commit e27662cba1d1007d34a127d12945cc9817321f24 Author: Peter Cai Date: Wed Oct 20 20:50:12 2021 -0400 initial commit diff --git a/frameworks/av/0001-APM-Restore-R-and-Q-behavior-respectively-for-teleph.patch b/frameworks/av/0001-APM-Restore-R-and-Q-behavior-respectively-for-teleph.patch new file mode 100644 index 0000000..026e79c --- /dev/null +++ b/frameworks/av/0001-APM-Restore-R-and-Q-behavior-respectively-for-teleph.patch @@ -0,0 +1,106 @@ +From ffc51e7cf3896389a5e015ea1774d59bb200d806 Mon Sep 17 00:00:00 2001 +From: Peter Cai +Date: Tue, 19 Oct 2021 21:16:55 -0400 +Subject: [PATCH] APM: Restore R and Q behavior respectively for telephony + audio + +This conditionally reverts part of 51c9cc (S) and afd4ce (R) when the +VNDK version is equal to or before R and Q respectively. + +On R, commit afd4ce made it so that both HW and SW bridging go through +`createAudioPatch()`, which is broken on some devices such as on MTK Q +vendor, because their HAL do not support HW patching via the newer +`createAudioPatch()` method. Instead, the patching on Q was done through +`setOutputDevices()`. + +On S, commit 51c9cc refactored the related code again such that HW +bridging for the Rx direction is essentially removed, replaced with SW +bridging through `startAudioSource()`. This is, again, broken on MTK R +vendor devices. + +Both of these commits rely on assumptions that are not tested through +VTS and just presumed to be true. Although we can blame MTK for not +supporting all the possible cases in their HAL, it will not fix +anything, and really frameworks code should not depend on such untested +assumptions. + +To work around said issues, we restore old behavior from R and Q relying +on the value of `ro.vndk.version`. + +Change-Id: I56d36d2aef4319935cb88a3e4771b23c6d5b2145 +--- + .../managerdefault/AudioPolicyManager.cpp | 31 ++++++++++++++++--- + .../managerdefault/AudioPolicyManager.h | 1 + + 2 files changed, 28 insertions(+), 4 deletions(-) + +diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp +index cc2d8e8cf4..8defaad32c 100644 +--- a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp ++++ b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp +@@ -601,6 +601,11 @@ status_t AudioPolicyManager::updateCallRoutingInternal( + rxDevices.itemAt(0)->toString().c_str(), txSourceDevice->toString().c_str()); + + disconnectTelephonyRxAudioSource(); ++ // release existing RX patch if any ++ if (mCallRxPatch != 0) { ++ releaseAudioPatchInternal(mCallRxPatch->getHandle()); ++ mCallRxPatch.clear(); ++ } + // release TX patch if any + if (mCallTxPatch != 0) { + releaseAudioPatchInternal(mCallTxPatch->getHandle()); +@@ -629,9 +634,20 @@ status_t AudioPolicyManager::updateCallRoutingInternal( + ALOGE("%s() no telephony Tx and/or RX device", __func__); + return INVALID_OPERATION; + } +- // createAudioPatchInternal now supports both HW / SW bridging +- createRxPatch = true; +- createTxPatch = true; ++ if (property_get_int32("ro.vndk.version", 31) >= 30) { ++ // createAudioPatchInternal now supports both HW / SW bridging ++ createRxPatch = true; ++ createTxPatch = true; ++ } else { ++ // pre-R behavior: some devices before VNDK 30 do not support createAudioPatch correctly ++ // for HW bridging even though they declare support for it ++ // do not create a patch (aka Sw Bridging) if Primary HW module has declared supporting a ++ // route between telephony RX to Sink device and Source device to telephony TX ++ ALOGI("%s() Using pre-R behavior for createRxPatch and createTxPatch", __func__); ++ const auto &primaryModule = telephonyRxModule; ++ createRxPatch = !primaryModule->supportsPatch(rxSourceDevice, rxDevices.itemAt(0)); ++ createTxPatch = !primaryModule->supportsPatch(txSourceDevice, txSinkDevice); ++ } + } else { + // If the RX device is on the primary HW module, then use legacy routing method for + // voice calls via setOutputDevice() on primary output. +@@ -648,7 +664,14 @@ status_t AudioPolicyManager::updateCallRoutingInternal( + if (!createRxPatch) { + muteWaitMs = setOutputDevices(mPrimaryOutput, rxDevices, true, delayMs); + } else { // create RX path audio patch +- connectTelephonyRxAudioSource(); ++ if (property_get_int32("ro.vndk.version", 31) >= 31) { ++ connectTelephonyRxAudioSource(); ++ } else { ++ // pre-S behavior: some devices do not support SW bridging correctly when HW bridge is ++ // available through createAudioPatch(); startAudioSource() forces SW bridging. ++ ALOGI("%s() Using pre-S behavior to create HW Rx patch", __func__); ++ mCallRxPatch = createTelephonyPatch(true /*isRx*/, rxDevices.itemAt(0), delayMs); ++ } + // If the TX device is on the primary HW module but RX device is + // on other HW module, SinkMetaData of telephony input should handle it + // assuming the device uses audio HAL V5.0 and above +diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.h b/services/audiopolicy/managerdefault/AudioPolicyManager.h +index 98f96d1951..e8b19091d5 100644 +--- a/services/audiopolicy/managerdefault/AudioPolicyManager.h ++++ b/services/audiopolicy/managerdefault/AudioPolicyManager.h +@@ -827,6 +827,7 @@ protected: + SoundTriggerSessionCollection mSoundTriggerSessions; + + sp mCallTxPatch; ++ sp mCallRxPatch; + + HwAudioOutputCollection mHwOutputs; + SourceClientCollection mAudioSources; +-- +2.33.1 + diff --git a/frameworks/base/0001-PackageParser-support-glob-matching-for-properties.patch b/frameworks/base/0001-PackageParser-support-glob-matching-for-properties.patch new file mode 100644 index 0000000..2aa7a25 --- /dev/null +++ b/frameworks/base/0001-PackageParser-support-glob-matching-for-properties.patch @@ -0,0 +1,36 @@ +From 70f7d35dda51036f04d31d507e4c30ee0a033ec5 Mon Sep 17 00:00:00 2001 +From: Peter Cai +Date: Tue, 12 Oct 2021 21:37:22 -0400 +Subject: [PATCH 1/2] PackageParser: support glob matching for properties + +Needed to make phh's vendor overlays work +--- + core/java/android/content/pm/PackageParser.java | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java +index bbb0b8e30938..45ebe8e1aaaf 100644 +--- a/core/java/android/content/pm/PackageParser.java ++++ b/core/java/android/content/pm/PackageParser.java +@@ -2500,8 +2500,16 @@ public class PackageParser { + for (int i = 0; i < propNames.length; i++) { + // Check property value: make sure it is both set and equal to expected value + final String currValue = SystemProperties.get(propNames[i]); +- if (!TextUtils.equals(currValue, propValues[i])) { +- return false; ++ if (propValues[i].startsWith("+") && propValues[i].endsWith("*")) { ++ // Glob matching ++ int idx = TextUtils.indexOf(currValue, propValues[i].substring(1, propValues[i].length() - 1)); ++ if (idx < 0) { ++ return false; ++ } ++ } else { ++ if (!TextUtils.equals(currValue, propValues[i])) { ++ return false; ++ } + } + } + return true; +-- +2.33.1 + diff --git a/frameworks/base/0002-core-Use-real-security-patch-level-property.patch b/frameworks/base/0002-core-Use-real-security-patch-level-property.patch new file mode 100644 index 0000000..e7f7b48 --- /dev/null +++ b/frameworks/base/0002-core-Use-real-security-patch-level-property.patch @@ -0,0 +1,31 @@ +From 214f184c91b39047046f5cc14af7541e5fb1b458 Mon Sep 17 00:00:00 2001 +From: Danny Lin +Date: Sat, 7 Nov 2020 23:47:30 -0800 +Subject: [PATCH 2/2] core: Use real security patch level property + +The standard platform security patch level property may not reflect the +real patch level due to SafetyNet hacks, so we need to check the custom +"real" property to show the correct patch level to the user (and most +apps). + +Change-Id: I18f8b6812335f132a935e0cfc04523cf693d1101 +--- + core/java/android/os/Build.java | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java +index 95bcdf42f739..49ced75734d0 100755 +--- a/core/java/android/os/Build.java ++++ b/core/java/android/os/Build.java +@@ -306,7 +306,7 @@ public class Build { + * most recently applied a security patch. + */ + public static final String SECURITY_PATCH = SystemProperties.get( +- "ro.build.version.security_patch", ""); ++ "ro.build.version.real_security_patch", ""); + + /** + * The media performance class of the device or 0 if none. +-- +2.33.1 + diff --git a/system/core/0001-Stop-overriding-system-properties-from-vendor.patch b/system/core/0001-Stop-overriding-system-properties-from-vendor.patch new file mode 100644 index 0000000..4f2e4e9 --- /dev/null +++ b/system/core/0001-Stop-overriding-system-properties-from-vendor.patch @@ -0,0 +1,27 @@ +From 2a6fd2529fa57658fb503f43ffd11bcddd22aacb Mon Sep 17 00:00:00 2001 +From: Pierre-Hugues Husson +Date: Thu, 7 Oct 2021 15:48:11 -0400 +Subject: [PATCH 1/2] Stop overriding system properties from vendor + +This is annoying to disable apexes, or force adb + +Change-Id: Ifd0072c631349b23945df4ab401ba26eca07131f +--- + init/property_service.cpp | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/init/property_service.cpp b/init/property_service.cpp +index 4805a7b9f..a2b424386 100644 +--- a/init/property_service.cpp ++++ b/init/property_service.cpp +@@ -725,7 +725,6 @@ static void LoadProperties(char* data, const char* filter, const char* filename, + } else if (it->second != value) { + LOG(WARNING) << "Overriding previous property '" << key << "':'" << it->second + << "' with new value '" << value << "'"; +- it->second = value; + } + } else { + LOG(ERROR) << "Do not have permissions to set '" << key << "' to '" << value +-- +2.33.1 + diff --git a/system/core/0002-init-Do-not-start-console-service-when-debuggable.patch b/system/core/0002-init-Do-not-start-console-service-when-debuggable.patch new file mode 100644 index 0000000..83f1687 --- /dev/null +++ b/system/core/0002-init-Do-not-start-console-service-when-debuggable.patch @@ -0,0 +1,31 @@ +From 3dc5868ed984b0ec01e5d3d96ad7a6e6af31f585 Mon Sep 17 00:00:00 2001 +From: Isaac Chen +Date: Wed, 23 Jun 2021 13:07:30 +0800 +Subject: [PATCH 2/2] init: Do not start console service when debuggable + +Google added a check for this in R, when it's running it will show a +notification about that performance is impacted. + +Signed-off-by: Isaac Chen +Change-Id: I34cfd6b42d3b9aee4b3e63181480cfb8b1255f29 +--- + rootdir/init.rc | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/rootdir/init.rc b/rootdir/init.rc +index d38eb5d4a..1680aebcc 100644 +--- a/rootdir/init.rc ++++ b/rootdir/init.rc +@@ -1217,9 +1217,6 @@ on property:ro.debuggable=1 + # Give reads to anyone for the accessibility trace folder on debug builds. + chmod 0775 /data/misc/a11ytrace + +-on init && property:ro.debuggable=1 +- start console +- + on userspace-reboot-requested + # TODO(b/135984674): reset all necessary properties here. + setprop sys.boot_completed "" +-- +2.33.1 + diff --git a/system/sepolicy/0001-Protect-real-SPL-property.patch b/system/sepolicy/0001-Protect-real-SPL-property.patch new file mode 100644 index 0000000..a9d533e --- /dev/null +++ b/system/sepolicy/0001-Protect-real-SPL-property.patch @@ -0,0 +1,38 @@ +From d64b74058176dedbe0c7f209956ecb1a9377f079 Mon Sep 17 00:00:00 2001 +From: Peter Cai +Date: Wed, 20 Oct 2021 16:01:00 -0400 +Subject: [PATCH] Protect real SPL property + +Label it with the same SELinux context as the original SPL property. +--- + prebuilts/api/31.0/private/property_contexts | 1 + + private/property_contexts | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts +index 8ac1e7005..b8be6dbf2 100644 +--- a/prebuilts/api/31.0/private/property_contexts ++++ b/prebuilts/api/31.0/private/property_contexts +@@ -710,6 +710,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string + ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string + ro.build.version.sdk u:object_r:build_prop:s0 exact int + ro.build.version.security_patch u:object_r:build_prop:s0 exact string ++ro.build.version.real_security_patch u:object_r:build_prop:s0 exact string + + ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool + +diff --git a/private/property_contexts b/private/property_contexts +index 8ac1e7005..b8be6dbf2 100644 +--- a/private/property_contexts ++++ b/private/property_contexts +@@ -710,6 +710,7 @@ ro.build.version.release u:object_r:build_prop:s0 exact string + ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string + ro.build.version.sdk u:object_r:build_prop:s0 exact int + ro.build.version.security_patch u:object_r:build_prop:s0 exact string ++ro.build.version.real_security_patch u:object_r:build_prop:s0 exact string + + ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool + +-- +2.33.1 + diff --git a/system/vold/0001-Fallback-to-non-rollback-resistant-keys-if-not-avail.patch b/system/vold/0001-Fallback-to-non-rollback-resistant-keys-if-not-avail.patch new file mode 100644 index 0000000..9f2b5c8 --- /dev/null +++ b/system/vold/0001-Fallback-to-non-rollback-resistant-keys-if-not-avail.patch @@ -0,0 +1,54 @@ +From 6d24663905ec1735eefc4b13b60f09465b28111a Mon Sep 17 00:00:00 2001 +From: Pierre-Hugues Husson +Date: Tue, 5 Oct 2021 16:17:15 -0400 +Subject: [PATCH] Fallback to non-rollback resistant keys if not available + +Boot on Mediatek devices was broken with: +~ Add ROLLBACK_RESISTANCE tag to key usage + +Change-Id: I0ab7103c317c70779dee03dce25ba9c9da1629f4 +--- + KeyStorage.cpp | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/KeyStorage.cpp b/KeyStorage.cpp +index 93c5c29..ef089ad 100644 +--- a/KeyStorage.cpp ++++ b/KeyStorage.cpp +@@ -378,12 +378,15 @@ static KeymasterOperation BeginKeymasterOp(Keymaster& keymaster, const std::stri + static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir, + const km::AuthorizationSet& keyParams, + const KeyBuffer& message, std::string* ciphertext) { +- km::AuthorizationSet opParams = ++ auto opParams = + km::AuthorizationSetBuilder() +- .Authorization(km::TAG_ROLLBACK_RESISTANCE) + .Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT); ++ auto opParamsWithRollback = opParams; ++ opParamsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE); ++ + km::AuthorizationSet outParams; +- auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams); ++ auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParamsWithRollback, &outParams); ++ if (!opHandle) opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams); + if (!opHandle) return false; + auto nonceBlob = outParams.GetTagValue(km::TAG_NONCE); + if (!nonceBlob) { +@@ -410,9 +413,12 @@ static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir + auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES); + auto opParams = km::AuthorizationSetBuilder() + .Authorization(km::TAG_NONCE, nonce) +- .Authorization(km::TAG_ROLLBACK_RESISTANCE) + .Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT); +- auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr); ++ auto opParamsWithRollback = opParams; ++ opParamsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE); ++ ++ auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParamsWithRollback, nullptr); ++ if (!opHandle) opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr); + if (!opHandle) return false; + if (!opHandle.updateCompletely(bodyAndMac, message)) return false; + if (!opHandle.finish(nullptr)) return false; +-- +2.33.0 +