Commit 4706b444 authored by TARKZiM's avatar TARKZiM Committed by Bernhard Thoben
Browse files

kitakami-common: Update SDK/SHIM override configs

* Since LD_PRELOAD doesn't seems to work on Oreo+,
  we're moving preload library to SHIM instead.
  (This fixes secd and it's security features)

* Added more blobs to SDK override list to prevent
  further issues.

* rootdir: Override some HAL services to add OEM permissions
  to it.
parent 39d84d1e
......@@ -95,6 +95,9 @@ TARGET_PROCESS_SDK_VERSION_OVERRIDE := \
/system/bin/cameraserver=25 \
/system/bin/mediaserver=25 \
/system/bin/iddd=25 \
/system/bin/secd=25 \
/system/bin/tad_static=25 \
/system/bin/loc_launcher=25 \
/system/bin/mm-qcamera-daemon=25 \
/system/bin/sensors.qcom=25
......@@ -189,11 +192,12 @@ TARGET_USERIMAGES_USE_EXT4 := true
# Shims
TARGET_LD_SHIM_LIBS := \
/system/lib/hw/camera.qcom.so|/system/vendor/lib/camera.qcom_shim.so \
/system/vendor/lib/hw/camera.msm8994.so|/system/vendor/lib/camera.qcom_shim.so \
/system/lib64/libsys-utils.so|libsensor.so \
/system/lib/libcammw.so|libsensor.so \
/system/vendor/lib/libizat_core.so|/system/vendor/lib/libshim_gps.so \
/system/vendor/lib64/libizat_core.so|/system/vendor/lib64/libshim_gps.so
/system/vendor/lib64/libizat_core.so|/system/vendor/lib64/libshim_gps.so \
/system/bin/secd|/system/lib64/lib-preload64.so
# SELinux
include device/qcom/sepolicy-legacy/sepolicy.mk
......
......@@ -679,7 +679,6 @@ on property:init.svc.fuse_sdcard1=running
write /sys/class/block/mmcblk1/bdi/max_ratio 1
service secd /system/bin/secd
setenv LD_PRELOAD /system/lib64/lib-preload64.so
class main
user system
group system
......@@ -687,6 +686,70 @@ service secd /system/bin/secd
socket secd_devsec_sock stream 0660 system oem_2996
socket secd_credmgr_sock stream 0660 system oem_2996
#service camera-provider-2-4 /vendor/bin/hw/android.hardware.camera.provider@2.4-service
# class hal
# user cameraserver
# group audio camera input drmrpc oem_2996 oem_2993
# ioprio rt 4
# capabilities SYS_NICE
# writepid /dev/cpuset/camera-daemon/tasks /dev/stune/top-app/tasks
service vendor.audio-hal-2-0 /vendor/bin/hw/android.hardware.audio@2.0-service
override
class hal
user audioserver
# media gid needed for /dev/fm (radio) and for /data/misc/media (tee)
group audio camera drmrpc inet media mediadrm net_bt net_bt_admin net_bw_acct wakelock oem_2993
capabilities BLOCK_SUSPEND
ioprio rt 4
writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
# audioflinger restarts itself when it loses connection with the hal
# and its .rc file has an "onrestart restart audio-hal" rule, thus
# an additional auto-restart from the init process isn't needed.
oneshot
interface android.hardware.audio@4.0::IDevicesFactory default
interface android.hardware.audio@2.0::IDevicesFactory default
service cameraserver /system/bin/cameraserver
override
class main
user cameraserver
group audio camera input drmrpc oem_2996 oem_2993
ioprio rt 4
writepid /dev/cpuset/camera-daemon/tasks /dev/stune/top-app/tasks
rlimit rtprio 10 10
service audioserver /system/bin/audioserver
override
class core
user audioserver
# media gid needed for /dev/fm (radio) and for /data/misc/media (tee)
group audio camera drmrpc inet media mediadrm net_bt net_bt_admin net_bw_acct wakelock oem_2993
capabilities BLOCK_SUSPEND
ioprio rt 4
writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
onrestart restart vendor.audio-hal-2-0
onrestart restart vendor.audio-hal-4-0-msd
# Keep the original service name for backward compatibility when upgrading
# O-MR1 devices with framework-only.
onrestart restart audio-hal-2-0
service mediadrm /system/bin/mediadrmserver
override
class main
user media
group mediadrm drmrpc oem_2993
ioprio rt 4
writepid /dev/cpuset/foreground/tasks
service media /system/bin/mediaserver
override
class main
user media
group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm oem_2996
ioprio rt 4
writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
service iddd /system/bin/iddd
class core
user oem_2987
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment