build-emulator: fully treblize emulator image

Install emulator specific binaries and libraries
to vendor partition; update selinux; add vndk.

BUG: 37511975

Test: build user build, launch emualtor, run CTS.

Change-Id: I7f5317d52e552367a1390789fe7ce6e0955ba8de
Merged-In: I70f58947e98b41b195d77b4347d2efdc09348392
This commit is contained in:
bohu 2017-05-26 10:26:15 -07:00
parent 3afe69d846
commit cb0bebbeda
21 changed files with 116 additions and 63 deletions

View File

@ -0,0 +1 @@
set_prop(adbd, ctl_mdnsd_prop);

View File

@ -0,0 +1 @@
allow audioserver bootanim:binder call;

View File

@ -1,4 +1,5 @@
allow bootanim self:process execmem;
allow bootanim ashmem_device:chr_file execute;
#TODO: This can safely be ignored until b/62954877 is fixed
dontaudit bootanim system_data_file:dir read;
set_prop(bootanim, qemu_prop)

View File

@ -0,0 +1,2 @@
allow cameraserver system_file:dir { open read };
allow cameraserver hal_allocator:fd use;

View File

@ -1 +1 @@
type qemud_socket, file_type;
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;

View File

@ -7,15 +7,29 @@
/dev/block/vda u:object_r:system_block_device:s0
/dev/block/vdb u:object_r:cache_block_device:s0
/dev/block/vdc u:object_r:userdata_block_device:s0
/dev/block/vdd u:object_r:metadata_block_device:s0
/dev/block/vde u:object_r:system_block_device:s0
/dev/goldfish_pipe u:object_r:qemu_device:s0
/dev/goldfish_sync u:object_r:qemu_device:s0
/dev/qemu_.* u:object_r:qemu_device:s0
/dev/socket/qemud u:object_r:qemud_socket:s0
/dev/ttyGF[0-9]* u:object_r:serial_device:s0
/dev/ttyS2 u:object_r:console_device:s0
/system/bin/qemud u:object_r:qemud_exec:s0
/system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0
/system/vendor/bin/init.ranchu-core.sh u:object_r:goldfish_setup_exec:s0
/system/vendor/bin/init.ranchu-net.sh u:object_r:goldfish_setup_exec:s0
/system/bin/qemu-props u:object_r:qemu_props_exec:s0
/sys/qemu_trace(/.*)? u:object_r:sysfs_writable:s0
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
/vendor/lib(64)?/hw/gralloc\.ranchu\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libEGL_emulation\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv1_CM_emulation\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv2_emulation\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libEGL_swiftshader\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv1_CM_swiftshader\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv2_swiftshader\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libOpenglSystemCommon\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/lib_renderControl_enc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv1_enc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv2_enc\.so u:object_r:same_process_hal_file:s0

View File

@ -1,29 +1,12 @@
# goldfish-setup service: runs init.goldfish.sh script
type goldfish_setup, domain;
type goldfish_setup_exec, exec_type, file_type;
type goldfish_setup_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(goldfish_setup)
# Inherit open file to shell (interpreter) for script.
allow goldfish_setup shell_exec:file rx_file_perms;
# Run ifconfig, route commands to configure interfaces and routes.
allow goldfish_setup system_file:file execute_no_trans;
allow goldfish_setup toolbox_exec:file rx_file_perms;
allow goldfish_setup self:capability { net_admin net_raw };
allow goldfish_setup self:udp_socket create_socket_perms;
allow goldfish_setup self:udp_socket { create ioctl };
allow goldfish_setup vendor_toolbox_exec:file execute_no_trans;
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
wakelock_use(goldfish_setup)
net_domain(goldfish_setup)
# Set net.eth0.dns*, debug.sf.nobootanimation
set_prop(goldfish_setup, system_prop)
set_prop(goldfish_setup, debug_prop)
# Set ro.radio.noril
set_prop(goldfish_setup, radio_noril_prop)
# Stop ril-daemon service (by setting ctl.stop to ril-daemon, which
# transforms to a permission check on ctl.ril-daemon).
set_prop(goldfish_setup, ctl_rildaemon_prop)
wakelock_use(goldfish_setup);
allow goldfish_setup vendor_shell_exec:file { rx_file_perms };

View File

@ -0,0 +1,11 @@
# define SELinux domain
type hal_drm_widevine, domain;
hal_server_domain(hal_drm_widevine, hal_drm)
type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_widevine)
allow hal_drm mediacodec:fd use;
allow hal_drm { appdomain -isolated_app }:fd use;
hal_client_domain(hal_drm_widevine, hal_graphics_composer);

View File

@ -1,3 +1 @@
#============= hal_gnss_default ==============
allow hal_gnss_default vndbinder_device:chr_file { ioctl open read write };
vndbinder_use(hal_gnss_default);

View File

@ -1,3 +1 @@
#============= hal_graphics_composer_default ==============
allow hal_graphics_composer_default vndbinder_device:chr_file { ioctl open read write };
vndbinder_use(hal_graphics_composer_default);

View File

@ -1 +1,2 @@
allow init tmpfs:lnk_file create_file_perms;
dontaudit init kernel:system module_request;

View File

@ -0,0 +1 @@
allow mediacodec system_file:dir { open read };

View File

@ -1 +1,3 @@
dontaudit netd self:capability sys_module;
#TODO: This can safely be ignored until b/62954877 is fixed
dontaudit netd kernel:system module_request;

View File

@ -0,0 +1,5 @@
#TODO: b/62908025
dontaudit priv_app firstboot_prop:file { getattr open };
dontaudit priv_app device:dir { open read };
dontaudit priv_app proc_interrupts:file { getattr open read };
dontaudit priv_app proc_modules:file { getattr open read };

View File

@ -1,12 +1,9 @@
# qemu-props service: Sets system properties on boot.
type qemu_props, domain;
type qemu_props_exec, exec_type, file_type;
type qemu_props_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(qemu_props)
# Set properties.
set_prop(qemu_props, qemu_prop)
set_prop(qemu_props, dalvik_prop)
set_prop(qemu_props, config_prop)
set_prop(qemu_props, opengles_prop)
set_prop(qemu_props, qemu_cmdline)

View File

@ -1,8 +0,0 @@
# qemu support daemon
type qemud, domain;
type qemud_exec, exec_type, file_type;
init_daemon_domain(qemud)
# Access /dev/ttyS1 and /dev/ttyGF1.
allow qemud serial_device:chr_file rw_file_perms;

View File

@ -1 +0,0 @@
unix_socket_connect(rild, qemud, qemud)

View File

@ -1,3 +1,2 @@
unix_socket_connect(system_server, qemud, qemud)
get_prop(system_server, opengles_prop)
get_prop(system_server, radio_noril_prop)

View File

@ -0,0 +1 @@
dontaudit vold kernel:system module_request;

View File

@ -1 +1,4 @@
set_prop(zygote, qemu_prop)
# TODO (b/63631799) fix this access
# Suppress denials to storage. Webview zygote should not be accessing.
dontaudit webview_zygote mnt_expand_file:dir getattr;

View File

@ -36,11 +36,13 @@ PRODUCT_PACKAGES += \
libGLESv2_emulation \
libGLESv1_enc \
qemu-props \
qemud \
camera.goldfish \
camera.goldfish.jpeg \
camera.ranchu \
camera.ranchu.jpeg \
keystore.goldfish \
keystore.ranchu \
gatekeeper.ranchu \
lights.goldfish \
gps.goldfish \
gps.ranchu \
@ -62,7 +64,9 @@ PRODUCT_PACKAGES += \
android.hardware.graphics.mapper@2.0-impl \
hwcomposer.goldfish \
hwcomposer.ranchu \
sh_vendor \
vintf \
toybox_vendor \
CarrierConfig
PRODUCT_PACKAGES += \
@ -72,40 +76,80 @@ PRODUCT_PACKAGES += \
android.hardware.soundtrigger@2.0-impl
PRODUCT_PACKAGES += \
android.hardware.keymaster@3.0-impl \
android.hardware.keymaster@3.0-service
android.hardware.keymaster@3.0-impl \
android.hardware.keymaster@3.0-service
PRODUCT_PACKAGES += \
android.hardware.gnss@1.0-service \
android.hardware.gnss@1.0-impl
PRODUCT_PACKAGES += \
android.hardware.sensors@1.0-impl \
android.hardware.sensors@1.0-service
android.hardware.sensors@1.0-impl \
android.hardware.sensors@1.0-service
PRODUCT_PACKAGES += \
android.hardware.drm@1.0-service \
android.hardware.drm@1.0-impl
PRODUCT_PACKAGES += \
android.hardware.power@1.0-service \
android.hardware.power@1.0-impl
# camera service treble disable until all backwards compat is complete
PRODUCT_PROPERTY_OVERRIDES += \
camera.disable_treble=1
PRODUCT_PACKAGES += \
camera.device@1.0-impl \
android.hardware.camera.provider@2.4-service \
android.hardware.camera.provider@2.4-impl \
PRODUCT_PACKAGES += \
android.hardware.gatekeeper@1.0-impl \
android.hardware.gatekeeper@1.0-service
# need this for gles libraries to load properly
# after moving to /vendor/lib/
PRODUCT_PACKAGES += \
android.hardware.renderscript@1.0.vndk-sp\
android.hardware.graphics.allocator@2.0.vndk-sp\
android.hardware.graphics.mapper@2.0.vndk-sp\
android.hardware.graphics.common@1.0.vndk-sp\
libhwbinder.vndk-sp\
libbase.vndk-sp\
libcutils.vndk-sp\
libhardware.vndk-sp\
libhidlbase.vndk-sp\
libhidltransport.vndk-sp\
libutils.vndk-sp\
libc++.vndk-sp\
libRS_internal.vndk-sp\
libRSDriver.vndk-sp\
libRSCpuRef.vndk-sp\
libbcinfo.vndk-sp\
libblas.vndk-sp\
libft2.vndk-sp\
libpng.vndk-sp\
libcompiler_rt.vndk-sp\
libbacktrace.vndk-sp\
libunwind.vndk-sp\
libunwindstack.vndk-sp\
liblzma.vndk-sp\
libz.vndk-sp\
PRODUCT_COPY_FILES += \
device/generic/goldfish/fstab.goldfish:root/fstab.goldfish \
device/generic/goldfish/init.goldfish.rc:root/init.goldfish.rc \
device/generic/goldfish/init.goldfish.sh:system/etc/init.goldfish.sh \
device/generic/goldfish/init.ranchu-core.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-core.sh \
device/generic/goldfish/init.ranchu-net.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-net.sh \
device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
device/generic/goldfish/ueventd.goldfish.rc:root/ueventd.goldfish.rc \
device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
device/generic/goldfish/fstab.ranchu:root/fstab.ranchu \
device/generic/goldfish/fstab.ranchu.early:root/fstab.ranchu.early \
device/generic/goldfish/ueventd.ranchu.rc:root/ueventd.ranchu.rc \
device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
device/generic/goldfish/input/goldfish_rotary.idc:system/usr/idc/goldfish_rotary.idc \
device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
device/generic/goldfish/data/etc/permissions/privapp-permissions-goldfish.xml:system/etc/permissions/privapp-permissions-goldfish.xml \
device/generic/goldfish/data/etc/config.ini:config.ini \
frameworks/native/data/etc/android.hardware.usb.accessory.xml:system/etc/permissions/android.hardware.usb.accessory.xml
PRODUCT_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
PRODUCT_CHARACTERISTICS := emulator
PRODUCT_FULL_TREBLE_OVERRIDE := true