diff options
author | Viorel Suman <viorel.suman@intel.com> | 2015-11-05 17:09:58 +0200 |
---|---|---|
committer | Bruce Beare <bruce.j.beare@intel.com> | 2016-02-04 16:00:02 -0800 |
commit | a040660d625bbd742413312b31d31eb3103e2839 (patch) | |
tree | c8c44088733cdc8d2e0bd34fa91f17419ba4d3b5 | |
parent | 98bdbd82c3c9bbed570bd72df196d568030edb4f (diff) | |
download | minnowboard-a040660d625bbd742413312b31d31eb3103e2839.tar.gz |
MinnowBoard configuration files
Initial configuration files imported from edison and updated for minnowboard.
Change-Id: I0a53518559b59e044c52a8327f11a1f254b4f1d4
Signed-off-by: Viorel Suman <viorel.suman@intel.com>
Signed-off-by: Irina Patru <irina.patru@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Signed-off-by: Mihai Serban <mihai.serban@intel.com>
Signed-off-by: Stefan Stanacar <stefan.stanacar@intel.com>
-rw-r--r-- | AndroidBoard.mk | 22 | ||||
-rw-r--r-- | BoardConfig.mk | 87 | ||||
-rw-r--r-- | base_product/AndroidProducts.mk | 21 | ||||
-rw-r--r-- | base_product/devicesetup.sh | 17 | ||||
-rw-r--r-- | base_product/minnowboard.mk | 26 | ||||
-rw-r--r-- | base_product/weaved.conf | 79 | ||||
-rw-r--r-- | bootloader.mk | 116 | ||||
-rw-r--r-- | build/tasks/flashfiles.mk | 56 | ||||
-rw-r--r-- | build/tasks/ramdisk.mk | 20 | ||||
-rw-r--r-- | flash_tools/LICENSE.txt | 13 | ||||
-rw-r--r-- | flash_tools/README | 1 | ||||
-rwxr-xr-x | flash_tools/brillo-flashall.sh | 76 | ||||
-rw-r--r-- | fstab | 5 | ||||
-rw-r--r-- | sepolicy/file_contexts | 7 | ||||
-rw-r--r-- | sepolicy/sensorservice.te | 7 | ||||
-rw-r--r-- | sepolicy/te_macros | 17 | ||||
-rw-r--r-- | sepolicy/userfastboot.te | 35 |
17 files changed, 605 insertions, 0 deletions
diff --git a/AndroidBoard.mk b/AndroidBoard.mk new file mode 100644 index 0000000..a28ba2c --- /dev/null +++ b/AndroidBoard.mk @@ -0,0 +1,22 @@ +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This has to live here for now as the variables it requires are +# not read when BoardConfig.mk is parsed. + +include device/generic/brillo/kernel.mk + +include device/intel/minnowboard/bootloader.mk diff --git a/BoardConfig.mk b/BoardConfig.mk new file mode 100644 index 0000000..eb301ba --- /dev/null +++ b/BoardConfig.mk @@ -0,0 +1,87 @@ +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Select the SoC +$(call set_soc, intel, baytrail) + +# Add wifi controller +$(call add_peripheral, intel, wifi/rtl8192cu) +# Add lights HAL +$(call add_peripheral, intel, light/mraa) +# Add audio support +$(call add_peripheral, intel, audio/generic/usb) +# Add sensor support +$(call add_peripheral, intel, sensors/mraa) + +# NOTE: These values must be kept in sync with BOARD_GPT_INI +BOARD_SYSTEMIMAGE_PARTITION_SIZE := 268435456 +BOARD_BOOTLOADER_PARTITION_SIZE := 62914560 +BOARD_USERDATAIMAGE_PARTITION_SIZE := 134217728 +TARGET_USERIMAGES_USE_EXT4 := true +BOARD_FLASH_BLOCK_SIZE := 512 +TARGET_USERIMAGES_SPARSE_EXT_DISABLED := false + +# Specific sensors to be built into the sensors HAL +PLATFORM_SENSOR_LIST += MPU9150Accelerometer + +TARGET_BOOTLOADER_BOARD_NAME := $(TARGET_DEVICE) + +# +# USERFASTBOOT Configuration +# +TARGET_STAGE_USERFASTBOOT := true +TARGET_USE_USERFASTBOOT := true +USERFASTBOOT_NO_GUI := true + +# +# KERNELFLINGER Configuration +# +TARGET_UEFI_ARCH := x86_64 +# Kernelflinger won't check the ACPI table oem_id, oem_table_id and +# revision fields +KERNELFLINGER_ALLOW_UNSUPPORTED_ACPI_TABLE := true +# Allow Kernelflinger to start watchdog prior to boot the kernel +KERNELFLINGER_USE_WATCHDOG := true +# Tell Kernelflinger to use pre-generated graphics resources +KERNELFLINGER_GEN_GRAPHICS := false +# Specify system verity partition +PRODUCT_SYSTEM_VERITY_PARTITION := /dev/block/by-name/system + +BOOTLOADER_USE_PREBUILT := $(shell echo $${BOOTLOADER_USE_PREBUILT:-true}) +BOOTLOADER_ADDITIONAL_DEPS += $(PRODUCT_OUT)/fastboot.img +BOOTLOADER_ADDITIONAL_ARGS += --fastboot $(PRODUCT_OUT)/fastboot.img + +# Note: We use := here to force the policy directory to be added +# on the first pass for make and to thus get around a build system bug. +BOARD_SEPOLICY_DIRS := $(BOARD_SEPOLICY_DIRS) device/intel/minnowboard/sepolicy + +vendor_partition_directory := vendor/bsp/intel/minnowboard + +PRODUCT_COPY_FILES += \ + device/intel/minnowboard/flash_tools/brillo-flashall.sh:provision-device \ + device/intel/minnowboard/fstab:root/fstab.$(TARGET_DEVICE) \ + $(vendor_partition_directory)/boot_binaries/gpt.ini:gpt.ini \ + $(vendor_partition_directory)/boot_binaries/oemvars.txt:oemvars.txt + +BRILLO_VENDOR_PARTITIONS := \ + $(vendor_partition_directory)/boot_binaries:bootloader \ + $(vendor_partition_directory)/boot_binaries:fastboot-usb.img \ + $(vendor_partition_directory)/boot_binaries:oemvars.txt \ + $(vendor_partition_directory)/boot_binaries:gpt.ini \ + $(vendor_partition_directory)/boot_binaries:README + +# Must defined at the end of the file +$(call add_device_packages) diff --git a/base_product/AndroidProducts.mk b/base_product/AndroidProducts.mk new file mode 100644 index 0000000..1253391 --- /dev/null +++ b/base_product/AndroidProducts.mk @@ -0,0 +1,21 @@ +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This file is found by the build system. +# It defines the base product definition for device bring up. + +PRODUCT_MAKEFILES := \ + $(LOCAL_DIR)/minnowboard.mk diff --git a/base_product/devicesetup.sh b/base_product/devicesetup.sh new file mode 100644 index 0000000..f92c8fa --- /dev/null +++ b/base_product/devicesetup.sh @@ -0,0 +1,17 @@ +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +add_lunch_combo minnowboard-eng diff --git a/base_product/minnowboard.mk b/base_product/minnowboard.mk new file mode 100644 index 0000000..a5b9283 --- /dev/null +++ b/base_product/minnowboard.mk @@ -0,0 +1,26 @@ +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +$(call inherit-product, device/generic/brillo/brillo_base.mk) + +PRODUCT_NAME := minnowboard +PRODUCT_BRAND := Brillo + +PRODUCT_DEVICE := minnowboard + +# Install minnowboard-specific config file for weaved. +PRODUCT_COPY_FILES += \ + device/intel/minnowboard/base_product/weaved.conf:system/etc/weaved/weaved.conf diff --git a/base_product/weaved.conf b/base_product/weaved.conf new file mode 100644 index 0000000..4cdae0d --- /dev/null +++ b/base_product/weaved.conf @@ -0,0 +1,79 @@ +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# OAuth 2.0 client id. +# client_id= + +# OAuth 2.0 client secret. +# client_secret= + +# OAuth 2.0 API key. +# api_key= + +# Human readable name of the device. +name=MinnowBoard Starter Board + +# Human readable description of the device. +# Defaults to empty string" +description=Intel MinnowBoard + +# Location of the device. +# location= + +# Manufacturer of the device. +oem_name=Intel + +# Model of the device. +# Defaults to Brillo. +model_name=MinnowBoard + +# Five character code assigned by the cloud registry of device models. +# Defaults to "AAAAA" (Unregistered model). +model_id=AAAAA + +# Maximum role for local anonymous user. +# local_anonymous_access_role=viewer + +# If true, allows local pairing using Privet API. +# local_pairing_enabled=true + +# If true, allows local discovery using mDns. +# local_discovery_enabled=true + +# GCD service polling interval in milliseconds. +# polling_period_ms=7000 + +# GCD service backup polling interval in milliseconds. +# backup_polling_period_ms=1800000 + +# Automatic mode causes buffet to automatically bring up a SoftAP for +# bootstrapping when it looses network connectivity for long enough, +# and on first boot. +# wifi_auto_setup_enabled=true + +# List of pairing modes supported by device. +# Values can be one of pinCode, embeddedCode, ultrasound32, audible32. +# Defaults to pinCode if embedded_code_path is empty, or embeddedCode otherwise. +pairing_modes=embeddedCode + +# Absolute path to file specifying an embedded pairing code. The file at +# embedded_code_path should be a file in key value format, with a key +# embedded_code. +# Defaults to empty path. +embedded_code_path=/etc/weaved/weaved.conf + +# Embedded code. +embedded_code=hello diff --git a/bootloader.mk b/bootloader.mk new file mode 100644 index 0000000..3ad8d28 --- /dev/null +++ b/bootloader.mk @@ -0,0 +1,116 @@ +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifeq ($(BOOTLOADER_USE_PREBUILT),false) +# Rules to create bootloader zip file, a precursor to the bootloader +# image that is stored in the target-files-package. There's also +# metadata file which indicates how large to make the VFAT filesystem +# image + +ifeq ($(TARGET_UEFI_ARCH),i386) +efi_default_name := bootia32.efi +LOADER_TYPE := linux-x86 +else +efi_default_name := bootx64.efi +LOADER_TYPE := linux-x86_64 +endif + +# (pulled from build/core/Makefile as this gets defined much later) +# Pick a reasonable string to use to identify files. +ifneq "" "$(filter eng.%,$(BUILD_NUMBER))" +# BUILD_NUMBER has a timestamp in it, which means that +# it will change every time. Pick a stable value. +FILE_NAME_TAG := eng.$(USER) +else +FILE_NAME_TAG := $(BUILD_NUMBER) +endif + +kernelflinger := $(PRODUCT_OUT)/efi/kernelflinger.efi + +BOARD_FIRST_STAGE_LOADER := $(kernelflinger) +USERFASTBOOT_2NDBOOTLOADER := + +intermediates := $(call intermediates-dir-for,PACKAGING,bootloader_zip) +bootloader_zip := $(intermediates)/bootloader.zip +$(bootloader_zip): intermediates := $(intermediates) +$(bootloader_zip): efi_root := $(intermediates)/root +$(bootloader_zip): \ + $(TARGET_DEVICE_DIR)/AndroidBoard.mk \ + $(BOARD_FIRST_STAGE_LOADER) \ + | $(ACP) + + $(hide) rm -rf $(efi_root) + $(hide) rm -f $@ + $(hide) mkdir -p $(efi_root)/EFI/BOOT + $(hide) $(ACP) $(BOARD_FIRST_STAGE_LOADER) $(efi_root)/loader.efi + $(hide) $(ACP) $(BOARD_FIRST_STAGE_LOADER) $(efi_root)/EFI/BOOT/$(efi_default_name) + $(hide) echo "Brillo=\\EFI\\BOOT\\$(efi_default_name)" > $(efi_root)/manifest.txt + $(hide) (cd $(efi_root) && zip -qry ../$(notdir $@) .) + +bootloader_metadata := $(intermediates)/bootloader-size.txt +$(bootloader_metadata): + $(hide) mkdir -p $(dir $@) + $(hide) echo $(BOARD_BOOTLOADER_PARTITION_SIZE) > $@ + +INSTALLED_RADIOIMAGE_TARGET += $(bootloader_zip) $(bootloader_metadata) + +# Rule to create $(OUT)/bootloader image, binaries within are signed with +# testing keys + +BOOTLOADER_FROM_ZIP := vendor/bsp/intel/kernelflinger/build/bootloader_from_zip + +bootloader_bin := $(PRODUCT_OUT)/bootloader +$(bootloader_bin): \ + $(bootloader_zip) \ + $(IMG2SIMG) \ + $(BOOTLOADER_ADDITIONAL_DEPS) \ + $(BOOTLOADER_FROM_ZIP) + + $(hide) $(BOOTLOADER_FROM_ZIP) \ + --size $(BOARD_BOOTLOADER_PARTITION_SIZE) \ + $(BOOTLOADER_ADDITIONAL_ARGS) \ + --zipfile $(bootloader_zip) \ + $@ + +droidcore: $(bootloader_bin) + +.PHONY: bootloader +bootloader: $(bootloader_bin) +$(call dist-for-goals,droidcore,$(bootloader_bin):$(TARGET_PRODUCT)-bootloader-$(FILE_NAME_TAG)) + +fastboot_usb_bin := $(PRODUCT_OUT)/fastboot-usb.img +$(fastboot_usb_bin): \ + $(bootloader_zip) \ + $(BOOTLOADER_ADDITIONAL_DEPS) \ + $(BOOTLOADER_FROM_ZIP) + + $(hide) $(BOOTLOADER_FROM_ZIP) \ + $(BOOTLOADER_ADDITIONAL_ARGS) \ + --zipfile $(bootloader_zip) \ + --extra-size 10485760 \ + --bootable \ + $@ + +# Build when 'make' is run with no args +droidcore: $(fastboot_usb_bin) + +.PHONY: userfastboot-usb +userfastboot-usb: $(fastboot_usb_bin) + +$(call dist-for-goals,droidcore,$(fastboot_usb_bin):$(TARGET_PRODUCT)-fastboot-usb-$(FILE_NAME_TAG).img) + +# for userfastboot, we need the userfastboot image in the bootloader partition. +INSTALLED_RADIOIMAGE_TARGET += $(PRODUCT_OUT)/fastboot.img +endif diff --git a/build/tasks/flashfiles.mk b/build/tasks/flashfiles.mk new file mode 100644 index 0000000..617cb5d --- /dev/null +++ b/build/tasks/flashfiles.mk @@ -0,0 +1,56 @@ +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Rule to make a distribution zipfile with all that is needed to flash the MinnowBoard + +ifeq ($(TARGET_DEVICE),minnowboard) + +minnowboardname := $(TARGET_PRODUCT) +ifeq ($(TARGET_BUILD_TYPE),debug) + minnowboardname := $(minnowboardname)_debug +endif +minnowboardname := $(minnowboardname)-flashfiles-$(FILE_NAME_TAG) + +MINNOWBOARD_ZIP := $(TARGET_OUT_INTERMEDIATES)/$(minnowboardname).zip +MINNOWBOARD_VENDOR := vendor/bsp/intel/minnowboard +MINNOWBOARD_BINARIES := $(MINNOWBOARD_VENDOR)/boot_binaries +MINNOWBOARD_DEVICE := device/intel/minnowboard +MINNOWBOARD_TOOLS := $(MINNOWBOARD_DEVICE)/flash_tools + +MINNOWBOARD_FLASHFILES += $(MINNOWBOARD_BINARIES)/gpt.ini +MINNOWBOARD_FLASHFILES += $(MINNOWBOARD_BINARIES)/bootloader +MINNOWBOARD_FLASHFILES += $(MINNOWBOARD_BINARIES)/oemvars.txt +MINNOWBOARD_FLASHFILES += $(MINNOWBOARD_TOOLS)/brillo-flashall.sh +MINNOWBOARD_FLASHFILES += $(MINNOWBOARD_TOOLS)/README +MINNOWBOARD_FLASHFILES += $(PRODUCT_OUT)/boot.img +MINNOWBOARD_FLASHFILES += $(PRODUCT_OUT)/system.img +MINNOWBOARD_FLASHFILES += $(PRODUCT_OUT)/userdata.img + +# Include the usb-stick userfastboot +MINNOWBOARD_FLASHFILES += $(MINNOWBOARD_BINARIES)/fastboot-usb.img + +# Include fastboot and adb - so that the latest is available +MINNOWBOARD_FLASHFILES += $(HOST_OUT)/bin/fastboot +MINNOWBOARD_FLASHFILES += $(HOST_OUT)/bin/adb + +$(MINNOWBOARD_ZIP): $(MINNOWBOARD_FLASHFILES) + $(hide) echo "Package flashfiles: $@" + $(hide) rm -rf $@ + $(hide) mkdir -p $(dir $@) + $(hide) zip -j $@ $(MINNOWBOARD_FLASHFILES) + +$(call dist-for-goals, dist_files, $(MINNOWBOARD_ZIP)) + +endif diff --git a/build/tasks/ramdisk.mk b/build/tasks/ramdisk.mk new file mode 100644 index 0000000..ba3c82d --- /dev/null +++ b/build/tasks/ramdisk.mk @@ -0,0 +1,20 @@ +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifeq ($(BOOTLOADER_USE_PREBUILT),false) +ifeq ($(TARGET_USE_USERFASTBOOT),true) +-include $(TOPDIR)vendor/bsp/intel/userfastboot/ramdisk.mk +endif +endif diff --git a/flash_tools/LICENSE.txt b/flash_tools/LICENSE.txt new file mode 100644 index 0000000..94ab159 --- /dev/null +++ b/flash_tools/LICENSE.txt @@ -0,0 +1,13 @@ +Copyright 2016 Intel Corporation + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/flash_tools/README b/flash_tools/README new file mode 100644 index 0000000..1352d13 --- /dev/null +++ b/flash_tools/README @@ -0,0 +1 @@ +## Include flashing instructions here. diff --git a/flash_tools/brillo-flashall.sh b/flash_tools/brillo-flashall.sh new file mode 100755 index 0000000..b89b0b4 --- /dev/null +++ b/flash_tools/brillo-flashall.sh @@ -0,0 +1,76 @@ +#!/bin/bash +# +# Copyright 2016 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Only execute this script on a Brillo provisioned MinnowBoard. +# See your Brillo-MinnowBoard online information for initial provisioning and recovery. + +set -e + +function dir_with_file() { + local file=${1}; shift + local dir; + for dir; do + if [ -z "${dir}" ]; then continue; fi + if [ -r "${dir}/${file}" ]; then + echo ${dir} + return + fi + done + echo "Could not find ${file}, looked in $@" >&2 + return 1 +} + +LOCAL_DIR=$(dirname "${0}") +BASE_NAME=$(basename "${0}") + +IP="${1}" +if [ "$IP" == "" ]; then + echo "Usage: ${BASE_NAME} <MinnowBoard Board IP address>" + exit 0 +fi + +# Location of where the Brillo OS image is built. +OS=$(dir_with_file boot.img \ + "${ANDROID_PROVISION_OS_PARTITIONS}" \ + "${LOCAL_DIR}" \ + "${BRILLO_OUT_DIR}" \ + "${ANDROID_PRODUCT_OUT}") + +VENDOR=$(dir_with_file bootloader \ + "${ANDROID_PROVISION_VENDOR_PARTITIONS}" \ + "${LOCAL_DIR}" \ + "${ANDROID_BUILD_TOP}/vendor/bsp/intel/minnowboard/boot_binaries") + + +if [ -x ./fastboot ]; then + FASTBOOT=./fastboot +else + FASTBOOT=fastboot +fi + +$FASTBOOT -s tcp:$IP flash gpt "${VENDOR}"/gpt.ini +$FASTBOOT -s tcp:$IP flash bootloader "${VENDOR}"/bootloader +$FASTBOOT -s tcp:$IP flash boot_a "${OS}"/boot.img +$FASTBOOT -s tcp:$IP flash boot_b "${OS}"/boot.img +$FASTBOOT -s tcp:$IP flash system_a "${OS}"/system.img +$FASTBOOT -s tcp:$IP flash system_b "${OS}"/system.img +$FASTBOOT -s tcp:$IP flash userdata "${OS}"/userdata.img +$FASTBOOT -s tcp:$IP flash oemvars "${VENDOR}"/oemvars.txt +$FASTBOOT -s tcp:$IP oem set_active 0 + +echo "Please run the following command to restart your MinnowBoard" +echo " $FASTBOOT -s tcp:$IP reboot" +echo @@ -0,0 +1,5 @@ +/dev/block/by-name/system /system ext4 ro wait,slotselect +/dev/block/by-name/userdata /data ext4 noatime,nosuid,nodev,discard wait,formattable,encryptable=footer +/dev/block/by-name/misc /misc emmc defaults defaults +/dev/block/by-name/boot /boot emmc defaults defaults,slotselect +/dev/block/by-name/bootloader /bootloader emmc defaults recoveryonly diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts new file mode 100644 index 0000000..9db87e4 --- /dev/null +++ b/sepolicy/file_contexts @@ -0,0 +1,7 @@ +/dev/block/(pci|platform)(/.*)?/.*/by-name/boot_a u:object_r:boot_block_device:s0 +/dev/block/(pci|platform)(/.*)?/.*/by-name/boot_b u:object_r:boot_block_device:s0 +/dev/block/(pci|platform)(/.*)?/.*/by-name/system_a u:object_r:system_block_device:s0 +/dev/block/(pci|platform)(/.*)?/.*/by-name/system_b u:object_r:system_block_device:s0 +/dev/block/(pci|platform)(/.*)?/.*/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/(pci|platform)(/.*)?/.*/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/(pci|platform)(/.*)?/.*/by-name/userdata u:object_r:userdata_block_device:s0 diff --git a/sepolicy/sensorservice.te b/sepolicy/sensorservice.te new file mode 100644 index 0000000..05f2d4e --- /dev/null +++ b/sepolicy/sensorservice.te @@ -0,0 +1,7 @@ +# +# Sensorservice uses the sensors HAL... which needs sysfs file and i2c device access. +# + +allow sensorservice i2c_device:chr_file rw_file_perms; +allow sensorservice sysfs:file w_file_perms; +allow sensorservice sysfs:lnk_file getattr; diff --git a/sepolicy/te_macros b/sepolicy/te_macros new file mode 100644 index 0000000..632389c --- /dev/null +++ b/sepolicy/te_macros @@ -0,0 +1,17 @@ +##################################### +# Userfastboot only +# SELinux rules which apply only to userfastboot mode +# +define(`userfastboot_only', ifelse(target_userfastboot, `true', $1, )) + +define(`notuserfastboot', ifelse(target_userfastboot, `true', -userfastboot, )) + + +##################################### +# target_only(target, rules) +# SELinux rules which only apply to a particular target +# target - the target name in TARGET_PRODUCT. Note this is a substring search +# so target_only(`coh', `rules') is the same as target_only(`coho', `rules') +# rules - Any rules you wish to add, make sure to quote them with `' +# +define(`target_only', `ifelse(eval(index(board_sepolicy_target_product, $1) >= 0),1,$2)') diff --git a/sepolicy/userfastboot.te b/sepolicy/userfastboot.te new file mode 100644 index 0000000..1333172 --- /dev/null +++ b/sepolicy/userfastboot.te @@ -0,0 +1,35 @@ +# Rules for bootable/userfastboot which pretty much does +# everything the neverallow's catch in external/sepolicy +userfastboot_only(` + + # Keep the type from infiltrating non-userfastboot + # builds. + type userfastboot, domain; + permissive userfastboot; + + # For silence + dontaudit userfastboot self:capability_class_set *; + dontaudit userfastboot kernel:security *; + dontaudit userfastboot kernel:system *; + dontaudit userfastboot self:memprotect *; + dontaudit userfastboot domain:process *; + dontaudit userfastboot domain:fd *; + dontaudit userfastboot domain:dir r_dir_perms; + dontaudit userfastboot domain:lnk_file r_file_perms; + dontaudit userfastboot domain:{ fifo_file file } rw_file_perms; + dontaudit userfastboot domain:socket_class_set *; + dontaudit userfastboot domain:ipc_class_set *; + dontaudit userfastboot domain:key *; + dontaudit userfastboot fs_type:filesystem *; + dontaudit userfastboot fs_type:dir_file_class_set *; + dontaudit userfastboot dev_type:dir_file_class_set *; + dontaudit userfastboot file_type:dir_file_class_set *; + dontaudit userfastboot node_type:node *; + dontaudit userfastboot node_type:{ tcp_socket udp_socket } node_bind; + dontaudit userfastboot netif_type:netif *; + dontaudit userfastboot port_type:socket_class_set name_bind; + dontaudit userfastboot port_type:{ tcp_socket dccp_socket } name_connect; + dontaudit userfastboot domain:peer recv; + dontaudit userfastboot domain:binder *; + dontaudit userfastboot property_type:property_service set; +') |