build-emulator: fully treblize emulator image
Install emulator specific binaries and libraries to vendor partition; update selinux; add vndk. BUG: 37511975 Test: build user build, launch emualtor, run CTS. Change-Id: I7f5317d52e552367a1390789fe7ce6e0955ba8de Merged-In: I70f58947e98b41b195d77b4347d2efdc09348392
This commit is contained in:
parent
3afe69d846
commit
cb0bebbeda
|
@ -0,0 +1 @@
|
|||
set_prop(adbd, ctl_mdnsd_prop);
|
|
@ -0,0 +1 @@
|
|||
allow audioserver bootanim:binder call;
|
|
@ -1,4 +1,5 @@
|
|||
allow bootanim self:process execmem;
|
||||
allow bootanim ashmem_device:chr_file execute;
|
||||
|
||||
#TODO: This can safely be ignored until b/62954877 is fixed
|
||||
dontaudit bootanim system_data_file:dir read;
|
||||
set_prop(bootanim, qemu_prop)
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
allow cameraserver system_file:dir { open read };
|
||||
allow cameraserver hal_allocator:fd use;
|
|
@ -1 +1 @@
|
|||
type qemud_socket, file_type;
|
||||
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
|
|
|
@ -7,15 +7,29 @@
|
|||
/dev/block/vda u:object_r:system_block_device:s0
|
||||
/dev/block/vdb u:object_r:cache_block_device:s0
|
||||
/dev/block/vdc u:object_r:userdata_block_device:s0
|
||||
/dev/block/vdd u:object_r:metadata_block_device:s0
|
||||
/dev/block/vde u:object_r:system_block_device:s0
|
||||
|
||||
/dev/goldfish_pipe u:object_r:qemu_device:s0
|
||||
/dev/goldfish_sync u:object_r:qemu_device:s0
|
||||
/dev/qemu_.* u:object_r:qemu_device:s0
|
||||
/dev/socket/qemud u:object_r:qemud_socket:s0
|
||||
/dev/ttyGF[0-9]* u:object_r:serial_device:s0
|
||||
/dev/ttyS2 u:object_r:console_device:s0
|
||||
/system/bin/qemud u:object_r:qemud_exec:s0
|
||||
/system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0
|
||||
/system/vendor/bin/init.ranchu-core.sh u:object_r:goldfish_setup_exec:s0
|
||||
/system/vendor/bin/init.ranchu-net.sh u:object_r:goldfish_setup_exec:s0
|
||||
/system/bin/qemu-props u:object_r:qemu_props_exec:s0
|
||||
/sys/qemu_trace(/.*)? u:object_r:sysfs_writable:s0
|
||||
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
|
||||
/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
|
||||
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
|
||||
|
||||
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
|
||||
|
||||
/vendor/lib(64)?/hw/gralloc\.ranchu\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libEGL_emulation\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libGLESv1_CM_emulation\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libGLESv2_emulation\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libEGL_swiftshader\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libGLESv1_CM_swiftshader\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libGLESv2_swiftshader\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libOpenglSystemCommon\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/lib_renderControl_enc\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libGLESv1_enc\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libGLESv2_enc\.so u:object_r:same_process_hal_file:s0
|
||||
|
|
|
@ -1,29 +1,12 @@
|
|||
# goldfish-setup service: runs init.goldfish.sh script
|
||||
type goldfish_setup, domain;
|
||||
type goldfish_setup_exec, exec_type, file_type;
|
||||
type goldfish_setup_exec, vendor_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(goldfish_setup)
|
||||
|
||||
# Inherit open file to shell (interpreter) for script.
|
||||
allow goldfish_setup shell_exec:file rx_file_perms;
|
||||
|
||||
# Run ifconfig, route commands to configure interfaces and routes.
|
||||
allow goldfish_setup system_file:file execute_no_trans;
|
||||
allow goldfish_setup toolbox_exec:file rx_file_perms;
|
||||
allow goldfish_setup self:capability { net_admin net_raw };
|
||||
allow goldfish_setup self:udp_socket create_socket_perms;
|
||||
allow goldfish_setup self:udp_socket { create ioctl };
|
||||
allow goldfish_setup vendor_toolbox_exec:file execute_no_trans;
|
||||
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
|
||||
|
||||
wakelock_use(goldfish_setup)
|
||||
net_domain(goldfish_setup)
|
||||
|
||||
# Set net.eth0.dns*, debug.sf.nobootanimation
|
||||
set_prop(goldfish_setup, system_prop)
|
||||
set_prop(goldfish_setup, debug_prop)
|
||||
|
||||
# Set ro.radio.noril
|
||||
set_prop(goldfish_setup, radio_noril_prop)
|
||||
|
||||
# Stop ril-daemon service (by setting ctl.stop to ril-daemon, which
|
||||
# transforms to a permission check on ctl.ril-daemon).
|
||||
set_prop(goldfish_setup, ctl_rildaemon_prop)
|
||||
wakelock_use(goldfish_setup);
|
||||
allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# define SELinux domain
|
||||
type hal_drm_widevine, domain;
|
||||
hal_server_domain(hal_drm_widevine, hal_drm)
|
||||
|
||||
type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_drm_widevine)
|
||||
|
||||
allow hal_drm mediacodec:fd use;
|
||||
allow hal_drm { appdomain -isolated_app }:fd use;
|
||||
|
||||
hal_client_domain(hal_drm_widevine, hal_graphics_composer);
|
|
@ -1,3 +1 @@
|
|||
#============= hal_gnss_default ==============
|
||||
allow hal_gnss_default vndbinder_device:chr_file { ioctl open read write };
|
||||
|
||||
vndbinder_use(hal_gnss_default);
|
||||
|
|
|
@ -1,3 +1 @@
|
|||
#============= hal_graphics_composer_default ==============
|
||||
allow hal_graphics_composer_default vndbinder_device:chr_file { ioctl open read write };
|
||||
|
||||
vndbinder_use(hal_graphics_composer_default);
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
allow init tmpfs:lnk_file create_file_perms;
|
||||
dontaudit init kernel:system module_request;
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
allow mediacodec system_file:dir { open read };
|
|
@ -1 +1,3 @@
|
|||
dontaudit netd self:capability sys_module;
|
||||
#TODO: This can safely be ignored until b/62954877 is fixed
|
||||
dontaudit netd kernel:system module_request;
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
#TODO: b/62908025
|
||||
dontaudit priv_app firstboot_prop:file { getattr open };
|
||||
dontaudit priv_app device:dir { open read };
|
||||
dontaudit priv_app proc_interrupts:file { getattr open read };
|
||||
dontaudit priv_app proc_modules:file { getattr open read };
|
|
@ -1,12 +1,9 @@
|
|||
# qemu-props service: Sets system properties on boot.
|
||||
type qemu_props, domain;
|
||||
type qemu_props_exec, exec_type, file_type;
|
||||
type qemu_props_exec, vendor_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(qemu_props)
|
||||
|
||||
# Set properties.
|
||||
set_prop(qemu_props, qemu_prop)
|
||||
set_prop(qemu_props, dalvik_prop)
|
||||
set_prop(qemu_props, config_prop)
|
||||
set_prop(qemu_props, opengles_prop)
|
||||
set_prop(qemu_props, qemu_cmdline)
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
# qemu support daemon
|
||||
type qemud, domain;
|
||||
type qemud_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(qemud)
|
||||
|
||||
# Access /dev/ttyS1 and /dev/ttyGF1.
|
||||
allow qemud serial_device:chr_file rw_file_perms;
|
|
@ -1 +0,0 @@
|
|||
unix_socket_connect(rild, qemud, qemud)
|
|
@ -1,3 +1,2 @@
|
|||
unix_socket_connect(system_server, qemud, qemud)
|
||||
get_prop(system_server, opengles_prop)
|
||||
get_prop(system_server, radio_noril_prop)
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
dontaudit vold kernel:system module_request;
|
|
@ -1 +1,4 @@
|
|||
set_prop(zygote, qemu_prop)
|
||||
# TODO (b/63631799) fix this access
|
||||
# Suppress denials to storage. Webview zygote should not be accessing.
|
||||
dontaudit webview_zygote mnt_expand_file:dir getattr;
|
||||
|
|
|
@ -36,11 +36,13 @@ PRODUCT_PACKAGES += \
|
|||
libGLESv2_emulation \
|
||||
libGLESv1_enc \
|
||||
qemu-props \
|
||||
qemud \
|
||||
camera.goldfish \
|
||||
camera.goldfish.jpeg \
|
||||
camera.ranchu \
|
||||
camera.ranchu.jpeg \
|
||||
keystore.goldfish \
|
||||
keystore.ranchu \
|
||||
gatekeeper.ranchu \
|
||||
lights.goldfish \
|
||||
gps.goldfish \
|
||||
gps.ranchu \
|
||||
|
@ -62,7 +64,9 @@ PRODUCT_PACKAGES += \
|
|||
android.hardware.graphics.mapper@2.0-impl \
|
||||
hwcomposer.goldfish \
|
||||
hwcomposer.ranchu \
|
||||
sh_vendor \
|
||||
vintf \
|
||||
toybox_vendor \
|
||||
CarrierConfig
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
|
@ -83,29 +87,69 @@ PRODUCT_PACKAGES += \
|
|||
android.hardware.sensors@1.0-impl \
|
||||
android.hardware.sensors@1.0-service
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
android.hardware.drm@1.0-service \
|
||||
android.hardware.drm@1.0-impl
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
android.hardware.power@1.0-service \
|
||||
android.hardware.power@1.0-impl
|
||||
|
||||
# camera service treble disable until all backwards compat is complete
|
||||
PRODUCT_PROPERTY_OVERRIDES += \
|
||||
camera.disable_treble=1
|
||||
PRODUCT_PACKAGES += \
|
||||
camera.device@1.0-impl \
|
||||
android.hardware.camera.provider@2.4-service \
|
||||
android.hardware.camera.provider@2.4-impl \
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
android.hardware.gatekeeper@1.0-impl \
|
||||
android.hardware.gatekeeper@1.0-service
|
||||
|
||||
# need this for gles libraries to load properly
|
||||
# after moving to /vendor/lib/
|
||||
PRODUCT_PACKAGES += \
|
||||
android.hardware.renderscript@1.0.vndk-sp\
|
||||
android.hardware.graphics.allocator@2.0.vndk-sp\
|
||||
android.hardware.graphics.mapper@2.0.vndk-sp\
|
||||
android.hardware.graphics.common@1.0.vndk-sp\
|
||||
libhwbinder.vndk-sp\
|
||||
libbase.vndk-sp\
|
||||
libcutils.vndk-sp\
|
||||
libhardware.vndk-sp\
|
||||
libhidlbase.vndk-sp\
|
||||
libhidltransport.vndk-sp\
|
||||
libutils.vndk-sp\
|
||||
libc++.vndk-sp\
|
||||
libRS_internal.vndk-sp\
|
||||
libRSDriver.vndk-sp\
|
||||
libRSCpuRef.vndk-sp\
|
||||
libbcinfo.vndk-sp\
|
||||
libblas.vndk-sp\
|
||||
libft2.vndk-sp\
|
||||
libpng.vndk-sp\
|
||||
libcompiler_rt.vndk-sp\
|
||||
libbacktrace.vndk-sp\
|
||||
libunwind.vndk-sp\
|
||||
libunwindstack.vndk-sp\
|
||||
liblzma.vndk-sp\
|
||||
libz.vndk-sp\
|
||||
|
||||
|
||||
PRODUCT_COPY_FILES += \
|
||||
device/generic/goldfish/fstab.goldfish:root/fstab.goldfish \
|
||||
device/generic/goldfish/init.goldfish.rc:root/init.goldfish.rc \
|
||||
device/generic/goldfish/init.goldfish.sh:system/etc/init.goldfish.sh \
|
||||
device/generic/goldfish/init.ranchu-core.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-core.sh \
|
||||
device/generic/goldfish/init.ranchu-net.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-net.sh \
|
||||
device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
|
||||
device/generic/goldfish/ueventd.goldfish.rc:root/ueventd.goldfish.rc \
|
||||
device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
|
||||
device/generic/goldfish/fstab.ranchu:root/fstab.ranchu \
|
||||
device/generic/goldfish/fstab.ranchu.early:root/fstab.ranchu.early \
|
||||
device/generic/goldfish/ueventd.ranchu.rc:root/ueventd.ranchu.rc \
|
||||
device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
|
||||
device/generic/goldfish/input/goldfish_rotary.idc:system/usr/idc/goldfish_rotary.idc \
|
||||
device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
|
||||
device/generic/goldfish/data/etc/permissions/privapp-permissions-goldfish.xml:system/etc/permissions/privapp-permissions-goldfish.xml \
|
||||
device/generic/goldfish/data/etc/config.ini:config.ini \
|
||||
frameworks/native/data/etc/android.hardware.usb.accessory.xml:system/etc/permissions/android.hardware.usb.accessory.xml
|
||||
|
||||
PRODUCT_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
|
||||
|
||||
PRODUCT_CHARACTERISTICS := emulator
|
||||
|
||||
PRODUCT_FULL_TREBLE_OVERRIDE := true
|
||||
|
|
Loading…
Reference in New Issue