summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* am57xevm: Decrease userdata image sized-oreo-mr1-core-releaseMykhailo Sopiha2019-01-041-4/+4
| | | | | | | | | | | This patch decreases userdata image size due to partition size changes in u-boot[1]. from project https://android.googlesource.com/platform/external/u-boot commit: 528920f94ef22f9e5cf183cc193246e01280c65e Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org> Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: add default density as build optionMykhailo Sopiha2018-11-271-0/+1
| | | | Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org>
* sepolicy: Allow ueventd to request modulesRuslan Trofymenko2018-11-091-0/+1
| | | | | | | Allow ueventd to request the kernel to load modules Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org> Acked-by: Praneeth Bajjuri <praneeth@ti.com>
* Revert "Revert "Remove unneeded explicit module loading""Ruslan Trofymenko2018-10-302-70/+3
| | | | | | | | | | | This reverts commit 1f229f1307e374b2d7e2a6041b5ffdf4441ff305. Now that we have proper sepolicy rule in place and touchscreen works fine, let's enable dynamic kernel module loading again (instead of loading the modules on init). Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org> Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: sepolicy: Allow ueventd to insert modulesRuslan Trofymenko2018-10-301-0/+4
| | | | | | | Allow ueventd daemon to load modules in response to modalias events. This patch makes dynamic kernel module loading work in 'enforcing' mode. Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: add kernel modules for pruss EthernetHongmei Gou2018-10-262-1/+8
| | | | Signed-off-by: Hongmei Gou <a0271529@ti.com>
* am57xevm: Disable wificondRuslan Trofymenko2018-10-121-0/+4
| | | | | | Disable a routine way to boot up of the wificond service. Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Allow system_server to update timerslack_nsRuslan Trofymenko2018-10-121-0/+2
| | | | | | | | | | | | | | Allow system_server to update timerslack_ns for hal_audio_default. The path based on commit [1] and ensures an eliminations of SELinux warning during audio/video playback: avc: denied { write } for pid=321 comm="Binder:321_6" name="timerslack_ns" dev="proc" ino=21459 scontext=u:r:system_server:s0 tcontext=u:r:hal_audio_default:s0 tclass=file permissive=0 [1] https://android-review.googlesource.com/c/platform/system/sepolicy/+/647420 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Mark sp-hal filesRuslan Trofymenko2018-10-121-0/+2
| | | | | | | | | | | | | | Mark /system/lib/vndk-sp/hw path as 'sp-hal' namespace. This patch fixes SELinux messages like: avc: denied { open } for pid=222 comm="HwBinder:222_5" path="/system/lib/vndk-sp/hw" dev="mmcblk1p10" ino=799 scontext=u:r:mediacodec:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org> Acked-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org>
* am57xevm: sepolicy: Associate proc_net filesystemRuslan Trofymenko2018-10-121-0/+1
| | | | | | | | | | | | Associate the proc_net filesystem with the proc filesystem. This patch fixes the follow SELinux message: avc: denied { associate } for pid=141 comm="Binder:141_2" name="globalAlert" scontext=u:object_r:proc_net:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=1 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Allow access for memtrackRuslan Trofymenko2018-10-121-0/+1
| | | | | | | | | | | | | Allow access for memtrack to sync device file. This patch fixes the follow SELinux message: avc: denied { map } for pid=169 comm="android.hardwar" path="/dev/pvrsrvkm" dev="tmpfs" ino=9924 scontext=u:r:hal_memtrack_default:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Allow to load .idc fileRuslan Trofymenko2018-10-122-0/+5
| | | | | | | | | | | | | Allow system_server to load input device configurations. This patch fixes the follow SELinux message: avc: denied { map } for pid=326 comm="InputReader" path="/vendor/usr/idc/pixcir_tangoc.idc" dev="mmcblk1p11" ino=14 scontext=u:r:system_server:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* Remove ION related projectsAndrew F. Davis2018-09-041-5/+0
| | | | | | These are not avaliable anymore, drop them. Signed-off-by: Andrew F. Davis <afd@ti.com>
* Delete recovery rc fileAndrew F. Davis2018-09-042-12/+0
| | | | | | This file is empty and not needed anymore. Signed-off-by: Andrew F. Davis <afd@ti.com>
* am57xevm: Remove WiFi featureMykhailo Sopiha2018-08-314-80/+1
| | | | | | | This patch removes all wifi configuration parameters. Fixes monkeytest wifi-related nullpointer dereferences. Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org>
* Revert "Remove unneeded explicit module loading"Praneeth Bajjuri2018-08-162-3/+63
| | | | | | | | | | | | | | This reverts commit 4a0699e373861e9f8967eb4e42256e54b84bc64d. System error with a report "Internal problem with your device". This could be due to missing treble /sepolicy fixes on o-mr1 too. kernel module (touchscreen) needs to be initialized late on o-mr1. So reverting for now, Re enable the feature when all the needed fixes for udev dynamic module loading are identified. Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: sepolicy: Mark vendor libs as SPHALRuslan Trofymenko2018-08-101-0/+10
| | | | | | | This patch allows selinux enforced board to boot up. For this some vendor libs are marked as Same-Process HAL. Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Allow CAS to use vndbinderRuslan Trofymenko2018-08-101-0/+1
| | | | | | | | | | | | | | | | | | android.hardware.cas@1.0-service communicates to other vendor components via /dev/vndbinder. (/hardware/interfaces/cas/1.0/default/service.cpp): android::ProcessState::initWithDriver("/dev/vndbinder"); At bootup SELinux shows message: avc: denied { open } for pid=165 comm="android.hardwar" path="/dev/vndbinder" dev="tmpfs" ino=5362 scontext=u:r:hal_cas_default:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1 Was added the rule that allows the vndbinder to be used by the conditional access system.
* am57xevm: sepolicy: Allow hwcomposer to use ueventRuslan Trofymenko2018-08-101-0/+1
| | | | | | | | | | | | The hwcomposer module uses the kernel messages interface (NETLINK_KOBJECT_UEVENT) (hardware/ti/dra7xx/hwcomposer/hwc.cc): uevent_init(); ... Was added the sepolicy that allows operations with the uevent socket. Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Allow graphics composer to use vndbinderRuslan Trofymenko2018-08-101-0/+1
| | | | | | | | | | | | | | | | | | | | android.hardware.graphics.composer@2.1-service communicates to other vendor components via /dev/vndbinder. (/hardware/interfaces/graphics/composer/2.1/default/service.cpp): android::ProcessState::initWithDriver("/dev/vndbinder"); At bootup SELinux shows message: avc: denied { open } for pid=169 comm="android.hardwar" path="/dev/vndbinder" dev="tmpfs" ino=5362 ioctlcmd=0x6209 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1 Was added the rule that allows the vndbinder to be used by graphics.composer@1.0-service. Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Allow access netd to /proc/netRuslan Trofymenko2018-08-101-0/+3
| | | | | | | | | | | | | 'netd' daemon require access to /proc/net items, for example [1]: asprintf(&fname, "/proc/net/xt_quota/%s", quotaName); fp = fopen(fname, "we"); Were added the rules for manipulations with /proc/net filesystem. [1] system/netd/server/BandwidthController.cpp Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Access for init to /proc /sysRuslan Trofymenko2018-08-101-0/+8
| | | | | | | | | | | | | | Generic init.rc contains the commands for write operations to /proc and /sys, for example: write /proc/sys/kernel/sysrq 0 write /sys/class/leds/vibrator/trigger "transient" but generic sepolicies don't contain accorded rules. Were added the permissions for access to /proc and /sys. Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Add cgroup permissions for initRuslan Trofymenko2018-08-102-0/+4
| | | | | | | | | | | | | | | | | | Generic init.rc contains the commands for creating cgroup nodes, for example: mkdir /dev/memcg 0700 root system mount cgroup none /dev/memcg memory but generic sepolicies don't contain accorded rules. Also generic zygote .rc files contain commands for PID writing to process list in cgroup nodes. These commands can require the creating permission. Were added the creating permissions for 'init' and 'zygote' processes. Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Fix vndservicemanager warningRuslan Trofymenko2018-08-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | SELinux was generating warnings about vndservicemanager attempts to gain access to events tags storage (/dev/event-log-tags) for map action. That used to happen once during a boot process in consequence of initialisation selinux handler in module frameworks/native/cmds/servicemanager/service_manager.c: sehandle = selinux_android_vendor_service_context_handle(); In context of this initialisation the selinux_log function is performed that causes a call to /dev/event-log-tags. Unwinding of followed calls leads to __write_to_log_daemon function in module system/core/liblog/logger_write.c This function contains the code which interacts with EventTagMap data. As a result this code performs in vndservicemanager context. Sepolicy dontaudit for vndservicemanager for map action is generated. Change-Id: I21cc555a44731b9734d09eff63eda447de2df366 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Access for init to /proc/cpu/alignmentRuslan Trofymenko2018-08-102-0/+5
| | | | | | | | | | | | | | | | | | | | | | init.rc contains a write instruction for managing the alignment: write /proc/cpu/alignment 4 As a result SELinux generates warning: avc: denied { write } for pid=1 comm="init" name="alignment" dev="proc" ino=4026532139 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 avc: denied { open } for pid=1 comm="init" path="/proc/cpu/alignment" dev="proc" ino=4026532139 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 The generated policy allows write access for 'init' to /proc/cpu/alignment Change-Id: I0b94aa79d94722393f2ed9d5f5e158c13f657dd4 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Fix hal_drm_default warningRuslan Trofymenko2018-08-101-0/+1
| | | | | | | | | | | | | | | | | | | android.hardware.drm@1.0-service communicates to other vendor components via /dev/vndbinder. (hardware\interfaces\drm\1.0\default\service.cpp): android::ProcessState::initWithDriver("/dev/vndbinder"); At bootup SELinux shows message: avc: denied { read } for comm="android.hardwar" name="vndbinder" dev="tmpfs" ino=5320 scontext=u:r:hal_drm_default:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=0 Was added rule that allows the vndbinder to be used by drm@1.0-service. Change-Id: I81974cd4d4bfdf482bddd11bad5aaf6d9ba6435c Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Access for healthd to wake_alarmRuslan Trofymenko2018-08-101-0/+1
| | | | | | | Add rule for 'healthd' daemon for access to wake_alarm. Change-Id: I4258e66503693f2d7500f1f86e7360c08a607b66 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: sepolicy: Disable audit for dac_read_searchRuslan Trofymenko2018-08-105-0/+6
| | | | | | | | | | | | | | | | | This commit disable audit for dac_read_search for the next domains: - init - vold - zygote - installd - lmkd These processes already has 'dac_override' capability with greater permissions. Also the presence of both capabilities in kernel 4.14+ causes warnings with dac_read_search denials, but access is allowed anyway. Change-Id: Ifb35fc83267201a51a0f1565ec98132d2e439728 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: turned on legacy PRODUCT_COMPATIBILITY_MATRIX_LEVELMykhailo Sopiha2018-08-102-9/+2
| | | | | | | | | This patch switches default framework compatibility matrix to legacy. It is done to turn off the gatekeeper as a mandatory hal when treble is on. Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org> Acked-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: Enable FULL_TREBLEMykhailo Sopiha2018-08-104-14/+106
| | | | | | | | | | | | | | | This patch sets ro.treble.enabled option to true, configures build and allows board to boot to UI. for thi thing above need were done: - Enabled FULL_TREBLE and vndk support in device.mk - Enforced VINFT manifest as part of treble requirements - Added compatibility matrix to match device manifest and pass prebuild checks - Added missing services for compatibility matrix - Changed raw copying of device manifest with core build variable - Extended device manifest with missing hals Change-Id: Id08af9a66d95bdf8496ce793eeef6060c519802c Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org> Acked-by: Praneeth Bajjuri <praneeth@ti.com>
* Remove unneeded explicit module loadingAndrew F. Davis2018-08-072-63/+3
| | | | | Signed-off-by: Andrew F. Davis <afd@ti.com> Acked-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: Boardconfig: Enable TARGET_USES_64_BIT_BINDERMykhailo Sopiha2018-08-021-0/+1
| | | | | | | | | | | | | | Kernel disabled support of legacy lvl7 (both on 32 and 64 bit boards) hwbinder API due to aosp updates. That is why hwbinder API lvl 8 only is used for both 32 and 64 bit platforms since that update. need to enable TARGET_USES_64_BIT_BINDER to fix binder protocol mismatch and opening errors. Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org> Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: Remove vpetest from product packagesRuslan Trofymenko2018-07-131-1/+0
| | | | | | | | | | Removing vpetest from list of product packages for installation. Change-Id: I83ffa53afd914a759cc211a543374b81cd1cd1cb Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org> Acked-by: Andrew F. Davis <afd@ti.com> [praneeth@ti.com: minor edit: whitespace error] Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: heap size expanding to fix OOM errorsMykhailo Sopiha2018-07-131-1/+1
| | | | | | | | | | While CTS execution maximum available heap was reached. This commit expands max heap by changing dalvik-heap.mk This fixes OOM errors during CTS full test plan execution. Change-Id: I9aaf9327081eb6a3fad870517b9d657deab2b201 Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org>
* fastboot.sh: update scripts to flash fit imageHongmei Gou2018-07-101-1/+6
| | | | | Signed-off-by: Hongmei Gou <a0271529@ti.com> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
* Revert "am57xevm: Update SELinux policies"Praneeth Bajjuri2018-06-1911-39/+0
| | | | | | | | | | | | | | | | | | | | | | | This reverts commit c9981037c95dfcfaeedc2b20445545291754bef0. This causes build failure on android master and further needs investigation libsepol.report_failure: neverallow on system/sepolicy/public/domain.te violated by allow zygote cgroup:file { create }; init cgroup:file { create }; init proc:dir { write add_name }; init sysfs:dir { add_name }; zygote zygote:capability { dac_read_search }; installd installd:capability { dac_read_search }; init init:capability { dac_read_search }; vold vold:capability { dac_read_search }; surfaceflinger surfaceflinger:capability { dac_override }; libsepol.check_assertions: 9 neverallow failures occurred Error while expanding policy Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: device.mk: add vndk_package and libunwindYongqin Liu2018-06-181-0/+6
| | | | | | | | | | add vndk_package and libunwind as this is needed for aosp master build Change-Id: I027877d3401ae1bcca97d1397fd3894d17a00fdb Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org> [praneeth@ti.com: cherry-pick to ti android baseline] Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* Switch from device/ti/proprietary-open to vendor/ti for binariesAndrew F. Davis2018-06-181-3/+5
| | | | | | | This is more in line with other vendors who use clickwrap archives to store binaries that extract into vendor/ based directories. Signed-off-by: Andrew F. Davis <afd@ti.com>
* Remove incorrect WiFi definitionsAndrew F. Davis2018-06-152-15/+0
| | | | | | | | None of the supported platforms, AM572x EVM, AM57xx IDK, nor BeagleBoard X15 have on-board WiFi. Remove these definitions that incorrectly declare we have a WL12xx module. Signed-off-by: Andrew F. Davis <afd@ti.com>
* Remove layout configuration overlays for Launcher2Andrew F. Davis2018-06-152-148/+0
| | | | | | | We do not use Launcher2 anymore, remove these unused configuration overlays. Signed-off-by: Andrew F. Davis <afd@ti.com>
* am57xevm: remove pru eth and icss supportPraneeth Bajjuri2018-06-153-8/+0
| | | | | | | | remove pru eth and icss support inherited during previous android version. This should be added back ,when all of the applicable changes are ready. Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: device.mk: remove IPU2 buildPraneeth Bajjuri2018-06-151-1/+0
| | | | | | | remove IPU2 M4 FW packaging and build from am57xevm android sdk Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: touchscreen: remove LDC 3001 touch supportPraneeth Bajjuri2018-06-152-26/+0
| | | | | | | remove LDC 3001 touch controller support as this is not present on am57xevm platform variants. Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: sepolicy: remove APPE selinux policyPraneeth Bajjuri2018-06-151-6/+0
| | | | | | | cleanup: remove unapplicable selinux policy for APPE service(doesnt exist anymore). Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: init: remove 2d Blitter modulePraneeth Bajjuri2018-06-151-3/+0
| | | | | | remove 2D Blitter GC320 module initialization from init Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: remove cmem servicePraneeth Bajjuri2018-06-156-14/+1
| | | | | | | | remove cmem service and assocated service and selinux policy, as this is not applicable for targeted am57xevm android sdk. Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: sepolicy: allow init to hold wake lockVishal Mahaveer2018-06-151-0/+2
| | | | | | | | | | | | On am57xevm we hold a dummy wake lock via init*.rc. Add sepolicy rule to cover this. Change-Id: Ibc7117daede874edd7b9e959fdfacd7815a21842 Signed-off-by: Vishal Mahaveer <vishalm@ti.com> [praneeth@ti.com: cherry-pick to device/ti/am57xevm and minor commitmsg update] Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: Remove unsupported CODEC definitionsAndrew F. Davis2018-06-141-58/+0
| | | | | | | | The "DUCATI" video accelerators are not currently supported. Remove their definition here. Signed-off-by: Andrew F. Davis <afd@ti.com> Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
* am57xevm: Update SELinux policiesRuslan Trofymenko2018-06-1411-0/+39
| | | | | | | | | | Update SELinux policies for Android boot process. Android can boot to UI in enforced mode. Further Android working logs should be captured and checked for SE warnings. Policies should be updated due to new warnings appeared in logs. Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
* am57xevm: turn off all BT from configMykhailo Sopiha2018-06-141-3/+0
| | | | | | Turn off all BT components from device config. Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org>