Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration #3

Open
wants to merge 29 commits into
base: master
Choose a base branch
from
Open

Integration #3

wants to merge 29 commits into from

Conversation

zoltan-ongithub
Copy link
Contributor

Rebase changes to latest AOSP master

liuyq and others added 28 commits June 15, 2016 13:43
@liuyq
sepolicy: update some selinux related rules
9cde589 
1. set security context for /dev/ttyFIQ0 and /dev/ttyAMA1
2. allow init to have more permissions for configfs dir and lnk_file

Change-Id: I388c0447a0ca915944bffd8c70a048bc945226a9
Signed-off-by: Yongqin Liu <[email protected]>
@liuyq
init.te: allow create sdcard link in /mnt
cd77c68 
to avoid avc like following:
avc:  denied  { create } for  pid=1 comm="init" name="sdcard" scontext=u:r:init:s0 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file permissive=1

Change-Id: I8d8adbf2819f5b6e09a1dae95816c731e495cbac
Signed-off-by: Yongqin Liu <[email protected]>
@liuyq
init.hikey.rc: set right user and group for uim service
6c1cf5e 
to avoid the following SELinux avc dac_override denial:
avc: denied { dac_override } for pid=1790 comm="uim" capability=1 scontext=u:r:hci_attach:s0 tcontext=u:r:hci_attach:s0 tclass=capability permissive=1

Change-Id: Ia0ff7ffbeac155fbc43b52c2ddc880d35c52a654
Signed-off-by: Yongqin Liu <[email protected]>
Merge "init.hikey.rc: set right user and group for uim service"
0c5a64e
@johnstultz-work
HiKey: Add initial powerHAL
7266c5f 
Mostly copied over from the flounder powerHAL,
this patch adds a basic powerHAL to include interactivty
boosting via the interactive cpufreq gov

Change-Id: I691d5874c7c61479aa4629fb2ae5dd83d52f4e4b
Signed-off-by: John Stultz <[email protected]>
@liuyq
init.hikey.rc: remove permission setting on /dev/cpuctl
daa32a7 
If not, it will cause dac_override avc denial warnings
for logd and healthd since they need to access the file
/dev/cpuctl/tasks in their source

Change-Id: If65d11e7122ef197ba43012c890637df835ce544
Signed-off-by: Yongqin Liu <[email protected]>
@vishalbhoj
hikey: Add wrapper script to build uefi
9a67d91 
Booloader sources are located under device/linaro/bootloader

Change-Id: I8b35f9a292f5037eac2e0a281f5345921a313b93
Signed-off-by: Vishal Bhoj <[email protected]>
@nickkral @pundiramit
suppress netd sys_module denial
14c7bc0 
Netd triggers sys_module denials, but the kernel has
CONFIG_MODULES=n. This denial is harmless, and is likely a result
of a permission check before verifying whether the kernel even has
module support.

Suppress these denials.

Change-Id: I8b2a7e3a1cdd7ae2f064ba952c110e0e2ead7fcc
@vishalbhoj
flash-all.sh: Allow flashing uefi built from source
2df2ca7 
Now that we have support to build uefi from source,
we allow user to choose which one to flash.

Minor cleanup:
Remove ANDROID_OUT which will be same as ANDROID_PRODUCT_OUT
Fixed shellcheck errors

Change-Id: I9e45b2970a481df085222ecd240e367cef75889c
Signed-off-by: Vishal Bhoj <[email protected]>
@liuyq
flash-all.sh: support for case that not run lunch
74aa066 
In the cases that we build in a script or built several days before,
we don't want to run "lunch hikey-userdebug" before run flash-all.sh

ANDROID_BUILD_TOP will be only availbe after run lunch command

Change-Id: I06c9479cd05a5178b6d1444eedbc67d743db28ae
Signed-off-by: Yongqin Liu <[email protected]>
@pundiramit
init.hikey.usb.rc: fix to bring down tethering interface
776e1e1 
Rndis (tethering) n/w interface, usb0, registration/deregistration is
broken. If a user try to switch to other functions or disable usb
tethering or unplug the usb cable then it doesn't kill "usb0" interface.

Clean registration and deregistration can be done by creating the rndis
function when user enable the tethering from Settings application
instead of creating it "on boot", and deleting the function when we
switch to other function or disable tethering or unplug the cable.

Relevent fix, Change-Id: If1f922e02277cccdc8c0b263be63989ee102cc80, to
create and delete RNDIS function, on need basis, is moved to
init.usb.configfs.rc

Change-Id: Icb49020d624fb21ef2607d473948cbbf3b9cc469
Reported-by: Winter Wang <[email protected]>
Signed-off-by: Amit Pundir <[email protected]>
Merge "init.hikey.rc: remove permission setting on /dev/cpuctl"
f914ccd
Merge "suppress netd sys_module denial"
6c13121
@jlucangelio
HiKey: Remove configfs SELinux definitions.
644d7ab 
https://android.googlesource.com/platform/system/sepolicy/+/c15090b315cc32d4bb55b5ff79b71b4383e1a793
has added configfs definitions to the main policy, so remove them from
here.

Bug: 30394208
Change-Id: I4abaef3497f006e1d8d122aa4cdfb1820c153f94
@liuyq
enable SELinux for hikey
57c4c72 
2 types remaining avc denials are mentioned here:

1. init domain on android0 file
https://android-review.googlesource.com/#/c/239530/
2. sys_module denial on netd domain
https://android-review.googlesource.com/#/c/239514/

Change-Id: I2623742ea10261908b1ab3ed7f999c5b8a8a6fb7
Signed-off-by: Yongqin Liu <[email protected]>
hikey: Fix serial console for kernel 4.1
1ccc21d 
Change-Id: I51ca9d5861119f3894446656c467a08188827a81
Signed-off-by: Dmitry Shmidt <[email protected]>
@johnstultz-work
hikey: wl18xx-fw: Update wifi firmware
064a170 
With v4.8-rc and above kernels, the wlcore driver requires
a newer version of the wifi firmware.

Thus this patch updates the firmware file to what is found via:
git://git.ti.com/wilink8-wlan/wl18xx_fw.git 9d054faf26f9ea166b925fca230d5c9784c553e4

("Updated to FW 8.9.0.0.69").

Change-Id: Idcbff9e7c32267fa30542bfdc77d6b687cb9a26b
Signed-off-by: John Stultz <[email protected]>
Merge "hikey: wl18xx-fw: Update wifi firmware"
73e309e
Merge "init.hikey.usb.rc: fix to bring down tethering interface"
4c18461
hikey: Add PRODUCT_BRAND := Android to change build fingerprint
3965ada 
Change-Id: Ib1da8dcf977e0beac1a731ff1f9bab0ab0d72329
Signed-off-by: Dmitry Shmidt <[email protected]>
hikey: Use ro.serialno to set usb_gadget string
128d7e6 
Change-Id: I40bb46ef58599aec12694308cb8cbcc42dd28f5f
Signed-off-by: Dmitry Shmidt <[email protected]>
@johnstultz-work
hikey: flash-all.sh: Add command to set unique serial number on flash
abe8022 
To set the unique serial number, we need to call fastboot oem serialno
from the l-loader.bin's fastboot mode (not the UEFI fastboot).

So generate a serialno when we are doing a flash-all.sh

Change-Id: Id5b3cb5530ad3b265c65d0b6b0900e8625a25de7
Signed-off-by: John Stultz <[email protected]>
@johnstultz-work
Add make clean option for bootloader build
b5d7339 
Change-Id: I5f51d36055a65333b8918fce541b187084623308
Signed-off-by: John Stultz <[email protected]>
@johnstultz-work
hikey: bootloader: Update prebuilt fip.bin and l-loader.bin to curren…
c53fc0c 
…t sources.

This updates the fip.bin and l-loader.bin to builds from the
latest sources.

Notable changes:
* Fix for uSD hang
* androidboot.serialno= support
* Device will reboot on poweroff if J1-2 (always power-on) is set,
  rather then just spin and overheat.

Built from the following trees:
https://android.googlesource.com/device/linaro/bootloader/arm-trusted-firmware 6c60217788fc109ccfb5b8789d66793277a1f9eb
https://android.googlesource.com/device/linaro/bootloader/edk2 b96baa8ce5b46dd4ef5697862c989244f5221dba
https://android.googlesource.com/device/linaro/bootloader/OpenPlatformPkg 0269b8d21bef2d80320b3b5fd2d02b3a35f3f8d4

Change-Id: I3eb1014aef3998bf6aec8addc22671a7e7833df9
Signed-off-by: John Stultz <[email protected]>
@johnstultz-work
HACK: hikey: Add system_server sepolicy rules to allow /proc/tid/time…
da09247 
…rslack_ns access

With the new /proc/<tid>/timerslack_ns interface, the system_server
needs to be able to write to that value. However, currently the
selinux policy seems to prevent this.

Using "adb logcat -d | audit2allow -p <sepolicy file>" I got the following
suggestions which I've added here.

I suspect there is a better way to limit write access to just the
timerslack_ns file, but I'm no selinux expert.

Suggestions would be welcome.

We should remove this after a proper solution is in /system/sepolicy/system_server.te

Change-Id: I1bc3a8f4a4f663131977fe6fc2c8afa309b7a7c0
Signed-off-by: John Stultz <[email protected]>
Merge branch 'master' of https://android-review.googlesource.com/devi…
78f1f74 
…ce/linaro/hikey into HEAD

Conflicts:
	installer/fip.bin
	installer/flash-all.sh
Update Kernel image name
a2633a6 
Android expects an Image-dtb file
Update fip.bin
a16e377 
Update fip.bin with ATF/OPTEE support enabled
@d3zd3z
Copy link
Contributor

d3zd3z commented Aug 17, 2016

I still think we should remove the fip.bin binary. We just get too many bug reports when it gets out of date with the ta and client code that we are building as part of Android.

It would only really make sense to include fip.bin if we have a branch/project that locks down specific versions of the rest of the OP-TEE code.

@d3zd3z
Copy link
Contributor

d3zd3z commented Aug 17, 2016

Also should probably describe this as a merge instead of a rebase.

@zoltan-ongithub
Copy link
Contributor Author

Thanks. I will try to make the file to built directly from AOSP (it is already supported) and update the pull request.

Add SELinux support for tee-supplicant
2411d4d 
Reusing the existing domain for tee defined
in system/sepolicy.

Signed-off-by: Zoltan Kuscsik <[email protected]>
@d3zd3z d3zd3z mentioned this pull request Aug 19, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@zoltan-ongithub @d3zd3z @liuyq @johnstultz-work @vishalbhoj @nickkral @pundiramit @jlucangelio