Merge "Add a hal_camera_prop rule for the gmscore_app domain"
diff --git a/host_package.mk b/host_package.mk
index 5aa22ab..6b1ba03 100644
--- a/host_package.mk
+++ b/host_package.mk
@@ -18,19 +18,15 @@
cvd_host_executables := \
adb \
adbshell \
- host_region_e2e_test \
launch_cvd \
lpmake \
lpunpack \
- socket_forward_proxy \
socket_vsock_proxy \
adb_connector \
stop_cvd \
vnc_server \
- record_audio \
cf_qemu.sh \
cf_bpttool \
- ivserver \
virtual_usb_manager \
kernel_log_monitor \
extract-vmlinux \
@@ -55,17 +51,12 @@
cvd_host_tests := \
auto_free_buffer_test \
- circqueue_test \
cuttlefish_thread_test \
- hald_client_test \
- lock_test \
monotonic_time_test \
- vsoc_graphics_test \
cuttlefish_net_tests \
cvd_host_shared_libraries := \
libbase.so \
- vsoc_lib.so \
libcuttlefish_fs.so \
cuttlefish_auto_resources.so \
libcuttlefish_strings.so \
diff --git a/shared/BoardConfig.mk b/shared/BoardConfig.mk
index f862dfe..f4cded4 100644
--- a/shared/BoardConfig.mk
+++ b/shared/BoardConfig.mk
@@ -151,6 +151,7 @@
# To see full logs from init, disable ratelimiting.
# The default is 5 messages per second amortized, with a burst of up to 10.
BOARD_KERNEL_CMDLINE += printk.devkmsg=on
+BOARD_KERNEL_CMDLINE += firmware_class.path=/vendor/etc/
BOARD_INCLUDE_DTB_IN_BOOTIMG := true
BOARD_BOOT_HEADER_VERSION := 3
@@ -158,3 +159,4 @@
BOARD_MKBOOTIMG_ARGS += --header_version $(BOARD_BOOT_HEADER_VERSION)
PRODUCT_COPY_FILES += device/google/cuttlefish/dtb.img:dtb.img
BOARD_BUILD_SYSTEM_ROOT_IMAGE := false
+
diff --git a/shared/config/fstab b/shared/config/fstab
index 234e01b..1016b62 100644
--- a/shared/config/fstab
+++ b/shared/config/fstab
@@ -1,7 +1,7 @@
boot /boot emmc defaults recoveryonly
system /system ext4 noatime,ro,errors=panic wait,logical,first_stage_mount,slotselect
# Add all non-dynamic partitions except system, after this comment
-/dev/block/by-name/userdata /data ext4 nodev,noatime,nosuid,errors=panic wait,fileencryption=aes-256-xts:aes-256-cts
+/dev/block/by-name/userdata /data ext4 nodev,noatime,nosuid,errors=panic wait,fileencryption=aes-256-xts:aes-256-cts,fsverity
/dev/block/by-name/metadata /metadata ext4 nodev,noatime,nosuid,errors=panic wait,formattable,first_stage_mount
/dev/block/by-name/cache /cache ext4 nodev,noatime,nosuid,errors=panic wait
/dev/block/by-name/misc /misc emmc defaults defaults
diff --git a/shared/config/fstab.composite b/shared/config/fstab.composite
index f64e510..afacfe4 100644
--- a/shared/config/fstab.composite
+++ b/shared/config/fstab.composite
@@ -1,7 +1,7 @@
boot /boot emmc defaults recoveryonly
system /system ext4 noatime,ro,errors=panic wait,logical,first_stage_mount,slotselect
# Add all non-dynamic partitions except system, after this comment
-/dev/block/by-name/userdata /data ext4 nodev,noatime,nosuid,errors=panic wait,fileencryption=aes-256-xts:aes-256-cts
+/dev/block/by-name/userdata /data ext4 nodev,noatime,nosuid,errors=panic wait,fileencryption=aes-256-xts:aes-256-cts,fsverity
/dev/block/by-name/cache /cache ext4 nodev,noatime,nosuid,errors=panic wait
/dev/block/by-name/metadata /metadata ext4 nodev,noatime,nosuid,errors=panic wait,formattable,first_stage_mount
/dev/block/by-name/misc /misc emmc defaults defaults
diff --git a/shared/config/init.cutf_ivsh.rc b/shared/config/init.cutf_ivsh.rc
deleted file mode 100644
index 1ad69b6..0000000
--- a/shared/config/init.cutf_ivsh.rc
+++ /dev/null
@@ -1,54 +0,0 @@
-# This file should contain entries specific to the vsoc hardware only, for
-# common entries use common file instead.
-import /vendor/etc/init/hw/init.common.rc
-
-on init
- chown system root /dev/input_events
- chmod 0660 /dev/input_events
- restorecon /dev/input_events
- chown radio root /dev/ril
- chmod 0660 /dev/ril
- restorecon /dev/ril
- chown audioserver root /dev/audio_data
- chmod 0660 /dev/audio_data
- restorecon /dev/audio_data
- chown system root /dev/screen
- chmod 0660 /dev/screen
- restorecon /dev/screen
-
-
-on early-boot
- start vsoc_input_service
-
-
-on boot
- start socket_forward_proxy
-
-
-on boot && property:ro.boot.vsoc_e2e_test=1
- mkdir /data/vendor/cf-tmp
- start vsoc_guest_region_e2e_test
-
-
-service vsoc_guest_region_e2e_test /vendor/bin/vsoc_guest_region_e2e_test /data/vendor/cf-tmp
- user root
- oneshot
-
-
-service vsoc_input_service /vendor/bin/vsoc_input_service
- group root uhid
- oneshot
-
-
-service socket_forward_proxy /vendor/bin/socket_forward_proxy
-
-
-on property:vendor.ser.cf-gadget-usb-v1=*
- symlink ${vendor.ser.cf-gadget-usb-v1} /dev/cf-gadget-usb-v1
- enable usbforward
-
-
-service usbforward /vendor/bin/usbforward /dev/cf-gadget-usb-v1
- class late_start
- user root
- disabled
diff --git a/shared/device.mk b/shared/device.mk
index f8cfd67..6975050 100644
--- a/shared/device.mk
+++ b/shared/device.mk
@@ -60,18 +60,9 @@
wlan.driver.status=ok
#
-# Packages for various cuttlefish-specific tests
-#
-PRODUCT_PACKAGES += \
- vsoc_guest_region_e2e_test \
- vsoc_managed_region_e2e_test \
- vsoc_driver_test
-
-#
# Packages for various GCE-specific utilities
#
PRODUCT_PACKAGES += \
- socket_forward_proxy \
socket_vsock_proxy \
usbforward \
CuttlefishService \
@@ -121,7 +112,6 @@
device/google/cuttlefish/shared/config/audio_policy.conf:$(TARGET_COPY_OUT_VENDOR)/etc/audio_policy.conf \
device/google/cuttlefish/shared/config/camera_v3.json:$(TARGET_COPY_OUT_VENDOR)/etc/config/camera.json \
device/google/cuttlefish/shared/config/init.common.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.common.rc \
- device/google/cuttlefish/shared/config/init.cutf_ivsh.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.cutf_ivsh.rc \
device/google/cuttlefish/shared/config/init.cutf_cvm.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.cutf_cvm.rc \
device/google/cuttlefish/shared/config/init.product.rc:$(TARGET_COPY_OUT_PRODUCT)/etc/init/init.rc \
device/google/cuttlefish/shared/config/ueventd.rc:$(TARGET_COPY_OUT_VENDOR)/ueventd.rc \
@@ -352,7 +342,6 @@
PRODUCT_COPY_FILES += \
device/google/cuttlefish/shared/config/init.recovery.common.rc:recovery/root/init.recovery.common.rc \
- device/google/cuttlefish/shared/config/init.recovery.cutf_ivsh.rc:recovery/root/init.recovery.cutf_ivsh.rc \
device/google/cuttlefish/shared/config/init.recovery.cutf_cvm.rc:recovery/root/init.recovery.cutf_cvm.rc \
endif
@@ -364,6 +353,6 @@
$(LOCAL_PATH)/config/init.insmod.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.insmod.sh \
# Host packages to install
-PRODUCT_HOST_PACKAGES += socket_forward_proxy socket_vsock_proxy
+PRODUCT_HOST_PACKAGES += socket_vsock_proxy
PRODUCT_EXTRA_VNDK_VERSIONS := 28 29
diff --git a/shared/sepolicy/vendor/file_contexts b/shared/sepolicy/vendor/file_contexts
index 884a161..a74ee48 100644
--- a/shared/sepolicy/vendor/file_contexts
+++ b/shared/sepolicy/vendor/file_contexts
@@ -48,11 +48,9 @@
# Vendor files
#
/vendor/bin/usbforward u:object_r:usbforward_exec:s0
-/vendor/bin/socket_forward_proxy u:object_r:socket_forward_proxy_exec:s0
/vendor/bin/socket_vsock_proxy u:object_r:socket_vsock_proxy_exec:s0
/vendor/bin/vsock_logcat u:object_r:vsock_logcat_exec:s0
/vendor/bin/vsoc_input_service u:object_r:vsoc_input_service_exec:s0
-/vendor/bin/vsoc_guest_region_e2e_test u:object_r:vsoc_guest_region_e2e_test_exec:s0
/vendor/bin/vport_trigger u:object_r:vport_trigger_exec:s0
/vendor/bin/rename_netiface u:object_r:rename_netiface_exec:s0
/vendor/bin/hw/libcuttlefish-rild u:object_r:libcuttlefish_rild_exec:s0
diff --git a/shared/sepolicy/vendor/socket_forward_proxy.te b/shared/sepolicy/vendor/socket_forward_proxy.te
deleted file mode 100644
index 0b7f2fc..0000000
--- a/shared/sepolicy/vendor/socket_forward_proxy.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type socket_forward_proxy, domain, netdomain;
-type socket_forward_proxy_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(socket_forward_proxy)
-
-allow socket_forward_proxy socket_forward_device:chr_file rw_file_perms;
-allow socket_forward_proxy self:capability net_raw;
diff --git a/shared/sepolicy/vendor/vsoc_guest_region_e2e_test.te b/shared/sepolicy/vendor/vsoc_guest_region_e2e_test.te
deleted file mode 100644
index db5749f..0000000
--- a/shared/sepolicy/vendor/vsoc_guest_region_e2e_test.te
+++ /dev/null
@@ -1,13 +0,0 @@
-type vsoc_guest_region_e2e_test, domain;
-type vsoc_guest_region_e2e_test_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vsoc_guest_region_e2e_test)
-
-# Access region test devices
-allow vsoc_guest_region_e2e_test region_e2e_test_device:chr_file rw_file_perms;
-allow vsoc_guest_region_e2e_test vendor_data_file:file { create_file_perms };
-allow vsoc_guest_region_e2e_test vendor_data_file:dir { create_file_perms create_dir_perms };
-
-# gtest checks access() on /data/local/tmp. However, vendor processes are
-# neverallow'ed /data access outside of /data/vendor.
-dontaudit vsoc_guest_region_e2e_test self:capability dac_override;