Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4706b444 authored by TARKZiM's avatar TARKZiM Committed by Bernhard Thoben
Browse files

kitakami-common: Update SDK/SHIM override configs 

* Since LD_PRELOAD doesn't seems to work on Oreo+,
  we're moving preload library to SHIM instead.
  (This fixes secd and it's security features)

* Added more blobs to SDK override list to prevent
  further issues.

* rootdir: Override some HAL services to add OEM permissions
  to it.
parent 39d84d1e

BoardConfigCommon.mk

+6 −2
Original line number Diff line number Diff line
@@ -95,6 +95,9 @@ TARGET_PROCESS_SDK_VERSION_OVERRIDE := \ 
    /system/bin/cameraserver=25 \

    /system/bin/mediaserver=25 \

    /system/bin/iddd=25 \

    /system/bin/secd=25 \

    /system/bin/tad_static=25 \

    /system/bin/loc_launcher=25 \

    /system/bin/mm-qcamera-daemon=25 \

    /system/bin/sensors.qcom=25
@@ -189,11 +192,12 @@ TARGET_USERIMAGES_USE_EXT4 := true 


# Shims

TARGET_LD_SHIM_LIBS := \

     /system/lib/hw/camera.qcom.so|/system/vendor/lib/camera.qcom_shim.so \

     /system/vendor/lib/hw/camera.msm8994.so|/system/vendor/lib/camera.qcom_shim.so \

     /system/lib64/libsys-utils.so|libsensor.so \

     /system/lib/libcammw.so|libsensor.so \

     /system/vendor/lib/libizat_core.so|/system/vendor/lib/libshim_gps.so \

     /system/vendor/lib64/libizat_core.so|/system/vendor/lib64/libshim_gps.so

     /system/vendor/lib64/libizat_core.so|/system/vendor/lib64/libshim_gps.so \

     /system/bin/secd|/system/lib64/lib-preload64.so



# SELinux

include device/qcom/sepolicy-legacy/sepolicy.mk

rootdir/init.qcom.rc

+64 −1
Original line number Diff line number Diff line
@@ -679,7 +679,6 @@ on property:init.svc.fuse_sdcard1=running 
    write /sys/class/block/mmcblk1/bdi/max_ratio 1



service secd /system/bin/secd

    setenv LD_PRELOAD /system/lib64/lib-preload64.so

    class main

    user system

    group system
@@ -687,6 +686,70 @@ service secd /system/bin/secd 
    socket secd_devsec_sock stream 0660 system oem_2996

    socket secd_credmgr_sock stream 0660 system oem_2996



#service camera-provider-2-4 /vendor/bin/hw/android.hardware.camera.provider@2.4-service

#    class hal

#    user cameraserver

#    group audio camera input drmrpc oem_2996 oem_2993

#    ioprio rt 4

#    capabilities SYS_NICE

#    writepid /dev/cpuset/camera-daemon/tasks /dev/stune/top-app/tasks



service vendor.audio-hal-2-0 /vendor/bin/hw/android.hardware.audio@2.0-service

    override

    class hal

    user audioserver

    # media gid needed for /dev/fm (radio) and for /data/misc/media (tee)

    group audio camera drmrpc inet media mediadrm net_bt net_bt_admin net_bw_acct wakelock oem_2993

    capabilities BLOCK_SUSPEND

    ioprio rt 4

    writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks

    # audioflinger restarts itself when it loses connection with the hal

    # and its .rc file has an "onrestart restart audio-hal" rule, thus

    # an additional auto-restart from the init process isn't needed.

    oneshot

    interface android.hardware.audio@4.0::IDevicesFactory default

    interface android.hardware.audio@2.0::IDevicesFactory default



service cameraserver /system/bin/cameraserver

    override

    class main

    user cameraserver

    group audio camera input drmrpc oem_2996 oem_2993

    ioprio rt 4

    writepid /dev/cpuset/camera-daemon/tasks /dev/stune/top-app/tasks

    rlimit rtprio 10 10



service audioserver /system/bin/audioserver

    override

    class core

    user audioserver

    # media gid needed for /dev/fm (radio) and for /data/misc/media (tee)

    group audio camera drmrpc inet media mediadrm net_bt net_bt_admin net_bw_acct wakelock oem_2993

    capabilities BLOCK_SUSPEND

    ioprio rt 4

    writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks

    onrestart restart vendor.audio-hal-2-0

    onrestart restart vendor.audio-hal-4-0-msd

    # Keep the original service name for backward compatibility when upgrading

    # O-MR1 devices with framework-only.

    onrestart restart audio-hal-2-0



service mediadrm /system/bin/mediadrmserver

    override

    class main

    user media

    group mediadrm drmrpc oem_2993

    ioprio rt 4

    writepid /dev/cpuset/foreground/tasks



service media /system/bin/mediaserver

    override

    class main

    user media

    group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm oem_2996

    ioprio rt 4

    writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks



service iddd /system/bin/iddd

    class core

    user oem_2987