author | Daniel Cardenas <danielcar@google.com> | 2018-12-11 12:46:23 (GMT) |
---|---|---|
committer | Android Partner Code Review <android-gerrit-partner@google.com> | 2018-12-11 12:46:23 (GMT) |
commit | 48a54941c6bf937136f46e42e84a63aef5b9a540 (patch) | |
tree | 9646afee9cba98f1a17d1d6e42425744811f9cbd | |
parent | f2f1ebdad59793b2ec4e8fc32d66c771e4d078ac (diff) | |
parent | 2797b4846a94463c18d9513a4117f72ff6369f73 (diff) | |
download | common-48a54941c6bf937136f46e42e84a63aef5b9a540.zip common-48a54941c6bf937136f46e42e84a63aef5b9a540.tar.gz common-48a54941c6bf937136f46e42e84a63aef5b9a540.tar.bz2 |
Merge "product:enable PRODUCT_SHIPPING_API_LEVEL := 28 [1/8]" into p-tv-dev
58 files changed, 410 insertions, 106 deletions
@@ -18,6 +18,10 @@ ifneq ($(AB_OTA_UPDATER),true) BUILT_IMAGES += cache.img endif +ifdef BOARD_PREBUILT_DTBOIMAGE +BUILT_IMAGES += dtbo.img +endif + BUILT_IMAGES += vendor.img ifeq ($(BOARD_USES_ODMIMAGE),true) BUILT_IMAGES += odm.img @@ -85,6 +89,9 @@ endif ifdef KERNEL_DEVICETREE DTBTOOL := $(BOARD_AML_VENDOR_PATH)/tools/dtbTool +DTCTOOL := out/host/linux-x86/bin/dtc +DTIMGTOOL := out/host/linux-x86/bin/mkdtimg + ifdef KERNEL_DEVICETREE_CUSTOMER_DIR KERNEL_DEVICETREE_DIR := $(KERNEL_DEVICETREE_CUSTOMER_DIR) else @@ -116,7 +123,7 @@ ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true) INSTALLED_BOARDDTB_TARGET := $(INSTALLED_BOARDDTB_TARGET).encrypt endif# ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true) -$(INSTALLED_BOARDDTB_TARGET) : $(KERNEL_DEVICETREE_SRC) $(KERNEL_OUT) $(KERNEL_CONFIG) +$(INSTALLED_BOARDDTB_TARGET) : $(KERNEL_DEVICETREE_SRC) $(KERNEL_OUT) $(KERNEL_CONFIG) $(DTCTOOL) $(DTIMGTOOL) $(foreach aDts, $(KERNEL_DEVICETREE), \ sed -i 's/^#include \"partition_.*/#include \"$(TARGET_PARTITION_DTSI)\"/' $(KERNEL_ROOTDIR)/$(KERNEL_DEVICETREE_DIR)/$(strip $(aDts)).dts; \ sed -i 's/^#include \"firmware_.*/#include \"$(TARGET_FIRMWARE_DTSI)\"/' $(KERNEL_ROOTDIR)/$(KERNEL_DEVICETREE_DIR)/$(TARGET_PARTITION_DTSI); \ @@ -140,9 +147,17 @@ ifeq ($(BOARD_AVB_ENABLE),true) --partition_name dtb endif +$(BOARD_PREBUILT_DTBOIMAGE): $(INSTALLED_BOARDDTB_TARGET) | $(DTCTOOL) $(DTIMGTOOL) + $(DTCTOOL) -@ -O dtb -o $(PRODUCT_OUT)/$(DTBO_DEVICETREE).dtbo $(KERNEL_ROOTDIR)/$(KERNEL_DEVICETREE_DIR)/$(DTBO_DEVICETREE).dts + $(DTIMGTOOL) create $@ $(PRODUCT_OUT)/$(DTBO_DEVICETREE).dtbo + @echo "Instaled $@" + .PHONY: dtbimage dtbimage: $(INSTALLED_BOARDDTB_TARGET) +.PHONY: dtboimage +dtboimage: $(PRODUCT_OUT)/dtbo.img + endif # ifdef KERNEL_DEVICETREE # Adds to <product name>-img-<build number>.zip so can be flashed. b/110831381 @@ -376,6 +391,10 @@ ifeq ($(BOARD_USES_PRODUCTIMAGE),true) FASTBOOT_IMAGES += product.img endif +ifdef BOARD_PREBUILT_DTBOIMAGE +FASTBOOT_IMAGES += dtbo.img +endif + ifeq ($(BUILD_WITH_AVB),true) FASTBOOT_IMAGES += vbmeta.img endif diff --git a/flash-all.bat b/flash-all.bat index dbbeaf5..ecb2dde 100755 --- a/flash-all.bat +++ b/flash-all.bat @@ -26,6 +26,7 @@ ping -n 5 127.0.0.1 >nul fastboot flashing unlock_critical fastboot flashing unlock fastboot flash dts dt.img +fastboot flash dtbo dtbo.img fastboot -w fastboot flash vbmeta vbmeta.img fastboot flash odm odm.img diff --git a/flash-all.sh b/flash-all.sh index 96397a9..ff2b333 100755 --- a/flash-all.sh +++ b/flash-all.sh @@ -61,6 +61,7 @@ sleep 5 fastboot $sern flashing unlock_critical fastboot $sern flashing unlock fastboot $sern flash dts dt.img +fastboot $sern flash dtbo dtbo.img fastboot $sern erase param fastboot $sern -w diff --git a/optimization/config b/optimization/config index ec564fc..597a2ec 100755 --- a/optimization/config +++ b/optimization/config @@ -1 +1 @@ -NPEF;IjhiQspgjmfEBUB;0tzt0dmbtt0uifsnbm0uifsnbm`{pof10npef;ejtbcmfe0tzt0dmbtt0uifsnbm0uifsnbm`{pof20npef;ejtbcmfe0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0tdbmjoh`nby`gsfr;0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0dqvjogp`nby`gsfr0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0inq`cpptu;20tzt0dmbtt0nqhqv0tdbmf`npef;40tzt0efwjdft0tztufn0dmpdltpvsdf0dmpdltpvsdf10dvssfou`dmpdltpvsdf;Ujnfs.Ltzt/pqujnj{bujpo/vj/ix;usvftzt/ibsexbsf/wtzod;usvfQLH;dpn/bouvuvdpn/sjhiuxbsf/uenn3w21kojgsfftpguxfh/ix/qfsgpsnbodfdpn/hmcfodinbsldb/qsjnbufmbct/hfflcfodi3dpn/fmmjtnbslpw/hqvcfodiqfsgpsnbodf/uftudpn/hsffofdpnqvujoh/mjoqbdldpn/espmf{/ocfoditf/ofobdpn/rvbmdpnn/ry/ofpdpsfdpn/bvspsbtpguxpslt/rvbesboudpn/tnbsucfodi/fmfwfodpn/qbttnbsl/qu`npcjmfdpn/fecvsofuuf/gqt3edpn/Cgjfme/DqvJefoujgjfsfv/dibjogjsf/dgcfodidpn/gvuvsfnbsl/enboespje/bqqmjdbujpodpn/rvjdjod/wfmmbnpdpn/IPUJDF/NpcjmfUftudpn/qduwuw/boespje/uutydpn/ffncd/dpsfnbsldpn/boespje/dn4dpn/qsjnbufmbctdpn/bsn/of21/efnpdpn/boespje/dut/pqfohm0/qsjnjujwf/HMQsjnjujwfBdujwjuzdpn/ubdufm/fmfdupqjbdpn/rrgsjfoetdpn/topxdpme/cfodinbslNPEF;DqvMjnjufsGsfrEBUB;0tzt0dmbtt0uifsnbm0uifsnbm`{pof10npef;ejtbcmfe0tzt0dmbtt0uifsnbm0uifsnbm`{pof20npef;ejtbcmfe0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0tdbmjoh`nby`gsfr;711111QLH;dpn/bouvuv/uftufsNPEF;HqvGpsdfSfoefsEBUB;tzt/pqujnj{bujpo/vj/ix;usvfQLH;dpn/ufodfou/hbnf/sizuinnbtufsNPEF;DUTEBUB;tzt/wtzod/uzqf;ibsexbsftzt/nfejb/pny/ws;usvfQLH;boespje/nfejb/dut0/EfdpefBddvsbdzUftuBdujwjuzboespje/wjfx/dut0/QjyfmDpqzWjefpTpvsdfBdujwjuzboespje/wjfx/dut0/tvsgbdfwbmjebups/DbquvsfeBdujwjuzdpn/hpphmf/boespje/fypqmbzfs/hut0/vujm/IptuBdujwjuzdpn/boespje/dut/wfsjgjfsNPEF;HqvIjhiQspgjmfEBUB;0tzt0dmbtt0nqhqv0tdbmf`npef;4QLH;dpn/esbxfmfnfout/efrqboespje/mfbocbdlkbol/dutboespje/mfbocbdlkbol/bqqdpn/boespje/tfswfs/dut/efwjdf/hsbqijdttubutboespje/wjfx/dut0/EjtqmbzSfgsftiSbufDutBdujwjuzboespje/pqfohmqfsg/dut0/HmQmbofutBdujwjuzdpn/ofugmjy/ojokb0/NbjoBdujwjuzNPEF;FodpefsHutUftuEBUB;ix/fodpefs/cjusbuf/uftu;2nfejb/pny/ejtqmbz`npef;20tzt0npevmf0ej0qbsbnfufst0czqbtt`bmm;2QLH;dpn/hpphmf/boespje/nfejb/hut
\ No newline at end of file +NPEF;IjhiQspgjmfEBUB;0tzt0dmbtt0uifsnbm0uifsnbm`{pof10npef;ejtbcmfe0tzt0dmbtt0uifsnbm0uifsnbm`{pof20npef;ejtbcmfe0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0tdbmjoh`nby`gsfr;0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0dqvjogp`nby`gsfr0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0inq`cpptu;20tzt0dmbtt0nqhqv0tdbmf`npef;40tzt0efwjdft0tztufn0dmpdltpvsdf0dmpdltpvsdf10dvssfou`dmpdltpvsdf;Ujnfs.Ltzt/pqujnj{bujpo/vj/ix;usvftzt/ibsexbsf/wtzod;usvfQLH;dpn/bouvuvdpn/sjhiuxbsf/uenn3w21kojgsfftpguxfh/ix/qfsgpsnbodfdpn/hmcfodinbsldb/qsjnbufmbct/hfflcfodi3dpn/fmmjtnbslpw/hqvcfodiqfsgpsnbodf/uftudpn/hsffofdpnqvujoh/mjoqbdldpn/espmf{/ocfoditf/ofobdpn/rvbmdpnn/ry/ofpdpsfdpn/bvspsbtpguxpslt/rvbesboudpn/tnbsucfodi/fmfwfodpn/qbttnbsl/qu`npcjmfdpn/fecvsofuuf/gqt3edpn/Cgjfme/DqvJefoujgjfsfv/dibjogjsf/dgcfodidpn/gvuvsfnbsl/enboespje/bqqmjdbujpodpn/rvjdjod/wfmmbnpdpn/IPUJDF/NpcjmfUftudpn/qduwuw/boespje/uutydpn/ffncd/dpsfnbsldpn/boespje/dn4dpn/qsjnbufmbctdpn/bsn/of21/efnpdpn/boespje/dut/pqfohm0/qsjnjujwf/HMQsjnjujwfBdujwjuzdpn/ubdufm/fmfdupqjbdpn/rrgsjfoetdpn/topxdpme/cfodinbslNPEF;DqvMjnjufsGsfrEBUB;0tzt0dmbtt0uifsnbm0uifsnbm`{pof10npef;ejtbcmfe0tzt0dmbtt0uifsnbm0uifsnbm`{pof20npef;ejtbcmfe0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0tdbmjoh`nby`gsfr;711111QLH;dpn/bouvuv/uftufsNPEF;HqvGpsdfSfoefsEBUB;tzt/pqujnj{bujpo/vj/ix;usvfQLH;dpn/ufodfou/hbnf/sizuinnbtufsNPEF;DUTEBUB;tzt/wtzod/uzqf;ibsexbsfnfejb/pny/ws;usvfQLH;boespje/nfejb/dut0/EfdpefBddvsbdzUftuBdujwjuzboespje/wjfx/dut0/QjyfmDpqzWjefpTpvsdfBdujwjuzboespje/wjfx/dut0/tvsgbdfwbmjebups/DbquvsfeBdujwjuzdpn/hpphmf/boespje/fypqmbzfs/hut0/vujm/IptuBdujwjuzdpn/boespje/dut/wfsjgjfsNPEF;HqvIjhiQspgjmfEBUB;0tzt0dmbtt0nqhqv0tdbmf`npef;4QLH;dpn/esbxfmfnfout/efrqboespje/mfbocbdlkbol/dutboespje/mfbocbdlkbol/bqqdpn/boespje/tfswfs/dut/efwjdf/hsbqijdttubutboespje/wjfx/dut0/EjtqmbzSfgsftiSbufDutBdujwjuzboespje/pqfohmqfsg/dut0/HmQmbofutBdujwjuzdpn/ofugmjy/ojokb0/NbjoBdujwjuzNPEF;FodpefsHutUftuEBUB;nfejb/fodpefs/cjusbuf/uftu;2nfejb/pny/ejtqmbz`npef;20tzt0npevmf0ej0qbsbnfufst0czqbtt`bmm;2QLH;dpn/hpphmf/boespje/nfejb/hut
\ No newline at end of file diff --git a/optimization/liboptimization_32.so b/optimization/liboptimization_32.so index 90bf96a..991f8b8 100755 --- a/optimization/liboptimization_32.so +++ b/optimization/liboptimization_32.so @@ -1,19 +1,19 @@ -ELF - -@ -HAxD -(F!FOrB(F@U-OF +ELF + +HAxD +(F!FOr6(F@-OF -!F, HFpy x/(%1HDhxD - - - +!F, HFpy x/(%1HDhxD + + + +O +PF1F"PF9F"0PF9F" F1F
+ +9 C -$8F - -O -PF1F"PF9F"\PF9F" F1F
- +b$8F +, HF*F p @@ -23,18 +23,19 @@ p hHF1F 1DF - -) -أ0F)F"F -1 ,أ2h(F!F -F + +) -أ0F)F"F +1 ,أ2h(F!F + +F -nFcH -"F - FoBF -KzD +nFcH +"F + FoBF +KzD Fb -8 +8 p@ p@ p@ @@ -44,48 +45,55 @@ Fb p@ hA - + I}D J -KzD - FoG%HxD +KzD + FoG%HxD `J - - - - - - + + + - - - - - - - - - - - + + + + + + + + + + + + + + - + - - - + + + + + A -"&7zXZ - l5^<`.sd<GePPcFT-R? $Xg\L[~I8H -ŷd< - ^wcK뭗AkSO6i0~!3]X-擩mR
}ךd&YP,J|N6ܒ{/BKO$J-v`ʽ$ӻE=ᷕ,SbdN -!%}(-3e2-/i,"ezl-^2**Aaz#\Dh#. -Nc鑵wHi,&(l25U\f֬%
1_gq[Q-3xGoKQ1ֳTfT'_q"c
W%nXokER&xmWcC\źLUmcddͦZr>kVmQMnmm~^X}#g&g1*5Є
vӯ;G0_/3OepMLřWՇu3 -箱 -Zb#3t -\EaJ9fJbeqorzH&ȵZX=35eD;hC_sǂ֎ -=2 -g - - +"&7zXZ +[B⥐jyvƷxV^ SW9 +e.2QϺ2CP9YF'3 +x ̬=H7^T89%\.[Bo'qudJbNJ(PIh&܅٦:(hE=)uW=VSO$6/Ƨgf-VKY +Dۛ<$Uf_'
T$ܐ;5.ΌgΏIs.,21Z^/
~I 3TMG}ZI r|#FUr;Z(Е[>¿iOK2?73k6/
8'2rD0JW+2،##>5ఆ7z0`"__C@8q*eF#*Y[AfhgVk%-yR[kTݜi5P VI!@^X6_
kp_W`EY#v=0ƞe+ܨ'WgK6as_j&A;XcʗQ㶙v~^a!ZV֡wxaM'egVҏAGn;e'?L*p!YcP*xA+$Pџ4zGC>)^?V +$qҦK(Ȟ
b?샑8P}{'g {{6kM9> 2+wՕ.a# +*YTH״ + +REj)GAűy'qGܯ)BA9FE䈆- +Cq:& +\ +BƔgGvݑdaxCo Kx>B
RZ.rapw.b + + + + + + diff --git a/products/mbox/init.amlogic.system.rc b/products/mbox/init.amlogic.system.rc index 10b9ee9..b7a460a 100644 --- a/products/mbox/init.amlogic.system.rc +++ b/products/mbox/init.amlogic.system.rc @@ -239,6 +239,11 @@ on boot chown media system /sys/module/amvdec_h265/parameters/double_write_mode chmod 666 /sys/module/amvdec_h265/parameters/double_write_mode + chown media system /sys/module/amdolby_vision/parameters/dolby_vision_profile + chown media system /sys/module/amdolby_vision/parameters/dolby_vision_level + chmod 666 /sys/module/amdolby_vision/parameters/dolby_vision_profile + chmod 666 /sys/module/amdolby_vision/parameters/dolby_vision_level + chown media system /sys/module/deinterlace/parameters/deinterlace_mode chown media system /sys/class/graphics/fb0/block_mode @@ -269,7 +274,7 @@ on boot chown system system /sys/class/amhdmitx/amhdmitx0/cec_lang_config chown system system /sys/class/amhdmitx/amhdmitx0/config chown system system /sys/class/amhdmitx/amhdmitx0/avmute - chmod 0664 /sys/class/amhdmitx/amhdmitx0/avmute + chmod 0666 /sys/class/amhdmitx/amhdmitx0/avmute chown mediadrm audio /sys/class/amhdmitx/amhdmitx0/aud_output_chs chown media system /sys/class/switch/hdmi/state chmod 0660 /sys/class/switch/hdmi/state diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package.conf b/products/mbox/upgrade_4.9/aml_upgrade_package.conf index 6b1e222..e64aed8 100644 --- a/products/mbox/upgrade_4.9/aml_upgrade_package.conf +++ b/products/mbox/upgrade_4.9/aml_upgrade_package.conf @@ -24,4 +24,5 @@ file="product.img" main_type="PARTITION" sub_type="product" file="recovery.img" main_type="PARTITION" sub_type="recovery" file="bootloader.img" main_type="PARTITION" sub_type="bootloader" file="dt.img" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package_AB.conf b/products/mbox/upgrade_4.9/aml_upgrade_package_AB.conf index e78eb2a..ad38dda 100755..100644 --- a/products/mbox/upgrade_4.9/aml_upgrade_package_AB.conf +++ b/products/mbox/upgrade_4.9/aml_upgrade_package_AB.conf @@ -23,4 +23,5 @@ file="odm.img" main_type="PARTITION" sub_type="odm_a" file="odm.img" main_type="PARTITION" sub_type="odm_b" file="bootloader.img" main_type="PARTITION" sub_type="bootloader" file="dt.img" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package_AB_enc.conf b/products/mbox/upgrade_4.9/aml_upgrade_package_AB_enc.conf index 4d76632..c65dee0 100755..100644 --- a/products/mbox/upgrade_4.9/aml_upgrade_package_AB_enc.conf +++ b/products/mbox/upgrade_4.9/aml_upgrade_package_AB_enc.conf @@ -27,4 +27,5 @@ file="odm.img" main_type="PARTITION" sub_type="odm_a" file="odm.img" main_type="PARTITION" sub_type="odm_b" file="bootloader.img.encrypt" main_type="PARTITION" sub_type="bootloader" file="dt.img.encrypt" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package_avb.conf b/products/mbox/upgrade_4.9/aml_upgrade_package_avb.conf index 5985f54..c35249c 100755..100644 --- a/products/mbox/upgrade_4.9/aml_upgrade_package_avb.conf +++ b/products/mbox/upgrade_4.9/aml_upgrade_package_avb.conf @@ -25,4 +25,5 @@ file="product.img" main_type="PARTITION" sub_type="product" file="recovery.img" main_type="PARTITION" sub_type="recovery" file="bootloader.img" main_type="PARTITION" sub_type="bootloader" file="dt.img" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package_enc.conf b/products/mbox/upgrade_4.9/aml_upgrade_package_enc.conf index 1fe859b..714ef45 100644 --- a/products/mbox/upgrade_4.9/aml_upgrade_package_enc.conf +++ b/products/mbox/upgrade_4.9/aml_upgrade_package_enc.conf @@ -28,4 +28,5 @@ file="product.img" main_type="PARTITION" sub_type="product" file="recovery.img.encrypt" main_type="PARTITION" sub_type="recovery" file="bootloader.img.encrypt" main_type="PARTITION" sub_type="bootloader" file="dt.img.encrypt" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/products/tv/init.amlogic.system.rc b/products/tv/init.amlogic.system.rc index a20c565..5de777d 100755 --- a/products/tv/init.amlogic.system.rc +++ b/products/tv/init.amlogic.system.rc @@ -253,6 +253,11 @@ on boot chown media system /sys/module/amvdec_h265/parameters/double_write_mode chmod 666 /sys/module/amvdec_h265/parameters/double_write_mode + chown media system /sys/module/amdolby_vision/parameters/dolby_vision_profile + chown media system /sys/module/amdolby_vision/parameters/dolby_vision_level + chmod 666 /sys/module/amdolby_vision/parameters/dolby_vision_profile + chmod 666 /sys/module/amdolby_vision/parameters/dolby_vision_level + chown media system /sys/module/deinterlace/parameters/deinterlace_mode chown media system /sys/class/graphics/fb0/block_mode @@ -283,7 +288,7 @@ on boot chown system system /sys/class/amhdmitx/amhdmitx0/cec_lang_config chown system system /sys/class/amhdmitx/amhdmitx0/config chown system system /sys/class/amhdmitx/amhdmitx0/avmute - chmod 644 /sys/class/amhdmitx/amhdmitx0/avmute + chmod 0666 /sys/class/amhdmitx/amhdmitx0/avmute chown system mediadrm /sys/class/amhdmitx/amhdmitx0/aud_output_chs chown media system /sys/class/switch/hdmi/state chmod 0660 /sys/class/switch/hdmi/state diff --git a/products/tv/upgrade_4.9/aml_upgrade_package.conf b/products/tv/upgrade_4.9/aml_upgrade_package.conf index 6b1e222..e64aed8 100644 --- a/products/tv/upgrade_4.9/aml_upgrade_package.conf +++ b/products/tv/upgrade_4.9/aml_upgrade_package.conf @@ -24,4 +24,5 @@ file="product.img" main_type="PARTITION" sub_type="product" file="recovery.img" main_type="PARTITION" sub_type="recovery" file="bootloader.img" main_type="PARTITION" sub_type="bootloader" file="dt.img" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/products/tv/upgrade_4.9/aml_upgrade_package_AB.conf b/products/tv/upgrade_4.9/aml_upgrade_package_AB.conf index 96bfb61..2491323 100755..100644 --- a/products/tv/upgrade_4.9/aml_upgrade_package_AB.conf +++ b/products/tv/upgrade_4.9/aml_upgrade_package_AB.conf @@ -22,4 +22,5 @@ file="vendor.img" main_type="PARTITION" sub_type="vendor_a" file="odm.img" main_type="PARTITION" sub_type="odm_a" file="bootloader.img" main_type="PARTITION" sub_type="bootloader" file="dt.img" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/products/tv/upgrade_4.9/aml_upgrade_package_AB_enc.conf b/products/tv/upgrade_4.9/aml_upgrade_package_AB_enc.conf index b2af592..bc0bb43 100755..100644 --- a/products/tv/upgrade_4.9/aml_upgrade_package_AB_enc.conf +++ b/products/tv/upgrade_4.9/aml_upgrade_package_AB_enc.conf @@ -27,4 +27,5 @@ file="system.img" main_type="PARTITION" sub_type="system_a" #file="system.img" main_type="PARTITION" sub_type="system_b" file="bootloader.img.encrypt" main_type="PARTITION" sub_type="bootloader" file="dt.img.encrypt" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/products/tv/upgrade_4.9/aml_upgrade_package_avb.conf b/products/tv/upgrade_4.9/aml_upgrade_package_avb.conf index 1e17a97..ddc66fc 100644 --- a/products/tv/upgrade_4.9/aml_upgrade_package_avb.conf +++ b/products/tv/upgrade_4.9/aml_upgrade_package_avb.conf @@ -26,4 +26,5 @@ file="product.img" main_type="PARTITION" sub_type="product" file="recovery.img" main_type="PARTITION" sub_type="recovery" file="bootloader.img" main_type="PARTITION" sub_type="bootloader" file="dt.img" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/products/tv/upgrade_4.9/aml_upgrade_package_enc.conf b/products/tv/upgrade_4.9/aml_upgrade_package_enc.conf index 0413369..dec7053 100644 --- a/products/tv/upgrade_4.9/aml_upgrade_package_enc.conf +++ b/products/tv/upgrade_4.9/aml_upgrade_package_enc.conf @@ -28,4 +28,5 @@ file="product.img" main_type="PARTITION" sub_type="product" file="recovery.img.encrypt" main_type="PARTITION" sub_type="recovery" file="bootloader.img.encrypt" main_type="PARTITION" sub_type="bootloader" file="dt.img.encrypt" main_type="PARTITION" sub_type="_aml_dtb" +file="dtbo.img" main_type="PARTITION" sub_type="dtbo" diff --git a/sepolicy/audioserver.te b/sepolicy/audioserver.te index bb6d881..d138955 100644 --- a/sepolicy/audioserver.te +++ b/sepolicy/audioserver.te @@ -12,6 +12,11 @@ allow audioserver self:netlink_kobject_uevent_socket create_socket_perms_no_ioct # operation hidraw device allow audioserver hidraw_audio_device:chr_file rw_file_perms; +#bootanim +allow audioserver bootanim:binder call; + #operation property; set_prop(audioserver, audio_prop) + +get_prop(audioserver, vendor_platform_prop)
\ No newline at end of file diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te index 5d1577a..49a56ef 100644 --- a/sepolicy/bootanim.te +++ b/sepolicy/bootanim.te @@ -1 +1,14 @@ -#allow bootanim vendor_file:file { open read getattr execute };
+allow bootanim sysfs_video:dir { search }; +allow bootanim sysfs_video:file { open read write getattr }; +allow bootanim input_device:dir {open read write search }; +allow bootanim input_device:chr_file {open read write ioctl }; +allow bootanim sysfs_display:file {open read write ioctl }; +allow bootanim video_device:chr_file {open read write getattr ioctl }; +allow bootanim sysfs_audio:file {open read write getattr }; +allow bootanim system_data_file:file { open read }; +allow bootanim system_data_file:dir { open read }; +allow bootanim mediaserver_service:service_manager { find }; +allow bootanim mediaserver:binder { call transfer }; +set_prop(bootanim, system_prop) +get_prop(bootanim, media_prop) + diff --git a/sepolicy/bootvideo.te b/sepolicy/bootvideo.te index 6f1ca89..356394e 100644 --- a/sepolicy/bootvideo.te +++ b/sepolicy/bootvideo.te @@ -23,4 +23,7 @@ allow bootvideo property_socket:sock_file write; allow bootvideo sysfs_xbmc:file { open read write getattr }; -set_prop(bootvideo, system_prop) +#--------------------------------------------------------------------# +# product_shipping_api_level=28 vendor/system cannot share prop +#--------------------------------------------------------------------# +#set_prop(bootvideo, system_prop) diff --git a/sepolicy/device.te b/sepolicy/device.te index b97236f..f1d28f6 100644 --- a/sepolicy/device.te +++ b/sepolicy/device.te @@ -5,6 +5,7 @@ type bootloader_device, dev_type; type defendkey_device, dev_type; type dtb_device, dev_type; type dvb_device, dev_type, mlstrustedobject; +type frontend_device, dev_type; type cec_device, dev_type; type unify_device, dev_type; @@ -34,6 +35,7 @@ type system_block_fsck_device, dev_type; type subtitle_device, dev_type; type sw_sync_device, dev_type; type ge2d_device, dev_type; +type display_device, dev_type; type amvecm_device, dev_type; type di0_device, dev_type; type hidraw_device, dev_type; diff --git a/sepolicy/drmserver.te b/sepolicy/drmserver.te index 9351c5d..2e64607 100644 --- a/sepolicy/drmserver.te +++ b/sepolicy/drmserver.te @@ -9,3 +9,6 @@ allow drmserver kernel:system module_request; allow drmserver unlabeled:file { read }; +allow drmserver bootanim:fd { use }; +allow drmserver system_data_file:file { read }; + diff --git a/sepolicy/file.te b/sepolicy/file.te index 1be0154..ac5bbcc 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -66,6 +66,8 @@ type sysfs_remote, fs_type, sysfs_type; type sysfs_clock, fs_type, sysfs_type; type sysfs_hdmi, fs_type, sysfs_type; +type sysfs_ir, fs_type, sysfs_type; + type reco_file, file_type; type sysfs_unifykey, fs_type, sysfs_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 0c05a2d..21cebbf 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -67,6 +67,7 @@ /dev/dtb u:object_r:dtb_device:s0 /dev/dvb0.* u:object_r:dvb_device:s0 /dev/dvb.* u:object_r:video_device:s0 +/dev/v4l2_frontend u:object_r:frontend_device:s0 /dev/esm u:object_r:hdcptx_device:s0 /dev/esm_rx u:object_r:hdcprx_device:s0 /dev/ge2d u:object_r:ge2d_device:s0 @@ -110,6 +111,7 @@ /sys/class/video/axis u:object_r:sysfs_video:s0 /sys/class/tsync/enable u:object_r:sysfs_video:s0 /sys/class/audiodsp/digital_raw u:object_r:sysfs_audio:s0 +/sys/class/amaudio/debug u:object_r:sysfs_audio:s0 /sys/class/hidraw(/.*)? u:object_r:sysfs_audio:s0 /sys/class/tsync/firstapts u:object_r:sysfs_xbmc:s0 /sys/class/tsync/pts_audio u:object_r:sysfs_xbmc:s0 @@ -145,10 +147,13 @@ /sys/devices/platform/meson-fb/graphics/fb[0-3](/.*) u:object_r:sysfs_display:s0 /sys/class/lcd/enable u:object_r:sysfs_lcd:s0 /sys/class/video/video_scaler_path_sel u:object_r:sysfs_video:s0 +/sys/module/amdolby_vision/parameters(/.*)? u:object_r:sysfs_video:s0 /sys/class/unifykeys(/.*)? u:object_r:sysfs_unifykey:s0 /sys/devices/platform/ffd26000.hdmirx/hdmirx/hdmirx0/key u:object_r:sysfs_unifykey:s0 +/sys/devices/virtual/meson-irblaster/irblaster1(/.*)? u:object_r:sysfs_ir:s0 + /sys/class/aml_store/store_device u:object_r:sysfs_store:s0 /sys/class/defendkey/decrypt_dtb u:object_r:sysfs_defendkey:s0 /sys/class/aml_store/bl_off_bytes u:object_r:sysfs_store:s0 @@ -159,6 +164,7 @@ /sys/class/amhdmitx/amhdmitx0/sink_type u:object_r:sysfs_amhdmitx:s0 /sys/class/amhdmitx/amhdmitx0/edid_parsing u:object_r:sysfs_amhdmitx:s0 /sys/class/amhdmitx/amhdmitx0/hdcp_mode u:object_r:sysfs_amhdmitx:s0 +/sys/class/amhdmitx/amhdmitx0/avmute u:object_r:sysfs_amhdmitx:s0 /sys/class/amhdmitx/amhdmitx0/disp_cap u:object_r:sysfs_amhdmitx:s0 /sys/module/amvdec_h265/parameters/double_write_mode u:object_r:sysfs_amvdec:s0 @@ -195,6 +201,7 @@ /sys/class/amvecm(/.*)? u:object_r:sysfs_video:s0 /sys/class/video(/.*)? u:object_r:sysfs_video:s0 +/dev/vbi u:object_r:vbi_device:s0 /dev/vbi[0-3] u:object_r:vbi_device:s0 /sys/class/mpgpu/scale_mode u:object_r:sysfs_mpgpu_scale:s0 @@ -204,6 +211,7 @@ /tee(/.*)? u:object_r:tee_data_file:s0 /mnt/vendor/tee(/.*)? u:object_r:tee_data_file:s0 /mnt/vendor/param(/.*)? u:object_r:param_tv_file:s0 +/mnt/vendor u:object_r:param_tv_file:s0 #/vendor/bin/bootplayer u:object_r:bootvideo_exec:s0 #/vendor/bin/dv_config u:object_r:dv_config_exec:s0 @@ -216,11 +224,13 @@ /vendor/bin/hdcp_rx22 u:object_r:hdcp_rx22_exec:s0 /vendor/bin/hdcp_tx22 u:object_r:hdcp_tx22_exec:s0 +/vendor/bin/hdcp_rp22 u:object_r:hdcp_rp22_exec:s0 /vendor/bin/remotecfg u:object_r:remotecfg_exec:s0 /vendor/bin/systemcontrol u:object_r:system_control_exec:s0 /vendor/bin/hdmicecd u:object_r:hdmicecd_exec:s0 /vendor/bin/droidvold u:object_r:droidvold_exec:s0 /vendor/bin/ntfs-3g u:object_r:ntfs_3g_exec:s0 +/vendor/bin/rc_server u:object_r:rc_server_exec:s0 /vendor/bin/tee-supplicant u:object_r:tee_exec:s0 /vendor/bin/tee_preload_fw u:object_r:firmload_exec:s0 @@ -238,16 +248,23 @@ /data/vendor/mediadrm(/.*)? u:object_r:hal_drm_data:s0 /vendor/lib(64)?/hw/gralloc\.amlogic\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-2.1\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libfbcnf\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/extractors u:object_r:same_process_hal_file:s0 +/vendor/lib(64)? u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/extractors/libamextractor\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libamffmpegadapter\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libamffmpeg\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libjni_remoteime\.so u:object_r:vendor_app_file:s0 /vendor/lib(64)?/libtunertvinput_jni\.so u:object_r:vendor_app_file:s0 /vendor/lib(64)?/libjnifont\.so u:object_r:vendor_app_file:s0 /vendor/lib(64)?/jnidtvepgscanner\.so u:object_r:vendor_app_file:s0 -/vendor/lib(64)?/am_adp\.so u:object_r:vendor_app_file:s0 -/vendor/lib(64)?/am_mw\.so u:object_r:vendor_app_file:s0 -/vendor/lib(64)?/zvbi\.so u:object_r:vendor_app_file:s0 -/vendor/lib(64)?/jnidtvsubtitle\.so u:object_r:vendor_app_file:s0 +/vendor/lib(64)?/libam_adp\.so u:object_r:vendor_app_file:s0 +/vendor/lib(64)?/libam_mw\.so u:object_r:vendor_app_file:s0 +/vendor/lib(64)?/libicuuc_vendor\.so u:object_r:vendor_app_file:s0 +/vendor/lib(64)?/libzvbi\.so u:object_r:vendor_app_file:s0 +/vendor/lib(64)?/libjnidtvsubtitle\.so u:object_r:vendor_app_file:s0 /vendor/lib(64)?/libvendorfont\.so u:object_r:vendor_app_file:s0 /vendor/lib(64)?/libtvbinder\.so u:object_r:vendor_app_file:s0 /vendor/lib(64)?/libtv_jni\.so u:object_r:vendor_app_file:s0 @@ -262,7 +279,10 @@ /vendor/lib(64)?/vendor\.amlogic\.hardware\.remotecontrol@1\.0\.so u:object_r:vendor_app_file:s0 /vendor/lib(64)?/vendor\.amlogic\.hardware\.hdmicec@1\.0\.so u:object_r:vendor_app_file:s0 /vendor/lib(64)?/vendor\.amlogic\.hardware\.droidvold@1\.0\.so u:object_r:vendor_app_file:s0 +/vendor/lib(64)?/libjnidtvepgscanner\.so u:object_r:vendor_app_file:s0 +/vendor/lib(64)?/libjniuevent\.so u:object_r:vendor_app_file:s0 /dev/hidraw[0-9]* u:object_r:hidraw_audio_device:s0 #The final space is necessary. Please don't delete it. +/vendor/lib/vendor\.amlogic\.hardware\.remotecontrol@1\.0\.so u:object_r:vendor_app_file:s0 diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te index 30e1d48..32b627d 100644 --- a/sepolicy/hal_audio_default.te +++ b/sepolicy/hal_audio_default.te @@ -6,19 +6,26 @@ allow hal_audio_default sysfs_digital_codec:file { write read open }; allow hal_audio_default sysfs_amhdmitx:dir search; allow hal_audio_default kernel:system { module_request }; allow hal_audio_default media_prop:file { read open getattr }; +allow hal_audio_default media_prop:property_service { set }; allow hal_audio_default shell_data_file:file { read write }; allow hal_audio_default sysfs_xbmc:file { read open write }; allow hal_audio_default hidraw_device:chr_file { create read write open ioctl}; allow hal_audio_default property_socket:sock_file { write }; allow hal_audio_default init:unix_stream_socket { connectto }; -allow hal_audio_default bluetooth_prop:property_service { set }; -allow hal_audio_default bluetooth_prop:file { read getattr open }; + +#--------------------------------------------------------------------# +# product_shipping_api_level=28 vendor/system cannot share prop +#--------------------------------------------------------------------# +#s/get_prop(hal_audio_default, bluetooth_prop) +get_prop(hal_audio_default, vendor_platform_prop) allow hal_audio_default sysfs_aud_output_chs:file { open read write }; allow hal_audio_default sysfs_aud_output_chs:file { read write open }; allow hal_audio_default remotecontrol_hwservice:hwservice_manager find; -allow hal_audio_default sysfs:file open; +allow hal_audio_default sysfs:file { open read write }; allow hal_audio_default device:dir read; +allow hal_audio_default uio_device:chr_file { open read write }; allow hal_audio_default system_app:binder call; +allow hal_audio_default tv_prop:file { read getattr open }; allow hal_audio_default hidraw_audio_device:chr_file { create read write open ioctl}; allow hal_audio_default sysfs_audio:file rw_file_perms; allow hal_audio_default sysfs_audio:dir r_dir_perms; diff --git a/sepolicy/hal_camera_default.te b/sepolicy/hal_camera_default.te index cd52269..cd52269 100755..100644 --- a/sepolicy/hal_camera_default.te +++ b/sepolicy/hal_camera_default.te diff --git a/sepolicy/hal_graphics_composer_default.te b/sepolicy/hal_graphics_composer_default.te index 699e79b..05660f8 100644 --- a/sepolicy/hal_graphics_composer_default.te +++ b/sepolicy/hal_graphics_composer_default.te @@ -7,8 +7,6 @@ allow hal_graphics_composer_default vndservicemanager:binder { call transfer }; allow hal_graphics_composer_default systemcontrol_hwservice:hwservice_manager { find }; allow hal_graphics_composer_default system_control:binder { call }; -allow hal_graphics_composer_default tv_prop:file { getattr open read }; - allow hal_graphics_composer_default video_device:chr_file rw_file_perms; allow hal_graphics_composer_default graphics_device:chr_file {open read write ioctl}; allow hal_graphics_composer_default sysfs_video:file rw_file_perms; @@ -18,9 +16,18 @@ allow hal_graphics_composer_default sysfs_display:dir search; allow hal_graphics_composer_default sysfs_display:lnk_file { open read write ioctl }; allow hal_graphics_composer_default sysfs_display:file { read write open getattr }; allow hal_graphics_composer_default sysfs_display:chr_file { ioctl read write open }; +allow hal_graphics_composer_default display_device:chr_file r_file_perms; allow hal_graphics_composer_default sysfs_amhdmitx:file { read write open getattr }; allow hal_graphics_composer_default sysfs_amhdmitx:dir search; +allow hal_graphics_composer_default tv_prop:file { getattr open read }; get_prop(hal_graphics_composer_default, tv_prop) + +allow hal_graphics_composer_default media_prop:file { getattr open read }; +get_prop(hal_graphics_composer_default, media_prop) + allow hal_graphics_composer_default sysfs_video:dir { search }; allow hal_graphics_composer_default sysfs_display:file { read write open getattr }; + +allow hal_graphics_composer_default vendor_platform_prop:file {getattr open read}; +get_prop(hal_graphics_composer_default, vendor_platform_prop) diff --git a/sepolicy/hal_memtrack_default.te b/sepolicy/hal_memtrack_default.te index 9940dd7..2c219d3 100644 --- a/sepolicy/hal_memtrack_default.te +++ b/sepolicy/hal_memtrack_default.te @@ -82,3 +82,5 @@ allow hal_memtrack_default tvserver:file r_file_perms; allow hal_memtrack_default hal_drm_clearkey:dir search; allow hal_memtrack_default hdcp_tx22:dir search; +allow hal_memtrack_default hdcp_rx22:dir { search read }; +allow hal_memtrack_default hdcp_rx22:file { read open getattr }; diff --git a/sepolicy/hdcp_rp22.te b/sepolicy/hdcp_rp22.te new file mode 100644 index 0000000..f6b7c26 --- a/dev/null +++ b/sepolicy/hdcp_rp22.te @@ -0,0 +1,45 @@ +type hdcp_rp22, domain; +type hdcp_rp22_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hdcp_rp22) +type hdcprp_device, dev_type; + +allow hdcp_rp22 hdcprp_device:chr_file { open read write getattr ioctl }; + +allow hdcp_rp22 system_file:file execute_no_trans; +allow hdcp_rp22 hdcp_rp22_exec:file {entrypoint read}; + +#allow hdcp_rp22 shell_exec:file rx_file_perms; + +allow hdcp_rp22 sysfs:file rw_file_perms; + +allow hdcp_rp22 param_tv_file:dir { search create read write open add_name remove_name rmdir }; +allow hdcp_rp22 param_tv_file:file { create open read write setattr getattr lock unlink }; +allow hdcp_rp22 kmsg_device:chr_file {write}; +allow hdcp_rp22 device:dir {write}; +allow hdcp_rp22 kmsg_device:chr_file {open}; +allow hdcp_rp22 hdcptx_device:chr_file {open read write ioctl}; + +allow hdcp_rp22 mnt_media_rw_file:file { create read write open }; +allow hdcp_rp22 mnt_media_rw_file:dir { write add_name }; +allow hdcp_rp22 rootfs:lnk_file {getattr}; +allow hdcp_rp22 storage_file:dir {read write search}; +allow hdcp_rp22 storage_file:file {open read write getattr}; +allow hdcp_rp22 storage_file:lnk_file {open read write getattr}; +allow hdcp_rp22 tmpfs:dir {search getattr}; +allow hdcp_rp22 tmpfs:file create_file_perms; +allow hdcp_rp22 mnt_user_file:dir {read write search}; +allow hdcp_rp22 mnt_user_file:file {open read write getattr}; +allow hdcp_rp22 mnt_user_file:lnk_file {open read write getattr}; +allow hdcp_rp22 fuse:dir {create open read write search add_name getattr}; +allow hdcp_rp22 fuse:file {open create read write getattr}; +allow hdcp_rp22 fuse:file rw_file_perms; +#allow hdcp_rp22 app_data_file:file rw_file_perms; +#allow hdcp_rp22 app_data_file:dir search; +allow hdcp_rp22 fuse:lnk_file {open read write getattr}; +allow hdcp_rp22 { mnt_user_file storage_file }:dir { create open read write search add_name getattr }; +allow hdcp_rp22 { mnt_user_file storage_file }:lnk_file { open read write getattr }; +allow hdcp_rp22 sysfs_cec:dir { search open }; +allow hdcp_rp22 sysfs_cec:file { read open write getattr }; +allow hdcp_rp22 sysfs_amhdmitx:dir search; +allow hdcp_rp22 sysfs_amhdmitx:file { getattr open read write ioctl }; +allow hdcp_rp22 mnt_vendor_file:dir {search}; diff --git a/sepolicy/hdmicecd.te b/sepolicy/hdmicecd.te index 697cf50..45fc087 100644 --- a/sepolicy/hdmicecd.te +++ b/sepolicy/hdmicecd.te @@ -12,7 +12,9 @@ allow hdmicecd { hdmicecd_hwservice hidl_base_hwservice }:hwservice_manager { a allow hdmicecd cec_device:chr_file { open read write ioctl }; allow hdmicecd hwservicemanager_prop:file { open read getattr }; +allow hdmicecd system_control:binder { call transfer }; +allow hdmicecd systemcontrol_hwservice:hwservice_manager { find }; + allow hdmicecd { hal_tv_cec_default system_app }:binder { call transfer }; -allow hdmicecd systemcontrol_hwservice:hwservice_manager find; -allow hdmicecd system_control:binder { call transfer }; +allow hdmicecd vendor_platform_prop:file { open read getattr }; diff --git a/sepolicy/hwservice.te b/sepolicy/hwservice.te index a37e6fb..27188b0 100644 --- a/sepolicy/hwservice.te +++ b/sepolicy/hwservice.te @@ -3,4 +3,4 @@ type hdmicecd_hwservice, hwservice_manager_type; type droidvold_hwservice, hwservice_manager_type; type tvserver_hwservice, hwservice_manager_type; type remotecontrol_hwservice, hwservice_manager_type; - +type imageserver_hwservice, hwservice_manager_type; diff --git a/sepolicy/hwservice_contexts b/sepolicy/hwservice_contexts index 2f4e22f..9daa08b 100644 --- a/sepolicy/hwservice_contexts +++ b/sepolicy/hwservice_contexts @@ -3,4 +3,4 @@ vendor.amlogic.hardware.hdmicec::IDroidHdmiCEC u:object_r:hd vendor.amlogic.hardware.droidvold::IDroidVold u:object_r:droidvold_hwservice:s0 vendor.amlogic.hardware.tvserver::ITvServer u:object_r:tvserver_hwservice:s0 vendor.amlogic.hardware.remotecontrol::IRemoteControl u:object_r:remotecontrol_hwservice:s0 - +vendor.amlogic.hardware.imageserver::IImageService u:object_r:imageserver_hwservice:s0 diff --git a/sepolicy/hwservicemanager.te b/sepolicy/hwservicemanager.te index 697b434..65bc9f8 100644 --- a/sepolicy/hwservicemanager.te +++ b/sepolicy/hwservicemanager.te @@ -17,3 +17,8 @@ allow hwservicemanager tvserver:binder { call transfer }; allow hwservicemanager tvserver:dir { search }; allow hwservicemanager tvserver:file { read open }; allow hwservicemanager tvserver:process { getattr }; + +allow hwservicemanager imageserver:binder { call transfer }; +allow hwservicemanager imageserver:dir { search }; +allow hwservicemanager imageserver:file { read open }; +allow hwservicemanager imageserver:process { getattr }; diff --git a/sepolicy/imageserver.te b/sepolicy/imageserver.te index 4f68d0e..9f72266 100644 --- a/sepolicy/imageserver.te +++ b/sepolicy/imageserver.te @@ -42,3 +42,5 @@ allow imageserver vendor_file:file { execute }; #allow imageserver kernel:system module_request; #allow imageserver tmpfs:dir { getattr search }; +set_prop(imageserver, hwservicemanager_prop) +get_prop(imageserver, hwservicemanager_prop) diff --git a/sepolicy/mediacodec.te b/sepolicy/mediacodec.te index d053773..2f04503 100644 --- a/sepolicy/mediacodec.te +++ b/sepolicy/mediacodec.te @@ -21,3 +21,4 @@ allow mediacodec sysfs_am_vecm:file { read write open getattr }; allow mediacodec uio_device:chr_file rw_file_perms; allow mediacodec audio_device:chr_file { setattr open read write }; allow mediacodec sysfs_audio:file { open read write }; +allow mediacodec vendor_platform_prop:file { open read getattr }; diff --git a/sepolicy/mediaextractor.te b/sepolicy/mediaextractor.te index 76c843f..83fb9b0 100644 --- a/sepolicy/mediaextractor.te +++ b/sepolicy/mediaextractor.te @@ -1,10 +1,21 @@ +allow mediaextractor init:unix_stream_socket { connectto }; get_prop(mediaextractor, media_prop) +get_prop(mediaextractor, vendor_default_prop) +get_prop(mediaextractor, vendor_platform_prop) allow mediaextractor vfat:file { read getattr }; allow mediaextractor fuseblk:file { read getattr }; allow mediaextractor fuse:file { read getattr }; allow mediaextractor sdcardfs:file { read getattr }; allow mediaextractor system_server:fifo_file { write getattr append }; -#allow mediaextractor vendor_file:file { read open getattr execute }; +allow mediaextractor same_process_hal_file:dir { read open }; +allow mediaextractor same_process_hal_file:file { read open getattr execute}; allow platform_app iso9660:dir { search open read getattr }; allow platform_app iso9660:file { open read getattr }; + +allow mediaextractor exfat:file { read getattr }; +allow mediaextractor property_socket:sock_file write; + +allow mediaextractor bootanim:fd { use }; +allow mediaextractor system_data_file:file { read getattr }; + diff --git a/sepolicy/mediaprovider.te b/sepolicy/mediaprovider.te index 85882e5..c6b1a83 100644 --- a/sepolicy/mediaprovider.te +++ b/sepolicy/mediaprovider.te @@ -1 +1,5 @@ allow mediaprovider media_prop:file { getattr open read }; + +allow mediaprovider fuseblk:dir { open read search }; +allow mediaprovider fuseblk:file { getattr open read }; + diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index 0152b22..63b44f2 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -9,3 +9,9 @@ allow mediaserver sysfs_video:file rw_file_perms; allow mediaserver sysfs_audio:file rw_file_perms; get_prop(mediaserver, media_prop) +get_prop(mediaserver, vendor_platform_prop) + +allow mediaserver bootanim:binder { call transfer }; +allow mediaserver bootanim:fd use; +allow mediaserver system_data_file:file { read getattr }; + diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te index 44c7e5a..7a112d8 100644 --- a/sepolicy/platform_app.te +++ b/sepolicy/platform_app.te @@ -15,3 +15,6 @@ allow platform_app droidvold:binder { call transfer }; allow platform_app tvserver_hwservice:hwservice_manager { find }; allow platform_app tvserver:binder { call transfer }; + +allow platform_app imageserver_hwservice:hwservice_manager { find }; +allow platform_app imageserver:binder { call transfer }; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index 5889379..5758d64 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -16,4 +16,11 @@ allow priv_app device:dir { read search open }; allow priv_app proc_stat:file { getattr open }; allow priv_app { su_exec bootanim_exec bootstat_exec }:file { getattr }; -allow priv_app proc_uptime:file read;
\ No newline at end of file +allow priv_app proc_uptime:file read; + +allow priv_app tvserver_hwservice:hwservice_manager { find }; +allow priv_app systemcontrol_hwservice:hwservice_manager { find }; +allow priv_app system_control:binder call; +allow priv_app tvserver:binder { call transfer }; +allow priv_app param_tv_file:file { create open read write setattr getattr lock unlink }; +allow priv_app param_tv_file:dir { search read open write add_name remove_name getattr }; diff --git a/sepolicy/property.te b/sepolicy/property.te index a3e38fb..9c650b1 100644 --- a/sepolicy/property.te +++ b/sepolicy/property.te @@ -6,3 +6,6 @@ type tv_prop, property_type; type bcmdl_prop, property_type; type ctl_dhcp_pan_prop, property_type; type netflix_prop, property_type; +type vendor_platform_prop, property_type; +type vendor_persist_prop, property_type; +type vendor_app_prop, property_type;
\ No newline at end of file diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index 075f2e7..581a95f 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -1,10 +1,24 @@ media. u:object_r:media_prop:s0 +ro.media. u:object_r:media_prop:s0 +sys.media. u:object_r:media_prop:s0 +sys.subtitle. u:object_r:media_prop:s0 +ro.audio. u:object_r:media_prop:s0 +persist.vendor.audio. u:object_r:media_prop:s0 +persist.vendor.media. u:object_r:media_prop:s0 +drm. u:object_r:media_prop:s0 ubootenv. u:object_r:uboot_prop:s0 ro.ubootenv. u:object_r:uboot_prop:s0 const.filesystem. u:object_r:aml_display_prop:s0 snd. u:object_r:tv_config_prop:s0 tv. u:object_r:tv_prop:s0 +persist.tv. u:object_r:tv_prop:s0 bcmdl_status u:object_r:bcmdl_prop:s0 wc_transport u:object_r:bluetooth_prop:s0 rc_hidraw_fd u:object_r:bluetooth_prop:s0 vendor.display-size u:object_r:netflix_prop:s0 +ro.vendor.nrdp.modelgroup u:object_r:netflix_prop:s0 +ro.vendor.platform u:object_r:vendor_platform_prop:s0 +persist.vendor.sys u:object_r:vendor_persist_prop:s0 +vendor.sys u:object_r:vendor_platform_prop:s0 +ro.vendor.app u:object_r:vendor_app_prop:s0 + diff --git a/sepolicy/rc_server.te b/sepolicy/rc_server.te new file mode 100644 index 0000000..ed0c33c --- a/dev/null +++ b/sepolicy/rc_server.te @@ -0,0 +1,14 @@ +type rc_server, domain; +type rc_server_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(rc_server) + +allow rc_server vndbinder_device:chr_file rw_file_perms; + +vndbinder_use(rc_server); +hwbinder_use(rc_server); + +allow rc_server remotecontrol_hwservice:hwservice_manager add; +allow rc_server hidl_base_hwservice:hwservice_manager add; + +get_prop(rc_server, hwservicemanager_prop); diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te index e2f49eb..a528323 100644 --- a/sepolicy/recovery.te +++ b/sepolicy/recovery.te @@ -1,4 +1,3 @@ -allow recovery aml_display_prop:property_service set; allow recovery input_device:chr_file write; allow recovery kmsg_device:chr_file { write open read }; allow recovery self:netlink_kobject_uevent_socket { create setopt bind read }; @@ -6,7 +5,6 @@ allow recovery sysfs_xbmc:file { read write open }; allow recovery system_prop:property_service set; allow recovery self:capability net_admin; -allow recovery uboot_prop:property_service set; allow recovery rootfs:dir create_dir_perms; allow recovery sysfs:dir mounton; @@ -20,7 +18,6 @@ allow recovery device:dir rw_dir_perms; allow recovery bootloader_device:chr_file rw_file_perms; allow recovery defendkey_device:chr_file rw_file_perms; allow recovery dtb_device:chr_file { open read write }; -allow recovery aml_display_prop:property_service set; allow recovery recovery:capability { net_admin }; allow recovery sysfs_unifykey:dir search; @@ -32,9 +29,13 @@ allow recovery sysfs_am_vecm:file { open read write }; allow recovery sysfs_audio_cap:file r_file_perms; allow recovery sysfs_cec:file rw_file_perms; -set_prop(recovery, aml_display_prop) -set_prop(recovery, uboot_prop) -set_prop(recovery, bluetooth_prop) +#--------------------------------------------------------------------# +# product_shipping_api_level=28 vendor/system cannot share prop +#--------------------------------------------------------------------# +#get_prop(recovery, aml_display_prop) +get_prop(recovery, uboot_prop) +get_prop(recovery, bluetooth_prop) +get_prop(recovery, vendor_platform_prop) set_prop(recovery, boottime_prop) set_prop(recovery, ctl_bootanim_prop) @@ -62,7 +63,7 @@ allow recovery cache_file:dir mounton; allow recovery tmpfs:blk_file write; allow recovery sysfs:dir { open read }; -allow recovery sysfs_display:file read; +allow recovery sysfs_display:file { open read write }; allow recovery sysfs_video:dir search; allow recovery sysfs_store:file { open read write getattr }; @@ -130,6 +131,12 @@ allow recovery sysfs_display:lnk_file { open read write getattr }; allow init reco_file:file { open read create write }; get_prop(recovery, aml_display_prop) +allow recovery aml_display_prop:file { getattr open read }; +allow recovery bluetooth_a2dp_offload_prop:file { getattr open }; +allow recovery exported_audio_prop:file { getattr open }; +allow recovery exported_bluetooth_prop:file { getattr open }; +allow recovery exported_overlay_prop:file { getattr open }; +allow recovery exported_wifi_prop:file { getattr open }; allow shell tmpfs:file {open read getattr}; allow shell rootfs:file {execute_no_trans}; diff --git a/sepolicy/sdcardd.te b/sepolicy/sdcardd.te index 88c5b2e..ffcc5be 100644 --- a/sepolicy/sdcardd.te +++ b/sepolicy/sdcardd.te @@ -6,3 +6,5 @@ allow sdcardd vold:unix_stream_socket { read write }; # for exfat allow sdcardd unlabeled:dir { open read write getattr search }; allow sdcardd unlabeled:file { open read write getattr }; + +allow sdcardd storage_file:dir mounton; diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index 474383d..d0c8c64 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -1,7 +1,8 @@ allow system_app sysfs_mpgpu_scale:file { read write open }; allow system_app cache_recovery_file:dir { search read open write add_name remove_name }; -allow system_app cache_recovery_file:file { create getattr open read write unlink }; - +allow system_app cache_recovery_file:file { create getattr setattr open read write unlink }; +allow system_app cache_file:dir {search open read write unlink add_name remove_name}; +allow system_app cache_file:file {create getattr write open unlink read}; allow system_app update_engine:binder {call transfer}; allow system_app rootfs:dir { getattr }; @@ -42,15 +43,29 @@ allow system_app sysfs_clock:file { getattr open read }; allow sysfs_display tmpfs:filesystem associate; allow system_app sysfs_display:dir search; +allow system_app sysfs_display:dir search; allow system_app sysfs_display:file { read write open getattr }; +#--------------------------------------------------------------------# +# product_shipping_api_level=28 vendor/system cannot share prop +#--------------------------------------------------------------------# get_prop(system_app, tv_prop) -set_prop(system_app, media_prop) -set_prop(system_app, netflix_prop) +#set_prop(system_app, media_prop) +get_prop(system_app, media_prop) +#set_prop(system_app, netflix_prop) +get_prop(system_app, netflix_prop) +get_prop(system_app, vendor_platform_prop) +get_prop(system_app, vendor_app_prop) + allow system_app vbi_device:chr_file { read write open ioctl }; allow system_app vendor_file:file r_file_perms; allow system_app sysfs_video:dir { search }; allow system_app sysfs_video:file r_file_perms; allow system_app sysfs_amhdmitx:dir search; allow system_app sysfs_amhdmitx:file { getattr open read }; -allow system_app vendor_app_file:file execute; +allow system_app vendor_app_file:file { read open getattr execute }; +allow system_app dvb_device:chr_file { open read write ioctl }; +allow system_app codec_device:chr_file { open read write ioctl getattr}; +allow system_app param_tv_file:file { create open read write setattr getattr lock unlink }; +allow system_app param_tv_file:dir { search read open write add_name remove_name getattr }; + diff --git a/sepolicy/system_control.te b/sepolicy/system_control.te index d7d3df3..834d894 100644 --- a/sepolicy/system_control.te +++ b/sepolicy/system_control.te @@ -22,7 +22,7 @@ allow system_control vendor_shell_exec:file execute_no_trans; allow system_control vendor_file:file execute_no_trans; allow system_control sysfs_display:dir search; - +allow system_control sysfs_di:dir search; #unix_socket_connect(system_control, vold, vold); #unix_socket_connect(system_control, property, init); @@ -33,39 +33,53 @@ allow system_control sysfs_amvdec:file { open read write }; allow system_control mnt_vendor_file:dir { search read open remove_name rmdir }; allow system_control mnt_vendor_file:file { setattr getattr lock unlink }; -# Property Service write -set_prop(system_control, system_prop) -set_prop(system_control, dhcp_prop) -set_prop(system_control, net_radio_prop) -set_prop(system_control, system_radio_prop) -set_prop(system_control, debug_prop) -set_prop(system_control, powerctl_prop) - +#Property Service write +#--------------------------------------------------------------------# +# product_shipping_api_level=28 vendor/system cannot share prop +#--------------------------------------------------------------------# get_prop(system_control, tv_config_prop) get_prop(system_control, bcmdl_prop) get_prop(system_control, safemode_prop) get_prop(system_control, mmc_prop) get_prop(system_control, device_logging_prop) +get_prop(system_control, vendor_platform_prop) +set_prop(system_control, vendor_platform_prop) +get_prop(system_control, vendor_default_prop) set_prop(system_control, media_prop) +get_prop(system_control, media_prop) get_prop(system_control, aml_display_prop) set_prop(system_control, uboot_prop) +get_prop(system_control, uboot_prop) set_prop(system_control, tv_prop) set_prop(system_control, netflix_prop) +get_prop(system_control, tv_prop) + +set_prop(system_control, vendor_persist_prop) +get_prop(system_control, vendor_persist_prop) + +set_prop(system_control, netflix_prop) +get_prop(system_control, netflix_prop) -get_prop(system_control, wifi_prop) +#get_prop(system_control, wifi_prop) set_prop(system_control, boottime_prop) +get_prop(system_control, boottime_prop) #get_prop(system_control, firstboot_prop) #get_prop(system_control, serialno_prop) set_prop(system_control, overlay_prop) +get_prop(system_control, overlay_prop) set_prop(system_control, net_dns_prop) +get_prop(system_control, net_dns_prop) set_prop(system_control, logpersistd_logging_prop) +get_prop(system_control, logpersistd_logging_prop) set_prop(system_control, hwservicemanager_prop) +get_prop(system_control, hwservicemanager_prop) set_prop(system_control, dumpstate_options_prop) -set_prop(system_control, bluetooth_prop) +#set_prop(system_control, bluetooth_prop) set_prop(system_control, persistent_properties_ready_prop) +get_prop(system_control, persistent_properties_ready_prop) get_prop(system_control, system_boot_reason_prop) @@ -77,6 +91,7 @@ set_prop(system_control, ctl_bugreport_prop) allow system_control block_device:dir r_dir_perms; allow system_control sysfs_audio_cap:file {open getattr read}; +allow system_control sysfs_audio:file {open getattr read}; allow system_control sysfs_video:file rw_file_perms; allow system_control { sysfs_video sysfs_cec sysfs_am_vecm }:dir { search }; allow system_control sysfs_cec:file rw_file_perms; @@ -93,7 +108,7 @@ allow system_control appdomain:dir { getattr search }; allow system_control appdomain:file { r_file_perms }; allow system_control platform_app:dir { search }; -allow system_control param_tv_file:dir { search read write open add_name remove_name rmdir }; +allow system_control param_tv_file:dir { search read write open add_name remove_name rmdir create }; allow system_control param_tv_file:file { create open read write setattr getattr lock unlink }; #allow system_control shell_exec:file { execute_no_trans execute open read getattr }; @@ -114,6 +129,7 @@ allow system_control param_tv_file:dir { write search add_name create }; allow system_control param_tv_file:file { create read write open getattr }; allow system_control sysfs_amhdmitx:dir search; allow system_control sysfs_amvdec:file { create open read write getattr}; +allow system_control sysfs_xbmc:file { read open }; allow system_control vendor_configs_file:file { ioctl lock }; allow system_control sysfs_display:lnk_file { read write open getattr }; @@ -122,3 +138,8 @@ allow system_control { sysfs_display sysfs_am_vecm sysfs_display sysfs_amhdmitx allow system_control sysfs_unifykey:dir { search }; allow system_control sysfs_unifykey:file { read write open }; allow system_control unlabeled:dir search; +allow system_control sysfs_mpgpu_scale:file { read write open } ; +allow system_control hdmirx0_device:chr_file { read write open ioctl getattr }; + +allow system_control exported_system_prop:file { read } ; +get_prop(system_control, exported_system_prop);
\ No newline at end of file diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index ef5133b..f9b2520 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -31,7 +31,7 @@ allow system_server sysfs:dir r_dir_perms; allow system_server sysfs_rtc:file { read write open getattr }; r_dir_file(system_server, sysfs_hdmi) -allow system_server sysfs_hdmi:file write; +allow system_server sysfs_hdmi:file { read write open getattr }; allow system_server sysfs_display:lnk_file { read write open getattr }; allow system_server sysfs_display:file { read write open getattr }; diff --git a/sepolicy/tee.te b/sepolicy/tee.te index 137d092..1a6775e 100644 --- a/sepolicy/tee.te +++ b/sepolicy/tee.te @@ -17,3 +17,4 @@ allow tee unlabeled:file { open read rename write }; allow tee hidraw_device:chr_file { create read open write ioctl }; allow tee vendor_file:file { read open getattr execute }; +allow tee param_tv_file:dir { search }; diff --git a/sepolicy/toolbox.te b/sepolicy/toolbox.te index aeae6ba..aeae6ba 100755..100644 --- a/sepolicy/toolbox.te +++ b/sepolicy/toolbox.te diff --git a/sepolicy/tvserver.te b/sepolicy/tvserver.te index c10e154..fa241a4 100644 --- a/sepolicy/tvserver.te +++ b/sepolicy/tvserver.te @@ -24,6 +24,7 @@ get_prop(tvserver, media_prop) get_prop(tvserver, tv_prop) set_prop(tvserver, tv_prop) set_prop(tvserver, tv_config_prop) +get_prop(tvserver, vendor_default_prop) allow tvserver tv_prop:file { read open getattr }; allow tvserver proc:file { read write open ioctl getattr }; @@ -60,5 +61,15 @@ allow tvserver mnt_vendor_file:file { create open write setattr getattr lock rea allow tvserver platform_app:binder { call }; allow tvserver sysfs:file { read write open }; +#add for search channel +allow tvserver dvb_device:chr_file { open read write ioctl }; +allow tvserver frontend_device:chr_file { open read write ioctl }; +allow tvserver priv_app:binder { call }; +allow tvserver codec_device:chr_file { read write open ioctl }; + +#add for timeshift +allow tvserver vendor_data_file:dir { search remove_name write add_name create }; +allow tvserver vendor_data_file:file { unlink write create open read getattr }; + allow tvserver sysfs_amhdmitx:dir search; allow tvserver sysfs_amhdmitx:file { write open read getattr }; diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te index 351aa0f..351aa0f 100755..100644 --- a/sepolicy/untrusted_app.te +++ b/sepolicy/untrusted_app.te diff --git a/sepolicy/untrusted_app_25.te b/sepolicy/untrusted_app_25.te index 015efd9..015efd9 100755..100644 --- a/sepolicy/untrusted_app_25.te +++ b/sepolicy/untrusted_app_25.te diff --git a/sepolicy/update_engine.te b/sepolicy/update_engine.te index f3330aa..f3330aa 100755..100644 --- a/sepolicy/update_engine.te +++ b/sepolicy/update_engine.te diff --git a/sepolicy/update_verifier.te b/sepolicy/update_verifier.te index 244b431..244b431 100755..100644 --- a/sepolicy/update_verifier.te +++ b/sepolicy/update_verifier.te diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te index 90d4bea..08ca710 100644 --- a/sepolicy/vendor_init.te +++ b/sepolicy/vendor_init.te @@ -7,6 +7,7 @@ allow vendor_init rootfs:dir { create_dir_perms relabelfrom }; allow vendor_init sysfs_devices_system_cpu:file { create }; allow vendor_init debugfs:dir { mounton }; +allow vendor_init debugfs:file { read write }; allow vendor_init update_data_file:file { read }; @@ -19,8 +20,20 @@ allow vendor_init self:capability sys_module; allow vendor_init proc:file write; allow vendor_init unlabeled:dir search; +allow vendor_init ffs_prop:property_service set; # optee allow vendor_init drm_device:chr_file setattr; # allow init mount a new filesystem and set its selinux contexts allow vendor_init unlabeled:dir { getattr read relabelfrom setattr }; + +set_prop(vendor_init, vendor_platform_prop) +set_prop(vendor_init, shell_prop) +set_prop(vendor_init, vendor_app_prop) +set_prop(vendor_init, media_prop) +set_prop(vendor_init, aml_display_prop) +set_prop(vendor_init, tv_config_prop) +set_prop(vendor_init, tv_prop) +set_prop(vendor_init, netflix_prop) +set_prop(vendor_init, vold_prop) +set_prop(vendor_init, config_prop) diff --git a/sepolicy/vold.te b/sepolicy/vold.te index dffc5bf..3a5d396 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -6,3 +6,7 @@ allow vold param_tv_file:dir { ioctl open read }; #for hw keymaster allow vold drm_device:chr_file {open read write ioctl}; + +allow vold fsck_exec:file {execute read open }; +allow vold kernel:system module_request; + diff --git a/sepolicy/wificond.te b/sepolicy/wificond.te index 34e68d6..34e68d6 100755..100644 --- a/sepolicy/wificond.te +++ b/sepolicy/wificond.te |