kitakami-common: Update SDK/SHIM override configs

* Since LD_PRELOAD doesn't seems to work on Oreo+, we're moving preload library to SHIM instead. (This fixes secd and it's security features) * Added more blobs to SDK override list to prevent further issues. * rootdir: Override some HAL services to add OEM permissions to it.

kitakami-common: Update SDK/SHIM override configs
* Since LD_PRELOAD doesn't seems to work on Oreo+, we're moving preload library to SHIM instead. (This fixes secd and it's security features) * Added more blobs to SDK override list to prevent further issues. * rootdir: Override some HAL services to add OEM permissions to it.
4706b444 · TARKZiM · Bernhard Thoben · 39d84d1e · 4706b444 · 4706b444
Commit 4706b444 authored Aug 02, 2020 by TARKZiM Committed by Bernhard Thoben Aug 02, 2020
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -95,6 +95,9 @@ TARGET_PROCESS_SDK_VERSION_OVERRIDE := \
    /system/bin/cameraserver=25 \
    /system/bin/mediaserver=25 \
    /system/bin/iddd=25 \
+    /system/bin/secd=25 \
+    /system/bin/tad_static=25 \
+    /system/bin/loc_launcher=25 \
    /system/bin/mm-qcamera-daemon=25 \
    /system/bin/sensors.qcom=25

@@ -189,11 +192,12 @@ TARGET_USERIMAGES_USE_EXT4 := true

 # Shims
 TARGET_LD_SHIM_LIBS := \
-     /system/lib/hw/camera.qcom.so|/system/vendor/lib/camera.qcom_shim.so \
+     /system/vendor/lib/hw/camera.msm8994.so|/system/vendor/lib/camera.qcom_shim.so \
     /system/lib64/libsys-utils.so|libsensor.so \
     /system/lib/libcammw.so|libsensor.so \
     /system/vendor/lib/libizat_core.so|/system/vendor/lib/libshim_gps.so \
-     /system/vendor/lib64/libizat_core.so|/system/vendor/lib64/libshim_gps.so
+     /system/vendor/lib64/libizat_core.so|/system/vendor/lib64/libshim_gps.so \
+     /system/bin/secd|/system/lib64/lib-preload64.so

 # SELinux
 include device/qcom/sepolicy-legacy/sepolicy.mk

--- a/rootdir/init.qcom.rc
+++ b/rootdir/init.qcom.rc
@@ -679,7 +679,6 @@ on property:init.svc.fuse_sdcard1=running
    write /sys/class/block/mmcblk1/bdi/max_ratio 1

 service secd /system/bin/secd
-    setenv LD_PRELOAD /system/lib64/lib-preload64.so
    class main
    user system
    group system
@@ -687,6 +686,70 @@ service secd /system/bin/secd
    socket secd_devsec_sock stream 0660 system oem_2996
    socket secd_credmgr_sock stream 0660 system oem_2996

+#service camera-provider-2-4 /vendor/bin/hw/android.hardware.camera.provider@2.4-service
+#    class hal
+#    user cameraserver
+#    group audio camera input drmrpc oem_2996 oem_2993
+#    ioprio rt 4
+#    capabilities SYS_NICE
+#    writepid /dev/cpuset/camera-daemon/tasks /dev/stune/top-app/tasks
+
+service vendor.audio-hal-2-0 /vendor/bin/hw/android.hardware.audio@2.0-service
+    override
+    class hal
+    user audioserver
+    # media gid needed for /dev/fm (radio) and for /data/misc/media (tee)
+    group audio camera drmrpc inet media mediadrm net_bt net_bt_admin net_bw_acct wakelock oem_2993
+    capabilities BLOCK_SUSPEND
+    ioprio rt 4
+    writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
+    # audioflinger restarts itself when it loses connection with the hal
+    # and its .rc file has an "onrestart restart audio-hal" rule, thus
+    # an additional auto-restart from the init process isn't needed.
+    oneshot
+    interface android.hardware.audio@4.0::IDevicesFactory default
+    interface android.hardware.audio@2.0::IDevicesFactory default
+
+service cameraserver /system/bin/cameraserver
+    override
+    class main
+    user cameraserver
+    group audio camera input drmrpc oem_2996 oem_2993
+    ioprio rt 4
+    writepid /dev/cpuset/camera-daemon/tasks /dev/stune/top-app/tasks
+    rlimit rtprio 10 10
+
+service audioserver /system/bin/audioserver
+    override
+    class core
+    user audioserver
+    # media gid needed for /dev/fm (radio) and for /data/misc/media (tee)
+    group audio camera drmrpc inet media mediadrm net_bt net_bt_admin net_bw_acct wakelock oem_2993
+    capabilities BLOCK_SUSPEND
+    ioprio rt 4
+    writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
+    onrestart restart vendor.audio-hal-2-0
+    onrestart restart vendor.audio-hal-4-0-msd
+    # Keep the original service name for backward compatibility when upgrading
+    # O-MR1 devices with framework-only.
+    onrestart restart audio-hal-2-0
+
+service mediadrm /system/bin/mediadrmserver
+    override
+    class main
+    user media
+    group mediadrm drmrpc oem_2993
+    ioprio rt 4
+    writepid /dev/cpuset/foreground/tasks
+
+service media /system/bin/mediaserver
+    override
+    class main
+    user media
+    group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm oem_2996
+    ioprio rt 4
+    writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
+
 service iddd /system/bin/iddd
    class core
    user oem_2987