diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-04-14 07:49:54 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-04-14 07:49:54 +0000 |
commit | 320378cc4218abd742171210b2b8920b1da779b8 (patch) | |
tree | 0bbc3b103f6a817ebe14201d1926146f75d8bf94 | |
parent | c6dcc00b240a43a89f1733307640b12b32a504cb (diff) | |
parent | d1200b5b48b74d8b5bb94fdcdc5229fce7473344 (diff) | |
download | goldfish-android13-qpr3-c-s1-release.tar.gz |
Snap for 9929149 from d1200b5b48b74d8b5bb94fdcdc5229fce7473344 to tm-qpr3-c-releaseandroid-13.0.0_r82android-13.0.0_r81android-13.0.0_r80android-13.0.0_r74android-13.0.0_r73android-13.0.0_r72android-13.0.0_r66android-13.0.0_r65android-13.0.0_r64android-13.0.0_r60android-13.0.0_r59android-13.0.0_r58android13-qpr3-c-s8-releaseandroid13-qpr3-c-s7-releaseandroid13-qpr3-c-s6-releaseandroid13-qpr3-c-s5-releaseandroid13-qpr3-c-s4-releaseandroid13-qpr3-c-s3-releaseandroid13-qpr3-c-s2-releaseandroid13-qpr3-c-s12-releaseandroid13-qpr3-c-s11-releaseandroid13-qpr3-c-s10-releaseandroid13-qpr3-c-s1-release
Change-Id: I426768aeda3eee4dafb5ac52c37d2a00034a7d6b
-rw-r--r-- | 64bitonly/product/vendor.mk | 3 | ||||
-rw-r--r-- | arm64-kernel.mk | 32 | ||||
-rw-r--r-- | fstab.ranchu.arm | 1 | ||||
-rw-r--r-- | fstab.ranchu.x86 | 1 | ||||
-rw-r--r-- | init.ranchu.rc | 9 | ||||
-rw-r--r-- | kernel_modules.blocklist | 1 | ||||
-rw-r--r-- | sepolicy/common/dlkm_loader.te | 30 | ||||
-rw-r--r-- | sepolicy/common/file_contexts | 1 | ||||
-rw-r--r-- | sepolicy/common/property.te | 1 | ||||
-rw-r--r-- | sepolicy/common/property_contexts | 1 | ||||
-rw-r--r-- | vendor.mk | 1 | ||||
-rw-r--r-- | x86_64-kernel.mk | 31 |
12 files changed, 103 insertions, 9 deletions
diff --git a/64bitonly/product/vendor.mk b/64bitonly/product/vendor.mk index 9749c67e..909fb230 100644 --- a/64bitonly/product/vendor.mk +++ b/64bitonly/product/vendor.mk @@ -68,7 +68,8 @@ PRODUCT_PACKAGES += \ goldfish_overlay_connectivity_gsi \ EmulatorTetheringConfigOverlay \ MultiDisplayProvider \ - libGoldfishProfiler + libGoldfishProfiler \ + dlkm_loader ifneq ($(EMULATOR_VENDOR_NO_FINGERPRINT), true) PRODUCT_PACKAGES += \ diff --git a/arm64-kernel.mk b/arm64-kernel.mk index b679e17a..6326121c 100644 --- a/arm64-kernel.mk +++ b/arm64-kernel.mk @@ -1,8 +1,32 @@ TARGET_KERNEL_USE ?= 5.15 -KERNEL_MODULES_PATH := kernel/prebuilts/common-modules/virtual-device/$(TARGET_KERNEL_USE)/arm64 +KERNEL_ARTIFACTS_PATH := kernel/prebuilts/$(TARGET_KERNEL_USE)/arm64 -BOARD_VENDOR_RAMDISK_KERNEL_MODULES += \ - $(filter-out $(KERNEL_MODULES_EXCLUDE), $(wildcard $(KERNEL_MODULES_PATH)/*.ko)) +VIRTUAL_DEVICE_KERNEL_MODULES_PATH := \ + kernel/prebuilts/common-modules/virtual-device/$(TARGET_KERNEL_USE)/arm64 -EMULATOR_KERNEL_FILE := kernel/prebuilts/$(TARGET_KERNEL_USE)/arm64/kernel-$(TARGET_KERNEL_USE)-gz +# The list of modules to reach the second stage. For performance reasons we +# don't want to put all modules into the ramdisk. +RAMDISK_KERNEL_MODULES := \ + virtio_blk.ko \ + virtio_console.ko \ + virtio_dma_buf.ko \ + virtio_mmio.ko \ + virtio_pci.ko \ + virtio_pci_modern_dev.ko \ + virtio-rng.ko \ + vmw_vsock_virtio_transport.ko \ + +BOARD_SYSTEM_KERNEL_MODULES := $(wildcard $(KERNEL_ARTIFACTS_PATH)/*.ko) + +BOARD_VENDOR_RAMDISK_KERNEL_MODULES := \ + $(patsubst %,$(VIRTUAL_DEVICE_KERNEL_MODULES_PATH)/%,$(RAMDISK_KERNEL_MODULES)) + +BOARD_VENDOR_KERNEL_MODULES := \ + $(filter-out $(BOARD_VENDOR_RAMDISK_KERNEL_MODULES),\ + $(wildcard $(VIRTUAL_DEVICE_KERNEL_MODULES_PATH)/*.ko)) + +BOARD_VENDOR_KERNEL_MODULES_BLOCKLIST_FILE := \ + device/generic/goldfish/kernel_modules.blocklist + +EMULATOR_KERNEL_FILE := $(KERNEL_ARTIFACTS_PATH)/kernel-$(TARGET_KERNEL_USE)-gz diff --git a/fstab.ranchu.arm b/fstab.ranchu.arm index f2f90351..a365e6da 100644 --- a/fstab.ranchu.arm +++ b/fstab.ranchu.arm @@ -5,6 +5,7 @@ system /system ext4 ro,barrier=1 wait,logical,first_stage_mount vendor /vendor ext4 ro,barrier=1 wait,logical,first_stage_mount product /product ext4 ro,barrier=1 wait,logical,first_stage_mount +system_dlkm /system_dlkm erofs ro wait,logical,first_stage_mount system_ext /system_ext ext4 ro,barrier=1 wait,logical,first_stage_mount /dev/block/vdc /data ext4 noatime,nosuid,nodev,nomblk_io_submit,errors=panic wait,check,quota,fileencryption=aes-256-xts:aes-256-cts,reservedsize=128M,fsverity,keydirectory=/metadata/vold/metadata_encryption,latemount /dev/block/platform/a003c00.virtio_mmio/by-name/metadata /metadata ext4 noatime,nosuid,nodev wait,formattable,first_stage_mount diff --git a/fstab.ranchu.x86 b/fstab.ranchu.x86 index c24961bb..0de03e63 100644 --- a/fstab.ranchu.x86 +++ b/fstab.ranchu.x86 @@ -3,6 +3,7 @@ system /system ext4 ro,barrier=1 wait,logical,avb=vbmeta,first_stage_mount vendor /vendor ext4 ro,barrier=1 wait,logical,first_stage_mount product /product ext4 ro,barrier=1 wait,logical,first_stage_mount +system_dlkm /system_dlkm erofs ro wait,logical,first_stage_mount system_ext /system_ext ext4 ro,barrier=1 wait,logical,first_stage_mount /dev/block/vdc /data ext4 noatime,nosuid,nodev,nomblk_io_submit,errors=panic wait,check,quota,fileencryption=aes-256-xts:aes-256-cts,reservedsize=128M,fsverity,keydirectory=/metadata/vold/metadata_encryption,latemount /dev/block/pci/pci0000:00/0000:00:06.0/by-name/metadata /metadata ext4 noatime,nosuid,nodev wait,formattable,first_stage_mount diff --git a/init.ranchu.rc b/init.ranchu.rc index 870947e8..2688f18a 100644 --- a/init.ranchu.rc +++ b/init.ranchu.rc @@ -24,6 +24,8 @@ on early-init # GTS tests are migrated to ro.boot.qemu. setprop ro.kernel.qemu 1 + start vendor.dlkm_loader + on init # set RLIMIT_MEMLOCK to 8MB for BPF network statistics setrlimit memlock 8388608 8388608 @@ -103,6 +105,13 @@ on boot # Create an unused USB gadget to allow sysfs testing mkdir /config/usb_gadget/g1 0770 root root +service vendor.dlkm_loader /vendor/bin/dlkm_loader + class main + user root + group root system + disabled + oneshot + service ranchu-setup /vendor/bin/init.ranchu-core.sh class core user root diff --git a/kernel_modules.blocklist b/kernel_modules.blocklist new file mode 100644 index 00000000..8dc5e712 --- /dev/null +++ b/kernel_modules.blocklist @@ -0,0 +1 @@ +blocklist vkms.ko diff --git a/sepolicy/common/dlkm_loader.te b/sepolicy/common/dlkm_loader.te new file mode 100644 index 00000000..6f633c7b --- /dev/null +++ b/sepolicy/common/dlkm_loader.te @@ -0,0 +1,30 @@ +type dlkm_loader, domain; +type dlkm_loader_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(dlkm_loader) + +# Allow insmod on vendor, system and system_dlkm partitions +allow dlkm_loader self:capability sys_module; +allow dlkm_loader system_dlkm_file:dir r_dir_perms; +allow dlkm_loader system_dlkm_file:file r_file_perms; +allow dlkm_loader system_dlkm_file:system module_load; +allow dlkm_loader system_file:system module_load; +allow dlkm_loader vendor_file:system module_load; + +# needed for libmodprobe to read kernel commandline +allow dlkm_loader proc_cmdline:file r_file_perms; + +# Needed because CONFIG_USB_DUMMY_HCD adds some additional logic to +# finit_module() syscall, causing that syscall to create/update keyrings. +# Once we remove CONFIG_USB_DUMMY_HCD config, self:key write permission can be +# removed. +allow dlkm_loader self:key write; + +# Allow writing to kernel log +allow dlkm_loader kmsg_device:chr_file rw_file_perms; + +# dlkm_loader searches tracefs while looking for modules +dontaudit dlkm_loader debugfs_bootreceiver_tracing:dir search; +dontaudit dlkm_loader debugfs_mm_events_tracing:dir search; + +set_prop(dlkm_loader, vendor_dlkm_prop) diff --git a/sepolicy/common/file_contexts b/sepolicy/common/file_contexts index a999cc26..d58270b3 100644 --- a/sepolicy/common/file_contexts +++ b/sepolicy/common/file_contexts @@ -35,6 +35,7 @@ /vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0 /vendor/bin/qemu-adb-keys u:object_r:qemu_adb_keys_exec:s0 /vendor/bin/qemu-device-state u:object_r:qemu_device_state_exec:s0 +/vendor/bin/dlkm_loader u:object_r:dlkm_loader_exec:s0 /vendor/bin/qemu-props u:object_r:qemu_props_exec:s0 /vendor/bin/mac80211_create_radios u:object_r:mac80211_create_radios_exec:s0 /vendor/bin/hw/libgoldfish-rild u:object_r:rild_exec:s0 diff --git a/sepolicy/common/property.te b/sepolicy/common/property.te index 9b081d7f..126fdb54 100644 --- a/sepolicy/common/property.te +++ b/sepolicy/common/property.te @@ -1,4 +1,5 @@ system_restricted_prop(vendor_qemu_adb_prop) +vendor_restricted_prop(vendor_dlkm_prop) vendor_restricted_prop(vendor_qemu_prop) vendor_restricted_prop(vendor_net_wlan0_prop) vendor_restricted_prop(vendor_net_eth0_prop) diff --git a/sepolicy/common/property_contexts b/sepolicy/common/property_contexts index 9aecb779..316437dc 100644 --- a/sepolicy/common/property_contexts +++ b/sepolicy/common/property_contexts @@ -1,3 +1,4 @@ +vendor.dlkm.modules.ready u:object_r:vendor_dlkm_prop:s0 exact bool vendor.qemu.adb.copykey u:object_r:vendor_qemu_adb_prop:s0 exact bool vendor.qemu.keyboard_layout u:object_r:vendor_qemu_prop:s0 exact string vendor.qemu.logcat_filter u:object_r:vendor_qemu_prop:s0 exact string @@ -67,6 +67,7 @@ PRODUCT_PACKAGES += \ libstagefright_goldfish_avcdec \ MultiDisplayProvider \ libGoldfishProfiler \ + dlkm_loader ifneq ($(EMULATOR_VENDOR_NO_FINGERPRINT), true) PRODUCT_PACKAGES += \ diff --git a/x86_64-kernel.mk b/x86_64-kernel.mk index e372fc35..ea146a3a 100644 --- a/x86_64-kernel.mk +++ b/x86_64-kernel.mk @@ -1,8 +1,31 @@ TARGET_KERNEL_USE ?= 5.15 -KERNEL_MODULES_PATH := kernel/prebuilts/common-modules/virtual-device/$(TARGET_KERNEL_USE)/x86-64 +KERNEL_ARTIFACTS_PATH := kernel/prebuilts/$(TARGET_KERNEL_USE)/x86_64 -BOARD_VENDOR_RAMDISK_KERNEL_MODULES += \ - $(filter-out $(KERNEL_MODULES_EXCLUDE), $(wildcard $(KERNEL_MODULES_PATH)/*.ko)) +VIRTUAL_DEVICE_KERNEL_MODULES_PATH := \ + kernel/prebuilts/common-modules/virtual-device/$(TARGET_KERNEL_USE)/x86-64 -EMULATOR_KERNEL_FILE := kernel/prebuilts/$(TARGET_KERNEL_USE)/x86_64/kernel-$(TARGET_KERNEL_USE) +# The list of modules to reach the second stage. For performance reasons we +# don't want to put all modules into the ramdisk. +RAMDISK_KERNEL_MODULES := \ + virtio_blk.ko \ + virtio_console.ko \ + virtio_dma_buf.ko \ + virtio_pci.ko \ + virtio_pci_modern_dev.ko \ + virtio-rng.ko \ + vmw_vsock_virtio_transport.ko \ + +BOARD_SYSTEM_KERNEL_MODULES := $(wildcard $(KERNEL_ARTIFACTS_PATH)/*.ko) + +BOARD_VENDOR_RAMDISK_KERNEL_MODULES := \ + $(patsubst %,$(VIRTUAL_DEVICE_KERNEL_MODULES_PATH)/%,$(RAMDISK_KERNEL_MODULES)) + +BOARD_VENDOR_KERNEL_MODULES := \ + $(filter-out $(BOARD_VENDOR_RAMDISK_KERNEL_MODULES),\ + $(wildcard $(VIRTUAL_DEVICE_KERNEL_MODULES_PATH)/*.ko)) + +BOARD_VENDOR_KERNEL_MODULES_BLOCKLIST_FILE := \ + device/generic/goldfish/kernel_modules.blocklist + +EMULATOR_KERNEL_FILE := $(KERNEL_ARTIFACTS_PATH)/kernel-$(TARGET_KERNEL_USE) |