From a7430966ea1937c74f4c843cad4d27673d01de4b Mon Sep 17 00:00:00 2001 From: Wayne Lin Date: Wed, 7 Feb 2024 08:52:09 +0800 Subject: [PATCH 1/2] gps: add sepolicy to coredump node Bug: 319766739 Test: build pass and verify pass Change-Id: I7cf289865540533b9d65a2c2c21d1ea4e9f391a2 --- gps/lsi/sepolicy/genfs_contexts | 2 ++ gps/lsi/sepolicy/gnssd.te | 1 + gps/lsi/sepolicy/hal_gnss_default.te | 1 + 3 files changed, 4 insertions(+) create mode 100644 gps/lsi/sepolicy/genfs_contexts diff --git a/gps/lsi/sepolicy/genfs_contexts b/gps/lsi/sepolicy/genfs_contexts new file mode 100644 index 0000000..d19427c --- /dev/null +++ b/gps/lsi/sepolicy/genfs_contexts @@ -0,0 +1,2 @@ +# gps coredump node +genfscon sysfs /devices/platform/gnssif/coredump u:object_r:sysfs_gps:s0 diff --git a/gps/lsi/sepolicy/gnssd.te b/gps/lsi/sepolicy/gnssd.te index 487bcbb..8450253 100644 --- a/gps/lsi/sepolicy/gnssd.te +++ b/gps/lsi/sepolicy/gnssd.te @@ -24,3 +24,4 @@ net_domain(gnssd); get_prop(gnssd, bootanim_system_prop) allow gnssd sysfs_soc:file r_file_perms; +allow gnssd sysfs_gps:file rw_file_perms; diff --git a/gps/lsi/sepolicy/hal_gnss_default.te b/gps/lsi/sepolicy/hal_gnss_default.te index 515a923..54a08f9 100644 --- a/gps/lsi/sepolicy/hal_gnss_default.te +++ b/gps/lsi/sepolicy/hal_gnss_default.te @@ -3,6 +3,7 @@ allow hal_gnss_default gnssd:unix_stream_socket connectto; allow hal_gnss_default vendor_gps_file:dir create_dir_perms; allow hal_gnss_default vendor_gps_file:file create_file_perms; allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms; +allow hal_gnss_default sysfs_gps:file rw_file_perms; binder_call(hal_gnss_default, gnssd); #Read GPS property From 442f99acafa6a00cd2757f8149ace28f485f89d3 Mon Sep 17 00:00:00 2001 From: Mitch Phillips Date: Tue, 13 Feb 2024 11:46:38 +0100 Subject: [PATCH 2/2] Enable MTE workaround for b/324412910 For now, disable MTE in this process. This will unblock stack MTE from being turned back on. Bug: 324412910 Test: Boot the device with aosp/2953627 Change-Id: If3217f477da7efac753bba676673cfcf99d8d8e1 --- mte/fullmte-pixel.mk | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mte/fullmte-pixel.mk b/mte/fullmte-pixel.mk index 96120fb..da4e7b9 100644 --- a/mte/fullmte-pixel.mk +++ b/mte/fullmte-pixel.mk @@ -1,2 +1,5 @@ include build/make/target/product/fullmte.mk BOARD_KERNEL_CMDLINE += bootloader.pixel.MTE_FORCE_ON +# TODO(b/324412910): Remove this when the stack-buffer-overflow is fixed. +PRODUCT_PRODUCT_PROPERTIES += \ + arm64.memtag.process.android.hardware.composer.hwc3-service.pixel=off \ No newline at end of file