Snap for 9929149 from d1200b5b48b74d8b5bb94fdcdc5229fce7473344 to tm-qpr3-c-releaseandroid-13.0.0_r82 android-13.0.0_r81 android-13.0.0_r80 android-13.0.0_r74 android-13.0.0_r73 android-13.0.0_r72 android-13.0.0_r66 android-13.0.0_r65 android-13.0.0_r64 android-13.0.0_r60 android-13.0.0_r59 android-13.0.0_r58 android13-qpr3-c-s8-release android13-qpr3-c-s7-release android13-qpr3-c-s6-release android13-qpr3-c-s5-release android13-qpr3-c-s4-release android13-qpr3-c-s3-release android13-qpr3-c-s2-release android13-qpr3-c-s12-release android13-qpr3-c-s11-release android13-qpr3-c-s10-release android13-qpr3-c-s1-release

Change-Id: I426768aeda3eee4dafb5ac52c37d2a00034a7d6b
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-04-14 07:49:54 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-04-14 07:49:54 +0000
commit: 320378cc4218abd742171210b2b8920b1da779b8 (patch)
tree: 0bbc3b103f6a817ebe14201d1926146f75d8bf94
parent: c6dcc00b240a43a89f1733307640b12b32a504cb (diff)
parent: d1200b5b48b74d8b5bb94fdcdc5229fce7473344 (diff)
download: goldfish-android13-qpr3-c-s8-release.tar.gz
12 files changed, 103 insertions, 9 deletions
diff --git a/64bitonly/product/vendor.mk b/64bitonly/product/vendor.mk
index 9749c67e..909fb230 100644
--- a/64bitonly/product/vendor.mk
+++ b/64bitonly/product/vendor.mk
@@ -68,7 +68,8 @@ PRODUCT_PACKAGES += \
     goldfish_overlay_connectivity_gsi \
     EmulatorTetheringConfigOverlay \
     MultiDisplayProvider \
-    libGoldfishProfiler
+    libGoldfishProfiler \
+    dlkm_loader
 
 ifneq ($(EMULATOR_VENDOR_NO_FINGERPRINT), true)
     PRODUCT_PACKAGES += \
diff --git a/arm64-kernel.mk b/arm64-kernel.mk
index b679e17a..6326121c 100644
--- a/arm64-kernel.mk
+++ b/arm64-kernel.mk
@@ -1,8 +1,32 @@
 TARGET_KERNEL_USE ?= 5.15
 
-KERNEL_MODULES_PATH := kernel/prebuilts/common-modules/virtual-device/$(TARGET_KERNEL_USE)/arm64
+KERNEL_ARTIFACTS_PATH := kernel/prebuilts/$(TARGET_KERNEL_USE)/arm64
 
-BOARD_VENDOR_RAMDISK_KERNEL_MODULES += \
-    $(filter-out $(KERNEL_MODULES_EXCLUDE), $(wildcard $(KERNEL_MODULES_PATH)/*.ko))
+VIRTUAL_DEVICE_KERNEL_MODULES_PATH := \
+    kernel/prebuilts/common-modules/virtual-device/$(TARGET_KERNEL_USE)/arm64
 
-EMULATOR_KERNEL_FILE := kernel/prebuilts/$(TARGET_KERNEL_USE)/arm64/kernel-$(TARGET_KERNEL_USE)-gz
+# The list of modules to reach the second stage. For performance reasons we
+# don't want to put all modules into the ramdisk.
+RAMDISK_KERNEL_MODULES := \
+    virtio_blk.ko \
+    virtio_console.ko \
+    virtio_dma_buf.ko \
+    virtio_mmio.ko \
+    virtio_pci.ko \
+    virtio_pci_modern_dev.ko \
+    virtio-rng.ko \
+    vmw_vsock_virtio_transport.ko \
+
+BOARD_SYSTEM_KERNEL_MODULES := $(wildcard $(KERNEL_ARTIFACTS_PATH)/*.ko)
+
+BOARD_VENDOR_RAMDISK_KERNEL_MODULES := \
+    $(patsubst %,$(VIRTUAL_DEVICE_KERNEL_MODULES_PATH)/%,$(RAMDISK_KERNEL_MODULES))
+
+BOARD_VENDOR_KERNEL_MODULES := \
+    $(filter-out $(BOARD_VENDOR_RAMDISK_KERNEL_MODULES),\
+                 $(wildcard $(VIRTUAL_DEVICE_KERNEL_MODULES_PATH)/*.ko))
+
+BOARD_VENDOR_KERNEL_MODULES_BLOCKLIST_FILE := \
+    device/generic/goldfish/kernel_modules.blocklist
+
+EMULATOR_KERNEL_FILE := $(KERNEL_ARTIFACTS_PATH)/kernel-$(TARGET_KERNEL_USE)-gz
diff --git a/fstab.ranchu.arm b/fstab.ranchu.arm
index f2f90351..a365e6da 100644
--- a/fstab.ranchu.arm
+++ b/fstab.ranchu.arm
@@ -5,6 +5,7 @@
 system   /system     ext4    ro,barrier=1     wait,logical,first_stage_mount
 vendor   /vendor     ext4    ro,barrier=1     wait,logical,first_stage_mount
 product  /product    ext4    ro,barrier=1     wait,logical,first_stage_mount
+system_dlkm /system_dlkm erofs ro wait,logical,first_stage_mount
 system_ext  /system_ext  ext4   ro,barrier=1   wait,logical,first_stage_mount
 /dev/block/vdc   /data     ext4      noatime,nosuid,nodev,nomblk_io_submit,errors=panic   wait,check,quota,fileencryption=aes-256-xts:aes-256-cts,reservedsize=128M,fsverity,keydirectory=/metadata/vold/metadata_encryption,latemount
 /dev/block/platform/a003c00.virtio_mmio/by-name/metadata    /metadata    ext4    noatime,nosuid,nodev    wait,formattable,first_stage_mount
diff --git a/fstab.ranchu.x86 b/fstab.ranchu.x86
index c24961bb..0de03e63 100644
--- a/fstab.ranchu.x86
+++ b/fstab.ranchu.x86
@@ -3,6 +3,7 @@
 system   /system     ext4    ro,barrier=1     wait,logical,avb=vbmeta,first_stage_mount
 vendor   /vendor     ext4    ro,barrier=1     wait,logical,first_stage_mount
 product  /product    ext4    ro,barrier=1     wait,logical,first_stage_mount
+system_dlkm /system_dlkm erofs ro wait,logical,first_stage_mount
 system_ext  /system_ext  ext4   ro,barrier=1   wait,logical,first_stage_mount
 /dev/block/vdc   /data     ext4      noatime,nosuid,nodev,nomblk_io_submit,errors=panic   wait,check,quota,fileencryption=aes-256-xts:aes-256-cts,reservedsize=128M,fsverity,keydirectory=/metadata/vold/metadata_encryption,latemount
 /dev/block/pci/pci0000:00/0000:00:06.0/by-name/metadata    /metadata    ext4    noatime,nosuid,nodev    wait,formattable,first_stage_mount
diff --git a/init.ranchu.rc b/init.ranchu.rc
index 870947e8..2688f18a 100644
--- a/init.ranchu.rc
+++ b/init.ranchu.rc
@@ -24,6 +24,8 @@ on early-init
     # GTS tests are migrated to ro.boot.qemu.
     setprop ro.kernel.qemu 1
 
+    start vendor.dlkm_loader
+
 on init
     # set RLIMIT_MEMLOCK to 8MB for BPF network statistics
     setrlimit memlock 8388608 8388608
@@ -103,6 +105,13 @@ on boot
     # Create an unused USB gadget to allow sysfs testing
     mkdir /config/usb_gadget/g1 0770 root root
 
+service vendor.dlkm_loader /vendor/bin/dlkm_loader
+    class main
+    user root
+    group root system
+    disabled
+    oneshot
+
 service ranchu-setup /vendor/bin/init.ranchu-core.sh
     class core
     user root
diff --git a/kernel_modules.blocklist b/kernel_modules.blocklist
new file mode 100644
index 00000000..8dc5e712
--- /dev/null
+++ b/kernel_modules.blocklist
@@ -0,0 +1 @@
+blocklist vkms.ko
diff --git a/sepolicy/common/dlkm_loader.te b/sepolicy/common/dlkm_loader.te
new file mode 100644
index 00000000..6f633c7b
--- /dev/null
+++ b/sepolicy/common/dlkm_loader.te
@@ -0,0 +1,30 @@
+type dlkm_loader, domain;
+type dlkm_loader_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(dlkm_loader)
+
+# Allow insmod on vendor, system and system_dlkm partitions
+allow dlkm_loader self:capability sys_module;
+allow dlkm_loader system_dlkm_file:dir r_dir_perms;
+allow dlkm_loader system_dlkm_file:file r_file_perms;
+allow dlkm_loader system_dlkm_file:system module_load;
+allow dlkm_loader system_file:system module_load;
+allow dlkm_loader vendor_file:system module_load;
+
+# needed for libmodprobe to read kernel commandline
+allow dlkm_loader proc_cmdline:file r_file_perms;
+
+# Needed because CONFIG_USB_DUMMY_HCD adds some additional logic to
+# finit_module() syscall, causing that syscall to create/update keyrings.
+# Once we remove CONFIG_USB_DUMMY_HCD config, self:key write permission can be
+# removed.
+allow dlkm_loader self:key write;
+
+# Allow writing to kernel log
+allow dlkm_loader kmsg_device:chr_file rw_file_perms;
+
+# dlkm_loader searches tracefs while looking for modules
+dontaudit dlkm_loader debugfs_bootreceiver_tracing:dir search;
+dontaudit dlkm_loader debugfs_mm_events_tracing:dir search;
+
+set_prop(dlkm_loader, vendor_dlkm_prop)
diff --git a/sepolicy/common/file_contexts b/sepolicy/common/file_contexts
index a999cc26..d58270b3 100644
--- a/sepolicy/common/file_contexts
+++ b/sepolicy/common/file_contexts
@@ -35,6 +35,7 @@
 /vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
 /vendor/bin/qemu-adb-keys    u:object_r:qemu_adb_keys_exec:s0
 /vendor/bin/qemu-device-state u:object_r:qemu_device_state_exec:s0
+/vendor/bin/dlkm_loader  u:object_r:dlkm_loader_exec:s0
 /vendor/bin/qemu-props       u:object_r:qemu_props_exec:s0
 /vendor/bin/mac80211_create_radios u:object_r:mac80211_create_radios_exec:s0
 /vendor/bin/hw/libgoldfish-rild               u:object_r:rild_exec:s0
diff --git a/sepolicy/common/property.te b/sepolicy/common/property.te
index 9b081d7f..126fdb54 100644
--- a/sepolicy/common/property.te
+++ b/sepolicy/common/property.te
@@ -1,4 +1,5 @@
 system_restricted_prop(vendor_qemu_adb_prop)
+vendor_restricted_prop(vendor_dlkm_prop)
 vendor_restricted_prop(vendor_qemu_prop)
 vendor_restricted_prop(vendor_net_wlan0_prop)
 vendor_restricted_prop(vendor_net_eth0_prop)
diff --git a/sepolicy/common/property_contexts b/sepolicy/common/property_contexts
index 9aecb779..316437dc 100644
--- a/sepolicy/common/property_contexts
+++ b/sepolicy/common/property_contexts
@@ -1,3 +1,4 @@
+vendor.dlkm.modules.ready      u:object_r:vendor_dlkm_prop:s0 exact bool
 vendor.qemu.adb.copykey    u:object_r:vendor_qemu_adb_prop:s0 exact bool
 vendor.qemu.keyboard_layout    u:object_r:vendor_qemu_prop:s0 exact string
 vendor.qemu.logcat_filter u:object_r:vendor_qemu_prop:s0 exact string
diff --git a/vendor.mk b/vendor.mk
index 86adf986..f558be35 100644
--- a/vendor.mk
+++ b/vendor.mk
@@ -67,6 +67,7 @@ PRODUCT_PACKAGES += \
     libstagefright_goldfish_avcdec \
     MultiDisplayProvider \
     libGoldfishProfiler \
+    dlkm_loader
 
 ifneq ($(EMULATOR_VENDOR_NO_FINGERPRINT), true)
     PRODUCT_PACKAGES += \
diff --git a/x86_64-kernel.mk b/x86_64-kernel.mk
index e372fc35..ea146a3a 100644
--- a/x86_64-kernel.mk
+++ b/x86_64-kernel.mk
@@ -1,8 +1,31 @@
 TARGET_KERNEL_USE ?= 5.15
 
-KERNEL_MODULES_PATH := kernel/prebuilts/common-modules/virtual-device/$(TARGET_KERNEL_USE)/x86-64
+KERNEL_ARTIFACTS_PATH := kernel/prebuilts/$(TARGET_KERNEL_USE)/x86_64
 
-BOARD_VENDOR_RAMDISK_KERNEL_MODULES += \
-    $(filter-out $(KERNEL_MODULES_EXCLUDE), $(wildcard $(KERNEL_MODULES_PATH)/*.ko))
+VIRTUAL_DEVICE_KERNEL_MODULES_PATH := \
+    kernel/prebuilts/common-modules/virtual-device/$(TARGET_KERNEL_USE)/x86-64
 
-EMULATOR_KERNEL_FILE := kernel/prebuilts/$(TARGET_KERNEL_USE)/x86_64/kernel-$(TARGET_KERNEL_USE)
+# The list of modules to reach the second stage. For performance reasons we
+# don't want to put all modules into the ramdisk.
+RAMDISK_KERNEL_MODULES := \
+    virtio_blk.ko \
+    virtio_console.ko \
+    virtio_dma_buf.ko \
+    virtio_pci.ko \
+    virtio_pci_modern_dev.ko \
+    virtio-rng.ko \
+    vmw_vsock_virtio_transport.ko \
+
+BOARD_SYSTEM_KERNEL_MODULES := $(wildcard $(KERNEL_ARTIFACTS_PATH)/*.ko)
+
+BOARD_VENDOR_RAMDISK_KERNEL_MODULES := \
+    $(patsubst %,$(VIRTUAL_DEVICE_KERNEL_MODULES_PATH)/%,$(RAMDISK_KERNEL_MODULES))
+
+BOARD_VENDOR_KERNEL_MODULES := \
+    $(filter-out $(BOARD_VENDOR_RAMDISK_KERNEL_MODULES),\
+                 $(wildcard $(VIRTUAL_DEVICE_KERNEL_MODULES_PATH)/*.ko))
+
+BOARD_VENDOR_KERNEL_MODULES_BLOCKLIST_FILE := \
+    device/generic/goldfish/kernel_modules.blocklist
+
+EMULATOR_KERNEL_FILE := $(KERNEL_ARTIFACTS_PATH)/kernel-$(TARGET_KERNEL_USE)
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-04-14 07:49:54 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-04-14 07:49:54 +0000
commit	320378cc4218abd742171210b2b8920b1da779b8 (patch)
tree	0bbc3b103f6a817ebe14201d1926146f75d8bf94
parent	c6dcc00b240a43a89f1733307640b12b32a504cb (diff)
parent	d1200b5b48b74d8b5bb94fdcdc5229fce7473344 (diff)
download	goldfish-android13-qpr3-c-s8-release.tar.gz