TAG, "createApIface: Stopping wifi");
+ stopWifi();
+ Log.e(TAG, "createApIface: Starting wifi");
+ startWifi();
+ Log.e(TAG, "createApIface: Creating iface");
+ }
return (IWifiApIface) createIface(IfaceType.AP, false, destroyedListener, handler);
}
diff --git a/service/java/com/android/server/wifi/WifiNative.java b/service/java/com/android/server/wifi/WifiNative.java
index eb5e11aca..af8ccc8d9 100644
--- a/service/java/com/android/server/wifi/WifiNative.java
+++ b/service/java/com/android/server/wifi/WifiNative.java
@@ -692,8 +692,21 @@ public class WifiNative {
private String createApIface(@NonNull Iface iface) {
synchronized (mLock) {
if (mWifiVendorHal.isVendorHalSupported()) {
- return mWifiVendorHal.createApIface(
+ String ret = mWifiVendorHal.createApIface(
new InterfaceDestoyedListenerInternal(iface.id));
+ //In O and O-MR1, there was only ONE wifi interface for everything (sta and ap)
+ //Most vendors used "wlan0" for those interfaces, but there is no guarantee
+ //This override exists here, because most OEMs return "ap0" when doing createApIface,
+ //even when the iface is actually called "wlan0"
+ //
+ //To be perfectly clean, we should check what value createStaIface (would have) returned
+ //and use the same one.
+ //That's overly complicated, so let's assume this is wlan0 for the moment
+ if(android.os.SystemProperties.getInt("persist.sys.vndk", 28) < 28) {
+ ret = "wlan0";
+ }
+
+ return ret;
} else {
Log.i(TAG, "Vendor Hal not supported, ignoring createApIface.");
return handleIfaceCreationWhenVendorHalNotSupported(iface);
--
2.17.1

50
patches/platform_frameworks_opt_telephony/0001-Add-route-to-gateway-on-null-netmask.patch Normal file
View File

@ -0,0 +1,50 @@
From 875a58806b9cd6f815f78872baefb8565725209d Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 16 Aug 2018 22:12:46 +0200
Subject: [PATCH 1/7] Add route to gateway on null netmask
Galaxy S9 returns empty prefix
Change-Id: I8133da8e8f5203666684100009ba658528a02e94
---
.../dataconnection/DataConnection.java | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/src/java/com/android/internal/telephony/dataconnection/DataConnection.java b/src/java/com/android/internal/telephony/dataconnection/DataConnection.java
index dafab121c..643f488c8 100644
--- a/src/java/com/android/internal/telephony/dataconnection/DataConnection.java
+++ b/src/java/com/android/internal/telephony/dataconnection/DataConnection.java
@@ -24,6 +24,7 @@ import android.content.Context;
import android.net.ConnectivityManager;
import android.net.ConnectivityManager.PacketKeepalive;
import android.net.KeepalivePacketData;
+import android.net.IpPrefix;
import android.net.LinkAddress;
import android.net.LinkProperties;
import android.net.NetworkAgent;
@@ -1127,6 +1128,22 @@ public class DataConnection extends StateMachine {
}
for (InetAddress gateway : response.getGateways()) {
+ if(response.getAddresses().size()>0) {
+ //TODO:
+ // - IPv6
+ // - Multiple addresses
+ // - Check for non-trivial prefix length
+ LinkAddress la = response.getAddresses().get(0);
+ if(la.getNetworkPrefixLength() == 32 &&
+ gateway instanceof java.net.Inet4Address) {
+ if(!gateway.isAnyLocalAddress()) {
+ linkProperties.addRoute(new RouteInfo(
+ new IpPrefix(gateway, 32),
+ InetAddress.getByName("0.0.0.0"),
+ response.getIfname()));
+ }
+ }
+ }
// Allow 0.0.0.0 or :: as a gateway;
// this indicates a point-to-point interface.
linkProperties.addRoute(new RouteInfo(gateway));
--
2.17.1

34
patches/platform_frameworks_opt_telephony/0003-Telephony-Don-not-call-onUssdRelease-for-Huawei-RIL.patch Normal file
View File

@ -0,0 +1,34 @@
From 84782125177764b1a61716221e90d6d7ace2e87a Mon Sep 17 00:00:00 2001
From: Artem Borisov <dedsa2002@gmail.com>
Date: Sat, 10 Nov 2018 17:19:17 +0000
Subject: [PATCH 3/7] Telephony: Don not call onUssdRelease for Huawei RIL
Huawei RIL doesn't seem to work properly with USSD_MODE_NW_RELEASE,
always releasing USSD when it should be finished instead.
Let's explicitly call onUssdFinished in this case.
Change-Id: I69faed1c51d4582834879975d6ab13daf7f48ad4
---
src/java/com/android/internal/telephony/GsmCdmaPhone.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/java/com/android/internal/telephony/GsmCdmaPhone.java b/src/java/com/android/internal/telephony/GsmCdmaPhone.java
index 13f8b0bad..726fca9bc 100644
--- a/src/java/com/android/internal/telephony/GsmCdmaPhone.java
+++ b/src/java/com/android/internal/telephony/GsmCdmaPhone.java
@@ -2164,7 +2164,11 @@ public class GsmCdmaPhone extends Phone {
// Complete pending USSD
if (isUssdRelease) {
- found.onUssdRelease();
+ if (SystemProperties.getBoolean("persist.sys.radio.huawei", false)) {
+ found.onUssdFinished(ussdMessage, isUssdRequest);
+ } else {
+ found.onUssdRelease();
+ }
} else if (isUssdError) {
found.onUssdFinishedError();
} else {
--
2.17.1

28
patches/platform_frameworks_opt_telephony/0004-Make-MAX_CONNECTIONS_GSM-settable-from-property.patch Normal file
View File

@ -0,0 +1,28 @@
From 83f2875338c58d190645eedd42c8a33628f7692a Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Fri, 28 Dec 2018 13:06:32 +0100
Subject: [PATCH 4/7] Make MAX_CONNECTIONS_GSM settable from property
cf https://github.com/phhusson/treble_experimentations/issues/110
Change-Id: I5df755535aa5ded704d4c33122d63ac2481bd5f6
---
src/java/com/android/internal/telephony/GsmCdmaCallTracker.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java b/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java
index f4c561c29..b42caf47c 100755
--- a/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java
+++ b/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java
@@ -62,7 +62,7 @@ public class GsmCdmaCallTracker extends CallTracker {
//***** Constants
- public static final int MAX_CONNECTIONS_GSM = 19; //7 allowed in GSM + 12 from IMS for SRVCC
+ public static final int MAX_CONNECTIONS_GSM = android.os.SystemProperties.getInt("persist.sys.phh.radio.max_connections_gsm", 19); //7 allowed in GSM + 12 from IMS for SRVCC
private static final int MAX_CONNECTIONS_PER_CALL_GSM = 5; //only 5 connections allowed per call
private static final int MAX_CONNECTIONS_CDMA = 8;
--
2.17.1

28
patches/platform_frameworks_opt_telephony/0005-Choose-a-more-generic-prop.patch Normal file
View File

@ -0,0 +1,28 @@
From 0bf94164b4a3d537cc0b1225eb3399010c4f25e5 Mon Sep 17 00:00:00 2001
From: Dil3mm4 <dil3mm4.dev@gmail.com>
Date: Sat, 17 Nov 2018 18:18:42 +0000
Subject: [PATCH 5/7] Choose a more generic prop.
Since USSD it's a problem over MTK too and not only on Kirin, let's be more generic.
Change-Id: Icf1700f55be40915f9c64059019287f300d81405
---
src/java/com/android/internal/telephony/GsmCdmaPhone.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/java/com/android/internal/telephony/GsmCdmaPhone.java b/src/java/com/android/internal/telephony/GsmCdmaPhone.java
index 726fca9bc..e54daa102 100644
--- a/src/java/com/android/internal/telephony/GsmCdmaPhone.java
+++ b/src/java/com/android/internal/telephony/GsmCdmaPhone.java
@@ -2164,7 +2164,7 @@ public class GsmCdmaPhone extends Phone {
// Complete pending USSD
if (isUssdRelease) {
- if (SystemProperties.getBoolean("persist.sys.radio.huawei", false)) {
+ if (SystemProperties.getBoolean("persist.sys.radio.ussd.fix", false)) {
found.onUssdFinished(ussdMessage, isUssdRequest);
} else {
found.onUssdRelease();
--
2.17.1

33
patches/platform_frameworks_opt_telephony/0006-Add-a-property-to-force-all-APNs-to-be-modemCognitiv.patch Normal file
View File

@ -0,0 +1,33 @@
From 07a474ec22ecfde83a4cfb6b74f962a905c18e65 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 26 Feb 2019 23:13:21 +0100
Subject: [PATCH 6/7] Add a property to force all APNs to be modemCognitive.
Needed on some MTK modems
Change-Id: I111f1375f3f11e81251eaf782c84a0bef345366c
---
.../android/internal/telephony/dataconnection/DcTracker.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/java/com/android/internal/telephony/dataconnection/DcTracker.java b/src/java/com/android/internal/telephony/dataconnection/DcTracker.java
index ea6fa81d0..53388df26 100644
--- a/src/java/com/android/internal/telephony/dataconnection/DcTracker.java
+++ b/src/java/com/android/internal/telephony/dataconnection/DcTracker.java
@@ -3308,11 +3308,13 @@ public class DcTracker extends Handler {
}
private void setDataProfilesAsNeeded() {
+ boolean forceCognitive = SystemProperties.getBoolean("persist.sys.phh.radio.force_cognitive", false);
+
if (DBG) log("setDataProfilesAsNeeded");
if (mAllApnSettings != null && !mAllApnSettings.isEmpty()) {
ArrayList<DataProfile> dps = new ArrayList<DataProfile>();
for (ApnSetting apn : mAllApnSettings) {
- if (apn.modemCognitive) {
+ if (apn.modemCognitive || forceCognitive) {
DataProfile dp = createDataProfile(apn);
if (!dps.contains(dp)) {
dps.add(dp);
--
2.17.1

1604
patches/platform_frameworks_opt_telephony/0007-Reverse-engineer-MTK-IRadio-interfaces-to-approve-in.patch Normal file
View File

File diff suppressed because it is too large Load Diff

33
patches/platform_packages_apps_Settings/0001-Act-as-usb-device-when-there-is-no-hal-but-we-believ.patch Normal file
View File

@ -0,0 +1,33 @@
From d4aa24372567c45c626825aefc33e391f6e2ddf4 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 21:48:19 +0200
Subject: [PATCH] Act as usb device when there is no hal, but we believe we are
a device
Change-Id: I036090738525fd8cc63534d52d02ab1852950a7d
---
.../usb/UsbConnectionBroadcastReceiver.java | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/com/android/settings/connecteddevice/usb/UsbConnectionBroadcastReceiver.java b/src/com/android/settings/connecteddevice/usb/UsbConnectionBroadcastReceiver.java
index 1b525352d0..fdd183b53d 100644
--- a/src/com/android/settings/connecteddevice/usb/UsbConnectionBroadcastReceiver.java
+++ b/src/com/android/settings/connecteddevice/usb/UsbConnectionBroadcastReceiver.java
@@ -77,6 +77,14 @@ public class UsbConnectionBroadcastReceiver extends BroadcastReceiver implements
mFunctions = functions;
mDataRole = mUsbBackend.getDataRole();
mPowerRole = mUsbBackend.getPowerRole();
+ //If we have no USB HAL, mDataRole is invalid
+ //But we can't be connected AND have none data_role, so it's safe.
+ //It would be better to fix UsbManager when no HAL is available, but that's more work
+ if(mDataRole == UsbPort.DATA_ROLE_NONE &&
+ intent.getExtras().getBoolean(UsbManager.USB_CONNECTED) &&
+ !intent.getExtras().getBoolean(UsbManager.USB_HOST_CONNECTED))
+ mDataRole = UsbPort.DATA_ROLE_DEVICE;
+
}
} else if (UsbManager.ACTION_USB_PORT_CHANGED.equals(intent.getAction())) {
UsbPortStatus portStatus = intent.getExtras()
--
2.17.1

40
patches/platform_packages_services_Telephony/0001-Telephony-Support-muting-by-RIL-command.patch Normal file
View File

@ -0,0 +1,40 @@
From 6af1a1cbc2d2f446777aa0b20deb333be25ead7d Mon Sep 17 00:00:00 2001
From: Artem Borisov <dedsa2002@gmail.com>
Date: Wed, 19 Sep 2018 17:02:06 +0300
Subject: [PATCH] Telephony: Support muting by RIL command
While almost everyone already moved to AudioManager years ago,
some OEMs (cough Huawei) still use RIL for muting and don't
promote the necessary calls in their audio HAL.
Let's handle these odd cases too when it's necessary.
Change-Id: Id916dec2574d6e57b6f809fbaf2b0959c0cc7256
---
src/com/android/services/telephony/TelephonyConnection.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/com/android/services/telephony/TelephonyConnection.java b/src/com/android/services/telephony/TelephonyConnection.java
index ba0e565a5..29f473be7 100644
--- a/src/com/android/services/telephony/TelephonyConnection.java
+++ b/src/com/android/services/telephony/TelephonyConnection.java
@@ -25,6 +25,7 @@ import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.os.PersistableBundle;
+import android.os.SystemProperties;
import android.telecom.CallAudioState;
import android.telecom.ConferenceParticipant;
import android.telecom.Connection;
@@ -707,6 +708,9 @@ abstract class TelephonyConnection extends Connection implements Holdable {
getPhone().setEchoSuppressionEnabled();
if (!mSendMicMuteToAudioManager) {
getPhone().setMute(audioState.isMuted());
+ }
+ if (SystemProperties.getBoolean("persist.sys.radio.huawei", false)) {
+ getPhone().setMute(audioState.isMuted());
}
}
}
--
2.17.1

50
patches/platform_packages_services_Telephony/0002-Fixes-crash-when-selecting-network.patch Normal file
View File

@ -0,0 +1,50 @@
From 30fcd6290899005b0345b63ed406257def314880 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 6 May 2019 20:25:34 +0200
Subject: [PATCH 2/2] Fixes crash when selecting network
Cf https://github.com/phhusson/treble_experimentations/issues/486
---
src/com/android/phone/NetworkQueryService.java | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/com/android/phone/NetworkQueryService.java b/src/com/android/phone/NetworkQueryService.java
index 22b55091e..de1c796ef 100644
--- a/src/com/android/phone/NetworkQueryService.java
+++ b/src/com/android/phone/NetworkQueryService.java
@@ -43,6 +43,8 @@ import com.android.internal.telephony.PhoneFactory;
import java.util.ArrayList;
import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
/**
* Service code used to assist in querying the network for service
@@ -371,14 +373,20 @@ public class NetworkQueryService extends Service {
*/
private List<CellInfo> getCellInfoList(List<OperatorInfo> operatorInfoList) {
List<CellInfo> cellInfoList = new ArrayList<>();
+ Pattern p = Pattern.compile("^([0-9]{5,6}).*");
for (OperatorInfo oi: operatorInfoList) {
String operatorNumeric = oi.getOperatorNumeric();
String mcc = null;
String mnc = null;
log("operatorNumeric: " + operatorNumeric);
- if (operatorNumeric != null && operatorNumeric.matches("^[0-9]{5,6}$")) {
- mcc = operatorNumeric.substring(0, 3);
- mnc = operatorNumeric.substring(3);
+ if (operatorNumeric != null) {
+ Matcher m = p.matcher(operatorNumeric);
+ if (m.matches()) {
+ mcc = m.group(1).substring(0, 3);
+ mnc = m.group(1).substring(3);
+ } else {
+ Log.e(LOG_TAG, "Failed to parse operatorNumeric!");
+ }
}
CellIdentityGsm cig = new CellIdentityGsm(
Integer.MAX_VALUE /* lac */,
--
2.17.1

31
patches/platform_packages_services_Telephony/0003-Fail-gracefully-in-mobile-settings.patch Normal file
View File

@ -0,0 +1,31 @@
From 723d296437691cc91b63140d8d6c95525e571218 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 20 May 2019 23:45:56 +0200
Subject: [PATCH 3/3] Fail gracefully in mobile settings
---
src/com/android/phone/DataUsagePreference.java | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/com/android/phone/DataUsagePreference.java b/src/com/android/phone/DataUsagePreference.java
index 85e77001f..b32d85154 100644
--- a/src/com/android/phone/DataUsagePreference.java
+++ b/src/com/android/phone/DataUsagePreference.java
@@ -55,8 +55,12 @@ public class DataUsagePreference extends Preference {
DataUsageController controller = new DataUsageController(activity);
DataUsageController.DataUsageInfo usageInfo = controller.getDataUsageInfo(mTemplate);
- setSummary(activity.getString(R.string.data_usage_template,
- Formatter.formatFileSize(activity, usageInfo.usageLevel), usageInfo.period));
+ if(usageInfo != null) {
+ setSummary(activity.getString(R.string.data_usage_template,
+ Formatter.formatFileSize(activity, usageInfo.usageLevel), usageInfo.period));
+ } else {
+ setSummary(activity.getString(R.string.data_usage_title));
+ }
setIntent(getIntent());
}
--
2.17.1

105
patches/platform_system_bt/0001-Make-BTM_BYPASS_EXTRA_ACL_SETUP-dynamic.patch Normal file
View File

@ -0,0 +1,105 @@
From 7cd888e8393f7e03bab257e3506e58d307dfef8a Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 20 Feb 2018 23:04:50 +0100
Subject: [PATCH 1/2] Make BTM_BYPASS_EXTRA_ACL_SETUP dynamic
Change-Id: Icb0868566b29b053ed7e83c9fd32e225af3f2e46
---
hci/include/bt_hci_bdroid.h | 3 +++
internal_include/bt_target.h | 3 +++
stack/btm/btm_acl.cc | 20 ++++++++++----------
stack/btm/btm_sec.cc | 18 +++++++++---------
4 files changed, 25 insertions(+), 19 deletions(-)
diff --git a/hci/include/bt_hci_bdroid.h b/hci/include/bt_hci_bdroid.h
index cf2c1136f..e2844db82 100644
--- a/hci/include/bt_hci_bdroid.h
+++ b/hci/include/bt_hci_bdroid.h
@@ -32,6 +32,9 @@
#ifdef HAS_BDROID_BUILDCFG
#include "bdroid_buildcfg.h"
#endif
+#ifndef BTM_BYPASS_EXTRA_ACL_SETUP
+#define BTM_BYPASS_EXTRA_ACL_SETUP TRUE
+#endif
/******************************************************************************
* Constants & Macros
diff --git a/internal_include/bt_target.h b/internal_include/bt_target.h
index cf09b15da..396114faf 100644
--- a/internal_include/bt_target.h
+++ b/internal_include/bt_target.h
@@ -32,6 +32,9 @@
#ifdef HAS_BDROID_BUILDCFG
#include "bdroid_buildcfg.h"
#endif
+#ifndef BTM_BYPASS_EXTRA_ACL_SETUP
+#define BTM_BYPASS_EXTRA_ACL_SETUP TRUE
+#endif
#include "bt_types.h" /* This must be defined AFTER buildcfg.h */
diff --git a/stack/btm/btm_acl.cc b/stack/btm/btm_acl.cc
index ee2530ac2..389a998c6 100644
--- a/stack/btm/btm_acl.cc
+++ b/stack/btm/btm_acl.cc
@@ -1184,17 +1184,17 @@ void btm_read_remote_ext_features_failed(uint8_t status, uint16_t handle) {
void btm_establish_continue(tACL_CONN* p_acl_cb) {
tBTM_BL_EVENT_DATA evt_data;
BTM_TRACE_DEBUG("btm_establish_continue");
-#if (BTM_BYPASS_EXTRA_ACL_SETUP == FALSE)
- if (p_acl_cb->transport == BT_TRANSPORT_BR_EDR) {
- /* For now there are a some devices that do not like sending */
- /* commands events and data at the same time. */
- /* Set the packet types to the default allowed by the device */
- btm_set_packet_types(p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
-
- if (btm_cb.btm_def_link_policy)
- BTM_SetLinkPolicy(p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
+ if (!BTM_BYPASS_EXTRA_ACL_SETUP) {
+ if (p_acl_cb->transport == BT_TRANSPORT_BR_EDR) {
+ /* For now there are a some devices that do not like sending */
+ /* commands events and data at the same time. */
+ /* Set the packet types to the default allowed by the device */
+ btm_set_packet_types(p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
+
+ if (btm_cb.btm_def_link_policy)
+ BTM_SetLinkPolicy(p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
+ }
}
-#endif
if (p_acl_cb->link_up_issued) {
BTM_TRACE_ERROR("%s: Already link is up ", __func__);
return;
diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
index b0809010f..4cc1e39ab 100644
--- a/stack/btm/btm_sec.cc
+++ b/stack/btm/btm_sec.cc
@@ -4356,15 +4356,15 @@ void btm_sec_connected(const RawAddress& bda, uint16_t handle, uint8_t status,
if (p_acl_cb) {
/* whatever is in btm_establish_continue() without reporting the BTM_BL_CONN_EVT
* event */
-#if (BTM_BYPASS_EXTRA_ACL_SETUP == FALSE)
- /* For now there are a some devices that do not like sending */
- /* commands events and data at the same time. */
- /* Set the packet types to the default allowed by the device */
- btm_set_packet_types(p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
-
- if (btm_cb.btm_def_link_policy)
- BTM_SetLinkPolicy(p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
-#endif
+ if(!BTM_BYPASS_EXTRA_ACL_SETUP) {
+ /* For now there are a some devices that do not like sending */
+ /* commands events and data at the same time. */
+ /* Set the packet types to the default allowed by the device */
+ btm_set_packet_types(p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
+
+ if (btm_cb.btm_def_link_policy)
+ BTM_SetLinkPolicy(p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
+ }
}
btm_acl_created(bda, p_dev_rec->dev_class, p_dev_rec->sec_bd_name, handle,
HCI_ROLE_SLAVE, BT_TRANSPORT_BR_EDR);
--
2.17.1

153
patches/platform_system_bt/0002-Add-props-to-control-supported-features-and-states-1.patch Normal file
View File

@ -0,0 +1,153 @@
From 726ea538e933b77daa86537ca7b376bbb78aa9f8 Mon Sep 17 00:00:00 2001
From: penn5 <penn5@users.noreply.github.com>
Date: Mon, 4 Mar 2019 22:21:07 +0000
Subject: [PATCH 2/2] Add props to control supported features and states (#1)
* Add bitmask for supported fields
Use persist.sys.bt.unsupport.states, defaults to 0, left-aligned.
Huawei suggest to use 000000000000000000000011111
* Add bitmask to LOCAL_SUPPORTED_FEATURES
For Huawei, suggest to use 00000001
Documentation:
- persist.sys.bt.unsupport.features matches the values:
HCI_3_SLOT_PACKETS..HCI_LMP_EXTENDED_SUPPORTED (max 8bits * 8 bytes =
64 bits)
- persist.sys.bt.unsupport.states matches the values:
BTM_BLE_STATE_INVALID..BTM_BLE_STATE_SCAN_ADV (max = 0x3ff, 11 bits)
- persist.sys.bt.unsupport.stdfeatures ( max: 16 bits)
HCI_LE_ENCRYPTION..HCI_LE_PERIODIC_ADVERTISING
---
hci/src/hci_packet_parser.cc | 77 ++++++++++++++++++++++++++++++++++++
1 file changed, 77 insertions(+)
diff --git a/hci/src/hci_packet_parser.cc b/hci/src/hci_packet_parser.cc
index b1efd444d..88dc4c6cd 100644
--- a/hci/src/hci_packet_parser.cc
+++ b/hci/src/hci_packet_parser.cc
@@ -27,6 +27,8 @@
#include "hcimsgs.h"
#include "osi/include/log.h"
+#include <cutils/properties.h>
+
static const command_opcode_t NO_OPCODE_CHECKING = 0;
static const allocator_t* buffer_allocator;
@@ -108,6 +110,31 @@ static void parse_read_local_supported_commands_response(
buffer_allocator->free(response);
}
+static void setup_bitmask(uint8_t *v, const char* property) {
+ char str[PROPERTY_VALUE_MAX];
+ int len = property_get(property, str, "");
+ memset(v, 255, 8);
+ for(int i = 0; i<len; i++) {
+ if(str[i] == '1') {
+ v[i/8] &= ~(1 << (i%8));
+ } else if(str[i] != '0') {
+ LOG_ERROR(LOG_TAG, "invalid characters in bitmask; skipping %c", str[i]);
+ }
+ }
+}
+
+static void filter_supported_feature(uint8_t *v) {
+ static int setup = 0;
+ static uint8_t unsupport_bitmask[8];
+ if(!setup) {
+ setup = 1;
+ setup_bitmask(unsupport_bitmask, "persist.sys.bt.unsupport.features");
+ }
+
+ for(unsigned i=0; i<sizeof(bt_device_features_t); i++)
+ v[i] &= unsupport_bitmask[i];
+}
+
static void parse_read_local_extended_features_response(
BT_HDR* response, uint8_t* page_number_ptr, uint8_t* max_page_number_ptr,
bt_device_features_t* feature_pages, size_t feature_pages_count) {
@@ -123,6 +150,16 @@ static void parse_read_local_extended_features_response(
STREAM_TO_ARRAY(feature_pages[*page_number_ptr].as_array, stream,
(int)sizeof(bt_device_features_t));
+ for (int i = 0; i < ((int)sizeof(bt_device_features_t)); i++)
+ LOG_DEBUG(LOG_TAG, "supported feature 0x%x is 0x%x", i, feature_pages[*page_number_ptr].as_array[i]);
+
+ filter_supported_feature(feature_pages[*page_number_ptr].as_array);
+
+ for (int i = 0; i < ((int)sizeof(bt_device_features_t)); i++)
+ LOG_DEBUG(LOG_TAG, "post-filtering supported feature 0x%x is 0x%x", i, feature_pages[*page_number_ptr].as_array[i]);
+
+ LOG_DEBUG(LOG_TAG, "supported_features array done");
+
buffer_allocator->free(response);
}
@@ -148,6 +185,19 @@ static void parse_ble_read_buffer_size_response(BT_HDR* response,
buffer_allocator->free(response);
}
+
+static void filter_supported_states(uint8_t *v, int size) {
+ static int setup = 0;
+ static uint8_t unsupport_bitmask[8];
+ if(!setup) {
+ setup = 1;
+ setup_bitmask(unsupport_bitmask, "persist.sys.bt.unsupport.states");
+ }
+
+ for(int i=0; i<size && i<8; i++)
+ v[i] &= unsupport_bitmask[i];
+}
+
static void parse_ble_read_supported_states_response(
BT_HDR* response, uint8_t* supported_states, size_t supported_states_size) {
uint8_t* stream =
@@ -156,9 +206,30 @@ static void parse_ble_read_supported_states_response(
CHECK(stream != NULL);
STREAM_TO_ARRAY(supported_states, stream, (int)supported_states_size);
+ for (int i = 0; i < ((int)supported_states_size); i++)
+ LOG_DEBUG(LOG_TAG, "supported state 0x%x is 0x%x", i, supported_states[i]);
+
+ filter_supported_states(supported_states, supported_states_size);
+
+ for (int i = 0; i < ((int)supported_states_size); i++)
+ LOG_DEBUG(LOG_TAG, "supported.2 state 0x%x is 0x%x", i, supported_states[i]);
+
+ LOG_DEBUG(LOG_TAG, "supported_states array done");
buffer_allocator->free(response);
}
+static void filter_supported_stdfeatures(uint8_t *v) {
+ static int setup = 0;
+ static uint8_t unsupport_bitmask[8];
+ if(!setup) {
+ setup = 1;
+ setup_bitmask(unsupport_bitmask, "persist.sys.bt.unsupport.stdfeatures");
+ }
+
+ for(unsigned i=0; i<sizeof(bt_device_features_t); i++)
+ v[i] &= unsupport_bitmask[i];
+}
+
static void parse_ble_read_local_supported_features_response(
BT_HDR* response, bt_device_features_t* supported_features) {
uint8_t* stream = read_command_complete_header(
@@ -168,6 +239,12 @@ static void parse_ble_read_local_supported_features_response(
STREAM_TO_ARRAY(supported_features->as_array, stream,
(int)sizeof(bt_device_features_t));
+ for (int i = 0; i < ((int)sizeof(bt_device_features_t)); i++)
+ LOG_DEBUG(LOG_TAG, "supported state 0x%x is 0x%x", i, supported_features->as_array[i]);
+ filter_supported_stdfeatures(supported_features->as_array);
+ for (int i = 0; i < ((int)sizeof(bt_device_features_t)); i++)
+ LOG_DEBUG(LOG_TAG, "supported.2 state 0x%x is 0x%x", i, supported_features->as_array[i]);
+
buffer_allocator->free(response);
}
--
2.17.1

53
patches/platform_system_core/0001-Revert-logd-add-passcred-for-logdw-socket.patch Normal file
View File

@ -0,0 +1,53 @@
From 7075c3cc3f098deadb37cee91cde45c849ec15bd Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 10 Dec 2017 00:26:21 +0100
Subject: [PATCH 1/7] Revert "logd: add "+passcred" for logdw socket"
This reverts commit 54d8ff1121440d0ef4565ce0ab3751f82fdb393c.
Android 8.0 init doesn't understand this new syntax
---
logd/LogListener.cpp | 10 +++++-----
logd/logd.rc | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/logd/LogListener.cpp b/logd/LogListener.cpp
index fc51dcf08..f7f8e1792 100755
--- a/logd/LogListener.cpp
+++ b/logd/LogListener.cpp
@@ -149,14 +149,14 @@ int LogListener::getLogSocket() {
static const char socketName[] = "logdw";
int sock = android_get_control_socket(socketName);
- if (sock < 0) { // logd started up in init.sh
+ if (sock < 0) {
sock = socket_local_server(
socketName, ANDROID_SOCKET_NAMESPACE_RESERVED, SOCK_DGRAM);
+ }
- int on = 1;
- if (setsockopt(sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on))) {
- return -1;
- }
+ int on = 1;
+ if (setsockopt(sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0) {
+ return -1;
}
return sock;
}
diff --git a/logd/logd.rc b/logd/logd.rc
index bd303b72b..4fd845f00 100644
--- a/logd/logd.rc
+++ b/logd/logd.rc
@@ -1,7 +1,7 @@
service logd /system/bin/logd
socket logd stream 0666 logd logd
socket logdr seqpacket 0666 logd logd
- socket logdw dgram+passcred 0222 logd logd
+ socket logdw dgram 0222 logd logd
file /proc/kmsg r
file /dev/kmsg w
user logd
--
2.17.1

27
patches/platform_system_core/0002-Some-kernel-crashes-when-using-too-recent-sdcardfs-o.patch Normal file
View File

@ -0,0 +1,27 @@
From 3ca49ab9bfc1845a7870ef40b71643f5f3739bd8 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 19:33:03 +0200
Subject: [PATCH 2/7] Some kernel crashes when using too recent sdcardfs
options. Force everyone to old options
Change-Id: Ia5cf1aa8dc07a0f4a78b4d8f760ca0944dabaa89
---
sdcard/sdcard.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sdcard/sdcard.cpp b/sdcard/sdcard.cpp
index dc36596b1..e7121a8c9 100644
--- a/sdcard/sdcard.cpp
+++ b/sdcard/sdcard.cpp
@@ -102,7 +102,7 @@ static bool sdcardfs_setup(const std::string& source_path, const std::string& de
mode_t mask, bool derive_gid, bool default_normal, bool use_esdfs) {
// Try several attempts, each time with one less option, to gracefully
// handle older kernels that aren't updated yet.
- for (int i = 0; i < 4; i++) {
+ for (int i = 2; i < 4; i++) {
std::string new_opts;
if (multi_user && i < 3) new_opts += "multiuser,";
if (derive_gid && i < 2) new_opts += "derive_gid,";
--
2.17.1

44
patches/platform_system_core/0003-First-drop_privs-which-may-fail-and-only-run-thread-.patch Normal file
View File

@ -0,0 +1,44 @@
From dc13b3822c1c5e96245b28b24ca817bf77b6b35e Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 19:33:23 +0200
Subject: [PATCH 3/7] First drop_privs (which may fail) and only run thread
that might be scheduled before us
Change-Id: I118fb2d4beedbeecf5d3a8d255929d3be480b923
---
logd/main.cpp | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/logd/main.cpp b/logd/main.cpp
index 4af0d21f1..bb64fb46f 100644
--- a/logd/main.cpp
+++ b/logd/main.cpp
@@ -450,6 +450,12 @@ int main(int argc, char* argv[]) {
if (fdPmesg < 0) android::prdebug("Failed to open %s\n", proc_kmsg);
}
+ bool auditd =
+ __android_logger_property_get_bool("ro.logd.auditd", BOOL_DEFAULT_TRUE);
+ if (drop_privs(klogd, auditd) != 0) {
+ return -1;
+ }
+
// Reinit Thread
sem_init(&reinit, 0, 0);
sem_init(&uidName, 0, 0);
@@ -471,12 +477,6 @@ int main(int argc, char* argv[]) {
pthread_attr_destroy(&attr);
}
- bool auditd =
- __android_logger_property_get_bool("ro.logd.auditd", BOOL_DEFAULT_TRUE);
- if (drop_privs(klogd, auditd) != 0) {
- return -1;
- }
-
// Serves the purpose of managing the last logs times read on a
// socket connection, and as a reader lock on a range of log
// entries.
--
2.17.1

33
patches/platform_system_core/0004-Ignore-proc-kmsg-if-reading-from-it-faults.patch Normal file
View File

@ -0,0 +1,33 @@
From 3d7de7286249e30966f0a853e4076c2076c70362 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Wed, 2 Jan 2019 17:17:20 +0100
Subject: [PATCH 4/7] Ignore /proc/kmsg if reading from it faults
On some devices, (The only known one is Y6 2018), reading from
/proc/kmsg fails, with a status EFAULT
This isn't just from logd, a simple cat /proc/kmsg does that as well.
Simply stop reading logs from kernel in that case
Change-Id: I4b902b7ec36107c722e2f5cc5dbb7964734bb71d
---
logd/LogKlog.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/logd/LogKlog.cpp b/logd/LogKlog.cpp
index ab980ac5d..fefa49867 100755
--- a/logd/LogKlog.cpp
+++ b/logd/LogKlog.cpp
@@ -239,6 +239,9 @@ bool LogKlog::onDataAvailable(SocketClient* cli) {
break;
}
if (retval < 0) {
+ if(errno == EFAULT) {
+ stopListener();
+ }
return false;
}
len += retval;
--
2.17.1

33
patches/platform_system_core/0007-Fix-loading-ueventd.-ro.hardware-.rc.patch Normal file
View File

@ -0,0 +1,33 @@
From be236247e47973dcbc439f07db86f02b5cba110b Mon Sep 17 00:00:00 2001
From: Sen Jiang <senj@google.com>
Date: Wed, 18 Jul 2018 17:27:24 -0700
Subject: [PATCH 7/7] Fix loading ueventd.${ro.hardware}.rc.
Regression introduced in aosp/717324.
Bug: 111543389
Test: device boots further
Change-Id: I4cf57381104aa1a801cf82a42b1c5ae1a2273e89
Merged-In: I4cf57381104aa1a801cf82a42b1c5ae1a2273e89
(cherry picked from commit d76f174a785d2f1c17999a2d23b1fea2a33e4b1e)
---
init/ueventd.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/init/ueventd.cpp b/init/ueventd.cpp
index 680944546..b42a4c62a 100644
--- a/init/ueventd.cpp
+++ b/init/ueventd.cpp
@@ -240,7 +240,8 @@ int ueventd_main(int argc, char** argv) {
auto hardware = android::base::GetProperty("ro.hardware", "");
auto ueventd_configuration =
- ParseConfig({"/ueventd.rc", "/vendor/ueventd.rc", "/odm/ueventd.rc", hardware});
+ ParseConfig({"/ueventd.rc", "/vendor/ueventd.rc", "/odm/ueventd.rc",
+ "/ueventd." + hardware + ".rc"});
device_handler = DeviceHandler{std::move(ueventd_configuration.dev_permissions),
std::move(ueventd_configuration.sysfs_permissions),
--
2.17.1

29
patches/platform_system_netd/0001-device-Huawei-Kirin-960-accept-broken-rpfilter-match.patch Normal file
View File

@ -0,0 +1,29 @@
From 7cb717fed8faa8da03d90bb2e40d9e383c08e417 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 2 Jul 2018 22:01:43 +0200
Subject: [PATCH] [device] ::Huawei Kirin 960:: accept broken rpfilter match
How bad a security flaw is this?
People lived with rpfilter on IPv4 for a very long time...
Change-Id: I9aa63d18e54a8254133adf97bf757c03d6b66757
---
server/TetherController.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/server/TetherController.cpp b/server/TetherController.cpp
index 06eaf94..884b813 100644
--- a/server/TetherController.cpp
+++ b/server/TetherController.cpp
@@ -625,7 +625,7 @@ int TetherController::setForwardRules(bool add, const char *intIface, const char
"*raw\n"
"%s %s -i %s -m rpfilter --invert ! -s fe80::/64 -j DROP\n"
"COMMIT\n", op, LOCAL_RAW_PREROUTING, intIface);
- if (iptablesRestoreFunction(V6, rpfilterCmd, nullptr) == -1 && add) {
+ if (iptablesRestoreFunction(V6, rpfilterCmd, nullptr) == -1 && add && false) {
return -1;
}
--
2.17.1

51
patches/platform_system_sepolicy/0001-Don-t-set-esdfs-or-exfat-genfscon.-Assume-OEM-does.patch Normal file
View File

@ -0,0 +1,51 @@
From 733830ed8d84a76325977baf8b9132e65672b85f Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 20:56:54 +0200
Subject: [PATCH 01/26] Don't set esdfs or exfat genfscon. Assume OEM does
---
prebuilts/api/28.0/private/genfs_contexts | 4 ++--
private/genfs_contexts | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/prebuilts/api/28.0/private/genfs_contexts b/prebuilts/api/28.0/private/genfs_contexts
index 7e2ea509..56cd92da 100644
--- a/prebuilts/api/28.0/private/genfs_contexts
+++ b/prebuilts/api/28.0/private/genfs_contexts
@@ -231,12 +231,12 @@ genfscon debugfs /tracing/events/fence/
genfscon inotifyfs / u:object_r:inotify:s0
genfscon vfat / u:object_r:vfat:s0
-genfscon exfat / u:object_r:exfat:s0
+#genfscon exfat / u:object_r:exfat:s0
genfscon debugfs / u:object_r:debugfs:s0
genfscon fuse / u:object_r:fuse:s0
genfscon configfs / u:object_r:configfs:s0
genfscon sdcardfs / u:object_r:sdcardfs:s0
-genfscon esdfs / u:object_r:sdcardfs:s0
+#genfscon esdfs / u:object_r:sdcardfs:s0
genfscon pstore / u:object_r:pstorefs:s0
genfscon functionfs / u:object_r:functionfs:s0
genfscon usbfs / u:object_r:usbfs:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 7e2ea509..56cd92da 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -231,12 +231,12 @@ genfscon debugfs /tracing/events/fence/
genfscon inotifyfs / u:object_r:inotify:s0
genfscon vfat / u:object_r:vfat:s0
-genfscon exfat / u:object_r:exfat:s0
+#genfscon exfat / u:object_r:exfat:s0
genfscon debugfs / u:object_r:debugfs:s0
genfscon fuse / u:object_r:fuse:s0
genfscon configfs / u:object_r:configfs:s0
genfscon sdcardfs / u:object_r:sdcardfs:s0
-genfscon esdfs / u:object_r:sdcardfs:s0
+#genfscon esdfs / u:object_r:sdcardfs:s0
genfscon pstore / u:object_r:pstorefs:s0
genfscon functionfs / u:object_r:functionfs:s0
genfscon usbfs / u:object_r:usbfs:s0
--
2.17.1

88
patches/platform_system_sepolicy/0009-Allow-mmap-for-vendor_init.patch Normal file
View File

@ -0,0 +1,88 @@
From cd432a8d8114feda09c47ca985aa7f9f8cc2d4e9 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 30 Jul 2018 18:52:46 -0700
Subject: [PATCH 09/26] Allow mmap for vendor_init
vendor_init needs to touch a bunch of files. Forgotten within this set
of permissions is the ability to mmap files.
Addresses the following denial:
avc: denied { map } for pid=1167 comm="init" path="/system/etc/selinux/plat_file_contexts" dev="vda1" ino=1845 scontext=u:r:vendor_init:s0 tcontext=u:object_r:file_contexts_file:s0 tclass=file permissive=0
While I'm here, add mmap() support to other areas where it's likely
needed.
Bug: 111742629
Test: make -j80, ran emulator
Change-Id: Icab00e45ae88f0d86be66d85a22e018af6ffcd75
---
prebuilts/api/28.0/public/vendor_init.te | 6 +++---
public/vendor_init.te | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/prebuilts/api/28.0/public/vendor_init.te b/prebuilts/api/28.0/public/vendor_init.te
index 740d0d9e..9784095a 100644
--- a/prebuilts/api/28.0/public/vendor_init.te
+++ b/prebuilts/api/28.0/public/vendor_init.te
@@ -60,7 +60,7 @@ allow vendor_init {
-unlabeled
-vendor_file_type
-vold_metadata_file
-}:file { create getattr open read write setattr relabelfrom unlink };
+}:file { create getattr open read write setattr relabelfrom unlink map };
allow vendor_init {
file_type
@@ -107,7 +107,7 @@ allow vendor_init {
-proc_uid_time_in_state
-proc_uid_concurrent_active_time
-proc_uid_concurrent_policy_time
-}:file { open read setattr };
+}:file { open read setattr map };
allow vendor_init {
fs_type
@@ -149,7 +149,7 @@ allow vendor_init self:process { setfscreate };
r_dir_file(vendor_init, vendor_file_type)
# Vendor init can read properties
-allow vendor_init serialno_prop:file { getattr open read };
+allow vendor_init serialno_prop:file { getattr open read map };
# Vendor init can perform operations on trusted and security Extended Attributes
allow vendor_init self:global_capability_class_set sys_admin;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 740d0d9e..9784095a 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -60,7 +60,7 @@ allow vendor_init {
-unlabeled
-vendor_file_type
-vold_metadata_file
-}:file { create getattr open read write setattr relabelfrom unlink };
+}:file { create getattr open read write setattr relabelfrom unlink map };
allow vendor_init {
file_type
@@ -107,7 +107,7 @@ allow vendor_init {
-proc_uid_time_in_state
-proc_uid_concurrent_active_time
-proc_uid_concurrent_policy_time
-}:file { open read setattr };
+}:file { open read setattr map };
allow vendor_init {
fs_type
@@ -149,7 +149,7 @@ allow vendor_init self:process { setfscreate };
r_dir_file(vendor_init, vendor_file_type)
# Vendor init can read properties
-allow vendor_init serialno_prop:file { getattr open read };
+allow vendor_init serialno_prop:file { getattr open read map };
# Vendor init can perform operations on trusted and security Extended Attributes
allow vendor_init self:global_capability_class_set sys_admin;
--
2.17.1

680
patches/platform_system_sepolicy/0010-sepolicy-grant-dac_read_search-to-domains-with-dac_o.patch Normal file
View File

@ -0,0 +1,680 @@
From a71e956183b20a4be92b0fd78691c35f904bfa03 Mon Sep 17 00:00:00 2001
From: Benjamin Gordon <bmgordon@google.com>
Date: Thu, 6 Sep 2018 16:19:40 -0600
Subject: [PATCH 10/26] sepolicy: grant dac_read_search to domains with
dac_override
kernel commit 2a4c22426955d4fc04069811997b7390c0fb858e (fs: switch order
of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks) swapped the order of
dac_override and dac_read_search checks. Domains that have dac_override
will now generate spurious denials for dac_read_search unless they also
have that permission. Since dac_override is a strict superset of
dac_read_search, grant dac_read_search to all domains that already have
dac_override to get rid of the denials.
Bug: 114280985
Bug: crbug.com/877588
Test: Booted on a device running 4.14.
Change-Id: I5c1c136b775cceeb7f170e139e8d4279e73267a4
---
prebuilts/api/28.0/private/storaged.te | 2 +-
.../api/28.0/private/vold_prepare_subdirs.te | 2 +-
prebuilts/api/28.0/private/zygote.te | 2 +-
prebuilts/api/28.0/public/dnsmasq.te | 2 +-
prebuilts/api/28.0/public/domain.te | 51 +++++++++++--------
prebuilts/api/28.0/public/dumpstate.te | 2 +-
prebuilts/api/28.0/public/init.te | 2 +-
prebuilts/api/28.0/public/install_recovery.te | 2 +-
prebuilts/api/28.0/public/installd.te | 2 +-
prebuilts/api/28.0/public/lmkd.te | 2 +-
prebuilts/api/28.0/public/netd.te | 2 +-
prebuilts/api/28.0/public/perfprofd.te | 2 +-
.../api/28.0/public/postinstall_dexopt.te | 2 +-
prebuilts/api/28.0/public/recovery.te | 1 +
prebuilts/api/28.0/public/runas.te | 2 +-
prebuilts/api/28.0/public/sdcardd.te | 2 +-
prebuilts/api/28.0/public/ueventd.te | 2 +-
prebuilts/api/28.0/public/uncrypt.te | 2 +-
prebuilts/api/28.0/public/vendor_init.te | 2 +-
prebuilts/api/28.0/public/vold.te | 2 +-
private/storaged.te | 2 +-
private/vold_prepare_subdirs.te | 2 +-
private/zygote.te | 2 +-
public/dnsmasq.te | 2 +-
public/domain.te | 51 +++++++++++--------
public/dumpstate.te | 2 +-
public/init.te | 2 +-
public/install_recovery.te | 2 +-
public/installd.te | 2 +-
public/lmkd.te | 2 +-
public/netd.te | 2 +-
public/perfprofd.te | 2 +-
public/postinstall_dexopt.te | 2 +-
public/recovery.te | 1 +
public/runas.te | 2 +-
public/sdcardd.te | 2 +-
public/ueventd.te | 2 +-
public/uncrypt.te | 2 +-
public/vendor_init.te | 2 +-
public/vold.te | 2 +-
40 files changed, 96 insertions(+), 80 deletions(-)
diff --git a/prebuilts/api/28.0/private/storaged.te b/prebuilts/api/28.0/private/storaged.te
index 8ad872f6..65b83b98 100644
--- a/prebuilts/api/28.0/private/storaged.te
+++ b/prebuilts/api/28.0/private/storaged.te
@@ -49,7 +49,7 @@ allow storaged package_native_service:service_manager find;
# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
# running as root. See b/35323867 #3.
-dontaudit storaged self:global_capability_class_set dac_override;
+dontaudit storaged self:global_capability_class_set { dac_override dac_read_search };
# For collecting bugreports.
allow storaged dumpstate:fifo_file write;
diff --git a/prebuilts/api/28.0/private/vold_prepare_subdirs.te b/prebuilts/api/28.0/private/vold_prepare_subdirs.te
index 0a115584..0d062e99 100644
--- a/prebuilts/api/28.0/private/vold_prepare_subdirs.te
+++ b/prebuilts/api/28.0/private/vold_prepare_subdirs.te
@@ -7,7 +7,7 @@ allow vold_prepare_subdirs devpts:chr_file rw_file_perms;
allow vold_prepare_subdirs vold:fd use;
allow vold_prepare_subdirs vold:fifo_file { read write };
allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
-allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override fowner };
+allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner };
allow vold_prepare_subdirs self:process setfscreate;
allow vold_prepare_subdirs {
system_data_file
diff --git a/prebuilts/api/28.0/private/zygote.te b/prebuilts/api/28.0/private/zygote.te
index 2dcbdf1a..8d0be613 100644
--- a/prebuilts/api/28.0/private/zygote.te
+++ b/prebuilts/api/28.0/private/zygote.te
@@ -7,7 +7,7 @@ init_daemon_domain(zygote)
read_runtime_log_tags(zygote)
# Override DAC on files and switch uid/gid.
-allow zygote self:global_capability_class_set { dac_override setgid setuid fowner chown };
+allow zygote self:global_capability_class_set { dac_override dac_read_search setgid setuid fowner chown };
# Drop capabilities from bounding set.
allow zygote self:global_capability_class_set setpcap;
diff --git a/prebuilts/api/28.0/public/dnsmasq.te b/prebuilts/api/28.0/public/dnsmasq.te
index 3aaefd3e..e97e964e 100644
--- a/prebuilts/api/28.0/public/dnsmasq.te
+++ b/prebuilts/api/28.0/public/dnsmasq.te
@@ -6,7 +6,7 @@ net_domain(dnsmasq)
allowxperm dnsmasq self:udp_socket ioctl priv_sock_ioctls;
# TODO: Run with dhcp group to avoid need for dac_override.
-allow dnsmasq self:global_capability_class_set dac_override;
+allow dnsmasq self:global_capability_class_set { dac_override dac_read_search };
allow dnsmasq self:global_capability_class_set { net_admin net_raw net_bind_service setgid setuid };
diff --git a/prebuilts/api/28.0/public/domain.te b/prebuilts/api/28.0/public/domain.te
index fe03c95d..42a26cf2 100644
--- a/prebuilts/api/28.0/public/domain.te
+++ b/prebuilts/api/28.0/public/domain.te
@@ -1342,28 +1342,35 @@ full_treble_only(`
# Minimize dac_override and dac_read_search.
# Instead of granting them it is usually better to add the domain to
# a Unix group or change the permissions of a file.
-neverallow {
- domain
- -dnsmasq
- -dumpstate
- -init
- -installd
- -install_recovery
- -lmkd
- -netd
- -perfprofd
- -postinstall_dexopt
- -recovery
- -sdcardd
- -tee
- -ueventd
- -uncrypt
- -vendor_init
- -vold
- -vold_prepare_subdirs
- -zygote
-} self:capability dac_override;
-neverallow { domain -traced_probes } self:capability dac_read_search;
+define(`dac_override_allowed', `{
+ dnsmasq
+ dumpstate
+ init
+ installd
+ install_recovery
+ lmkd
+ netd
+ perfprofd
+ postinstall_dexopt
+ recovery
+ sdcardd
+ tee
+ ueventd
+ uncrypt
+ vendor_init
+ vold
+ vold_prepare_subdirs
+ zygote
+}')
+neverallow ~dac_override_allowed self:global_capability_class_set dac_override;
+# Since the kernel checks dac_read_search before dac_override, domains that
+# have dac_override should also have dac_read_search to eliminate spurious
+# denials. Some domains have dac_read_search without having dac_override, so
+# this list should be a superset of the one above.
+neverallow ~{
+ dac_override_allowed
+ traced_probes
+} self:global_capability_class_set dac_read_search;
# If an already existing file is opened with O_CREAT, the kernel might generate
# a false report of a create denial. Silence these denials and make sure that
diff --git a/prebuilts/api/28.0/public/dumpstate.te b/prebuilts/api/28.0/public/dumpstate.te
index 03fc737e..23af7dac 100644
--- a/prebuilts/api/28.0/public/dumpstate.te
+++ b/prebuilts/api/28.0/public/dumpstate.te
@@ -33,7 +33,7 @@ allow dumpstate toolbox_exec:file rx_file_perms;
allow dumpstate system_file:dir r_dir_perms;
# Create and write into /data/anr/
-allow dumpstate self:global_capability_class_set { dac_override chown fowner fsetid };
+allow dumpstate self:global_capability_class_set { dac_override dac_read_search chown fowner fsetid };
allow dumpstate anr_data_file:dir rw_dir_perms;
allow dumpstate anr_data_file:file create_file_perms;
diff --git a/prebuilts/api/28.0/public/init.te b/prebuilts/api/28.0/public/init.te
index dafc06f9..2284689d 100644
--- a/prebuilts/api/28.0/public/init.te
+++ b/prebuilts/api/28.0/public/init.te
@@ -105,7 +105,7 @@ allow init metadata_file:dir mounton;
allow init tmpfs:dir relabelfrom;
# Create directories under /dev/cpuctl after chowning it to system.
-allow init self:global_capability_class_set dac_override;
+allow init self:global_capability_class_set { dac_override dac_read_search };
# Set system clock.
allow init self:global_capability_class_set sys_time;
diff --git a/prebuilts/api/28.0/public/install_recovery.te b/prebuilts/api/28.0/public/install_recovery.te
index ab688386..24819c2e 100644
--- a/prebuilts/api/28.0/public/install_recovery.te
+++ b/prebuilts/api/28.0/public/install_recovery.te
@@ -2,7 +2,7 @@
type install_recovery, domain;
type install_recovery_exec, exec_type, file_type;
-allow install_recovery self:global_capability_class_set dac_override;
+allow install_recovery self:global_capability_class_set { dac_override dac_read_search };
# /system/bin/install-recovery.sh is a shell script.
# Needs to execute /system/bin/sh
diff --git a/prebuilts/api/28.0/public/installd.te b/prebuilts/api/28.0/public/installd.te
index 6aba962d..f34ef0c5 100644
--- a/prebuilts/api/28.0/public/installd.te
+++ b/prebuilts/api/28.0/public/installd.te
@@ -2,7 +2,7 @@
type installd, domain;
type installd_exec, exec_type, file_type;
typeattribute installd mlstrustedsubject;
-allow installd self:global_capability_class_set { chown dac_override fowner fsetid setgid setuid sys_admin };
+allow installd self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid sys_admin };
# Allow labeling of files under /data/app/com.example/oat/
allow installd dalvikcache_data_file:dir relabelto;
diff --git a/prebuilts/api/28.0/public/lmkd.te b/prebuilts/api/28.0/public/lmkd.te
index 5b4a235a..79cb2889 100644
--- a/prebuilts/api/28.0/public/lmkd.te
+++ b/prebuilts/api/28.0/public/lmkd.te
@@ -2,7 +2,7 @@
type lmkd, domain, mlstrustedsubject;
type lmkd_exec, exec_type, file_type;
-allow lmkd self:global_capability_class_set { dac_override sys_resource kill };
+allow lmkd self:global_capability_class_set { dac_override dac_read_search sys_resource kill };
# lmkd locks itself in memory, to prevent it from being
# swapped out and unable to kill other memory hogs.
diff --git a/prebuilts/api/28.0/public/netd.te b/prebuilts/api/28.0/public/netd.te
index 18113e75..a550b258 100644
--- a/prebuilts/api/28.0/public/netd.te
+++ b/prebuilts/api/28.0/public/netd.te
@@ -61,7 +61,7 @@ allow netd fs_bpf:file create_file_perms;
# TODO: netd previously thought it needed these permissions to do WiFi related
# work. However, after all the WiFi stuff is gone, we still need them.
# Why?
-allow netd self:global_capability_class_set { dac_override chown };
+allow netd self:global_capability_class_set { dac_override dac_read_search chown };
# Needed to update /data/misc/net/rt_tables
allow netd net_data_file:file create_file_perms;
diff --git a/prebuilts/api/28.0/public/perfprofd.te b/prebuilts/api/28.0/public/perfprofd.te
index f067af5d..b5c01458 100644
--- a/prebuilts/api/28.0/public/perfprofd.te
+++ b/prebuilts/api/28.0/public/perfprofd.te
@@ -23,7 +23,7 @@ userdebug_or_eng(`
# perfprofd reads a config file from /data/data/com.google.android.gms/files
allow perfprofd app_data_file:file r_file_perms;
allow perfprofd app_data_file:dir search;
- allow perfprofd self:global_capability_class_set { dac_override };
+ allow perfprofd self:global_capability_class_set { dac_override dac_read_search };
# perfprofd opens a file for writing in /data/misc/perfprofd
allow perfprofd perfprofd_data_file:file create_file_perms;
diff --git a/prebuilts/api/28.0/public/postinstall_dexopt.te b/prebuilts/api/28.0/public/postinstall_dexopt.te
index ffd8bc57..8b6d6cc1 100644
--- a/prebuilts/api/28.0/public/postinstall_dexopt.te
+++ b/prebuilts/api/28.0/public/postinstall_dexopt.te
@@ -5,7 +5,7 @@
type postinstall_dexopt, domain;
-allow postinstall_dexopt self:global_capability_class_set { chown dac_override fowner fsetid setgid setuid };
+allow postinstall_dexopt self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid };
allow postinstall_dexopt postinstall_file:filesystem getattr;
allow postinstall_dexopt postinstall_file:dir { getattr search };
diff --git a/prebuilts/api/28.0/public/recovery.te b/prebuilts/api/28.0/public/recovery.te
index 57ad2028..6745bd6f 100644
--- a/prebuilts/api/28.0/public/recovery.te
+++ b/prebuilts/api/28.0/public/recovery.te
@@ -15,6 +15,7 @@ recovery_only(`
allow recovery self:global_capability_class_set {
chown
dac_override
+ dac_read_search
fowner
setuid
setgid
diff --git a/prebuilts/api/28.0/public/runas.te b/prebuilts/api/28.0/public/runas.te
index 053a87f6..6c5de7cf 100644
--- a/prebuilts/api/28.0/public/runas.te
+++ b/prebuilts/api/28.0/public/runas.te
@@ -18,7 +18,7 @@ allow runas system_data_file:lnk_file getattr;
allow runas system_data_file:lnk_file read;
# run-as checks and changes to the app data dir.
-dontaudit runas self:global_capability_class_set dac_override;
+dontaudit runas self:global_capability_class_set { dac_override dac_read_search };
allow runas app_data_file:dir { getattr search };
# run-as switches to the app UID/GID.
diff --git a/prebuilts/api/28.0/public/sdcardd.te b/prebuilts/api/28.0/public/sdcardd.te
index 4a88f54d..6749d16e 100644
--- a/prebuilts/api/28.0/public/sdcardd.te
+++ b/prebuilts/api/28.0/public/sdcardd.te
@@ -10,7 +10,7 @@ allow sdcardd mnt_media_rw_file:dir r_dir_perms;
allow sdcardd storage_file:dir search;
allow sdcardd storage_stub_file:dir { search mounton };
allow sdcardd sdcard_type:filesystem { mount unmount };
-allow sdcardd self:global_capability_class_set { setuid setgid dac_override sys_admin sys_resource };
+allow sdcardd self:global_capability_class_set { setuid setgid dac_override dac_read_search sys_admin sys_resource };
allow sdcardd sdcard_type:dir create_dir_perms;
allow sdcardd sdcard_type:file create_file_perms;
diff --git a/prebuilts/api/28.0/public/ueventd.te b/prebuilts/api/28.0/public/ueventd.te
index 9b9eacb2..c6260519 100644
--- a/prebuilts/api/28.0/public/ueventd.te
+++ b/prebuilts/api/28.0/public/ueventd.te
@@ -5,7 +5,7 @@ type ueventd, domain;
# Write to /dev/kmsg.
allow ueventd kmsg_device:chr_file rw_file_perms;
-allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
+allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner };
allow ueventd device:file create_file_perms;
r_dir_file(ueventd, rootfs)
diff --git a/prebuilts/api/28.0/public/uncrypt.te b/prebuilts/api/28.0/public/uncrypt.te
index 1e48b831..e64ce3ec 100644
--- a/prebuilts/api/28.0/public/uncrypt.te
+++ b/prebuilts/api/28.0/public/uncrypt.te
@@ -2,7 +2,7 @@
type uncrypt, domain, mlstrustedsubject;
type uncrypt_exec, exec_type, file_type;
-allow uncrypt self:global_capability_class_set dac_override;
+allow uncrypt self:global_capability_class_set { dac_override dac_read_search };
# Read OTA zip file from /data/data/com.google.android.gsf/app_download
r_dir_file(uncrypt, app_data_file)
diff --git a/prebuilts/api/28.0/public/vendor_init.te b/prebuilts/api/28.0/public/vendor_init.te
index 9784095a..ba835ed6 100644
--- a/prebuilts/api/28.0/public/vendor_init.te
+++ b/prebuilts/api/28.0/public/vendor_init.te
@@ -25,7 +25,7 @@ allow vendor_init configfs:dir create_dir_perms;
allow vendor_init configfs:{ file lnk_file } create_file_perms;
# Create directories under /dev/cpuctl after chowning it to system.
-allow vendor_init self:global_capability_class_set dac_override;
+allow vendor_init self:global_capability_class_set { dac_override dac_read_search };
# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files.
# chown/chmod require open+read+setattr required for open()+fchown/fchmod().
diff --git a/prebuilts/api/28.0/public/vold.te b/prebuilts/api/28.0/public/vold.te
index 4d15f11e..852e91ea 100644
--- a/prebuilts/api/28.0/public/vold.te
+++ b/prebuilts/api/28.0/public/vold.te
@@ -75,7 +75,7 @@ allow vold shell_data_file:dir { create getattr setattr };
allow vold tmpfs:filesystem { mount unmount };
allow vold tmpfs:dir create_dir_perms;
allow vold tmpfs:dir mounton;
-allow vold self:global_capability_class_set { net_admin dac_override mknod sys_admin chown fowner fsetid };
+allow vold self:global_capability_class_set { net_admin dac_override dac_read_search mknod sys_admin chown fowner fsetid };
allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow vold app_data_file:dir search;
allow vold app_data_file:file rw_file_perms;
diff --git a/private/storaged.te b/private/storaged.te
index 8ad872f6..65b83b98 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -49,7 +49,7 @@ allow storaged package_native_service:service_manager find;
# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
# running as root. See b/35323867 #3.
-dontaudit storaged self:global_capability_class_set dac_override;
+dontaudit storaged self:global_capability_class_set { dac_override dac_read_search };
# For collecting bugreports.
allow storaged dumpstate:fifo_file write;
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 0a115584..0d062e99 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -7,7 +7,7 @@ allow vold_prepare_subdirs devpts:chr_file rw_file_perms;
allow vold_prepare_subdirs vold:fd use;
allow vold_prepare_subdirs vold:fifo_file { read write };
allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
-allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override fowner };
+allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner };
allow vold_prepare_subdirs self:process setfscreate;
allow vold_prepare_subdirs {
system_data_file
diff --git a/private/zygote.te b/private/zygote.te
index 2dcbdf1a..8d0be613 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -7,7 +7,7 @@ init_daemon_domain(zygote)
read_runtime_log_tags(zygote)
# Override DAC on files and switch uid/gid.
-allow zygote self:global_capability_class_set { dac_override setgid setuid fowner chown };
+allow zygote self:global_capability_class_set { dac_override dac_read_search setgid setuid fowner chown };
# Drop capabilities from bounding set.
allow zygote self:global_capability_class_set setpcap;
diff --git a/public/dnsmasq.te b/public/dnsmasq.te
index 3aaefd3e..e97e964e 100644
--- a/public/dnsmasq.te
+++ b/public/dnsmasq.te
@@ -6,7 +6,7 @@ net_domain(dnsmasq)
allowxperm dnsmasq self:udp_socket ioctl priv_sock_ioctls;
# TODO: Run with dhcp group to avoid need for dac_override.
-allow dnsmasq self:global_capability_class_set dac_override;
+allow dnsmasq self:global_capability_class_set { dac_override dac_read_search };
allow dnsmasq self:global_capability_class_set { net_admin net_raw net_bind_service setgid setuid };
diff --git a/public/domain.te b/public/domain.te
index fe03c95d..42a26cf2 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1342,28 +1342,35 @@ full_treble_only(`
# Minimize dac_override and dac_read_search.
# Instead of granting them it is usually better to add the domain to
# a Unix group or change the permissions of a file.
-neverallow {
- domain
- -dnsmasq
- -dumpstate
- -init
- -installd
- -install_recovery
- -lmkd
- -netd
- -perfprofd
- -postinstall_dexopt
- -recovery
- -sdcardd
- -tee
- -ueventd
- -uncrypt
- -vendor_init
- -vold
- -vold_prepare_subdirs
- -zygote
-} self:capability dac_override;
-neverallow { domain -traced_probes } self:capability dac_read_search;
+define(`dac_override_allowed', `{
+ dnsmasq
+ dumpstate
+ init
+ installd
+ install_recovery
+ lmkd
+ netd
+ perfprofd
+ postinstall_dexopt
+ recovery
+ sdcardd
+ tee
+ ueventd
+ uncrypt
+ vendor_init
+ vold
+ vold_prepare_subdirs
+ zygote
+}')
+neverallow ~dac_override_allowed self:global_capability_class_set dac_override;
+# Since the kernel checks dac_read_search before dac_override, domains that
+# have dac_override should also have dac_read_search to eliminate spurious
+# denials. Some domains have dac_read_search without having dac_override, so
+# this list should be a superset of the one above.
+neverallow ~{
+ dac_override_allowed
+ traced_probes
+} self:global_capability_class_set dac_read_search;
# If an already existing file is opened with O_CREAT, the kernel might generate
# a false report of a create denial. Silence these denials and make sure that
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 03fc737e..23af7dac 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -33,7 +33,7 @@ allow dumpstate toolbox_exec:file rx_file_perms;
allow dumpstate system_file:dir r_dir_perms;
# Create and write into /data/anr/
-allow dumpstate self:global_capability_class_set { dac_override chown fowner fsetid };
+allow dumpstate self:global_capability_class_set { dac_override dac_read_search chown fowner fsetid };
allow dumpstate anr_data_file:dir rw_dir_perms;
allow dumpstate anr_data_file:file create_file_perms;
diff --git a/public/init.te b/public/init.te
index dafc06f9..2284689d 100644
--- a/public/init.te
+++ b/public/init.te
@@ -105,7 +105,7 @@ allow init metadata_file:dir mounton;
allow init tmpfs:dir relabelfrom;
# Create directories under /dev/cpuctl after chowning it to system.
-allow init self:global_capability_class_set dac_override;
+allow init self:global_capability_class_set { dac_override dac_read_search };
# Set system clock.
allow init self:global_capability_class_set sys_time;
diff --git a/public/install_recovery.te b/public/install_recovery.te
index ab688386..24819c2e 100644
--- a/public/install_recovery.te
+++ b/public/install_recovery.te
@@ -2,7 +2,7 @@
type install_recovery, domain;
type install_recovery_exec, exec_type, file_type;
-allow install_recovery self:global_capability_class_set dac_override;
+allow install_recovery self:global_capability_class_set { dac_override dac_read_search };
# /system/bin/install-recovery.sh is a shell script.
# Needs to execute /system/bin/sh
diff --git a/public/installd.te b/public/installd.te
index 6aba962d..f34ef0c5 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -2,7 +2,7 @@
type installd, domain;
type installd_exec, exec_type, file_type;
typeattribute installd mlstrustedsubject;
-allow installd self:global_capability_class_set { chown dac_override fowner fsetid setgid setuid sys_admin };
+allow installd self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid sys_admin };
# Allow labeling of files under /data/app/com.example/oat/
allow installd dalvikcache_data_file:dir relabelto;
diff --git a/public/lmkd.te b/public/lmkd.te
index 5b4a235a..79cb2889 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -2,7 +2,7 @@
type lmkd, domain, mlstrustedsubject;
type lmkd_exec, exec_type, file_type;
-allow lmkd self:global_capability_class_set { dac_override sys_resource kill };
+allow lmkd self:global_capability_class_set { dac_override dac_read_search sys_resource kill };
# lmkd locks itself in memory, to prevent it from being
# swapped out and unable to kill other memory hogs.
diff --git a/public/netd.te b/public/netd.te
index 18113e75..a550b258 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -61,7 +61,7 @@ allow netd fs_bpf:file create_file_perms;
# TODO: netd previously thought it needed these permissions to do WiFi related
# work. However, after all the WiFi stuff is gone, we still need them.
# Why?
-allow netd self:global_capability_class_set { dac_override chown };
+allow netd self:global_capability_class_set { dac_override dac_read_search chown };
# Needed to update /data/misc/net/rt_tables
allow netd net_data_file:file create_file_perms;
diff --git a/public/perfprofd.te b/public/perfprofd.te
index f067af5d..b5c01458 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -23,7 +23,7 @@ userdebug_or_eng(`
# perfprofd reads a config file from /data/data/com.google.android.gms/files
allow perfprofd app_data_file:file r_file_perms;
allow perfprofd app_data_file:dir search;
- allow perfprofd self:global_capability_class_set { dac_override };
+ allow perfprofd self:global_capability_class_set { dac_override dac_read_search };
# perfprofd opens a file for writing in /data/misc/perfprofd
allow perfprofd perfprofd_data_file:file create_file_perms;
diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index ffd8bc57..8b6d6cc1 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -5,7 +5,7 @@
type postinstall_dexopt, domain;
-allow postinstall_dexopt self:global_capability_class_set { chown dac_override fowner fsetid setgid setuid };
+allow postinstall_dexopt self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid };
allow postinstall_dexopt postinstall_file:filesystem getattr;
allow postinstall_dexopt postinstall_file:dir { getattr search };
diff --git a/public/recovery.te b/public/recovery.te
index 57ad2028..6745bd6f 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -15,6 +15,7 @@ recovery_only(`
allow recovery self:global_capability_class_set {
chown
dac_override
+ dac_read_search
fowner
setuid
setgid
diff --git a/public/runas.te b/public/runas.te
index 053a87f6..6c5de7cf 100644
--- a/public/runas.te
+++ b/public/runas.te
@@ -18,7 +18,7 @@ allow runas system_data_file:lnk_file getattr;
allow runas system_data_file:lnk_file read;
# run-as checks and changes to the app data dir.
-dontaudit runas self:global_capability_class_set dac_override;
+dontaudit runas self:global_capability_class_set { dac_override dac_read_search };
allow runas app_data_file:dir { getattr search };
# run-as switches to the app UID/GID.
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 4a88f54d..6749d16e 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -10,7 +10,7 @@ allow sdcardd mnt_media_rw_file:dir r_dir_perms;
allow sdcardd storage_file:dir search;
allow sdcardd storage_stub_file:dir { search mounton };
allow sdcardd sdcard_type:filesystem { mount unmount };
-allow sdcardd self:global_capability_class_set { setuid setgid dac_override sys_admin sys_resource };
+allow sdcardd self:global_capability_class_set { setuid setgid dac_override dac_read_search sys_admin sys_resource };
allow sdcardd sdcard_type:dir create_dir_perms;
allow sdcardd sdcard_type:file create_file_perms;
diff --git a/public/ueventd.te b/public/ueventd.te
index 9b9eacb2..c6260519 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -5,7 +5,7 @@ type ueventd, domain;
# Write to /dev/kmsg.
allow ueventd kmsg_device:chr_file rw_file_perms;
-allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
+allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner };
allow ueventd device:file create_file_perms;
r_dir_file(ueventd, rootfs)
diff --git a/public/uncrypt.te b/public/uncrypt.te
index 1e48b831..e64ce3ec 100644
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@@ -2,7 +2,7 @@
type uncrypt, domain, mlstrustedsubject;
type uncrypt_exec, exec_type, file_type;
-allow uncrypt self:global_capability_class_set dac_override;
+allow uncrypt self:global_capability_class_set { dac_override dac_read_search };
# Read OTA zip file from /data/data/com.google.android.gsf/app_download
r_dir_file(uncrypt, app_data_file)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 9784095a..ba835ed6 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -25,7 +25,7 @@ allow vendor_init configfs:dir create_dir_perms;
allow vendor_init configfs:{ file lnk_file } create_file_perms;
# Create directories under /dev/cpuctl after chowning it to system.
-allow vendor_init self:global_capability_class_set dac_override;
+allow vendor_init self:global_capability_class_set { dac_override dac_read_search };
# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files.
# chown/chmod require open+read+setattr required for open()+fchown/fchmod().
diff --git a/public/vold.te b/public/vold.te
index 4d15f11e..852e91ea 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -75,7 +75,7 @@ allow vold shell_data_file:dir { create getattr setattr };
allow vold tmpfs:filesystem { mount unmount };
allow vold tmpfs:dir create_dir_perms;
allow vold tmpfs:dir mounton;
-allow vold self:global_capability_class_set { net_admin dac_override mknod sys_admin chown fowner fsetid };
+allow vold self:global_capability_class_set { net_admin dac_override dac_read_search mknod sys_admin chown fowner fsetid };
allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow vold app_data_file:dir search;
allow vold app_data_file:file rw_file_perms;
--
2.17.1

320
patches/platform_system_sepolicy/0011-more-mmaps.patch Normal file
View File

@ -0,0 +1,320 @@
From 9616351aeee2207446602498ae6fd78b6b180abc Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 13 Aug 2018 10:31:58 -0700
Subject: [PATCH 11/26] more mmaps
Linux kernel 4.14+ SELinux starts explicit map
permission check for file mmap operations. For backards
compat, add mmap in more places where we explicitly
list out individual file permissions.
Test: policy compiles
Change-Id: Idc4ca53769f2e7aa12ed93ab27191ed92da37a3e
---
prebuilts/api/28.0/public/app.te | 14 +++++++-------
prebuilts/api/28.0/public/dex2oat.te | 14 +++++++-------
prebuilts/api/28.0/public/drmserver.te | 12 ++++++------
prebuilts/api/28.0/public/init.te | 2 +-
prebuilts/api/28.0/public/te_macros | 4 ++--
public/app.te | 14 +++++++-------
public/dex2oat.te | 14 +++++++-------
public/drmserver.te | 12 ++++++------
public/init.te | 2 +-
public/te_macros | 4 ++--
10 files changed, 46 insertions(+), 46 deletions(-)
diff --git a/prebuilts/api/28.0/public/app.te b/prebuilts/api/28.0/public/app.te
index 439c1f80..239332c1 100644
--- a/prebuilts/api/28.0/public/app.te
+++ b/prebuilts/api/28.0/public/app.te
@@ -120,16 +120,16 @@ r_dir_file(appdomain, vendor_framework_file)
allow appdomain dex2oat_exec:file rx_file_perms;
# Read/write wallpaper file (opened by system).
-allow appdomain wallpaper_file:file { getattr read write };
+allow appdomain wallpaper_file:file { getattr read write map };
# Read/write cached ringtones (opened by system).
-allow appdomain ringtone_file:file { getattr read write };
+allow appdomain ringtone_file:file { getattr read write map };
# Read ShortcutManager icon files (opened by system).
-allow appdomain shortcut_manager_icons:file { getattr read };
+allow appdomain shortcut_manager_icons:file { getattr read map };
# Read icon file (opened by system).
-allow appdomain icon_file:file { getattr read };
+allow appdomain icon_file:file { getattr read map };
# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt).
#
@@ -236,12 +236,12 @@ allow appdomain appdomain:unix_stream_socket { getopt getattr read write shutdow
# Backup ability for every app. BMS opens and passes the fd
# to any app that has backup ability. Hence, no open permissions here.
-allow appdomain backup_data_file:file { read write getattr };
-allow appdomain cache_backup_file:file { read write getattr };
+allow appdomain backup_data_file:file { read write getattr map };
+allow appdomain cache_backup_file:file { read write getattr map };
allow appdomain cache_backup_file:dir getattr;
# Backup ability using 'adb backup'
allow appdomain system_data_file:lnk_file r_file_perms;
-allow appdomain system_data_file:file { getattr read };
+allow appdomain system_data_file:file { getattr read map };
# Allow read/stat of /data/media files passed by Binder or local socket IPC.
allow { appdomain -isolated_app } media_rw_data_file:file { read getattr };
diff --git a/prebuilts/api/28.0/public/dex2oat.te b/prebuilts/api/28.0/public/dex2oat.te
index 608ba798..52dae8ca 100644
--- a/prebuilts/api/28.0/public/dex2oat.te
+++ b/prebuilts/api/28.0/public/dex2oat.te
@@ -7,9 +7,9 @@ r_dir_file(dex2oat, apk_data_file)
r_dir_file(dex2oat, vendor_app_file)
# Access /vendor/framework
allow dex2oat vendor_framework_file:dir { getattr search };
-allow dex2oat vendor_framework_file:file { getattr open read };
+allow dex2oat vendor_framework_file:file { getattr open read map };
-allow dex2oat tmpfs:file { read getattr };
+allow dex2oat tmpfs:file { read getattr map };
r_dir_file(dex2oat, dalvikcache_data_file)
allow dex2oat dalvikcache_data_file:file write;
@@ -24,16 +24,16 @@ allow dex2oat system_file:file lock;
# Read already open asec_apk_file file descriptors passed by installd.
# Also allow reading unlabeled files, to allow for upgrading forward
# locked APKs.
-allow dex2oat asec_apk_file:file read;
-allow dex2oat unlabeled:file read;
-allow dex2oat oemfs:file read;
+allow dex2oat asec_apk_file:file { read map };
+allow dex2oat unlabeled:file { read map };
+allow dex2oat oemfs:file { read map };
allow dex2oat apk_tmp_file:dir search;
allow dex2oat apk_tmp_file:file r_file_perms;
-allow dex2oat user_profile_data_file:file { getattr read lock };
+allow dex2oat user_profile_data_file:file { getattr read lock map };
# Allow dex2oat to compile app's secondary dex files which were reported back to
# the framework.
-allow dex2oat app_data_file:file { getattr read write lock };
+allow dex2oat app_data_file:file { getattr read write lock map };
##################
# A/B OTA Dexopt #
diff --git a/prebuilts/api/28.0/public/drmserver.te b/prebuilts/api/28.0/public/drmserver.te
index f752c13e..5cdd273f 100644
--- a/prebuilts/api/28.0/public/drmserver.te
+++ b/prebuilts/api/28.0/public/drmserver.te
@@ -21,8 +21,8 @@ allow drmserver sdcard_type:dir search;
allow drmserver drm_data_file:dir create_dir_perms;
allow drmserver drm_data_file:file create_file_perms;
allow drmserver tee_device:chr_file rw_file_perms;
-allow drmserver app_data_file:file { read write getattr };
-allow drmserver sdcard_type:file { read write getattr };
+allow drmserver app_data_file:file { read write getattr map };
+allow drmserver sdcard_type:file { read write getattr map };
r_dir_file(drmserver, efs_file)
type drmserver_socket, file_type;
@@ -38,12 +38,12 @@ allow drmserver apk_data_file:sock_file unlink;
r_dir_file(drmserver, media_rw_data_file)
# Read resources from open apk files passed over Binder.
-allow drmserver apk_data_file:file { read getattr };
-allow drmserver asec_apk_file:file { read getattr };
-allow drmserver ringtone_file:file { read getattr };
+allow drmserver apk_data_file:file { read getattr map };
+allow drmserver asec_apk_file:file { read getattr map };
+allow drmserver ringtone_file:file { read getattr map };
# Read /data/data/com.android.providers.telephony files passed over Binder.
-allow drmserver radio_data_file:file { read getattr };
+allow drmserver radio_data_file:file { read getattr map };
# /oem access
allow drmserver oemfs:dir search;
diff --git a/prebuilts/api/28.0/public/init.te b/prebuilts/api/28.0/public/init.te
index 2284689d..edb41d80 100644
--- a/prebuilts/api/28.0/public/init.te
+++ b/prebuilts/api/28.0/public/init.te
@@ -177,7 +177,7 @@ allow init {
-system_file
-vendor_file_type
-vold_data_file
-}:file { create getattr open read write setattr relabelfrom unlink };
+}:file { create getattr open read write setattr relabelfrom unlink map };
allow init {
file_type
diff --git a/prebuilts/api/28.0/public/te_macros b/prebuilts/api/28.0/public/te_macros
index 9cfe47c8..dcebbefa 100644
--- a/prebuilts/api/28.0/public/te_macros
+++ b/prebuilts/api/28.0/public/te_macros
@@ -345,7 +345,7 @@ allow $1 hwservicemanager:binder { call transfer };
allow hwservicemanager $1:binder { call transfer };
# hwservicemanager performs getpidcon on clients.
allow hwservicemanager $1:dir search;
-allow hwservicemanager $1:file { read open };
+allow hwservicemanager $1:file { read open map };
allow hwservicemanager $1:process getattr;
# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
# all domains in domain.te.
@@ -361,7 +361,7 @@ allow $1 vndbinder_device:chr_file rw_file_perms;
allow $1 vndservicemanager:binder { call transfer };
# vndservicemanager performs getpidcon on clients.
allow vndservicemanager $1:dir search;
-allow vndservicemanager $1:file { read open };
+allow vndservicemanager $1:file { read open map };
allow vndservicemanager $1:process getattr;
')
diff --git a/public/app.te b/public/app.te
index 439c1f80..239332c1 100644
--- a/public/app.te
+++ b/public/app.te
@@ -120,16 +120,16 @@ r_dir_file(appdomain, vendor_framework_file)
allow appdomain dex2oat_exec:file rx_file_perms;
# Read/write wallpaper file (opened by system).
-allow appdomain wallpaper_file:file { getattr read write };
+allow appdomain wallpaper_file:file { getattr read write map };
# Read/write cached ringtones (opened by system).
-allow appdomain ringtone_file:file { getattr read write };
+allow appdomain ringtone_file:file { getattr read write map };
# Read ShortcutManager icon files (opened by system).
-allow appdomain shortcut_manager_icons:file { getattr read };
+allow appdomain shortcut_manager_icons:file { getattr read map };
# Read icon file (opened by system).
-allow appdomain icon_file:file { getattr read };
+allow appdomain icon_file:file { getattr read map };
# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt).
#
@@ -236,12 +236,12 @@ allow appdomain appdomain:unix_stream_socket { getopt getattr read write shutdow
# Backup ability for every app. BMS opens and passes the fd
# to any app that has backup ability. Hence, no open permissions here.
-allow appdomain backup_data_file:file { read write getattr };
-allow appdomain cache_backup_file:file { read write getattr };
+allow appdomain backup_data_file:file { read write getattr map };
+allow appdomain cache_backup_file:file { read write getattr map };
allow appdomain cache_backup_file:dir getattr;
# Backup ability using 'adb backup'
allow appdomain system_data_file:lnk_file r_file_perms;
-allow appdomain system_data_file:file { getattr read };
+allow appdomain system_data_file:file { getattr read map };
# Allow read/stat of /data/media files passed by Binder or local socket IPC.
allow { appdomain -isolated_app } media_rw_data_file:file { read getattr };
diff --git a/public/dex2oat.te b/public/dex2oat.te
index 608ba798..52dae8ca 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -7,9 +7,9 @@ r_dir_file(dex2oat, apk_data_file)
r_dir_file(dex2oat, vendor_app_file)
# Access /vendor/framework
allow dex2oat vendor_framework_file:dir { getattr search };
-allow dex2oat vendor_framework_file:file { getattr open read };
+allow dex2oat vendor_framework_file:file { getattr open read map };
-allow dex2oat tmpfs:file { read getattr };
+allow dex2oat tmpfs:file { read getattr map };
r_dir_file(dex2oat, dalvikcache_data_file)
allow dex2oat dalvikcache_data_file:file write;
@@ -24,16 +24,16 @@ allow dex2oat system_file:file lock;
# Read already open asec_apk_file file descriptors passed by installd.
# Also allow reading unlabeled files, to allow for upgrading forward
# locked APKs.
-allow dex2oat asec_apk_file:file read;
-allow dex2oat unlabeled:file read;
-allow dex2oat oemfs:file read;
+allow dex2oat asec_apk_file:file { read map };
+allow dex2oat unlabeled:file { read map };
+allow dex2oat oemfs:file { read map };
allow dex2oat apk_tmp_file:dir search;
allow dex2oat apk_tmp_file:file r_file_perms;
-allow dex2oat user_profile_data_file:file { getattr read lock };
+allow dex2oat user_profile_data_file:file { getattr read lock map };
# Allow dex2oat to compile app's secondary dex files which were reported back to
# the framework.
-allow dex2oat app_data_file:file { getattr read write lock };
+allow dex2oat app_data_file:file { getattr read write lock map };
##################
# A/B OTA Dexopt #
diff --git a/public/drmserver.te b/public/drmserver.te
index f752c13e..5cdd273f 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -21,8 +21,8 @@ allow drmserver sdcard_type:dir search;
allow drmserver drm_data_file:dir create_dir_perms;
allow drmserver drm_data_file:file create_file_perms;
allow drmserver tee_device:chr_file rw_file_perms;
-allow drmserver app_data_file:file { read write getattr };
-allow drmserver sdcard_type:file { read write getattr };
+allow drmserver app_data_file:file { read write getattr map };
+allow drmserver sdcard_type:file { read write getattr map };
r_dir_file(drmserver, efs_file)
type drmserver_socket, file_type;
@@ -38,12 +38,12 @@ allow drmserver apk_data_file:sock_file unlink;
r_dir_file(drmserver, media_rw_data_file)
# Read resources from open apk files passed over Binder.
-allow drmserver apk_data_file:file { read getattr };
-allow drmserver asec_apk_file:file { read getattr };
-allow drmserver ringtone_file:file { read getattr };
+allow drmserver apk_data_file:file { read getattr map };
+allow drmserver asec_apk_file:file { read getattr map };
+allow drmserver ringtone_file:file { read getattr map };
# Read /data/data/com.android.providers.telephony files passed over Binder.
-allow drmserver radio_data_file:file { read getattr };
+allow drmserver radio_data_file:file { read getattr map };
# /oem access
allow drmserver oemfs:dir search;
diff --git a/public/init.te b/public/init.te
index 2284689d..edb41d80 100644
--- a/public/init.te
+++ b/public/init.te
@@ -177,7 +177,7 @@ allow init {
-system_file
-vendor_file_type
-vold_data_file
-}:file { create getattr open read write setattr relabelfrom unlink };
+}:file { create getattr open read write setattr relabelfrom unlink map };
allow init {
file_type
diff --git a/public/te_macros b/public/te_macros
index 9cfe47c8..dcebbefa 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -345,7 +345,7 @@ allow $1 hwservicemanager:binder { call transfer };
allow hwservicemanager $1:binder { call transfer };
# hwservicemanager performs getpidcon on clients.
allow hwservicemanager $1:dir search;
-allow hwservicemanager $1:file { read open };
+allow hwservicemanager $1:file { read open map };
allow hwservicemanager $1:process getattr;
# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
# all domains in domain.te.
@@ -361,7 +361,7 @@ allow $1 vndbinder_device:chr_file rw_file_perms;
allow $1 vndservicemanager:binder { call transfer };
# vndservicemanager performs getpidcon on clients.
allow vndservicemanager $1:dir search;
-allow vndservicemanager $1:file { read open };
+allow vndservicemanager $1:file { read open map };
allow vndservicemanager $1:process getattr;
')
--
2.17.1

216
patches/platform_system_sepolicy/0012-access-to-proc-slabinfo.patch Normal file
View File

@ -0,0 +1,216 @@
From 4e5380813835b8c896d5514f46f0f26d6481f8af Mon Sep 17 00:00:00 2001
From: AndyCGYan <GeForce8800Ultra@gmail.com>
Date: Wed, 5 Jun 2019 07:17:27 +0000
Subject: [PATCH] [PATCH 12/26] access to /proc/slabinfo
Change-Id: I856fe8038f577543467fe4e9a49c389480887c6f
---
prebuilts/api/28.0/private/app_neverallows.te | 1 +
prebuilts/api/28.0/private/compat/26.0/26.0.cil | 1 +
prebuilts/api/28.0/private/compat/27.0/27.0.cil | 2 +-
prebuilts/api/28.0/private/genfs_contexts | 1 +
prebuilts/api/28.0/public/dumpstate.te | 1 +
prebuilts/api/28.0/public/file.te | 1 +
prebuilts/api/28.0/public/init.te | 11 +++++++++++
prebuilts/api/28.0/public/shell.te | 1 +
private/app_neverallows.te | 1 +
private/compat/26.0/26.0.cil | 1 +
private/compat/27.0/27.0.cil | 2 +-
public/dumpstate.te | 1 +
public/init.te | 11 +++++++++++
public/shell.te | 1 +
14 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/prebuilts/api/28.0/private/app_neverallows.te b/prebuilts/api/28.0/private/app_neverallows.te
index 8d9ccd67..804bcada 100644
--- a/prebuilts/api/28.0/private/app_neverallows.te
+++ b/prebuilts/api/28.0/private/app_neverallows.te
@@ -125,6 +125,7 @@ neverallow all_untrusted_apps {
proc_loadavg
proc_mounts
proc_pagetypeinfo
+ proc_slabinfo
proc_stat
proc_swaps
proc_uptime
diff --git a/prebuilts/api/28.0/private/compat/26.0/26.0.cil b/prebuilts/api/28.0/private/compat/26.0/26.0.cil
index 0478a56b..f05ec59e 100644
--- a/prebuilts/api/28.0/private/compat/26.0/26.0.cil
+++ b/prebuilts/api/28.0/private/compat/26.0/26.0.cil
@@ -478,6 +478,7 @@
proc_pipe_conf
proc_random
proc_sched
+ proc_slabinfo
proc_swaps
proc_uid_time_in_state
proc_uid_concurrent_active_time
diff --git a/prebuilts/api/28.0/private/compat/27.0/27.0.cil b/prebuilts/api/28.0/private/compat/27.0/27.0.cil
index dbe3e885..9358cb3d 100644
--- a/prebuilts/api/28.0/private/compat/27.0/27.0.cil
+++ b/prebuilts/api/28.0/private/compat/27.0/27.0.cil
@@ -452,7 +452,7 @@
(expandtypeattribute (preopt2cachename_exec_27_0) true)
(expandtypeattribute (print_service_27_0) true)
(expandtypeattribute (priv_app_27_0) true)
-(expandtypeattribute (proc_27_0) true)
+(typeattributeset proc_27_0 (proc proc_slabinfo))
(expandtypeattribute (proc_bluetooth_writable_27_0) true)
(expandtypeattribute (proc_cpuinfo_27_0) true)
(expandtypeattribute (proc_drop_caches_27_0) true)
diff --git a/prebuilts/api/28.0/private/genfs_contexts b/prebuilts/api/28.0/private/genfs_contexts
index 526d80d9..9d7a68db 100644
--- a/prebuilts/api/28.0/private/genfs_contexts
+++ b/prebuilts/api/28.0/private/genfs_contexts
@@ -21,6 +21,7 @@ genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0
genfscon proc /swaps u:object_r:proc_swaps:s0
diff --git a/prebuilts/api/28.0/public/dumpstate.te b/prebuilts/api/28.0/public/dumpstate.te
index 23af7dac..846c8d17 100644
--- a/prebuilts/api/28.0/public/dumpstate.te
+++ b/prebuilts/api/28.0/public/dumpstate.te
@@ -167,6 +167,7 @@ allow dumpstate {
proc_pipe_conf
proc_pagetypeinfo
proc_qtaguid_stat
+ proc_slabinfo
proc_version
proc_vmallocinfo
proc_vmstat
diff --git a/prebuilts/api/28.0/public/file.te b/prebuilts/api/28.0/public/file.te
index a4051b2d..357898e9 100644
--- a/prebuilts/api/28.0/public/file.te
+++ b/prebuilts/api/28.0/public/file.te
@@ -44,6 +44,7 @@ type proc_pid_max, fs_type, proc_type;
type proc_pipe_conf, fs_type, proc_type;
type proc_random, fs_type, proc_type;
type proc_sched, fs_type, proc_type;
+type proc_slabinfo, fs_type, proc_type;
type proc_stat, fs_type, proc_type;
type proc_swaps, fs_type, proc_type;
type proc_sysrq, fs_type, proc_type;
diff --git a/prebuilts/api/28.0/public/init.te b/prebuilts/api/28.0/public/init.te
index edb41d80..9eff0b0b 100644
--- a/prebuilts/api/28.0/public/init.te
+++ b/prebuilts/api/28.0/public/init.te
@@ -311,6 +311,17 @@ allow init {
proc_security
}:file rw_file_perms;
+# init chmod/chown access to /proc files.
+allow init {
+ proc_cmdline
+ proc_kmsg
+ proc_net
+ proc_qtaguid_stat
+ proc_slabinfo
+ proc_sysrq
+ proc_vmallocinfo
+}:file setattr;
+
# init access to /sys files.
allow init {
sysfs_android_usb
diff --git a/prebuilts/api/28.0/public/shell.te b/prebuilts/api/28.0/public/shell.te
index 307e1034..43ec6191 100644
--- a/prebuilts/api/28.0/public/shell.te
+++ b/prebuilts/api/28.0/public/shell.te
@@ -127,6 +127,7 @@ allow shell {
proc_meminfo
proc_modules
proc_pid_max
+ proc_slabinfo
proc_stat
proc_timer
proc_uptime
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 8d9ccd67..804bcada 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -125,6 +125,7 @@ neverallow all_untrusted_apps {
proc_loadavg
proc_mounts
proc_pagetypeinfo
+ proc_slabinfo
proc_stat
proc_swaps
proc_uptime
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 0478a56b..f05ec59e 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -478,6 +478,7 @@
proc_pipe_conf
proc_random
proc_sched
+ proc_slabinfo
proc_swaps
proc_uid_time_in_state
proc_uid_concurrent_active_time
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index dbe3e885..9358cb3d 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -452,7 +452,7 @@
(expandtypeattribute (preopt2cachename_exec_27_0) true)
(expandtypeattribute (print_service_27_0) true)
(expandtypeattribute (priv_app_27_0) true)
-(expandtypeattribute (proc_27_0) true)
+(typeattributeset proc_27_0 (proc proc_slabinfo))
(expandtypeattribute (proc_bluetooth_writable_27_0) true)
(expandtypeattribute (proc_cpuinfo_27_0) true)
(expandtypeattribute (proc_drop_caches_27_0) true)
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 23af7dac..846c8d17 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -167,6 +167,7 @@ allow dumpstate {
proc_pipe_conf
proc_pagetypeinfo
proc_qtaguid_stat
+ proc_slabinfo
proc_version
proc_vmallocinfo
proc_vmstat
diff --git a/public/init.te b/public/init.te
index 85bfab94..05a61aec 100644
--- a/public/init.te
+++ b/public/init.te
@@ -314,6 +314,17 @@ allow init {
proc_security
}:file rw_file_perms;
+# init chmod/chown access to /proc files.
+allow init {
+ proc_cmdline
+ proc_kmsg
+ proc_net
+ proc_qtaguid_stat
+ proc_slabinfo
+ proc_sysrq
+ proc_vmallocinfo
+}:file setattr;
+
# init access to /sys files.
allow init {
sysfs_android_usb
diff --git a/public/shell.te b/public/shell.te
index 307e1034..43ec6191 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -127,6 +127,7 @@ allow shell {
proc_meminfo
proc_modules
proc_pid_max
+ proc_slabinfo
proc_stat
proc_timer
proc_uptime
--
2.17.1

77
patches/platform_system_sepolicy/0013-add-map-permission-to-rw_socket_perms.patch Normal file
View File

@ -0,0 +1,77 @@
From 27f3fb4f2af120658cdb1234d9d6bdf8f9f5cd13 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 15 Oct 2018 21:24:57 -0700
Subject: [PATCH 13/26] add map permission to rw_socket_perms
Kernel commit 3ba4bf5f1e2c ("selinux: add a map permission check for
mmap") added a map permission check on mmap so that we can
distinguish memory mapped access (since it has different implications
for revocation). The purpose of a separate map permission check on
mmap(2) is to permit policy to prohibit memory mapping of specific
files for which we need to ensure that every access is revalidated,
particularly useful for scenarios where we expect the file to be
relabeled at runtime in order to reflect state changes (e.g.
cross-domain solution, assured pipeline without data copying).
system/sepolicy commit 4397f08288890ef397697b4d6dbff596bdca14c8 added
the map permission to common file macros, to ensure that file access
would continue working even in the presence of a newer kernel. However,
that change did not affect socket access.
Certain socket classes, such as AF_NETLINK and AF_PACKET, also support
mmap operations. This change adds the map permission to rw_socket_perms,
to ensure continued support for newer kernels.
This technically allows mmap even in cases where the socket family
doesn't support it (such as TCP and UDP sockets), but granting it
is harmless in those cases.
In particular, this fixes a bug in clatd, where the following error
would occur:
10-01 13:59:03.182 7129 7129 I clatd : Starting clat version 1.4 on rmnet0 netid=100 mark=0xf0064
10-01 13:59:03.195 7129 7129 I auditd : type=1400 audit(0.0:18): avc: denied { map } for comm="clatd" path="socket:[52802]" dev="sockfs" ino=52802 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket permissive=0
10-01 13:59:03.195 7129 7129 W clatd : type=1400 audit(0.0:18): avc: denied { map } for path="socket:[52802]" dev="sockfs" ino=52802 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket permissive=0
10-01 13:59:03.199 7129 7129 F clatd : mmap 1048576 failed: Permission denied
Test: policy compiles
Bug: 117791876
Change-Id: I39f286d577b4a2160037ef271517ae8a3839b49b
---
prebuilts/api/28.0/public/global_macros | 4 ++--
public/global_macros | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/prebuilts/api/28.0/public/global_macros b/prebuilts/api/28.0/public/global_macros
index 5dab5ab0..b2fe6ae8 100644
--- a/prebuilts/api/28.0/public/global_macros
+++ b/prebuilts/api/28.0/public/global_macros
@@ -42,8 +42,8 @@ define(`create_ipc_perms', `{ create setattr destroy rw_ipc_perms }')
#####################################
# Common socket permission sets.
-define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown }')
-define(`rw_socket_perms_no_ioctl', `{ read getattr write setattr lock append bind connect getopt setopt shutdown }')
+define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown map }')
+define(`rw_socket_perms_no_ioctl', `{ read getattr write setattr lock append bind connect getopt setopt shutdown map }')
define(`create_socket_perms', `{ create rw_socket_perms }')
define(`create_socket_perms_no_ioctl', `{ create rw_socket_perms_no_ioctl }')
define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
diff --git a/public/global_macros b/public/global_macros
index 5dab5ab0..b2fe6ae8 100644
--- a/public/global_macros
+++ b/public/global_macros
@@ -42,8 +42,8 @@ define(`create_ipc_perms', `{ create setattr destroy rw_ipc_perms }')
#####################################
# Common socket permission sets.
-define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown }')
-define(`rw_socket_perms_no_ioctl', `{ read getattr write setattr lock append bind connect getopt setopt shutdown }')
+define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown map }')
+define(`rw_socket_perms_no_ioctl', `{ read getattr write setattr lock append bind connect getopt setopt shutdown map }')
define(`create_socket_perms', `{ create rw_socket_perms }')
define(`create_socket_perms_no_ioctl', `{ create rw_socket_perms_no_ioctl }')
define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
--
2.17.1

140
patches/platform_system_sepolicy/0014-Update-socket-ioctl-restrictions.patch Normal file
View File

@ -0,0 +1,140 @@
From c91936195fbf52215dc5ca774ca081d4e931e391 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 21 Jun 2018 16:57:58 -0700
Subject: [PATCH 14/26] Update socket ioctl restrictions
Grant access to icmp_socket to netdomain. This was previously
labeled as rawip_socket which apps are allowed to use. Neverallow
all other new socket types for apps.
Kernels versions > 4.9 redefine ICMP sockets from rawip_socket
to icmp_socket. To pass neverallow tests, we need to define
which IOCTLs are allowed (and disallowed).
Note that this does not change behavior on devices with
kernel versions <=4.9. However, it is necessary (although not
sufficient) to pass CTS on kernel version 4.14.
Bug: 126141696
[change_type ] feature_bugfix
[tag_product ] specific
Test: Grant icmp_socket in net.te and build.
Change-Id: I5c7cb6867d1a4cd1554a8da0d55daa8e06daf803
(Cherry picked from commit 0597ade15ccb3415b41fa86052545007396b4810)
---
prebuilts/api/28.0/private/app_neverallows.te | 8 ++++++--
prebuilts/api/28.0/private/net.te | 2 +-
prebuilts/api/28.0/public/domain.te | 2 +-
private/app_neverallows.te | 8 ++++++--
private/net.te | 2 +-
public/domain.te | 2 +-
6 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/prebuilts/api/28.0/private/app_neverallows.te b/prebuilts/api/28.0/private/app_neverallows.te
index 804bcada..cc78f0b7 100644
--- a/prebuilts/api/28.0/private/app_neverallows.te
+++ b/prebuilts/api/28.0/private/app_neverallows.te
@@ -70,7 +70,7 @@ neverallow all_untrusted_apps sysfs:file no_rw_file_perms;
# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the
# ioctl permission, or 3. disallow the socket class.
-neverallowxperm all_untrusted_apps domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallowxperm all_untrusted_apps domain:{ icmp_socket rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl;
neverallow all_untrusted_apps *:{
socket netlink_socket packet_socket key_socket appletalk_socket
@@ -79,7 +79,11 @@ neverallow all_untrusted_apps *:{
netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
- netlink_rdma_socket netlink_crypto_socket
+ netlink_rdma_socket netlink_crypto_socket sctp_socket
+ ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
+ atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
+ bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
+ alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
} *;
# Do not allow untrusted apps access to /cache
diff --git a/prebuilts/api/28.0/private/net.te b/prebuilts/api/28.0/private/net.te
index f16daf94..8bf8c921 100644
--- a/prebuilts/api/28.0/private/net.te
+++ b/prebuilts/api/28.0/private/net.te
@@ -4,7 +4,7 @@
# Use network sockets.
allow netdomain self:tcp_socket create_stream_socket_perms;
-allow netdomain self:{ udp_socket rawip_socket } create_socket_perms;
+allow netdomain self:{ icmp_socket udp_socket rawip_socket } create_socket_perms;
# Connect to ports.
allow netdomain port_type:tcp_socket name_connect;
# Bind to ports.
diff --git a/prebuilts/api/28.0/public/domain.te b/prebuilts/api/28.0/public/domain.te
index 42a26cf2..9d3645eb 100644
--- a/prebuilts/api/28.0/public/domain.te
+++ b/prebuilts/api/28.0/public/domain.te
@@ -262,7 +262,7 @@ allow domain fs_type:dir getattr;
# defaults for all processes. Note that granting this whitelist to domain does
# not grant the ioctl permission on these socket types. That must be granted
# separately.
-allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
+allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
# default whitelist for unix sockets.
allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 804bcada..cc78f0b7 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -70,7 +70,7 @@ neverallow all_untrusted_apps sysfs:file no_rw_file_perms;
# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the
# ioctl permission, or 3. disallow the socket class.
-neverallowxperm all_untrusted_apps domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallowxperm all_untrusted_apps domain:{ icmp_socket rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl;
neverallow all_untrusted_apps *:{
socket netlink_socket packet_socket key_socket appletalk_socket
@@ -79,7 +79,11 @@ neverallow all_untrusted_apps *:{
netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
- netlink_rdma_socket netlink_crypto_socket
+ netlink_rdma_socket netlink_crypto_socket sctp_socket
+ ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
+ atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
+ bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
+ alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
} *;
# Do not allow untrusted apps access to /cache
diff --git a/private/net.te b/private/net.te
index f16daf94..8bf8c921 100644
--- a/private/net.te
+++ b/private/net.te
@@ -4,7 +4,7 @@
# Use network sockets.
allow netdomain self:tcp_socket create_stream_socket_perms;
-allow netdomain self:{ udp_socket rawip_socket } create_socket_perms;
+allow netdomain self:{ icmp_socket udp_socket rawip_socket } create_socket_perms;
# Connect to ports.
allow netdomain port_type:tcp_socket name_connect;
# Bind to ports.
diff --git a/public/domain.te b/public/domain.te
index 42a26cf2..9d3645eb 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -262,7 +262,7 @@ allow domain fs_type:dir getattr;
# defaults for all processes. Note that granting this whitelist to domain does
# not grant the ioctl permission on these socket types. That must be granted
# separately.
-allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
+allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
# default whitelist for unix sockets.
allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
--
2.17.1

91
patches/platform_system_sepolicy/0015-isolated_app-add-mmaps.patch Normal file
View File

@ -0,0 +1,91 @@
From ea98326c1e263dabcef91bb63e3a0c43f57c3e59 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 31 Oct 2018 12:47:27 -0700
Subject: [PATCH 15/26] isolated_app: add mmaps
Kernel commit 3ba4bf5f1e2c ("selinux: add a map permission check for mmap")
added a map permission check on mmap so that we can
distinguish memory mapped access (since it has different implications
for revocation). system/sepolicy commit
4397f08288890ef397697b4d6dbff596bdca14c8 introduced the permission to
Android and updated common macros. Since then, we've been adding more
mmap support where it was accidentally omitted.
Add the ability for isolated_apps to mmap() app data files. There's no
reason why this should be blocked. Also fixup sdcard access which has
similar problems.
Bug: 118760652
Bug: https://crbug.com/892014
Test: policy compiles.
Change-Id: I3823f313103c9dcedf3b21d081a22f8fbb271c02
---
prebuilts/api/28.0/private/isolated_app.te | 6 +++---
private/isolated_app.te | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/prebuilts/api/28.0/private/isolated_app.te b/prebuilts/api/28.0/private/isolated_app.te
index a6276b38..0348a3ee 100644
--- a/prebuilts/api/28.0/private/isolated_app.te
+++ b/prebuilts/api/28.0/private/isolated_app.te
@@ -11,7 +11,7 @@ typeattribute isolated_app coredomain;
app_domain(isolated_app)
# Access already open app data files received over Binder or local socket IPC.
-allow isolated_app app_data_file:file { append read write getattr lock };
+allow isolated_app app_data_file:file { append read write getattr lock map };
allow isolated_app activity_service:service_manager find;
allow isolated_app display_service:service_manager find;
@@ -29,7 +29,7 @@ allow isolated_app self:process ptrace;
# neverallow rules below.
# media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs
# is modified to change the secontext when accessing the lower filesystem.
-allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock };
+allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock map };
# For webviews, isolated_app processes can be forked from the webview_zygote
# in addition to the zygote. Allow access to resources inherited from the
@@ -102,7 +102,7 @@ neverallow isolated_app cache_file:file ~{ read getattr };
neverallow isolated_app { storage_file mnt_user_file sdcard_type }:dir ~getattr;
neverallow isolated_app { storage_file mnt_user_file }:file_class_set *;
neverallow isolated_app sdcard_type:{ devfile_class_set lnk_file sock_file fifo_file } *;
-neverallow isolated_app sdcard_type:file ~{ read write append getattr lock };
+neverallow isolated_app sdcard_type:file ~{ read write append getattr lock map };
# Do not allow USB access
neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
diff --git a/private/isolated_app.te b/private/isolated_app.te
index a6276b38..0348a3ee 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -11,7 +11,7 @@ typeattribute isolated_app coredomain;
app_domain(isolated_app)
# Access already open app data files received over Binder or local socket IPC.
-allow isolated_app app_data_file:file { append read write getattr lock };
+allow isolated_app app_data_file:file { append read write getattr lock map };
allow isolated_app activity_service:service_manager find;
allow isolated_app display_service:service_manager find;
@@ -29,7 +29,7 @@ allow isolated_app self:process ptrace;
# neverallow rules below.
# media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs
# is modified to change the secontext when accessing the lower filesystem.
-allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock };
+allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock map };
# For webviews, isolated_app processes can be forked from the webview_zygote
# in addition to the zygote. Allow access to resources inherited from the
@@ -102,7 +102,7 @@ neverallow isolated_app cache_file:file ~{ read getattr };
neverallow isolated_app { storage_file mnt_user_file sdcard_type }:dir ~getattr;
neverallow isolated_app { storage_file mnt_user_file }:file_class_set *;
neverallow isolated_app sdcard_type:{ devfile_class_set lnk_file sock_file fifo_file } *;
-neverallow isolated_app sdcard_type:file ~{ read write append getattr lock };
+neverallow isolated_app sdcard_type:file ~{ read write append getattr lock map };
# Do not allow USB access
neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
--
2.17.1

44
patches/platform_system_sepolicy/0018-domain.te-Add-map-permissions-to-vendor_config_files.patch Normal file
View File

@ -0,0 +1,44 @@
From f4ad3736194aeff8f6479761c6134246c95ed81f Mon Sep 17 00:00:00 2001
From: John Stultz <john.stultz@linaro.org>
Date: Wed, 6 Jun 2018 12:32:45 -0700
Subject: [PATCH 18/26] domain.te: Add map permissions to vendor_config_files
For 4.14+ kernels, we need map permissions for vendor_config_files,
for things like kernel loaded firmware blobs, etc.
Change-Id: I8144c50b0239aedf4124569003187cc50c963080
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
prebuilts/api/28.0/public/domain.te | 2 +-
public/domain.te | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/prebuilts/api/28.0/public/domain.te b/prebuilts/api/28.0/public/domain.te
index 9d3645eb..a0a19166 100644
--- a/prebuilts/api/28.0/public/domain.te
+++ b/prebuilts/api/28.0/public/domain.te
@@ -181,7 +181,7 @@ allow domain vndk_sp_file:file { execute read open getattr map };
# All domains get access to /vendor/etc
allow domain vendor_configs_file:dir r_dir_perms;
-allow domain vendor_configs_file:file { read open getattr };
+allow domain vendor_configs_file:file { read open getattr map };
full_treble_only(`
# Allow all domains to be able to follow /system/vendor and/or
diff --git a/public/domain.te b/public/domain.te
index 9d3645eb..a0a19166 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -181,7 +181,7 @@ allow domain vndk_sp_file:file { execute read open getattr map };
# All domains get access to /vendor/etc
allow domain vendor_configs_file:dir r_dir_perms;
-allow domain vendor_configs_file:file { read open getattr };
+allow domain vendor_configs_file:file { read open getattr map };
full_treble_only(`
# Allow all domains to be able to follow /system/vendor and/or
--
2.17.1

102
patches/platform_system_sepolicy/0019-Relax-some-neverallow-rules.patch Normal file
View File

@ -0,0 +1,102 @@
From 782636c9e2be240ec48543ca5171bf2ea2bc0f38 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 7 Aug 2018 13:44:20 -0700
Subject: [PATCH 19/26] Relax some neverallow rules
Kernels above 4.14 have a new mmap permission. However, neverallow rules
exclude the use of mmap, even when file FDs are passable across the
vendor/non-vendor boundary. Since we allow reading / writing of passed
file descriptors, also allow the use of mmap for passed file
descriptors.
Bug: 112171217
Test: policy compiles
Change-Id: I8176f86960bdff0cf5de770809510e9df5d62db9
---
prebuilts/api/28.0/public/domain.te | 8 ++++----
public/domain.te | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/prebuilts/api/28.0/public/domain.te b/prebuilts/api/28.0/public/domain.te
index a0a19166..26ce1a00 100644
--- a/prebuilts/api/28.0/public/domain.te
+++ b/prebuilts/api/28.0/public/domain.te
@@ -818,7 +818,7 @@ full_treble_only(`
} {
data_file_type
-core_data_file_type
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
')
full_treble_only(`
neverallow {
@@ -850,7 +850,7 @@ full_treble_only(`
# files in /data/misc/zoneinfo/tzdata file. These functions are considered
# vndk-stable and thus must be allowed for all processes.
-zoneinfo_data_file
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
neverallow {
vendor_init
-data_between_core_and_vendor_violators
@@ -858,7 +858,7 @@ full_treble_only(`
core_data_file_type
-unencrypted_data_file
-zoneinfo_data_file
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
# The vendor init binary lives on the system partition so there is not a concern with stability.
neverallow vendor_init unencrypted_data_file:file ~r_file_perms;
@@ -924,7 +924,7 @@ full_treble_only(`
-init
} {
vendor_data_file # default label for files on /data/vendor{,_ce,_de}.
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
diff --git a/public/domain.te b/public/domain.te
index a0a19166..26ce1a00 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -818,7 +818,7 @@ full_treble_only(`
} {
data_file_type
-core_data_file_type
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
')
full_treble_only(`
neverallow {
@@ -850,7 +850,7 @@ full_treble_only(`
# files in /data/misc/zoneinfo/tzdata file. These functions are considered
# vndk-stable and thus must be allowed for all processes.
-zoneinfo_data_file
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
neverallow {
vendor_init
-data_between_core_and_vendor_violators
@@ -858,7 +858,7 @@ full_treble_only(`
core_data_file_type
-unencrypted_data_file
-zoneinfo_data_file
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
# The vendor init binary lives on the system partition so there is not a concern with stability.
neverallow vendor_init unencrypted_data_file:file ~r_file_perms;
@@ -924,7 +924,7 @@ full_treble_only(`
-init
} {
vendor_data_file # default label for files on /data/vendor{,_ce,_de}.
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
--
2.17.1

41
patches/platform_system_sepolicy/0021-health-allow-wake_alarm-capability.patch Normal file
View File

@ -0,0 +1,41 @@
From cbe173447e3d1e5e059bc75779f588cfda66329d Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Wed, 6 Mar 2019 10:54:21 -0800
Subject: [PATCH 21/26] health: allow wake_alarm capability.
CAP_WAKE_ALARM was required for timerfd_create since 4.10 kernel upstream.
Add capability to platform policy for healthd and health HAL.
Fixes: 124210362
Test: boots (sanity)
Change-Id: I8ebb383608eedd59beddec3f476b071e81b80871
---
prebuilts/api/28.0/public/hal_health.te | 3 +++
public/hal_health.te | 3 +++
2 files changed, 6 insertions(+)
diff --git a/prebuilts/api/28.0/public/hal_health.te b/prebuilts/api/28.0/public/hal_health.te
index c0a0f804..1db5fcc6 100644
--- a/prebuilts/api/28.0/public/hal_health.te
+++ b/prebuilts/api/28.0/public/hal_health.te
@@ -28,3 +28,6 @@ wakelock_use(hal_health_server)
# Write to /dev/kmsg
allow hal_health_server kmsg_device:chr_file w_file_perms;
+
+# Allow to use timerfd to wake itself up periodically to send health info.
+allow hal_health_server self:capability2 wake_alarm;
diff --git a/public/hal_health.te b/public/hal_health.te
index c0a0f804..1db5fcc6 100644
--- a/public/hal_health.te
+++ b/public/hal_health.te
@@ -28,3 +28,6 @@ wakelock_use(hal_health_server)
# Write to /dev/kmsg
allow hal_health_server kmsg_device:chr_file w_file_perms;
+
+# Allow to use timerfd to wake itself up periodically to send health info.
+allow hal_health_server self:capability2 wake_alarm;
--
2.17.1

91
patches/platform_system_sepolicy/0022-sepolicy-Add-mmap-for-profman.patch Normal file
View File

@ -0,0 +1,91 @@
From af4188bc5971cafc7f3e1473e2da15fcf94cbe60 Mon Sep 17 00:00:00 2001
From: Benjamin Gordon <bmgordon@google.com>
Date: Wed, 22 Aug 2018 06:30:51 -0600
Subject: [PATCH 22/26] sepolicy: Add mmap for profman
SELinux has a separate file mmap permission in 4.14+ kernels. Add this
to profman in cases where it could already access files.
Bug: 112990132
Test: atest com.android.cts.dexmetadata.InstallDexMetadataHostTest
Change-Id: I4f3cd55fbd4d0052500f07aac7d286c397758abc
---
prebuilts/api/28.0/public/profman.te | 14 +++++++-------
public/profman.te | 14 +++++++-------
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/prebuilts/api/28.0/public/profman.te b/prebuilts/api/28.0/public/profman.te
index 4296d1b1..da639b0a 100644
--- a/prebuilts/api/28.0/public/profman.te
+++ b/prebuilts/api/28.0/public/profman.te
@@ -2,24 +2,24 @@
type profman, domain;
type profman_exec, exec_type, file_type;
-allow profman user_profile_data_file:file { getattr read write lock };
+allow profman user_profile_data_file:file { getattr read write lock map };
# Dumping profile info opens the application APK file for pretty printing.
-allow profman asec_apk_file:file { read };
-allow profman apk_data_file:file { getattr read };
+allow profman asec_apk_file:file { read map };
+allow profman apk_data_file:file { getattr read map };
allow profman apk_data_file:dir { getattr read search };
-allow profman oemfs:file { read };
+allow profman oemfs:file { read map };
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
-allow profman tmpfs:file { read };
-allow profman profman_dump_data_file:file { write };
+allow profman tmpfs:file { read map };
+allow profman profman_dump_data_file:file { write map };
allow profman installd:fd use;
# Allow profman to analyze profiles for the secondary dex files. These
# are application dex files reported back to the framework when using
# BaseDexClassLoader.
-allow profman app_data_file:file { getattr read write lock };
+allow profman app_data_file:file { getattr read write lock map };
allow profman app_data_file:dir { getattr read search };
###
diff --git a/public/profman.te b/public/profman.te
index 4296d1b1..da639b0a 100644
--- a/public/profman.te
+++ b/public/profman.te
@@ -2,24 +2,24 @@
type profman, domain;
type profman_exec, exec_type, file_type;
-allow profman user_profile_data_file:file { getattr read write lock };
+allow profman user_profile_data_file:file { getattr read write lock map };
# Dumping profile info opens the application APK file for pretty printing.
-allow profman asec_apk_file:file { read };
-allow profman apk_data_file:file { getattr read };
+allow profman asec_apk_file:file { read map };
+allow profman apk_data_file:file { getattr read map };
allow profman apk_data_file:dir { getattr read search };
-allow profman oemfs:file { read };
+allow profman oemfs:file { read map };
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
-allow profman tmpfs:file { read };
-allow profman profman_dump_data_file:file { write };
+allow profman tmpfs:file { read map };
+allow profman profman_dump_data_file:file { write map };
allow profman installd:fd use;
# Allow profman to analyze profiles for the secondary dex files. These
# are application dex files reported back to the framework when using
# BaseDexClassLoader.
-allow profman app_data_file:file { getattr read write lock };
+allow profman app_data_file:file { getattr read write lock map };
allow profman app_data_file:dir { getattr read search };
###
--
2.17.1

25
patches/platform_system_vold/0001-Allow-deletion-of-symlink.patch Normal file
View File

@ -0,0 +1,25 @@
From 30aec8035b43d5fd912995ca2e8a756d2c4ec847 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sat, 17 Feb 2018 19:39:38 +0100
Subject: [PATCH 1/5] Allow deletion of symlink
Change-Id: I9731895f88729072297f753088583aabbe6990f4
---
Ext4Crypt.cpp | 1 +
1 file changed, 1 insertion(+)
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 67b7e90..99a63b4 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -221,6 +221,7 @@ static bool prepare_dir(const std::string& dir, mode_t mode, uid_t uid, gid_t gi
static bool destroy_dir(const std::string& dir) {
LOG(DEBUG) << "Destroying: " << dir;
if (rmdir(dir.c_str()) != 0 && errno != ENOENT) {
+ if(unlink(dir.c_str()) == 0) return true;
PLOG(ERROR) << "Failed to destroy " << dir;
return false;
}
--
2.17.1

23
patches/platform_system_vold/0002-Don-t-set-reserved_disk-group-it-panics-old-inits.patch Normal file
View File

@ -0,0 +1,23 @@
From 1dd37cd4657bf21e8e1db83edb44916efbfeaf49 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 20:53:12 +0200
Subject: [PATCH] Don't set reserved_disk group, it panics old inits
---
vold.rc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vold.rc b/vold.rc
index 93d8786..bba44e4 100644
--- a/vold.rc
+++ b/vold.rc
@@ -5,4 +5,4 @@ service vold /system/bin/vold \
ioprio be 2
writepid /dev/cpuset/foreground/tasks
shutdown critical
- group root reserved_disk
+ group root
\ No newline at end of file
--
2.17.1

26
patches/platform_system_vold/0003-Create-vendor_de.-This-is-done-by-init.rc-on-system-.patch Normal file
View File

@ -0,0 +1,26 @@
From bf2c32c1645ca6ceb30c9ce132888233f8e3b705 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 20:54:08 +0200
Subject: [PATCH 3/5] Create vendor_de. This is done by /init.rc on
system-as-root device
---
Ext4Crypt.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 99a63b4..090532f 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -667,6 +667,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
+ prepare_dir(android::vold::BuildDataPath("") + "/vendor_de", 0771, 0, 0);
+
if (volume_uuid.empty()) {
if (!prepare_dir(system_legacy_path, 0700, AID_SYSTEM, AID_SYSTEM)) return false;
#if MANAGE_MISC_DIRS
--
2.17.1

44
patches/platform_system_vold/0004-Support-Samsung-s-implementation-of-exfat-called-sdf.patch Normal file
View File

@ -0,0 +1,44 @@
From 0eaff7949121b468bc50e1171fad679f9a383fd5 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 20 Aug 2018 22:37:54 +0200
Subject: [PATCH 4/5] Support Samsung's implementation of exfat, called sdfat
---
fs/Exfat.cpp | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/Exfat.cpp b/fs/Exfat.cpp
index 5c15075..5e23a79 100644
--- a/fs/Exfat.cpp
+++ b/fs/Exfat.cpp
@@ -35,7 +35,7 @@ static const char* kFsckPath = "/system/bin/fsck.exfat";
bool IsSupported() {
return access(kMkfsPath, X_OK) == 0 && access(kFsckPath, X_OK) == 0 &&
- IsFilesystemSupported("exfat");
+ (IsFilesystemSupported("exfat") || IsFilesystemSupported("sdfat"));
}
status_t Check(const std::string& source) {
@@ -60,13 +60,16 @@ status_t Mount(const std::string& source, const std::string& target, int ownerUi
auto mountData = android::base::StringPrintf("uid=%d,gid=%d,fmask=%o,dmask=%o", ownerUid,
ownerGid, permMask, permMask);
- if (mount(source.c_str(), target.c_str(), "exfat", mountFlags, mountData.c_str()) == 0) {
+ const char *fs = "exfat";
+ if(IsFilesystemSupported("sdfat"))
+ fs = "sdfat";
+ if (mount(source.c_str(), target.c_str(), fs, mountFlags, mountData.c_str()) == 0) {
return 0;
}
PLOG(ERROR) << "Mount failed; attempting read-only";
mountFlags |= MS_RDONLY;
- if (mount(source.c_str(), target.c_str(), "exfat", mountFlags, mountData.c_str()) == 0) {
+ if (mount(source.c_str(), target.c_str(), fs, mountFlags, mountData.c_str()) == 0) {
return 0;
}
--
2.17.1

25
patches/platform_system_vold/0005-Also-create-vendor_ce-same-reason-as-vendor_de.patch Normal file
View File

@ -0,0 +1,25 @@
From 0db3adc78adb5f2a1bec10dc6824a26b6dada9b6 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 20 Aug 2018 22:38:08 +0200
Subject: [PATCH 5/5] Also create vendor_ce (same reason as vendor_de)
---
Ext4Crypt.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 090532f..6b60796 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -706,6 +706,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
+ prepare_dir(android::vold::BuildDataPath("") + "/vendor_ce", 0771, 0, 0);
+
if (volume_uuid.empty()) {
if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
--
2.17.1