├── AndroidProducts.mk
├── common
├── apns-full-conf.xml
├── audio-json
│ ├── ak4458_config.json
│ ├── ak4497_config.json
│ ├── ak5552_config.json
│ ├── ak5558_config.json
│ ├── btsco_config.json
│ ├── cdnhdmi_config.json
│ ├── cs42448_config.json
│ ├── cs42888_car_config.json
│ ├── cs42888_config.json
│ ├── cs42888_multi_device_config.json
│ ├── dummy_config.json
│ ├── hdmi_config.json
│ ├── micfil_config.json
│ ├── micfil_s32_config.json
│ ├── mqs_config.json
│ ├── pcm512x_config.json
│ ├── readme.txt
│ ├── rpmsg_config.json
│ ├── spdif_config.json
│ ├── spdif_out_config.json
│ ├── wm8524_config.json
│ ├── wm8904_config.json
│ ├── wm8960_config.json
│ ├── wm8960_rpmsg_config.json
│ ├── wm8962_config.json
│ └── xtor_config.json
├── build
│ ├── Makefile
│ ├── backports.mk
│ ├── bootscript.mk
│ ├── build_info.mk
│ ├── dtbo.mk
│ ├── encrypt_and_sign_firmware.mk
│ ├── gpt.mk
│ ├── kernel.mk
│ ├── preboot.mk
│ ├── ramdisk.mk
│ └── uboot.mk
├── imx8m
│ ├── BoardConfigCommon.mk
│ ├── ProductConfigCommon.mk
│ ├── UbootKernelCommonConfig.mk
│ ├── com.example.android.systemupdatersample.xml
│ ├── displayconfig
│ │ └── display_port_1.xml
│ ├── optee-packages.mk
│ ├── permissions
│ │ └── privapp-permissions-imx.xml
│ ├── releasetools.py
│ ├── sepolicy
│ │ ├── adbd.te
│ │ ├── audioserver.te
│ │ ├── bluetooth.te
│ │ ├── bootanim.te
│ │ ├── bootstat.te
│ │ ├── cameraserver.te
│ │ ├── charger_vendor.te
│ │ ├── device.te
│ │ ├── dnsmasq.te
│ │ ├── domain.te
│ │ ├── dumpstate.te
│ │ ├── ephemeral_app.te
│ │ ├── fastbootd.te
│ │ ├── file.te
│ │ ├── file_contexts
│ │ ├── genfs_contexts
│ │ ├── hal_audio_default.te
│ │ ├── hal_bluetooth_default.te
│ │ ├── hal_bootctl_default.te
│ │ ├── hal_camera_default.te
│ │ ├── hal_cas_default.te
│ │ ├── hal_confirmationui.te
│ │ ├── hal_drm_widevine.te
│ │ ├── hal_dumpstate_impl.te
│ │ ├── hal_graphics_allocator_default.te
│ │ ├── hal_graphics_composer_default.te
│ │ ├── hal_health_default.te
│ │ ├── hal_light_default.te
│ │ ├── hal_neuralnetworks_imx.te
│ │ ├── hal_nfc_default.te
│ │ ├── hal_oemlock.te
│ │ ├── hal_power_default.te
│ │ ├── hal_sensors_default.te
│ │ ├── hal_thermal_default.te
│ │ ├── hal_tv_hdmi_cec_default.te
│ │ ├── hal_tv_hdmi_connection_default.te
│ │ ├── hal_usb_default.te
│ │ ├── hal_usb_impl.te
│ │ ├── hal_wifi_default.te
│ │ ├── hal_wifi_supplicant_default.te
│ │ ├── hwservice.te
│ │ ├── hwservice_contexts
│ │ ├── hwservicemanager.te
│ │ ├── init-insmod-sh.te
│ │ ├── init.te
│ │ ├── install_recovery.te
│ │ ├── installd.te
│ │ ├── kernel.te
│ │ ├── logd.te
│ │ ├── mediacodec.te
│ │ ├── mediaextractor.te
│ │ ├── mediaprovider.te
│ │ ├── mediaserver.te
│ │ ├── mediaswcodec.te
│ │ ├── modprobe.te
│ │ ├── netd.te
│ │ ├── nfc.te
│ │ ├── platform_app.te
│ │ ├── postinstall.te
│ │ ├── priv_app.te
│ │ ├── proc_net.te
│ │ ├── profman.te
│ │ ├── property.te
│ │ ├── property_contexts
│ │ ├── recovery.te
│ │ ├── securedisplayd.te
│ │ ├── sensors.te
│ │ ├── service.te
│ │ ├── service_contexts
│ │ ├── shell.te
│ │ ├── surfaceflinger.te
│ │ ├── system_app.te
│ │ ├── system_server.te
│ │ ├── tee.te
│ │ ├── toolbox.te
│ │ ├── ueventd.te
│ │ ├── untrusted_app_25.te
│ │ ├── untrusted_app_29.te
│ │ ├── update_engine.te
│ │ ├── update_engine_common.te
│ │ ├── vendor_init.te
│ │ ├── vndservicemanager.te
│ │ ├── vold.te
│ │ ├── vold_prepare_subdirs.te
│ │ ├── vsidaemon.te
│ │ ├── webview_zygote.te
│ │ ├── wificond.te
│ │ └── zygote.te
│ └── tee-supplicant.rc
├── imx9
│ ├── BoardConfigCommon.mk
│ ├── ProductConfigCommon.mk
│ ├── UbootKernelCommonConfig.mk
│ ├── com.example.android.systemupdatersample.xml
│ ├── displayconfig
│ │ └── display_port_1.xml
│ ├── permissions
│ │ └── privapp-permissions-imx.xml
│ ├── releasetools.py
│ └── sepolicy
│ │ ├── adbd.te
│ │ ├── attributes
│ │ ├── audioserver.te
│ │ ├── bluetooth.te
│ │ ├── bootanim.te
│ │ ├── bootstat.te
│ │ ├── cameraserver.te
│ │ ├── charger_vendor.te
│ │ ├── device.te
│ │ ├── dnsmasq.te
│ │ ├── domain.te
│ │ ├── dumpstate.te
│ │ ├── ele.te
│ │ ├── ephemeral_app.te
│ │ ├── fastbootd.te
│ │ ├── file.te
│ │ ├── file_contexts
│ │ ├── genfs_contexts
│ │ ├── hal_audio_default.te
│ │ ├── hal_bluetooth_default.te
│ │ ├── hal_bootctl_default.te
│ │ ├── hal_camera_default.te
│ │ ├── hal_cas_default.te
│ │ ├── hal_confirmationui.te
│ │ ├── hal_drm_widevine.te
│ │ ├── hal_dumpstate_impl.te
│ │ ├── hal_graphics_allocator_default.te
│ │ ├── hal_graphics_composer_default.te
│ │ ├── hal_health_default.te
│ │ ├── hal_light_default.te
│ │ ├── hal_neuralnetworks_imx.te
│ │ ├── hal_oemlock.te
│ │ ├── hal_power_default.te
│ │ ├── hal_secure_enclave.te
│ │ ├── hal_secure_enclave_default.te
│ │ ├── hal_sensors_default.te
│ │ ├── hal_thermal_default.te
│ │ ├── hal_usb_default.te
│ │ ├── hal_usb_impl.te
│ │ ├── hal_wifi_default.te
│ │ ├── hal_wifi_supplicant_default.te
│ │ ├── hwservicemanager.te
│ │ ├── init-insmod-sh.te
│ │ ├── init.te
│ │ ├── install_recovery.te
│ │ ├── installd.te
│ │ ├── kernel.te
│ │ ├── logd.te
│ │ ├── mediacodec.te
│ │ ├── mediaextractor.te
│ │ ├── mediaprovider.te
│ │ ├── mediaserver.te
│ │ ├── mediaswcodec.te
│ │ ├── modprobe.te
│ │ ├── netd.te
│ │ ├── platform_app.te
│ │ ├── postinstall.te
│ │ ├── priv_app.te
│ │ ├── proc_net.te
│ │ ├── profman.te
│ │ ├── property.te
│ │ ├── property_contexts
│ │ ├── recovery.te
│ │ ├── securedisplayd.te
│ │ ├── sensors.te
│ │ ├── service.te
│ │ ├── service_contexts
│ │ ├── shell.te
│ │ ├── surfaceflinger.te
│ │ ├── system_app.te
│ │ ├── system_server.te
│ │ ├── tee.te
│ │ ├── toolbox.te
│ │ ├── untrusted_app_25.te
│ │ ├── untrusted_app_29.te
│ │ ├── update_engine.te
│ │ ├── update_engine_common.te
│ │ ├── vendor_init.te
│ │ ├── vndservicemanager.te
│ │ ├── vold.te
│ │ ├── vold_prepare_subdirs.te
│ │ ├── webview_zygote.te
│ │ ├── wificond.te
│ │ └── zygote.te
├── imx_path
│ └── ImxPathConfig.mk
├── init
│ └── init.insmod.sh
├── input
│ └── eGalax_Touch_Screen.idc
├── kernel-headers
│ └── linux
│ │ ├── dma-buf-imx.h
│ │ ├── dma-buf.h
│ │ ├── hantrodec.h
│ │ ├── hx280enc.h
│ │ ├── imx_vpu.h
│ │ ├── ipu.h
│ │ ├── mxc_ion.h
│ │ ├── mxcfb.h
│ │ ├── pxp_device.h
│ │ ├── pxp_dma.h
│ │ ├── secure_ion.h
│ │ ├── v4l2-controls.h
│ │ ├── version.h
│ │ └── videodev2.h
├── ota
│ ├── com.fsl.android.ota.xml
│ └── ota.conf
├── overlay
│ ├── frameworks
│ │ └── base
│ │ │ ├── core
│ │ │ └── res
│ │ │ │ └── res
│ │ │ │ ├── values
│ │ │ │ └── config.xml
│ │ │ │ └── xml
│ │ │ │ └── power_profile.xml
│ │ │ └── packages
│ │ │ └── SettingsProvider
│ │ │ └── res
│ │ │ └── values
│ │ │ └── defaults.xml
│ └── packages
│ │ └── apps
│ │ ├── Bluetooth
│ │ └── res
│ │ │ └── values
│ │ │ └── config.xml
│ │ └── Settings
│ │ └── res
│ │ └── values
│ │ ├── bools.xml
│ │ ├── config.xml
│ │ └── strings.xml
├── partition
│ ├── device-partitions-128GB-ab.bpt
│ ├── device-partitions-128GB.bpt
│ ├── device-partitions-16GB-ab.bpt
│ ├── device-partitions-16GB.bpt
│ ├── device-partitions-32GB-ab.bpt
│ ├── device-partitions-32GB.bpt
│ ├── device-partitions-64GB-ab.bpt
│ ├── device-partitions-64GB.bpt
│ ├── device-partitions-8GB-ab.bpt
│ └── device-partitions-8GB.bpt
├── recovery
│ ├── Android.mk
│ └── recovery_ui.cpp
├── security
│ ├── README
│ ├── bluetooth.pk8
│ ├── bluetooth.x509.pem
│ ├── firmware_encrypt_key.bin
│ ├── firmware_private_key.der
│ ├── firmware_public_key.der
│ ├── generate_keystore.sh
│ ├── media.jks
│ ├── media.pk8
│ ├── media.x509.pem
│ ├── networkstack.pk8
│ ├── networkstack.x509.pem
│ ├── nfc.pk8
│ ├── nfc.x509.pem
│ ├── platform.jks
│ ├── platform.pk8
│ ├── platform.x509.pem
│ ├── releasekey.pk8
│ ├── releasekey.x509.pem
│ ├── rpmb_key_test.bin
│ ├── sdk_sandbox.pk8
│ ├── sdk_sandbox.x509.pem
│ ├── shared.jks
│ ├── shared.pk8
│ ├── shared.x509.pem
│ ├── testkey.jks
│ ├── testkey.pk8
│ ├── testkey.x509.pem
│ ├── testkey_public_rsa4096.bin
│ └── testkey_rsa4096.pem
├── soong
│ └── imx_namespaces.mk
├── tools
│ ├── gen_rpmb_key.sh
│ ├── generate_key.sh
│ ├── imx-make.sh
│ ├── merge_config.sh
│ ├── replace_kernel.sh
│ ├── split_bootimg.pl
│ └── update_kernel_header.sh
└── wifi
│ ├── p2p_supplicant_overlay.conf
│ ├── wpa_supplicant.conf
│ └── wpa_supplicant_overlay.conf
├── nitrogen8m
├── AndroidBoard.mk
├── AndroidUboot.sh
├── BoardConfig.mk
├── SharedBoardConfig.mk
├── UbootKernelBoardConfig.mk
├── app_whitelist.xml
├── audio_effects.xml
├── audio_policy_configuration.xml
├── bluetooth
│ └── bdroid_buildcfg.h
├── bootscript.txt
├── camera_config_imx8mq-back-only.json
├── camera_config_imx8mq.json
├── compatibility_matrix.xml
├── device_framework_matrix.xml
├── display_settings.xml
├── early.init.cfg
├── external_camera_config.xml
├── fstab-ab.nxp
├── fstab.nxp
├── fw_env.config
├── init.imx8mq.rc
├── init.rc
├── init.recovery.nxp.rc
├── init.usb.rc
├── input-port-associations.xml
├── manifest.xml
├── nitrogen8m.mk
├── overlay
│ └── frameworks
│ │ └── base
│ │ └── core
│ │ └── res
│ │ └── res
│ │ └── values
│ │ └── config.xml
├── powerhint_imx8mq.json
├── product.prop
├── required_hardware.xml
├── seccomp
│ ├── mediacodec-seccomp.policy
│ └── mediaextractor-seccomp.policy
├── sepolicy
│ ├── file_contexts
│ └── genfs_contexts
├── thermal_info_config_imx8mq.json
└── ueventd.nxp.rc
├── nitrogen8mm
├── AndroidBoard.mk
├── AndroidTee.mk
├── AndroidUboot.sh
├── BoardConfig.mk
├── SharedBoardConfig.mk
├── UbootKernelBoardConfig.mk
├── app_whitelist.xml
├── audio_effects.xml
├── audio_policy_configuration.xml
├── bluetooth
│ └── bdroid_buildcfg.h
├── bootscript.txt
├── camera_config_imx8mm.json
├── compatibility_matrix.xml
├── device_framework_matrix.xml
├── early.init.cfg
├── external_camera_config.xml
├── fstab-ab.nxp
├── fstab.nxp
├── fw_env.config
├── init.imx8mm.drm.rc
├── init.imx8mm.rc
├── init.rc
├── init.recovery.nxp.rc
├── init.usb.rc
├── manifest.xml
├── nitrogen8mm.mk
├── overlay
│ └── frameworks
│ │ └── base
│ │ └── core
│ │ └── res
│ │ └── res
│ │ └── values
│ │ └── config.xml
├── powerhint_imx8mm.json
├── product.prop
├── required_hardware.xml
├── seccomp
│ ├── mediacodec-seccomp.policy
│ └── mediaextractor-seccomp.policy
├── sepolicy
│ ├── file_contexts
│ └── genfs_contexts
├── thermal_info_config_imx8mm.json
├── ueventd.nxp.rc
└── usb_audio_policy_configuration-direct-output.xml
├── nitrogen8mp
├── AndroidBoard.mk
├── AndroidUboot.sh
├── BoardConfig.mk
├── SharedBoardConfig.mk
├── UbootKernelBoardConfig.mk
├── app_whitelist.xml
├── audio_effects.xml
├── audio_policy_configuration.xml
├── bluetooth
│ └── bdroid_buildcfg.h
├── bootscript.txt
├── camera_config_imx8mp-basler-ov5640.json
├── camera_config_imx8mp-only-ov5640.json
├── camera_config_imx8mp.json
├── compatibility_matrix.xml
├── device_framework_matrix.xml
├── display_settings.xml
├── early.init.cfg
├── external_camera_config.xml
├── fstab-ab.nxp
├── fstab.nxp
├── fw_env.config
├── init.imx8mp.rc
├── init.rc
├── init.recovery.nxp.rc
├── init.usb.rc
├── input-port-associations.xml
├── manifest.xml
├── manifest_powersave.xml
├── nitrogen8mp.mk
├── overlay
│ ├── frameworks
│ │ └── base
│ │ │ └── core
│ │ │ └── res
│ │ │ └── res
│ │ │ └── values
│ │ │ └── config.xml
│ └── packages
│ │ └── modules
│ │ ├── Connectivity
│ │ ├── Tethering
│ │ │ └── res
│ │ │ │ └── values
│ │ │ │ └── overlay_config.xml
│ │ └── service
│ │ │ └── ServiceConnectivityResources
│ │ │ └── res
│ │ │ └── values
│ │ │ └── config.xml
│ │ └── NetworkStack
│ │ └── res
│ │ └── values
│ │ └── config.xml
├── powerhint_imx8mp.json
├── product.prop
├── required_hardware.xml
├── required_hardware_powersave.xml
├── seccomp
│ ├── mediacodec-seccomp.policy
│ └── mediaextractor-seccomp.policy
├── sepolicy
│ ├── file_contexts
│ ├── genfs_contexts
│ ├── hal_camera_default.te
│ ├── init.te
│ ├── isp.te
│ ├── property.te
│ └── property_contexts
├── thermal_info_config_imx8mp.json
├── ueventd.nxp.rc
└── usb_audio_policy_configuration-direct-output.xml
├── nitrogen95
├── AndroidBoard.mk
├── AndroidUboot.sh
├── BoardConfig.mk
├── SharedBoardConfig.mk
├── UbootKernelBoardConfig.mk
├── app_whitelist.xml
├── audio_effects.xml
├── audio_policy_configuration.xml
├── bluetooth
│ └── bdroid_buildcfg.h
├── bootscript.txt
├── camera_config_imx95-ap1302.json
├── camera_config_imx95-os08a20.json
├── compatibility_matrix.xml
├── device_framework_matrix.xml
├── display_settings.xml
├── early.init.cfg
├── external_camera_config.xml
├── fstab.nxp
├── fw_env.config
├── init.imx95.rc
├── init.rc
├── init.recovery.nxp.rc
├── init.usb.rc
├── input-port-associations.xml
├── manifest.xml
├── nitrogen95.mk
├── overlay
│ ├── frameworks
│ │ └── base
│ │ │ └── core
│ │ │ └── res
│ │ │ └── res
│ │ │ └── values
│ │ │ └── config.xml
│ └── packages
│ │ └── modules
│ │ ├── Connectivity
│ │ ├── Tethering
│ │ │ └── res
│ │ │ │ └── values
│ │ │ │ └── overlay_config.xml
│ │ └── service
│ │ │ └── ServiceConnectivityResources
│ │ │ └── res
│ │ │ └── values
│ │ │ └── config.xml
│ │ └── NetworkStack
│ │ └── res
│ │ └── values
│ │ └── config.xml
├── powerhint_imx95.json
├── product.prop
├── required_hardware.xml
├── seccomp
│ ├── mediacodec-seccomp.policy
│ └── mediaextractor-seccomp.policy
├── sepolicy
│ ├── app.te
│ ├── bootanim.te
│ ├── cameraserver.te
│ ├── crash_dump.te
│ ├── device.te
│ ├── file.te
│ ├── file_contexts
│ ├── genfs_contexts
│ ├── hal_camera_default.te
│ ├── hal_graphics_allocator_default.te
│ ├── init.te
│ ├── mediacodec.te
│ ├── mediaserver.te
│ ├── platform_app.te
│ ├── priv_app.te
│ ├── property.te
│ ├── property_contexts
│ ├── service_contexts
│ ├── shell.te
│ ├── surfaceflinger.te
│ ├── system_app.te
│ ├── system_server.te
│ ├── untrusted_app.te
│ ├── untrusted_app_27.te
│ └── untrusted_app_30.te
├── thermal_info_config_imx95.json
├── ueventd.nxp.rc
└── usb_audio_policy_configuration-direct-output.xml
├── release
├── release_config_map.mk
├── release_config_map.textproto
└── release_configs
│ └── nxp_stable.textproto
└── scripts
├── build_id.sh
├── create_gpt.sh
├── flash_fastboot.bat
├── flash_fastboot.sh
├── mkimage.sh
├── mksdcard.sh
└── partitions.inc
/common/audio-json/ak4458_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "ak4458-audio",
3 | "supported_out_devices": ["wired_headphone"],
4 | "support_dsd": 1,
5 | "support_multi_chn": 1,
6 |
7 | "init_ctl": [
8 | {"name": "0 DAC1 Playback Volume", "type": "int", "val": 172},
9 | {"name": "0 DAC2 Playback Volume", "type": "int", "val": 172},
10 | {"name": "0 DAC3 Playback Volume", "type": "int", "val": 172},
11 | {"name": "0 DAC4 Playback Volume", "type": "int", "val": 172}
12 | ],
13 |
14 | "out_period_size": 1024,
15 | "out_period_count": 2,
16 | "out_volume_min": 170,
17 | "out_volume_max": 255,
18 | "out_volume_ctl": [
19 | "0 DAC1 Playback Volume",
20 | "0 DAC2 Playback Volume",
21 | "0 DAC3 Playback Volume",
22 | "0 DAC4 Playback Volume"
23 | ]
24 | }
25 |
--------------------------------------------------------------------------------
/common/audio-json/ak4497_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "ak4497-audio",
3 | "supported_out_devices": ["speaker", "line"],
4 | "support_dsd": 1,
5 | "support_lpa": 1,
6 |
7 | "init_ctl": [
8 | {"name": "AK4497 DAC Enable", "type": "int", "val": 1},
9 | {"name": "AK4497 Read FS Auto Detect Mode", "type": "int", "val": 0},
10 | {"name": "AK4497 DSD Data Input Pin", "type": "int", "val": 1},
11 | {"name": "AK4497 Soft Mute Control", "type": "int", "val": 0}
12 | ]
13 | }
14 |
--------------------------------------------------------------------------------
/common/audio-json/ak5552_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "ak5552-audio",
3 | "supported_in_devices": ["builtin_mic"]
4 | }
5 |
--------------------------------------------------------------------------------
/common/audio-json/ak5558_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "ak5558-audio",
3 | "supported_in_devices": ["builtin_mic"],
4 |
5 | "init_ctl": [
6 | {"name": "AK5558 Ch1 Enable", "type": "int", "val": 1},
7 | {"name": "AK5558 Ch2 Enable", "type": "int", "val": 1},
8 | {"name": "AK5558 Ch3 Enable", "type": "int", "val": 1},
9 | {"name": "AK5558 Ch4 Enable", "type": "int", "val": 1},
10 | {"name": "AK5558 Ch5 Enable", "type": "int", "val": 1},
11 | {"name": "AK5558 Ch6 Enable", "type": "int", "val": 1},
12 | {"name": "AK5558 Ch7 Enable", "type": "int", "val": 1},
13 | {"name": "AK5558 Ch8 Enable", "type": "int", "val": 1}
14 | ]
15 | }
16 |
--------------------------------------------------------------------------------
/common/audio-json/btsco_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "sco-audio",
3 | "supported_out_devices": ["bluetooth_sco", "bluetooth_sco_headset", "bluetooth_sco_carkit"],
4 | "supported_in_devices": ["bluetooth_sco_headset"],
5 | "support_hfp": 1
6 | }
7 |
--------------------------------------------------------------------------------
/common/audio-json/cdnhdmi_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "imx-audio-hdmi",
3 | "bus_name": "bus100_audio_zone_1",
4 | "supported_out_devices": ["hdmi", "bus"],
5 | "is_hdmi_card": 1
6 | }
7 |
--------------------------------------------------------------------------------
/common/audio-json/cs42448_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "cs42448",
3 | "supported_out_devices": ["speaker", "line"],
4 | "supported_in_devices": ["builtin_mic"],
5 | "support_multi_chn": 1,
6 |
7 | "out_volume_ctl": [
8 | "DAC1 Playback Volume"
9 | ]
10 | }
11 |
--------------------------------------------------------------------------------
/common/audio-json/cs42888_car_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "cs42888",
3 | "bus_name": "bus0_media_out",
4 | "supported_out_devices": ["speaker", "bus"],
5 | "supported_in_devices": ["builtin_mic"],
6 | "support_multi_chn": 1,
7 | "in_period_size": 768,
8 | "in_period_count": 8,
9 |
10 | "out_volume_ctl": [
11 | "DAC1 Playback Volume"
12 | ]
13 | }
14 |
--------------------------------------------------------------------------------
/common/audio-json/cs42888_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "cs42888",
3 | "bus_name": "bus0_media_out",
4 | "supported_out_devices": ["speaker", "bus"],
5 | "supported_in_devices": ["builtin_mic"],
6 | "support_multi_chn": 1,
7 |
8 | "out_volume_ctl": [
9 | "DAC1 Playback Volume"
10 | ]
11 | }
12 |
--------------------------------------------------------------------------------
/common/audio-json/cs42888_multi_device_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "cs42888",
3 | "bus_name": "bus0_media_out",
4 | "secondary_bus_name": "bus1_system_sound_out",
5 | "supported_out_devices": ["speaker", "bus"],
6 | "supported_in_devices": ["builtin_mic"],
7 | "support_multi_chn": 1,
8 |
9 | "out_volume_ctl": [
10 | "DAC1 Playback Volume"
11 | ]
12 | }
13 |
--------------------------------------------------------------------------------
/common/audio-json/dummy_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "Dummy",
3 | "bus_name": "bus1_system_sound_out",
4 | "supported_out_devices": ["speaker", "wired_headphone", "wired_headset", "bus", "line"],
5 | "support_lpa": 1,
6 | "support_compress": 1,
7 |
8 | "init_ctl": [
9 | {"name": "Master Volume", "type": "int", "val": 80}
10 | ],
11 |
12 | "out_volume_ctl": [
13 | "Master Volume"
14 | ]
15 | }
16 |
--------------------------------------------------------------------------------
/common/audio-json/hdmi_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "audio-hdmi",
3 | "supported_out_devices": ["hdmi"],
4 | "is_hdmi_card": 1
5 | }
6 |
--------------------------------------------------------------------------------
/common/audio-json/micfil_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "micfil-audio",
3 | "supported_in_devices": ["builtin_mic"],
4 |
5 | "init_ctl": [
6 | {"name": "CH0 Volume", "type": "int", "val": 13},
7 | {"name": "CH1 Volume", "type": "int", "val": 13},
8 | {"name": "CH2 Volume", "type": "int", "val": 13},
9 | {"name": "CH3 Volume", "type": "int", "val": 13},
10 | {"name": "CH4 Volume", "type": "int", "val": 13},
11 | {"name": "CH5 Volume", "type": "int", "val": 13},
12 | {"name": "CH6 Volume", "type": "int", "val": 13},
13 | {"name": "CH7 Volume", "type": "int", "val": 13}
14 | ]
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/common/audio-json/micfil_s32_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "micfil-audio",
3 | "supported_in_devices": ["builtin_mic"],
4 | "support_s16": 0,
5 |
6 | "init_ctl": [
7 | {"name": "CH0 Volume", "type": "int", "val": 5},
8 | {"name": "CH1 Volume", "type": "int", "val": 5},
9 | {"name": "CH2 Volume", "type": "int", "val": 5},
10 | {"name": "CH3 Volume", "type": "int", "val": 5},
11 | {"name": "CH4 Volume", "type": "int", "val": 5},
12 | {"name": "CH5 Volume", "type": "int", "val": 5},
13 | {"name": "CH6 Volume", "type": "int", "val": 5},
14 | {"name": "CH7 Volume", "type": "int", "val": 5}
15 | ]
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/common/audio-json/mqs_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "mqs",
3 | "supported_out_devices": ["speaker"],
4 | }
5 |
--------------------------------------------------------------------------------
/common/audio-json/pcm512x_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "pcm512x-audio",
3 | "supported_out_devices": ["line"],
4 | "support_lpa": 1,
5 |
6 | "init_ctl": [
7 | {"name": "Headphone Playback Volume", "type": "int", "val": 15}
8 | ]
9 |
10 | }
11 |
--------------------------------------------------------------------------------
/common/audio-json/rpmsg_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "rpmsg-audio",
3 | "supported_out_devices": ["speaker", "wired_headphone", "wired_headset"],
4 | "supported_in_devices": ["builtin_mic", "wired_headset"],
5 | "out_period_size": 1024,
6 | "out_period_count": 4,
7 |
8 | "speaker_ctl": [
9 | {"name": "Left Output Mixer PCM Playback Switch", "type": "int", "val": 1},
10 | {"name": "Right Output Mixer PCM Playback Switch", "type": "int", "val": 1},
11 | {"name": "Playback Volume", "type": "int", "val": 230},
12 | {"name": "Speaker Playback Volume", "type": "int", "val": 120},
13 | {"name": "Headphone Playback Volume", "type": "int", "val": 120}
14 | ],
15 |
16 | "builtin_mic_ctl": [
17 | {"name": "ALC Function", "type": "int", "val": 3},
18 | {"name": "Left Input Mixer Boost Switch", "type": "int", "val": 1},
19 | {"name": "ADC PCM Capture Volume", "type": "int", "val": 230},
20 | {"name": "Capture Volume", "type": "int", "val": 60}
21 | ]
22 | }
23 |
--------------------------------------------------------------------------------
/common/audio-json/spdif_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "imx-spdif",
3 | "supported_in_devices": ["aux_digital"]
4 | }
5 |
--------------------------------------------------------------------------------
/common/audio-json/spdif_out_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "imx-spdif",
3 | "supported_in_devices": ["aux_digital"],
4 | "supported_out_devices": ["hdmi"],
5 | "is_hdmi_card": 1
6 | }
7 |
--------------------------------------------------------------------------------
/common/audio-json/wm8524_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "wm8524-audio",
3 | "supported_out_devices": ["speaker"]
4 | }
5 |
--------------------------------------------------------------------------------
/common/audio-json/wm8904_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "wm8904-audio",
3 | "supported_out_devices": ["speaker", "wired_headphone", "wired_headset"],
4 | "supported_in_devices": ["builtin_mic", "wired_headset"],
5 |
6 | "init_ctl": [
7 | {"name": "Capture Volume", "type": "int", "val": 31},
8 | {"name": "Capture Switch", "type": "int", "val": 1},
9 | {"name": "Left Capture Inverting Mux", "type": "str", "val": "IN2L"}
10 | ]
11 | }
12 |
--------------------------------------------------------------------------------
/common/audio-json/wm8960_rpmsg_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "wm8960-audio",
3 | "supported_out_devices": ["speaker", "wired_headphone", "wired_headset", "line"],
4 | "supported_in_devices": ["builtin_mic", "wired_headset"],
5 | "out_period_size": 1024,
6 | "out_period_count": 4,
7 | "support_lpa": 1,
8 |
9 | "init_ctl": [
10 | {"name": "Left Output Mixer PCM Playback Switch", "type": "int", "val": 1},
11 | {"name": "Right Output Mixer PCM Playback Switch", "type": "int", "val": 1},
12 | {"name": "Playback Volume", "type": "int", "val": 230},
13 | {"name": "Speaker Playback Volume", "type": "int", "val": 120},
14 | {"name": "Headphone Playback Volume", "type": "int", "val": 120}
15 | ],
16 |
17 | "builtin_mic_ctl": [
18 | {"name": "ALC Function", "type": "int", "val": 3},
19 | {"name": "Left Input Mixer Boost Switch", "type": "int", "val": 1},
20 | {"name": "ADC PCM Capture Volume", "type": "int", "val": 230},
21 | {"name": "Capture Volume", "type": "int", "val": 60}
22 | ]
23 | }
24 |
--------------------------------------------------------------------------------
/common/audio-json/wm8962_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "wm8962-audio",
3 | "supported_out_devices": ["speaker", "wired_headphone", "wired_headset", "line"],
4 | "supported_in_devices": ["builtin_mic", "wired_headset"],
5 | "support_lpa": 1,
6 | "support_compress": 1,
7 |
8 | "init_ctl": [
9 | {"name": "Speaker Volume", "type": "int", "val": 114},
10 | {"name": "Headphone Volume", "type": "int", "val": 114}
11 | ],
12 |
13 | "builtin_mic_ctl": [
14 | {"name": "Capture Switch", "type": "int", "val": 1},
15 | {"name": "Capture Volume", "type": "int", "val": 40},
16 | {"name": "Digital Capture Volume", "type": "int", "val": 108}
17 | ],
18 |
19 | "out_volume_ctl": [
20 | "Headphone Volume"
21 | ]
22 | }
23 |
--------------------------------------------------------------------------------
/common/audio-json/xtor_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "driver_name": "xtor-audio",
3 | "supported_out_devices": ["bluetooth_sco", "bluetooth_sco_headset", "bluetooth_sco_carkit"],
4 | "supported_in_devices": ["bluetooth_sco_headset"],
5 | "support_hfp": 1
6 | }
7 |
--------------------------------------------------------------------------------
/common/build/Makefile:
--------------------------------------------------------------------------------
1 | # below variables are defined in AOSP build makefile, to build kernel independently, redefine them here
2 | hide := @
3 |
4 | PRODUCT_OUT := ${OUT}
5 | TARGET_OUT_INTERMEDIATES := $(PRODUCT_OUT)/obj
6 | KERNEL_OUT := $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ
7 |
8 | export PRODUCT_OUT
9 | export TARGET_OUT_INTERMEDIATES
10 |
11 | # firstly to include UbootKernelCommonConfig.mk, then SharedBoardConfig.mk, finally UbootKernelBoardConfig.mk
12 |
13 | include ${nxp_git_path}/common/imx_path/ImxPathConfig.mk
14 | include ${soc_path}/UbootKernelCommonConfig.mk
15 | include ${product_path}/SharedBoardConfig.mk
16 | include ${product_path}/UbootKernelBoardConfig.mk
17 |
18 | include ${nxp_git_path}/common/build/kernel.mk
19 | include ${nxp_git_path}/common/build/backports.mk
20 | include ${nxp_git_path}/common/build/uboot.mk
21 | -include ${product_path}/AndroidUboot.mk
22 | -include ${product_path}/AndroidTee.mk
23 | -include ${GPU_VIV6_PATH}/gpu-viv6/driver/hal/kernel/galcore.mk
24 | -include ${VVCAM_PATH}/vvcam/vvcam.mk
25 | -include ${MXMWIFI_PATH}/mxm_wifiex/mxmwifi.mk
26 |
--------------------------------------------------------------------------------
/common/build/backports.mk:
--------------------------------------------------------------------------------
1 | BACKPORTS_PATH ?= $(ANDROID_BUILD_TOP)/vendor/ezurio/backports/backport
2 | BACKPORTS_OUT ?= $(TARGET_OUT_INTERMEDIATES)/BACKPORTS_OBJ
3 |
4 | backports_build_make_env = KLIB_BUILD=$(realpath $(KERNEL_OUT)) ARCH=$(KERNEL_ARCH) \
5 | CROSS_COMPILE=$(strip $(KERNEL_CROSS_COMPILE_WRAPPER)) $(CLANG_TO_COMPILE) \
6 | KCFLAGS="$(KERNEL_CFLAGS) -Wno-strict-prototypes" KAFLAGS="$(KERNEL_AFLAGS)" -C $(BACKPORTS_PATH)
7 |
8 | backports: $(BACKPORTS_PATH)
9 | if [ ${clean_build} = 1 ]; then \
10 | rm -rf $(BACKPORTS_OUT) ; \
11 | $(kernel_build_shell_env) $(MAKE) $(backports_build_make_env) mrproper ; \
12 | fi ;
13 | mkdir -p $(BACKPORTS_OUT) ;
14 | # workaround qcacld needing stdarg.h header
15 | if [ ! -e $(BACKPORTS_PATH)/drivers/net/wireless/summit/qcacld/CORE/VOSS/inc/stdarg.h ]; then \
16 | cp -v $(realpath $(TARGET_KERNEL_SRC)/include/linux/stdarg.h) \
17 | $(BACKPORTS_PATH)/drivers/net/wireless/summit/qcacld/CORE/VOSS/inc/ ; \
18 | fi ;
19 | # use custom defconfig for our devices
20 | if [ ! -e $(BACKPORTS_PATH)/.config ]; then \
21 | $(kernel_build_shell_env) $(MAKE) $(backports_build_make_env) defconfig-bdimx8 ; \
22 | fi ;
23 | $(kernel_build_shell_env) $(MAKE) $(backports_build_make_env)
24 | $(kernel_build_shell_env) find $(BACKPORTS_PATH) -name "*.ko" -exec \
25 | llvm-strip --strip-debug {} \;
26 | find $(BACKPORTS_PATH) -name "*.ko" -exec cp -v {} $(BACKPORTS_OUT) \;
27 |
--------------------------------------------------------------------------------
/common/build/bootscript.mk:
--------------------------------------------------------------------------------
1 | ifeq ($(BOARD_HAVE_PREBOOTIMAGE),true)
2 | ifeq ($(BOARD_SOC_CLASS),IMX6)
3 | BOOTSCRIPT_ARCH := arm
4 | else
5 | BOOTSCRIPT_ARCH := arm64
6 | endif
7 |
8 | MKIMAGE := $(PRODUCT_OUT)/obj/UBOOT_OBJ/tools/mkimage
9 |
10 | BOOTSCRIPT_TARGET := $(PRODUCT_OUT)/preboot/boot.scr
11 | $(BOOTSCRIPT_TARGET): $(LOCAL_PATH)/bootscript.txt $(MKIMAGE)
12 | mkdir -p $(dir $@)
13 | $(MKIMAGE) -A $(BOOTSCRIPT_ARCH) -O linux -T script -C none -a 0 -e 0 -n "boot script" -d $< $@
14 |
15 | UPGRADE_TARGET := $(PRODUCT_OUT)/preboot/upgrade.scr
16 | $(UPGRADE_TARGET): $(UBOOT_IMX_PATH)/uboot-imx/board/boundary/bootscripts/upgrade.txt $(MKIMAGE)
17 | mkdir -p $(dir $@)
18 | $(MKIMAGE) -A $(BOOTSCRIPT_ARCH) -O linux -T script -C none -a 0 -e 0 -n "upgrade script" -d $< $@
19 |
20 | .PHONY: bootscript
21 | bootscript: $(BOOTSCRIPT_TARGET) $(UPGRADE_TARGET)
22 |
23 | droidcore: bootscript
24 | bootimage: bootscript
25 | endif
26 |
--------------------------------------------------------------------------------
/common/build/build_info.mk:
--------------------------------------------------------------------------------
1 | # -------@release build info-------
2 | PRODUCT_PROPERTY_OVERRIDES += \
3 | ro.vendor.build_id=15.0.0_1.2.0
4 |
--------------------------------------------------------------------------------
/common/build/preboot.mk:
--------------------------------------------------------------------------------
1 | ifeq ($(BOARD_HAVE_PREBOOTIMAGE),true)
2 | INSTALLED_PREBOOTIMAGE_TARGET := $(PRODUCT_OUT)/preboot.img
3 | PREBOOT_BINARY_PATHS := $(HOST_OUT_EXECUTABLES)
4 |
5 | .PHONY: preboot
6 | preboot: $(MKEXTUSERIMG) $(BOOTSCRIPT_TARGET) $(UPGRADE_TARGET)
7 | $(call pretty,"Target preboot image: $(INSTALLED_PREBOOTIMAGE_TARGET)")
8 | PATH=$(PREBOOT_BINARY_PATHS):$$PATH $(MKEXTUSERIMG) $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG) $(PRODUCT_OUT)/preboot $(INSTALLED_PREBOOTIMAGE_TARGET) ext4 preboot $(BOARD_PREBOOTIMAGE_PARTITION_SIZE) -L preboot
9 |
10 | droidcore: preboot
11 | bootimage: preboot
12 | endif
13 |
--------------------------------------------------------------------------------
/common/build/ramdisk.mk:
--------------------------------------------------------------------------------
1 | ifeq ($(BOARD_SOC_CLASS),IMX6)
2 | RAMDISK_ARCH := arm
3 | else
4 | RAMDISK_ARCH := arm64
5 | endif
6 |
7 | RAMDISK_TARGET := $(PRODUCT_OUT)/boot/uramdisk.img
8 | $(RAMDISK_TARGET): $(PRODUCT_OUT)/ramdisk.img
9 | mkdir -p $(dir $@)
10 | mkimage -A $(RAMDISK_ARCH) -O linux -T ramdisk -n "RAM Disk" -d $< $@
11 |
12 | bootimage: $(RAMDISK_TARGET)
13 |
--------------------------------------------------------------------------------
/common/imx8m/UbootKernelCommonConfig.mk:
--------------------------------------------------------------------------------
1 | TARGET_UBOOT_ARCH := arm64
2 |
3 |
--------------------------------------------------------------------------------
/common/imx8m/com.example.android.systemupdatersample.xml:
--------------------------------------------------------------------------------
1 |
2 |
18 |
19 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/common/imx8m/displayconfig/display_port_1.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
17 |
18 |
19 |
20 |
21 | 0.0
22 | 10.0
23 |
24 |
25 | 1.0
26 | 1000.0
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/adbd.te:
--------------------------------------------------------------------------------
1 | allow adbd vendor_configs_file:file { map };
2 | get_prop(adbd, vendor_usb_config_prop);
3 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/audioserver.te:
--------------------------------------------------------------------------------
1 | get_prop(audioserver, vendor_public_default_prop)
2 |
3 | allow audioserver rootfs:lnk_file { getattr };
4 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/bluetooth.te:
--------------------------------------------------------------------------------
1 | allow bluetooth storage_stub_file:dir { getattr };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/bootanim.te:
--------------------------------------------------------------------------------
1 | get_prop(bootanim, vendor_public_default_prop)
2 |
3 | allow bootanim ashmem_device:chr_file {execute};
4 | allow bootanim self:process execmem;
5 | allow bootanim rootfs:lnk_file {getattr};
6 | allow bootanim hal_graphics_allocator_default_tmpfs:file { read write };
7 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/bootstat.te:
--------------------------------------------------------------------------------
1 | allow bootstat rootfs:lnk_file { getattr };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/cameraserver.te:
--------------------------------------------------------------------------------
1 | get_prop(cameraserver, vendor_public_default_prop)
2 |
3 | allow cameraserver sysfs:dir { read open };
4 | allow cameraserver gpu_device:chr_file { read open write ioctl map };
5 | allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind read };
6 | allow cameraserver tmpfs:dir { search };
7 | allow cameraserver pxp_device:chr_file { read write open ioctl };
8 | allow cameraserver external_camera_service:service_manager { find };
9 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/charger_vendor.te:
--------------------------------------------------------------------------------
1 | dontaudit charger_vendor default_prop:file r_file_perms;
2 | dontaudit charger_vendor sysfs:file r_file_perms;
3 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/device.te:
--------------------------------------------------------------------------------
1 | type caam_device, dev_type;
2 | type pxp_device, dev_type;
3 | type vbmeta_block_device, dev_type;
4 | type sysfs_usb_c, sysfs_type, fs_type;
5 | type sysfs_usb_device, sysfs_type, fs_type;
6 | type diag_device, dev_type, mlstrustedobject;
7 | type sysfs_block_devices, sysfs_type, fs_type;
8 | type mmc_rpmb_char_device, dev_type;
9 | type latency_device, dev_type;
10 | type emmc_boot0, dev_type;
11 | type sdcard, dev_type;
12 | type vsi_daemon_ctrl_device, dev_type;
13 | type bootloader_block_device, dev_type;
14 | type fbmisc_block_device, dev_type;
15 | type logbuffer_device, dev_type;
16 | type cec_device, dev_type;
17 | allow domain cec_device:chr_file rw_file_perms;
18 | type sysfs_gpio, sysfs_type, fs_type;
19 | type gpio_device, dev_type;
20 | type i2c_device, dev_type;
21 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/dnsmasq.te:
--------------------------------------------------------------------------------
1 | allow dnsmasq property_socket:sock_file rw_file_perms;
2 | allow dnsmasq init:unix_stream_socket connectto;
3 | allow dnsmasq net_radio_prop:property_service set;
4 |
5 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/domain.te:
--------------------------------------------------------------------------------
1 | allow vold self:capability { setgid setuid };
2 | allow vold fuse_device:chr_file rw_file_perms;
3 | allow domain tty_device:chr_file rw_file_perms;
4 | allow domain gpu_device:dir { search };
5 | allow domain unlabeled:file { setattr getattr rename r_file_perms };
6 | allow domain unlabeled:dir { setattr getattr rename r_dir_perms };
7 | allow domain unlabeled:lnk_file { read };
8 | dontaudit domain kernel:system module_request;
9 |
10 | get_prop(domain, vendor_public_default_prop)
11 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/dumpstate.te:
--------------------------------------------------------------------------------
1 | allow dumpstate userdata_block_device:blk_file { getattr };
2 | allow dumpstate block_device:blk_file { getattr };
3 | allow dumpstate safemode_prop:file { getattr open };
4 | allow dumpstate mmc_prop:file { getattr open };
5 | allow dumpstate device_logging_prop:file { getattr open };
6 | allow dumpstate sysfs_block_devices:file { open read getattr };
7 | allow dumpstate debugfs_mmc:dir { search };
8 | allow dumpstate debugfs:dir { r_dir_perms };
9 | allow dumpstate debugfs_dma:dir { search };
10 | no_debugfs_restriction(`
11 | allow dumpstate debugfs_dma:file { read open getattr };
12 | ')
13 | allow dumpstate hal_power_default:binder { call };
14 |
15 | allow dumpstate console_device:chr_file { read write ioctl getattr };
16 | allow dumpstate fuse:dir { search };
17 |
18 | binder_call(dumpstate, hal_audio_default)
19 | binder_call(dumpstate, vold)
20 | binder_call(dumpstate, tee)
21 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/ephemeral_app.te:
--------------------------------------------------------------------------------
1 | typeattribute ephemeral_app mlstrustedobject;
2 | allow ephemeral_app shell_data_file:dir { search };
3 | allow ephemeral_app device_state_service:service_manager { find };
4 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/fastbootd.te:
--------------------------------------------------------------------------------
1 | recovery_only(`
2 | allow fastbootd dtbo_block_device:blk_file { getattr r_file_perms w_file_perms ioctl };
3 | allow fastbootd boot_block_device:blk_file { getattr r_file_perms w_file_perms ioctl };
4 | allow fastbootd vbmeta_block_device:blk_file { getattr r_file_perms w_file_perms ioctl };
5 | allow fastbootd system_block_device:blk_file { getattr r_file_perms w_file_perms ioctl };
6 | allow fastbootd frp_block_device:blk_file { getattr };
7 | ')
8 |
9 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/file.te:
--------------------------------------------------------------------------------
1 | type mediadrm_vendor_data_file, file_type, data_file_type;
2 | type debugfs_dma, debugfs_type, fs_type;
3 | type debugfs_sw_sync, debugfs_type, fs_type;
4 | type sysfs_soc, sysfs_type, fs_type;
5 | type proc_util_clamp, fs_type, proc_type;
6 | type pps_socket, file_type;
7 | type nfc_vendor_data_file, file_type, data_file_type;
8 | type vendor_hwc_file, file_type, data_file_type;
9 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_audio_default.te:
--------------------------------------------------------------------------------
1 | allow hal_audio_default sysfs_wake_lock:file { open read write };
2 | allow hal_audio_default hal_audio_default:capability2 { block_suspend };
3 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_bluetooth_default.te:
--------------------------------------------------------------------------------
1 | allow hal_bluetooth_default sysfs:file { write };
2 | allow hal_bluetooth_default bluetooth_data_file:file { write read append getattr };
3 | allow hal_bluetooth_default hal_bluetooth_default:unix_stream_socket { ioctl };
4 |
5 | # vendor.wc_transport.start_hci and friends
6 | set_prop(hal_bluetooth_default, vendor_wc_prop)
7 | set_prop(hal_bluetooth_default, vendor_bluetooth_prop)
8 |
9 | # talk to system_server to set priority
10 | allow hal_bluetooth_default fwk_scheduler_hwservice:hwservice_manager {find};
11 | allow hal_bluetooth_default system_server:binder {call};
12 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_bootctl_default.te:
--------------------------------------------------------------------------------
1 | allow hal_bootctl_default proc:file { read open getattr };
2 | allow hal_bootctl_default rootfs:file { read open getattr };
3 | allow hal_bootctl_default sysfs:file { read open getattr };
4 | allow hal_bootctl_default sysfs:dir { read open getattr };
5 | allow hal_bootctl_default misc_block_device:blk_file { read open write };
6 | allow hal_bootctl_default block_device:dir { search };
7 | allow hal_bootctl_default proc_cmdline:file { getattr read open };
8 | allow hal_bootctl_default sysfs_dt_firmware_android:dir { search read open };
9 | allow hal_bootctl_default sysfs_dt_firmware_android:file { read open getattr };
10 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_camera_default.te:
--------------------------------------------------------------------------------
1 | type opencl_cache_file, file_type, data_file_type;
2 | hal_client_domain(hal_camera_default, hal_graphics_allocator);
3 |
4 | allow hal_camera_default vndbinder_device:chr_file { open read write ioctl map };
5 | allow hal_camera_default hal_camera_default:netlink_kobject_uevent_socket { create read setopt bind };
6 | allow hal_camera_default gpu_device:chr_file { open ioctl read write map getattr };
7 | allow hal_camera_default sysfs:dir { open read };
8 | allow hal_camera_default sysfs:file { open read getattr };
9 | allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
10 | allow hal_camera_default opencl_cache_file:dir create_dir_perms;
11 | allow hal_camera_default opencl_cache_file:file create_file_perms;
12 | allow hal_camera_default dmabuf_system_heap_device:chr_file {ioctl read open write };
13 | allow hal_camera_default system_data_file:dir { search };
14 | add_service(hal_camera_default, external_camera_service)
15 |
16 | set_prop(hal_camera_default, vendor_camera_prop)
17 | get_prop(hal_camera_default, vendor_camera_prop)
18 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_cas_default.te:
--------------------------------------------------------------------------------
1 | # Allow CAS HAL to use vendor-binder service
2 | vndbinder_use(hal_cas_default);
3 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_confirmationui.te:
--------------------------------------------------------------------------------
1 | type hal_confirmationui_impl, domain;
2 | hal_server_domain(hal_confirmationui_impl, hal_confirmationui)
3 |
4 | type hal_confirmationui_impl_exec, exec_type, vendor_file_type, file_type;
5 | init_daemon_domain(hal_confirmationui_impl)
6 |
7 | hal_client_domain(hal_confirmationui_impl, hal_graphics_composer)
8 |
9 | allow hal_confirmationui tee_device:chr_file {ioctl open read write};
10 | allow hal_confirmationui input_device:dir {read open search};
11 | allow hal_confirmationui input_device:chr_file {read write open ioctl};
12 | allow hal_confirmationui keystore:binder {call};
13 | allow hal_confirmationui ion_device:chr_file {read open ioctl};
14 | allow hal_confirmationui dmabuf_system_heap_device:chr_file { open ioctl read };
15 | allow hal_confirmationui_impl hal_graphics_composer_hwservice:hwservice_manager {find};
16 | allow hal_confirmationui_impl property_socket:sock_file { write };
17 | allow hal_confirmationui_impl init:unix_stream_socket { connectto };
18 | allow hal_confirmationui_impl vendor_public_default_prop:property_service { set };
19 |
20 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_drm_widevine.te:
--------------------------------------------------------------------------------
1 | type hal_drm_widevine_aidl, domain;
2 | hal_server_domain(hal_drm_widevine_aidl, hal_drm)
3 | hal_client_domain(hal_drm_widevine_aidl, hal_power)
4 |
5 | type hal_drm_widevine_aidl_exec, exec_type, vendor_file_type, file_type;
6 | init_daemon_domain(hal_drm_widevine_aidl)
7 |
8 | allow hal_drm_widevine_aidl mediadrm_vendor_data_file:dir create_dir_perms;
9 | allow hal_drm_widevine_aidl mediadrm_vendor_data_file:file create_file_perms;
10 | allow hal_drm_widevine_aidl vndbinder_device:chr_file { open read write ioctl map };
11 | allow hal_drm_widevine_aidl { appdomain -isolated_app }:fd use;
12 | allow hal_drm_widevine_aidl mediacodec:fd use;
13 | allow hal_drm_widevine_aidl hal_allocator_server:fd use;
14 | allow hal_drm_widevine_aidl dmabuf_system_heap_device:chr_file {read open ioctl write};
15 |
16 | allow hal_drm_widevine_aidl hal_drm_service:service_manager {add};
17 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_dumpstate_impl.te:
--------------------------------------------------------------------------------
1 | type hal_dumpstate_impl, domain;
2 | hal_server_domain(hal_dumpstate_impl, hal_dumpstate)
3 |
4 | type hal_dumpstate_impl_exec, exec_type, vendor_file_type, file_type;
5 | init_daemon_domain(hal_dumpstate_impl)
6 |
7 | allow hal_dumpstate_impl vendor_shell_exec:file rx_file_perms;
8 | allow hal_dumpstate_impl vendor_toolbox_exec:file rx_file_perms;
9 |
10 | allow hal_dumpstate_impl sysfs:file { open read getattr };
11 | allow hal_dumpstate_impl sysfs:dir { open read };
12 | allow hal_dumpstate_impl sysfs_batteryinfo:file { open read getattr };
13 | allow hal_dumpstate_impl sysfs_batteryinfo:dir { read search };
14 | allow hal_dumpstate_impl shell_data_file:file { read getattr };
15 | no_debugfs_restriction(`
16 | allow hal_dumpstate_impl debugfs_dma:file { read open };
17 | ')
18 | allow hal_dumpstate_impl debugfs_dma:dir { read search};
19 |
20 | set_prop(hal_dumpstate_impl, vendor_logging_prop);
21 |
22 | allow hal_dumpstate_impl aac_drc_prop:file { open getattr map };
23 | allow hal_dumpstate_impl ab_update_gki_prop:file { open getattr };
24 |
25 | binder_call(servicemanager, hal_dumpstate_impl)
26 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_graphics_allocator_default.te:
--------------------------------------------------------------------------------
1 | typeattribute hal_graphics_allocator_default_tmpfs mlstrustedobject;
2 | allow hal_graphics_allocator_default dmabuf_system_heap_device:chr_file { read open ioctl };
3 | allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file { read open ioctl };
4 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_graphics_composer_default.te:
--------------------------------------------------------------------------------
1 | vndbinder_use(hal_graphics_composer_default);
2 | hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
3 |
4 | allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
5 | allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
6 | allow hal_graphics_composer_default gpu_device:dir { search read open watch };
7 | allow hal_graphics_composer_default sysfs:dir { read open };
8 | allow hal_graphics_composer_default sysfs:file { read open getattr write };
9 | allow hal_graphics_composer_default ion_device:chr_file { write };
10 | allow hal_graphics_composer_default sysfs_leds:dir { search };
11 | allow hal_graphics_composer_default sysfs_leds:file { getattr open read write };
12 | allow hal_graphics_composer_default hal_graphics_allocator_default_tmpfs:file { read write };
13 | allow hal_graphics_composer_default tee_device:chr_file { open read write ioctl };
14 | allow hal_graphics_composer_default dmabuf_system_heap_device:chr_file { read open ioctl };
15 | allow hal_graphics_composer_default dmabuf_system_secure_heap_device:chr_file { read open ioctl };
16 | # allow HWC to write log/dump file
17 | allow hal_graphics_composer_default vendor_hwc_file:dir rw_dir_perms;
18 | allow hal_graphics_composer_default vendor_hwc_file:file create_file_perms;
19 |
20 | set_prop(hal_graphics_composer_default, vendor_public_default_prop)
21 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_health_default.te:
--------------------------------------------------------------------------------
1 | # Allow alarmtimers to be set
2 | allow hal_health_default self:capability2 { wake_alarm };
3 | allow hal_health_default sysfs_batteryinfo:file rw_file_perms;
4 | allow hal_health_default sysfs_block_devices:file rw_file_perms;
5 | allow hal_health_default sysfs_block_devices:dir search;
6 | allow hal_health_default sysfs:file rw_file_perms;
7 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_light_default.te:
--------------------------------------------------------------------------------
1 | allow hal_light_default sysfs:file { read };
2 | allow hal_light_default sysfs:file { open };
3 | allow hal_light_default sysfs:file { getattr };
4 | allow hal_light_default sysfs:file { write };
5 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_neuralnetworks_imx.te:
--------------------------------------------------------------------------------
1 | type hal_neuralnetworks_imx, domain;
2 | hal_server_domain(hal_neuralnetworks_imx, hal_neuralnetworks)
3 |
4 | type hal_neuralnetworks_imx_exec, exec_type, vendor_file_type, file_type;
5 | init_daemon_domain(hal_neuralnetworks_imx)
6 | hal_client_domain(hal_neuralnetworks_imx, hal_graphics_allocator);
7 |
8 | allow hal_neuralnetworks_imx opencl_cache_file:dir create_dir_perms;
9 | allow hal_neuralnetworks_imx opencl_cache_file:file { create write open lock getattr read unlink map };
10 | allow hal_neuralnetworks_imx gpu_device:chr_file { open ioctl read write map getattr };
11 | allow hal_neuralnetworks_imx graphics_device:dir { search };
12 | allow hal_neuralnetworks_imx hal_graphics_mapper_hwservice:hwservice_manager { find };
13 | allow hal_neuralnetworks_imx hal_graphics_allocator_default:fd { use };
14 | allow hal_neuralnetworks_imx ion_device:chr_file { open read ioctl };
15 | allow hal_neuralnetworks_imx hal_graphics_allocator_default:binder { call };
16 | allow hal_neuralnetworks_imx default_prop:file { getattr map };
17 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_nfc_default.te:
--------------------------------------------------------------------------------
1 | #============= hal_nfc_default ==============
2 | allow hal_nfc_default nxpnfc_hwservice:hwservice_manager { add find};
3 |
4 | allow hal_nfc_default nfc_device:chr_file { read write };
5 | allow hal_nfc_default nfc_data_file:file getattr;
6 |
7 | allow hal_nfc_default nfc_vendor_data_file:dir { getattr add_name read write search remove_name };
8 | allow hal_nfc_default nfc_vendor_data_file:file { getattr open create read write unlink setattr };
9 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_oemlock.te:
--------------------------------------------------------------------------------
1 | type hal_oemlock_impl, domain;
2 | hal_server_domain(hal_oemlock_impl, hal_oemlock)
3 |
4 | type hal_oemlock_impl_exec, exec_type, vendor_file_type, file_type;
5 | init_daemon_domain(hal_oemlock_impl)
6 |
7 | allow hal_oemlock tee_device:chr_file {ioctl open read write};
8 |
9 | allow hal_oemlock_impl block_device:file {open read write ioctl getattr};
10 | allow hal_oemlock_impl block_device:dir {search open read write};
11 | allow hal_oemlock_impl fbmisc_block_device:blk_file {open read write ioctl getattr};
12 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_power_default.te:
--------------------------------------------------------------------------------
1 | allow hal_power_default sysfs_devices_system_cpu:file { write };
2 | allow hal_power_default property_socket:sock_file { write };
3 | allow hal_power_default init:unix_stream_socket { connectto };
4 | allow hal_power_default latency_device:chr_file rw_file_perms;
5 | allow hal_power_default device:file rw_file_perms;
6 | set_prop(hal_power_default, vendor_power_hal_prop)
7 | get_prop(hal_power_default, vendor_power_hal_prop)
8 | # Rule for hal_power_default to access graphics composer process
9 | unix_socket_connect(hal_power_default, pps, hal_graphics_composer_default);
10 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_sensors_default.te:
--------------------------------------------------------------------------------
1 | allow hal_sensors_default input_device:dir { read } ;
2 | allow hal_sensors_default sysfs:dir { read open } ;
3 | allow hal_sensors_default input_device:dir { open search } ;
4 | allow hal_sensors_default input_device:chr_file { ioctl read open } ;
5 | allow hal_sensors_default sysfs:chr_file { open } ;
6 | allow hal_sensors_default sysfs:file { open read write getattr ioctl };
7 | allow hal_sensors_default device:dir { open read };
8 | allow hal_sensors_default sensors_device:chr_file { open read };
9 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_thermal_default.te:
--------------------------------------------------------------------------------
1 | allow hal_thermal_default self:netlink_kobject_uevent_socket { read create setopt getopt bind } ;
2 | allow hal_thermal_default sysfs:file { read open write getattr };
3 | allow hal_thermal_default sysfs:dir { read open };
4 | allow hal_thermal_default sysfs_devices_system_cpu:file { write };
5 | allow hal_thermal_default proc_stat:file {read open getattr};
6 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_tv_hdmi_cec_default.te:
--------------------------------------------------------------------------------
1 | init_daemon_domain(hal_tv_hdmi_cec_default);
2 | hal_client_domain(hal_tv_hdmi_cec_default, hal_graphics_composer);
3 |
4 | allow hal_tv_hdmi_cec_default hal_graphics_composer_default:binder { call };
5 | allow hal_tv_hdmi_cec_default property_socket:sock_file { write };
6 | allow hal_tv_hdmi_cec_default init:unix_stream_socket { connectto };
7 | allow hal_tv_hdmi_cec_default vendor_public_default_prop:property_service { set };
8 | allow hal_tv_hdmi_cec_default hdmi_config_prop:file { read open getattr map };
9 | allow hal_tv_hdmi_cec_default hal_graphics_composer_service:service_manager { find };
10 | allow hal_graphics_composer_default hal_tv_hdmi_cec_default:binder { transfer };
11 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_tv_hdmi_connection_default.te:
--------------------------------------------------------------------------------
1 | init_daemon_domain(hal_tv_hdmi_connection_default);
2 | hal_client_domain(hal_tv_hdmi_connection_default, hal_graphics_composer);
3 |
4 | allow hal_tv_hdmi_connection_default hal_graphics_composer_default:binder { call };
5 | allow hal_tv_hdmi_connection_default property_socket:sock_file { write };
6 | allow hal_tv_hdmi_connection_default init:unix_stream_socket { connectto };
7 | allow hal_tv_hdmi_connection_default vendor_public_default_prop:property_service { set };
8 | allow hal_tv_hdmi_connection_default hal_graphics_composer_service:service_manager { find };
9 | allow hal_graphics_composer_default hal_tv_hdmi_connection_default:binder { transfer };
10 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_usb_default.te:
--------------------------------------------------------------------------------
1 | allow hal_usb_default sysfs_usb_c:dir r_dir_perms;
2 | allow hal_usb_default sysfs_usb_c:lnk_file read;
3 | allow hal_usb_default sysfs_usb_c:file rw_file_perms;
4 | allow hal_usb_default sysfs:file { create } ;
5 |
6 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_usb_impl.te:
--------------------------------------------------------------------------------
1 | type hal_usb_impl, domain;
2 | hal_server_domain(hal_usb_impl, hal_usb)
3 | hal_server_domain(hal_usb_impl, hal_usb_gadget)
4 |
5 | type hal_usb_impl_exec, exec_type, vendor_file_type, file_type;
6 | init_daemon_domain(hal_usb_impl)
7 |
8 | r_dir_file(hal_usb_impl, sysfs_usb_c)
9 | allow hal_usb_impl sysfs_usb_c:file w_file_perms;
10 | allow hal_usb_impl sysfs_usb_device:dir r_dir_perms;
11 | allow hal_usb_impl sysfs_usb_device:file rw_file_perms;
12 | allow hal_usb_impl configfs:file create_file_perms;
13 | allow hal_usb_impl configfs:dir create_dir_perms;
14 | allow hal_usb_impl device:file { write open };
15 | allow hal_usb_impl functionfs:dir { watch watch_reads };
16 |
17 | allow hal_usb_impl ctl_start_prop:property_service { set };
18 | allow hal_usb_impl ctl_stop_prop:property_service { set };
19 | wakelock_use(hal_usb_impl)
20 | set_prop(hal_usb_impl, vendor_usb_config_prop)
21 |
22 | # TODO: Now sysfs_udc label is defined in platform private/file.te.
23 | # Starting from board api level 202504, the definition in public/file.te
24 | # takes effect, at that time sysfs_type below may be changed to sysfs_udc
25 | allow hal_usb_impl sysfs_type:dir search;
26 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_wifi_default.te:
--------------------------------------------------------------------------------
1 | allow hal_wifi_default sysfs:file { write };
2 | set_prop(hal_wifi_default, vendor_wifi_version);
3 | allow hal_wifi_default proc:file { getattr open read write };
4 | allow hal_wifi_default vendor_data_file:dir { create_file_perms rw_file_perms add_name };
5 | allow hal_wifi_default vendor_data_file:file { create open write read append getattr };
6 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hal_wifi_supplicant_default.te:
--------------------------------------------------------------------------------
1 | allow hal_wifi_supplicant_default proc_net:file { write } ;
2 | get_prop(hal_wifi_supplicant_default, vendor_public_default_prop)
3 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hwservice.te:
--------------------------------------------------------------------------------
1 | type nxpnfc_hwservice, hwservice_manager_type;
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hwservice_contexts:
--------------------------------------------------------------------------------
1 | vendor.nxp.nxpnfc::INxpNfc u:object_r:nxpnfc_hwservice:s0
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/hwservicemanager.te:
--------------------------------------------------------------------------------
1 | allow hwservicemanager securedisplayd:binder {transfer};
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/init-insmod-sh.te:
--------------------------------------------------------------------------------
1 | type init-insmod-sh, domain;
2 | type init-insmod-sh_exec, exec_type, vendor_file_type, file_type;
3 |
4 | init_daemon_domain(init-insmod-sh)
5 |
6 | set_prop(init-insmod-sh, vendor_public_default_prop)
7 |
8 | allow init-insmod-sh vendor_shell_exec:file rx_file_perms;
9 | allow init-insmod-sh vendor_toolbox_exec:file rx_file_perms;
10 |
11 | # Allow insmod
12 | allow init-insmod-sh self:capability sys_module;
13 | allow init-insmod-sh system_file:system module_load;
14 |
15 | allow init-insmod-sh vendor_file:system module_load;
16 |
17 | allow init-insmod-sh vendor_wc_prop:property_service { set };
18 | allow init-insmod-sh proc_cmdline:file { read open getattr };
19 |
20 | allow init-insmod-sh system_dlkm_file:dir r_dir_perms;
21 | allow init-insmod-sh system_dlkm_file:file r_file_perms;
22 | allow init-insmod-sh system_dlkm_file:system module_load;
23 | allow init-insmod-sh self:key write;
24 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/init.te:
--------------------------------------------------------------------------------
1 | allow init cache_file:dir { mounton };
2 | allow init asec_apk_file:dir { mounton };
3 | allow init socket_device:sock_file { setattr create };
4 | allow init tmpfs:lnk_file { create };
5 | allow init storage_file:dir { mounton };
6 | allow init block_device:blk_file { write };
7 | allow init sysfs_devices_system_cpu:file { create };
8 | allow init configfs:dir { write add_name remove_name create };
9 | allow init configfs:file { write create };
10 | allow init configfs:lnk_file { create unlink };
11 | allow init block_device:chr_file { getattr ioctl };
12 | allow init userdata_block_device:blk_file { open read write ioctl getattr };
13 | allow init ram_device:blk_file { write };
14 | allow init sysfs:file { create };
15 | allow init boot_block_device:lnk_file { relabelto };
16 | allow init vbmeta_block_device:lnk_file { relabelto };
17 | allow init dtbo_block_device:lnk_file { relabelto };
18 | allow init sysfs_dm:file { write open };
19 | allow init sysfs_devices_system_cpu:file { write };
20 | allow init sysfs_block_devices:file { open write setattr };
21 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/install_recovery.te:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/imx8m/sepolicy/install_recovery.te
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/installd.te:
--------------------------------------------------------------------------------
1 | allow installd vendor_configs_file:file { map };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/kernel.te:
--------------------------------------------------------------------------------
1 | allow kernel self:capability { mknod };
2 | allow kernel fuse:file rw_file_perms;
3 | allow kernel fuse:dir rw_dir_perms;
4 | allow kernel device:dir { add_name write create remove_name rmdir };
5 | allow kernel device:chr_file { create setattr getattr unlink };
6 | allow kernel sysfs:blk_file { create setattr };
7 | allow kernel sysfs_devices_system_cpu:file { write };
8 | allow kernel mediaprovider:fd use;
9 | allow kernel vendor_file:file { read open map getattr };
10 | allow kernel vendor_file:dir { read };
11 | allow kernel rootfs:file { execute };
12 | allow kernel vendor_configs_file:file { map };
13 | allow kernel vold_data_file:file { write };
14 | dontaudit kernel device:blk_file { create };
15 |
16 | allow kernel shell_exec:file { read open execute map getattr };
17 | domain_auto_trans(kernel, shell_exec, ueventd)
18 | allow ueventd kernel:fd { use };
19 | allow kernel init-insmod-sh:key { search };
20 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/logd.te:
--------------------------------------------------------------------------------
1 | allow logd init:unix_stream_socket { connectto };
2 | allow logd property_socket:sock_file { write };
3 |
4 | r_dir_file(logd, logbuffer_device)
5 | allow logd logbuffer_device:chr_file r_file_perms;
6 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/mediacodec.te:
--------------------------------------------------------------------------------
1 | allow mediacodec sysfs:file { read write open getattr };
2 | allow mediacodec tmpfs:dir { search write add_name create};
3 | allow mediacodec tmpfs:file { create open read write };
4 | allow mediacodec audio_device:chr_file { open ioctl map read write };
5 | allow mediacodec debugfs_tracing:file { write open };
6 | allow mediacodec rootfs:lnk_file { getattr };
7 | allow mediacodec video_device:dir { search write add_name create};
8 | allow mediacodec video_device:file { create open read write setattr };
9 | allow mediacodec video_device:chr_file { create open read write setattr };
10 | allow mediacodec video_device:fifo_file create_file_perms;
11 | allow mediacodec video_device:fifo_file rw_file_perms;
12 | allow mediacodec system_file:dir r_dir_perms;
13 | allow mediacodec sysfs_soc:dir { read open search };
14 | allow mediacodec sysfs_soc:file { open read getattr };
15 | allow mediacodec tee_device:chr_file { open read write ioctl };
16 | allow mediacodec dmabuf_heap_device:chr_file { open ioctl map read write };
17 | allow mediacodec dmabuf_heap_device:dir { read open search };
18 | allow mediacodec dmabuf_system_heap_device:chr_file { open ioctl map read write };
19 | allow mediacodec dmabuf_system_heap_device:dir { read open search };
20 |
21 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/mediaextractor.te:
--------------------------------------------------------------------------------
1 | allow mediaextractor system_server:fifo_file { write };
2 | allow mediaextractor sdcardfs:file { read getattr};
3 | allow mediaextractor vendor_file:dir { read open };
4 | allow mediaextractor vfat:file rw_file_perms;
5 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/mediaprovider.te:
--------------------------------------------------------------------------------
1 | get_prop(mediaprovider, vendor_public_default_prop)
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/mediaserver.te:
--------------------------------------------------------------------------------
1 | get_prop(mediaserver, vendor_public_default_prop)
2 |
3 | allow mediaserver tmpfs:dir rw_dir_perms;
4 | allow mediaserver tmpfs:file rw_file_perms;
5 | allow mediaserver mediaserver:netlink_kobject_uevent_socket { create setopt bind read };
6 | allow mediaserver sysfs_soc:file r_file_perms;
7 | allow mediaserver sysfs_soc:dir { read open search };
8 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/mediaswcodec.te:
--------------------------------------------------------------------------------
1 | allow mediaswcodec gpu_device:chr_file { read open write ioctl map };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/modprobe.te:
--------------------------------------------------------------------------------
1 | allow modprobe vendor_file:system { module_load };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/netd.te:
--------------------------------------------------------------------------------
1 | allow netd netd:capability { sys_module };
2 | allow netd proc_net:file { create };
3 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/nfc.te:
--------------------------------------------------------------------------------
1 | # allow NFC process to call into the NFC HAL
2 | # binder_call(nfc, nfc_hal_default)
3 | hal_client_domain(nfc, hal_secure_element)
4 | # rw_dir_perms has { r_dir_perms w_dir_perms }
5 | # create_dir_perms has { create rw_dir_perms }
6 | allow nfc nfc_data_file:dir create_dir_perms;
7 | # allow nfc nfc_vendor_data_file:dir create_dir_perms;
8 | allow nfc nfc_vendor_data_file:dir { create_dir_perms add_name search read write create remove_name };
9 | # create_file_perms has { create setattr rw_file_perms link_file_perms}
10 | allow nfc nfc_vendor_data_file:file create_file_perms;
11 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/platform_app.te:
--------------------------------------------------------------------------------
1 | allow platform_app hal_graphics_allocator_default_tmpfs:file { read write };
2 |
3 | get_prop(platform_app, vendor_public_default_prop)
4 |
5 | allow platform_app tty_device:chr_file rw_file_perms;
6 | allow platform_app nfc_service:service_manager find;
7 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/postinstall.te:
--------------------------------------------------------------------------------
1 | # to access ro.boot.soc_type and ro.boot.boot_device_root
2 | # and ro.boot.soc_rev
3 | get_prop(postinstall, vendor_public_default_prop);
4 |
5 | # to search block device files under /dev/block directory
6 | allow postinstall block_device:dir { search };
7 |
8 | allow postinstall emmc_boot0:blk_file { rw_file_perms };
9 | allow postinstall sdcard:blk_file { rw_file_perms };
10 |
11 | allow postinstall sysfs_block_devices:dir { search };
12 | allow postinstall sysfs_block_devices:file { rw_file_perms };
13 |
14 | allow postinstall proc:dir { search };
15 | allow postinstall proc_drop_caches:file { w_file_perms };
16 |
17 | allow postinstall bootloader_block_device:blk_file { open read write ioctl getattr };
18 |
19 | allow postinstall dek_extractor_service:service_manager { find };
20 | allow postinstall tee:binder { call };
21 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/priv_app.te:
--------------------------------------------------------------------------------
1 | allow priv_app update_engine_service:service_manager find;
2 | allow priv_app update_engine:binder { call };
3 | allow priv_app ota_package_file:dir rw_dir_perms;
4 | allow priv_app ota_package_file:file create_file_perms;
5 | allow priv_app hal_graphics_allocator_default_tmpfs:file { read write };
6 |
7 | get_prop(priv_app, vendor_public_default_prop)
8 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/proc_net.te:
--------------------------------------------------------------------------------
1 | allow proc_net proc:filesystem { associate };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/profman.te:
--------------------------------------------------------------------------------
1 | allow profman runtime_event_log_tags_file:file {map};
2 | allow profman apk_data_file:file {map};
3 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/property.te:
--------------------------------------------------------------------------------
1 | vendor_internal_prop(vendor_wc_prop)
2 | vendor_restricted_prop(vendor_usb_config_prop)
3 | vendor_internal_prop(vendor_power_hal_prop)
4 | vendor_internal_prop(vendor_bluetooth_prop)
5 | vendor_restricted_prop(vendor_public_default_prop)
6 | vendor_internal_prop(vendor_wifi_version)
7 | vendor_internal_prop(vendor_logging_prop)
8 | vendor_internal_prop(vendor_camera_prop)
9 | vendor_internal_prop(vendor_trusty_storage_prop)
10 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/recovery.te:
--------------------------------------------------------------------------------
1 | recovery_only(`
2 | allow recovery block_device:chr_file {getattr read write open ioctl};
3 | allow recovery block_device:dir { read write open ioctl add_name};
4 | allow recovery block_device:file { read write open ioctl create};
5 | allow recovery self:capability {sys_resource};
6 | allow recovery cache_file:dir { mounton };
7 | allow recovery debug_prop:property_service { set };
8 | ')
9 |
10 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/securedisplayd.te:
--------------------------------------------------------------------------------
1 | type securedisplayd, domain;
2 | type securedisplayd_exec, exec_type, vendor_file_type, file_type;
3 |
4 | init_daemon_domain(securedisplayd)
5 | hal_server_domain(securedisplayd, hal_graphics_composer)
6 | binder_use(securedisplayd)
7 |
8 | allow securedisplayd tee_device:chr_file {ioctl open read write};
9 | allow securedisplayd ion_device:chr_file {ioctl open read write};
10 | allow securedisplayd gpu_device:chr_file {ioctl open read write};
11 | allow securedisplayd hwservicemanager_prop:file {map open read getattr};
12 | allow securedisplayd hwservicemanager:binder {call transfer};
13 | allow securedisplayd hal_graphics_composer_default:binder {call};
14 | allow securedisplayd hal_graphics_composer_hwservice:hwservice_manager {find};
15 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/sensors.te:
--------------------------------------------------------------------------------
1 | # Integrated qualcomm sensor process
2 | type sensors, domain;
3 | type sensors_exec, exec_type, vendor_file_type, file_type;
4 |
5 | # Started by init
6 | init_daemon_domain(sensors)
7 |
8 | # Change own perms to (nobody,nobody)
9 | allow sensors self:capability { setuid setgid };
10 | # Chown /data/misc/sensors/debug/ to nobody
11 | allow sensors self:capability chown;
12 | dontaudit sensors self:capability fsetid;
13 |
14 | # Access sensor nodes (/dev/msm_dsps)
15 | allow sensors sensors_device:chr_file rw_file_perms;
16 |
17 |
18 | # Wake lock access
19 | wakelock_use(sensors)
20 |
21 | allow sensors cgroup:dir { create add_name };
22 | allow sensors input_device:chr_file rw_file_perms;
23 | allow sensors input_device:dir r_dir_perms;
24 | allow sensors uhid_device:chr_file rw_file_perms;
25 | allow sensors device:dir { open read };
26 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/service.te:
--------------------------------------------------------------------------------
1 | type external_camera_service, service_manager_type;
2 | type dek_extractor_service, service_manager_type;
3 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/service_contexts:
--------------------------------------------------------------------------------
1 | android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0
2 | android.hardware.camera.provider.ICameraProvider/external/0 u:object_r:external_camera_service:s0
3 | android.hardware.neuralnetworks.IDevice/nnapi-imx_sl u:object_r:hal_neuralnetworks_service:s0
4 | nxp.hardware.imx_dek_extractor.IDek_Extractor/default u:object_r:dek_extractor_service:s0
5 | mapper/imx u:object_r:hal_graphics_mapper_service:s0
6 | android.hardware.bluetooth.IBluetoothHci/default u:object_r:hal_bluetooth_service:s0
7 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/shell.te:
--------------------------------------------------------------------------------
1 | allow shell proc_uid_cputime_showstat:file { getattr read open };
2 | allow shell proc_uid_cputime_removeuid:file { getattr read open };
3 | allow shell unlabeled:lnk_file { read };
4 | allow shell system_data_file:file { read };
5 | allow shell rootfs:file { getattr };
6 | allow shell block_device:dir { search };
7 | allow shell kernel:process { setsched };
8 | dontaudit shell self:capability { dac_override };
9 | allow shell vendor_file:file { read execute open getattr };
10 | allow shell system_prop:property_service { set };
11 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/surfaceflinger.te:
--------------------------------------------------------------------------------
1 | allow surfaceflinger debug_prop:property_service { set };
2 | allow surfaceflinger ashmem_device:chr_file {execute};
3 | allow surfaceflinger self:process execmem;
4 | allow surfaceflinger hal_graphics_allocator_default_tmpfs:file { read write getattr };
5 |
6 | get_prop(surfaceflinger, vendor_public_default_prop)
7 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/system_app.te:
--------------------------------------------------------------------------------
1 | allow system_app system_app_data_file:notdevfile_class_set rw_file_perms;
2 | allow system_app cache_recovery_file:dir { search write add_name };
3 | allow system_app cache_recovery_file:file { create write open };
4 | allow system_app cache_file:dir { rw_file_perms add_name create };
5 | allow system_app cache_file:file { rw_file_perms create };
6 | allow system_app caam_device:chr_file rw_file_perms;
7 | allow system_app net_radio_prop:property_service { set };
8 | allow system_app net_radio_prop:property_service { set };
9 | allow system_app ctl_default_prop:property_service { set };
10 | allow system_app dhcp_prop:property_service { set };
11 | allow system_app update_engine:binder { call transfer };
12 | allow system_app fs_bpf:dir { search };
13 | allow system_app hal_graphics_allocator_default_tmpfs:file { read write };
14 | allow system_app gpio_device:chr_file rw_file_perms;
15 | allow system_app i2c_device:chr_file rw_file_perms;
16 | allow system_app sysfs_gpio:file r_file_perms;
17 | allow system_app sysfs_gpio:dir search;
18 |
19 | get_prop(system_app, vendor_public_default_prop)
20 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/tee.te:
--------------------------------------------------------------------------------
1 | # secure-os storage-daemon
2 |
3 | allow tee self:capability { setuid setgid sys_rawio };
4 |
5 | # secure os communication
6 | # in global tee.te
7 |
8 | # rpmb operations
9 | allow tee block_device:dir { search };
10 | allow tee mmc_rpmb_char_device:chr_file rw_file_perms;
11 | allow tee tee_data_file:dir create_dir_perms;
12 |
13 | # trusty_apploader operations
14 | allow tee vendor_file:file { read open map };
15 | allow tee dmabuf_system_heap_device:chr_file { read open ioctl };
16 | allow tee metadata_file:dir { search };
17 | allow tee gsi_metadata_file:dir { search };
18 |
19 | allow tee dek_extractor_service:service_manager { add };
20 | allow tee servicemanager:binder { call transfer };
21 |
22 | set_prop(tee, vendor_trusty_storage_prop)
23 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/toolbox.te:
--------------------------------------------------------------------------------
1 | allow toolbox init:fifo_file { write };
2 | allow toolbox init:fifo_file { getattr };
3 | allow toolbox ram_device:blk_file { write read open getattr };
4 |
5 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/ueventd.te:
--------------------------------------------------------------------------------
1 | allow ueventd metadata_file:dir search;
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/untrusted_app_25.te:
--------------------------------------------------------------------------------
1 | get_prop(untrusted_app_25, vendor_public_default_prop)
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/untrusted_app_29.te:
--------------------------------------------------------------------------------
1 | allow untrusted_app_29 hal_graphics_allocator_default_tmpfs:file { read write };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/update_engine.te:
--------------------------------------------------------------------------------
1 | allow update_engine system_app:binder { call transfer };
2 | allow update_engine dtbo_block_device:blk_file { open read write ioctl getattr };
3 | allow update_engine storage_file:dir { search read write };
4 | allow update_engine storage_file:lnk_file { read write };
5 | allow update_engine mnt_user_file:dir { search write };
6 | allow update_engine mnt_user_file:lnk_file { read write };
7 | allow update_engine sdcardfs:dir { search };
8 | allow update_engine sdcardfs:file { read open getattr };
9 | allow update_engine media_rw_data_file:file { read open getattr };
10 | allow update_engine loop_device:blk_file { open write };
11 | allow update_engine bootloader_block_device:blk_file { open read write ioctl getattr };
12 | allow update_engine proc_bootconfig:file { open read getattr };
13 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/update_engine_common.te:
--------------------------------------------------------------------------------
1 | allow update_engine_common vbmeta_block_device:blk_file rw_file_perms;
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/vendor_init.te:
--------------------------------------------------------------------------------
1 | allow vendor_init file_contexts_file:file { map };
2 | allow vendor_init cache_file:lnk_file { getattr read };
3 | allow vendor_init sysfs_block_devices:file { open write setattr };
4 | allow vendor_init proc_sysrq:file { write };
5 | allow vendor_init device:file { create write };
6 | allow vendor_init device:dir { setattr search };
7 | allow vendor_init proc_sched:file w_file_perms;
8 |
9 | set_prop(vendor_init, vendor_wc_prop)
10 | set_prop(vendor_init, vendor_usb_config_prop)
11 | set_prop(vendor_init, vendor_power_hal_prop)
12 | set_prop(vendor_init, vendor_bluetooth_prop)
13 | set_prop(vendor_init, vendor_public_default_prop)
14 | set_prop(vendor_init, vendor_public_default_prop)
15 | set_prop(vendor_init, system_prop)
16 | set_prop(vendor_init, vendor_logging_prop)
17 | set_prop(vendor_init, vendor_camera_prop)
18 |
19 | userdebug_or_eng(`
20 | set_prop(vendor_init, logpersistd_logging_prop)
21 | ')
22 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/vndservicemanager.te:
--------------------------------------------------------------------------------
1 | allow vndservicemanager runtime_event_log_tags_file:file { map };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/vold.te:
--------------------------------------------------------------------------------
1 | allow vold vendor_configs_file:file { map };
2 | allow vold proc_swaps:file { read open getattr };
3 | allow vold sysfs_block_devices:file {write};
4 | allow vold dumpstate:fd { use };
5 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/vold_prepare_subdirs.te:
--------------------------------------------------------------------------------
1 | allow vold_prepare_subdirs vendor_configs_file:file { map };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/vsidaemon.te:
--------------------------------------------------------------------------------
1 | type vsidaemon, domain;
2 | type vsidaemon_exec, exec_type, vendor_file_type, file_type;
3 |
4 | init_daemon_domain(vsidaemon)
5 |
6 | allow vsidaemon ueventd:fd { use };
7 | domain_auto_trans(kernel, shell_exec, ueventd)
8 | domain_auto_trans(ueventd, vsidaemon_exec, vsidaemon)
9 | allow ueventd vsidaemon_exec:file { getattr execute };
10 | allow ueventd kernel:fd { use };
11 |
12 | allow kernel shell_exec:file { read open execute };
13 | allow kernel vsi_daemon_ctrl_device:chr_file { open read write };
14 |
15 | allow vsidaemon ion_device:chr_file { open read write ioctl };
16 | allow vsidaemon video_device:chr_file { open read write ioctl map getattr };
17 | allow vsidaemon vsidaemon_exec:file { read open map getattr };
18 | allow vsidaemon vsi_daemon_ctrl_device:chr_file { open read write ioctl map getattr };
19 | allow vsidaemon vendor_data_file:dir { write };
20 |
21 |
22 | type vsi_data_file, file_type, data_file_type;
23 |
24 | allow vsidaemon vsi_data_file:dir { rw_dir_perms ra_dir_perms create_dir_perms };
25 | allow vsidaemon vsi_data_file:file { rw_file_perms create_file_perms };
26 | allow vsidaemon dmabuf_system_heap_device:chr_file { read write open ioctl };
27 | allow vsidaemon dmabuf_system_secure_heap_device:chr_file {read write open ioctl};
28 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/webview_zygote.te:
--------------------------------------------------------------------------------
1 | allow webview_zygote zygote:unix_dgram_socket { write };
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/wificond.te:
--------------------------------------------------------------------------------
1 | get_prop(wificond, vendor_public_default_prop)
2 |
--------------------------------------------------------------------------------
/common/imx8m/sepolicy/zygote.te:
--------------------------------------------------------------------------------
1 | get_prop(zygote, vendor_public_default_prop)
2 |
3 | allow zygote gpu_device:chr_file { read write open ioctl getattr };
4 | allow zygote storage_file:dir { getattr };
5 |
--------------------------------------------------------------------------------
/common/imx8m/tee-supplicant.rc:
--------------------------------------------------------------------------------
1 | service tee_supplicant /vendor/bin/tee-supplicant
2 | class main
3 | user root
4 | group shell
5 | oneshot
6 |
--------------------------------------------------------------------------------
/common/imx9/UbootKernelCommonConfig.mk:
--------------------------------------------------------------------------------
1 | TARGET_UBOOT_ARCH := arm64
2 |
3 |
--------------------------------------------------------------------------------
/common/imx9/com.example.android.systemupdatersample.xml:
--------------------------------------------------------------------------------
1 |
2 |
18 |
19 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/common/imx9/displayconfig/display_port_1.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
17 |
18 |
19 |
20 |
21 | 0.0
22 | 10.0
23 |
24 |
25 | 1.0
26 | 1000.0
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/adbd.te:
--------------------------------------------------------------------------------
1 | allow adbd vendor_configs_file:file { map };
2 | get_prop(adbd, vendor_usb_config_prop);
3 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/attributes:
--------------------------------------------------------------------------------
1 | hal_attribute(secure_enclave)
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/audioserver.te:
--------------------------------------------------------------------------------
1 | get_prop(audioserver, vendor_public_default_prop)
2 |
3 | allow audioserver rootfs:lnk_file { getattr };
4 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/bluetooth.te:
--------------------------------------------------------------------------------
1 | allow bluetooth storage_stub_file:dir { getattr };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/bootanim.te:
--------------------------------------------------------------------------------
1 | get_prop(bootanim, vendor_public_default_prop)
2 |
3 | allow bootanim ashmem_device:chr_file {execute};
4 | allow bootanim self:process execmem;
5 | allow bootanim rootfs:lnk_file {getattr};
6 | allow bootanim hal_graphics_allocator_default_tmpfs:file { read write map };
7 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/bootstat.te:
--------------------------------------------------------------------------------
1 | allow bootstat rootfs:lnk_file { getattr };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/cameraserver.te:
--------------------------------------------------------------------------------
1 | get_prop(cameraserver, vendor_public_default_prop)
2 |
3 | allow cameraserver sysfs:dir { read open };
4 | allow cameraserver gpu_device:chr_file { read open write ioctl map };
5 | allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind read };
6 | allow cameraserver tmpfs:dir { search };
7 | allow cameraserver pxp_device:chr_file { read write open ioctl };
8 | allow cameraserver external_camera_service:service_manager { find };
9 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/charger_vendor.te:
--------------------------------------------------------------------------------
1 | dontaudit charger_vendor default_prop:file r_file_perms;
2 | dontaudit charger_vendor sysfs:file r_file_perms;
3 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/device.te:
--------------------------------------------------------------------------------
1 | type caam_device, dev_type;
2 | type pxp_device, dev_type;
3 | type vbmeta_block_device, dev_type;
4 | type sysfs_usb_c, sysfs_type, fs_type;
5 | type sysfs_usb_device, sysfs_type, fs_type;
6 | type diag_device, dev_type, mlstrustedobject;
7 | type sysfs_block_devices, sysfs_type, fs_type;
8 | type mmc_rpmb_char_device, dev_type;
9 | type latency_device, dev_type;
10 | type emmc_boot0, dev_type;
11 | type sdcard, dev_type;
12 | type bootloader_block_device, dev_type;
13 | type fbmisc_block_device, dev_type;
14 | type logbuffer_device, dev_type;
15 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/dnsmasq.te:
--------------------------------------------------------------------------------
1 | allow dnsmasq property_socket:sock_file rw_file_perms;
2 | allow dnsmasq init:unix_stream_socket connectto;
3 | allow dnsmasq net_radio_prop:property_service set;
4 |
5 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/domain.te:
--------------------------------------------------------------------------------
1 | allow vold self:capability { setgid setuid };
2 | allow vold fuse_device:chr_file rw_file_perms;
3 | allow domain tty_device:chr_file rw_file_perms;
4 | allow domain gpu_device:dir { search };
5 | allow domain unlabeled:file { setattr getattr rename r_file_perms };
6 | allow domain unlabeled:dir { setattr getattr rename r_dir_perms };
7 | allow domain unlabeled:lnk_file { read };
8 | dontaudit domain kernel:system module_request;
9 |
10 | get_prop(domain, vendor_public_default_prop)
11 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/dumpstate.te:
--------------------------------------------------------------------------------
1 | allow dumpstate userdata_block_device:blk_file { getattr };
2 | allow dumpstate block_device:blk_file { getattr };
3 | allow dumpstate safemode_prop:file { getattr open };
4 | allow dumpstate mmc_prop:file { getattr open };
5 | allow dumpstate device_logging_prop:file { getattr open };
6 | allow dumpstate sysfs_block_devices:file { open read getattr };
7 | allow dumpstate debugfs_mmc:dir { search };
8 | allow dumpstate debugfs:dir { r_dir_perms };
9 | allow dumpstate debugfs_dma:dir { search };
10 | no_debugfs_restriction(`
11 | allow dumpstate debugfs_dma:file { read open getattr };
12 | ')
13 | allow dumpstate hal_power_default:binder { call };
14 |
15 | allow dumpstate console_device:chr_file { read write ioctl getattr };
16 | allow dumpstate fuse:dir { search };
17 |
18 | binder_call(dumpstate, hal_audio_default)
19 | binder_call(dumpstate, vold)
20 | binder_call(dumpstate, tee)
21 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/ele.te:
--------------------------------------------------------------------------------
1 | ##
2 | # i.MX EdgeLock Enclave (ele) daemon
3 | #
4 | type ele, domain;
5 |
6 | # Device node used for communicating with ELE
7 | type ele_device, dev_type;
8 |
9 | type ele_exec, exec_type, vendor_file_type, file_type;
10 | init_daemon_domain(ele)
11 |
12 | allow ele vendor_data_file:dir { write add_name };
13 | allow ele vendor_data_file:file { open write create read };
14 | allow ele fingerprint_vendor_data_file:dir rw_dir_perms;
15 | allow ele fingerprint_vendor_data_file:file create_file_perms;
16 | allow ele ele_device:chr_file { open read write ioctl };
17 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/ephemeral_app.te:
--------------------------------------------------------------------------------
1 | typeattribute ephemeral_app mlstrustedobject;
2 | allow ephemeral_app shell_data_file:dir { search };
3 | allow ephemeral_app device_state_service:service_manager { find };
4 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/fastbootd.te:
--------------------------------------------------------------------------------
1 | recovery_only(`
2 | allow fastbootd dtbo_block_device:blk_file { getattr r_file_perms w_file_perms ioctl };
3 | allow fastbootd boot_block_device:blk_file { getattr r_file_perms w_file_perms ioctl };
4 | allow fastbootd vbmeta_block_device:blk_file { getattr r_file_perms w_file_perms ioctl };
5 | allow fastbootd system_block_device:blk_file { getattr r_file_perms w_file_perms ioctl };
6 | allow fastbootd frp_block_device:blk_file { getattr };
7 | ')
8 |
9 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/file.te:
--------------------------------------------------------------------------------
1 | type mediadrm_vendor_data_file, file_type, data_file_type;
2 | type debugfs_dma, debugfs_type, fs_type;
3 | type sysfs_soc, sysfs_type, fs_type;
4 | type pps_socket, file_type;
5 | type vendor_hwc_file, file_type, data_file_type;
6 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/genfs_contexts:
--------------------------------------------------------------------------------
1 | genfscon nfs / u:object_r:rootfs:s0
2 | genfscon sysfs /class/typec u:object_r:sysfs_usb_c:s0
3 | genfscon sysfs /devices/virtual/power_supply/usb u:object_r:sysfs_batteryinfo:s0
4 | genfscon sysfs /devices/virtual/power_supply/battery u:object_r:sysfs_batteryinfo:s0
5 | genfscon sysfs /devices/platform/soc@0/soc@0:bus@30000000/30370000.snvs u:object_r:sysfs_rtc:s0
6 | genfscon sysfs /devices/platform/sound-ak4458/extcon u:object_r:sysfs_extcon:s0
7 | genfscon sysfs /devices/platform/sound-wm8960/extcon u:object_r:sysfs_extcon:s0
8 | genfscon sysfs /devices/platform/sound-wm8962/extcon u:object_r:sysfs_extcon:s0
9 | genfscon sysfs /devices/platform/3b6e8000.dsp/extcon u:object_r:sysfs_extcon:s0
10 | genfscon sysfs /devices/platform/rpmsg_audio/imx-audio-rpmsg.0.auto/extcon u:object_r:sysfs_extcon:s0
11 | genfscon sysfs /devices/platform/rpmsg_audio/imx-audio-rpmsg.1.auto/extcon u:object_r:sysfs_extcon:s0
12 | genfscon sysfs /devices/platform/rpmsg_audio/imx-audio-rpmsg.2.auto/extcon u:object_r:sysfs_extcon:s0
13 | genfscon sysfs /devices/platform/rpmsg_audio/imx-audio-rpmsg.4.auto/extcon u:object_r:sysfs_extcon:s0
14 | genfscon sysfs /devices/platform/rpmsg_audio/extcon u:object_r:sysfs_extcon:s0
15 | genfscon sysfs /devices/soc0 u:object_r:sysfs_soc:s0
16 | genfscon debugfs /dma_buf u:object_r:debugfs_dma:s0
17 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_audio_default.te:
--------------------------------------------------------------------------------
1 | allow hal_audio_default sysfs_wake_lock:file { open read write };
2 | allow hal_audio_default hal_audio_default:capability2 { block_suspend };
3 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_bluetooth_default.te:
--------------------------------------------------------------------------------
1 | allow hal_bluetooth_default sysfs:file { write };
2 | allow hal_bluetooth_default bluetooth_data_file:file { write read append getattr };
3 | allow hal_bluetooth_default hal_bluetooth_default:unix_stream_socket { ioctl };
4 |
5 | # vendor.wc_transport.start_hci and friends
6 | set_prop(hal_bluetooth_default, vendor_wc_prop)
7 | set_prop(hal_bluetooth_default, vendor_bluetooth_prop)
8 |
9 | # talk to system_server to set priority
10 | allow hal_bluetooth_default fwk_scheduler_hwservice:hwservice_manager {find};
11 | allow hal_bluetooth_default system_server:binder {call};
12 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_bootctl_default.te:
--------------------------------------------------------------------------------
1 | allow hal_bootctl_default proc:file { read open getattr };
2 | allow hal_bootctl_default rootfs:file { read open getattr };
3 | allow hal_bootctl_default sysfs:file { read open getattr };
4 | allow hal_bootctl_default sysfs:dir { read open getattr };
5 | allow hal_bootctl_default misc_block_device:blk_file { read open write };
6 | allow hal_bootctl_default block_device:dir { search };
7 | allow hal_bootctl_default proc_cmdline:file { getattr read open };
8 | allow hal_bootctl_default sysfs_dt_firmware_android:dir { search read open };
9 | allow hal_bootctl_default sysfs_dt_firmware_android:file { read open getattr };
10 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_camera_default.te:
--------------------------------------------------------------------------------
1 | type opencl_cache_file, file_type, data_file_type;
2 | hal_client_domain(hal_camera_default, hal_graphics_allocator);
3 |
4 | allow hal_camera_default vndbinder_device:chr_file { open read write ioctl map };
5 | allow hal_camera_default hal_camera_default:netlink_kobject_uevent_socket { create read setopt bind };
6 | allow hal_camera_default gpu_device:chr_file { open ioctl read write map getattr };
7 | allow hal_camera_default sysfs:dir { open read };
8 | allow hal_camera_default sysfs:file { open read getattr };
9 | allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
10 | allow hal_camera_default opencl_cache_file:dir create_dir_perms;
11 | allow hal_camera_default opencl_cache_file:file create_file_perms;
12 | allow hal_camera_default dmabuf_system_heap_device:chr_file {ioctl read open write };
13 | allow hal_camera_default system_data_file:dir { search };
14 | allow hal_camera_default dmabuf_system_secure_heap_device:chr_file { read };
15 | allow hal_camera_default hal_graphics_composer_default:fd { use };
16 |
17 | add_service(hal_camera_default, external_camera_service)
18 |
19 | set_prop(hal_camera_default, vendor_camera_prop)
20 | get_prop(hal_camera_default, vendor_camera_prop)
21 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_cas_default.te:
--------------------------------------------------------------------------------
1 | # Allow CAS HAL to use vendor-binder service
2 | vndbinder_use(hal_cas_default);
3 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_confirmationui.te:
--------------------------------------------------------------------------------
1 | type hal_confirmationui_impl, domain;
2 | hal_server_domain(hal_confirmationui_impl, hal_confirmationui)
3 |
4 | type hal_confirmationui_impl_exec, exec_type, vendor_file_type, file_type;
5 | init_daemon_domain(hal_confirmationui_impl)
6 |
7 | hal_client_domain(hal_confirmationui_impl, hal_graphics_composer)
8 |
9 | allow hal_confirmationui tee_device:chr_file {ioctl open read write};
10 | allow hal_confirmationui input_device:dir {read open search};
11 | allow hal_confirmationui input_device:chr_file {read write open ioctl};
12 | allow hal_confirmationui keystore:binder {call};
13 | allow hal_confirmationui ion_device:chr_file {read open ioctl};
14 | allow hal_confirmationui dmabuf_system_heap_device:chr_file { open ioctl read };
15 | allow hal_confirmationui_impl hal_graphics_composer_hwservice:hwservice_manager {find};
16 | allow hal_confirmationui_impl property_socket:sock_file { write };
17 | allow hal_confirmationui_impl init:unix_stream_socket { connectto };
18 | allow hal_confirmationui_impl vendor_public_default_prop:property_service { set };
19 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_drm_widevine.te:
--------------------------------------------------------------------------------
1 | type hal_drm_widevine_aidl, domain;
2 | hal_server_domain(hal_drm_widevine_aidl, hal_drm)
3 | hal_client_domain(hal_drm_widevine_aidl, hal_power)
4 |
5 | type hal_drm_widevine_aidl_exec, exec_type, vendor_file_type, file_type;
6 | init_daemon_domain(hal_drm_widevine_aidl)
7 |
8 | allow hal_drm_widevine_aidl mediadrm_vendor_data_file:dir create_dir_perms;
9 | allow hal_drm_widevine_aidl mediadrm_vendor_data_file:file create_file_perms;
10 | allow hal_drm_widevine_aidl vndbinder_device:chr_file { open read write ioctl map };
11 | allow hal_drm_widevine_aidl { appdomain -isolated_app }:fd use;
12 | allow hal_drm_widevine_aidl mediacodec:fd use;
13 | allow hal_drm_widevine_aidl hal_allocator_server:fd use;
14 | allow hal_drm_widevine_aidl dmabuf_system_heap_device:chr_file {read open ioctl write};
15 |
16 | allow hal_drm_widevine_aidl hal_drm_service:service_manager {add};
17 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_dumpstate_impl.te:
--------------------------------------------------------------------------------
1 | type hal_dumpstate_impl, domain;
2 | hal_server_domain(hal_dumpstate_impl, hal_dumpstate)
3 |
4 | type hal_dumpstate_impl_exec, exec_type, vendor_file_type, file_type;
5 | init_daemon_domain(hal_dumpstate_impl)
6 |
7 | allow hal_dumpstate_impl vendor_shell_exec:file rx_file_perms;
8 | allow hal_dumpstate_impl vendor_toolbox_exec:file rx_file_perms;
9 |
10 | allow hal_dumpstate_impl sysfs:file { open read getattr };
11 | allow hal_dumpstate_impl sysfs:dir { open read };
12 | allow hal_dumpstate_impl sysfs_batteryinfo:file { open read getattr };
13 | allow hal_dumpstate_impl sysfs_batteryinfo:dir { read search };
14 | allow hal_dumpstate_impl shell_data_file:file { read getattr };
15 | no_debugfs_restriction(`
16 | allow hal_dumpstate_impl debugfs_dma:file { read open };
17 | ')
18 | allow hal_dumpstate_impl debugfs_dma:dir { read search};
19 |
20 | set_prop(hal_dumpstate_impl, vendor_logging_prop);
21 |
22 | allow hal_dumpstate_impl aac_drc_prop:file { open getattr map };
23 | allow hal_dumpstate_impl ab_update_gki_prop:file { open getattr };
24 |
25 | binder_call(servicemanager, hal_dumpstate_impl)
26 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_graphics_allocator_default.te:
--------------------------------------------------------------------------------
1 | typeattribute hal_graphics_allocator_default_tmpfs mlstrustedobject;
2 | allow hal_graphics_allocator_default dmabuf_system_heap_device:chr_file { read open ioctl };
3 | allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file { read open ioctl };
4 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_graphics_composer_default.te:
--------------------------------------------------------------------------------
1 | vndbinder_use(hal_graphics_composer_default);
2 | hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
3 |
4 | allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
5 | allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
6 | allow hal_graphics_composer_default gpu_device:dir { search read open watch };
7 | allow hal_graphics_composer_default sysfs:dir { read open };
8 | allow hal_graphics_composer_default sysfs:file { read open getattr write };
9 | allow hal_graphics_composer_default ion_device:chr_file { write };
10 | allow hal_graphics_composer_default sysfs_leds:dir { search };
11 | allow hal_graphics_composer_default sysfs_leds:file { getattr open read write };
12 | allow hal_graphics_composer_default hal_graphics_allocator_default_tmpfs:file { read write map };
13 | allow hal_graphics_composer_default tee_device:chr_file { open read write ioctl };
14 | allow hal_graphics_composer_default dmabuf_system_heap_device:chr_file { read write open ioctl };
15 | allow hal_graphics_composer_default dmabuf_system_secure_heap_device:chr_file { read open ioctl };
16 | # allow HWC to write log/dump file
17 | allow hal_graphics_composer_default vendor_hwc_file:dir rw_dir_perms;
18 | allow hal_graphics_composer_default vendor_hwc_file:file create_file_perms;
19 |
20 | set_prop(hal_graphics_composer_default, vendor_public_default_prop)
21 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_health_default.te:
--------------------------------------------------------------------------------
1 | # Allow alarmtimers to be set
2 | allow hal_health_default self:capability2 { wake_alarm };
3 | allow hal_health_default sysfs_batteryinfo:file rw_file_perms;
4 | allow hal_health_default sysfs_block_devices:file rw_file_perms;
5 | allow hal_health_default sysfs_block_devices:dir search;
6 | allow hal_health_default sysfs:file rw_file_perms;
7 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_light_default.te:
--------------------------------------------------------------------------------
1 | allow hal_light_default sysfs:file { read };
2 | allow hal_light_default sysfs:file { open };
3 | allow hal_light_default sysfs:file { getattr };
4 | allow hal_light_default sysfs:file { write };
5 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_neuralnetworks_imx.te:
--------------------------------------------------------------------------------
1 | type hal_neuralnetworks_imx, domain;
2 | hal_server_domain(hal_neuralnetworks_imx, hal_neuralnetworks)
3 |
4 | type hal_neuralnetworks_imx_exec, exec_type, vendor_file_type, file_type;
5 | init_daemon_domain(hal_neuralnetworks_imx)
6 | hal_client_domain(hal_neuralnetworks_imx, hal_graphics_allocator);
7 |
8 | allow hal_neuralnetworks_imx opencl_cache_file:dir create_dir_perms;
9 | allow hal_neuralnetworks_imx opencl_cache_file:file { create write open lock getattr read unlink map };
10 | allow hal_neuralnetworks_imx gpu_device:chr_file { open ioctl read write map getattr };
11 | allow hal_neuralnetworks_imx graphics_device:dir { search };
12 | allow hal_neuralnetworks_imx hal_graphics_mapper_hwservice:hwservice_manager { find };
13 | allow hal_neuralnetworks_imx hal_graphics_allocator_default:fd { use };
14 | allow hal_neuralnetworks_imx ion_device:chr_file { open read ioctl };
15 | allow hal_neuralnetworks_imx hal_graphics_allocator_default:binder { call };
16 | allow hal_neuralnetworks_imx default_prop:file { getattr map };
17 | allow hal_neuralnetworks_imx hal_graphics_allocator_default_tmpfs:file { read write map };
18 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_oemlock.te:
--------------------------------------------------------------------------------
1 | type hal_oemlock_impl, domain;
2 | hal_server_domain(hal_oemlock_impl, hal_oemlock)
3 |
4 | type hal_oemlock_impl_exec, exec_type, vendor_file_type, file_type;
5 | init_daemon_domain(hal_oemlock_impl)
6 |
7 | allow hal_oemlock tee_device:chr_file {ioctl open read write};
8 |
9 | allow hal_oemlock_impl block_device:file {open read write ioctl getattr};
10 | allow hal_oemlock_impl block_device:dir {search open read write};
11 | allow hal_oemlock_impl fbmisc_block_device:blk_file {open read write ioctl getattr};
12 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_power_default.te:
--------------------------------------------------------------------------------
1 | allow hal_power_default sysfs_devices_system_cpu:file { write };
2 | allow hal_power_default property_socket:sock_file { write };
3 | allow hal_power_default init:unix_stream_socket { connectto };
4 | allow hal_power_default latency_device:chr_file rw_file_perms;
5 | allow hal_power_default device:file rw_file_perms;
6 | set_prop(hal_power_default, vendor_power_hal_prop)
7 | get_prop(hal_power_default, vendor_power_hal_prop)
8 | # Rule for hal_power_default to access graphics composer process
9 | unix_socket_connect(hal_power_default, pps, hal_graphics_composer_default);
10 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_secure_enclave.te:
--------------------------------------------------------------------------------
1 | binder_call(hal_secure_enclave_client, hal_secure_enclave_server)
2 | hal_attribute_service(hal_secure_enclave, hal_secure_enclave_service)
3 | binder_call(hal_secure_enclave_server, servicemanager)
4 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_secure_enclave_default.te:
--------------------------------------------------------------------------------
1 | type hal_secure_enclave_default, domain;
2 | hal_server_domain(hal_secure_enclave_default, hal_secure_enclave)
3 |
4 | type hal_secure_enclave_default_exec, exec_type, vendor_file_type, file_type;
5 | init_daemon_domain(hal_secure_enclave_default)
6 |
7 | add_service(hal_secure_enclave_default, hal_secure_enclave_service)
8 |
9 | binder_use(hal_secure_enclave_service)
10 | binder_call(hal_secure_enclave_service, servicemanager)
11 |
12 | allow hal_secure_enclave_default ele_device:chr_file { read write open ioctl };
13 | allow hal_secure_enclave_default vndbinder_device:chr_file { read write open ioctl map };
14 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_sensors_default.te:
--------------------------------------------------------------------------------
1 | allow hal_sensors_default input_device:dir { read } ;
2 | allow hal_sensors_default sysfs:dir { read open } ;
3 | allow hal_sensors_default input_device:dir { open search } ;
4 | allow hal_sensors_default input_device:chr_file { ioctl read open } ;
5 | allow hal_sensors_default sysfs:chr_file { open } ;
6 | allow hal_sensors_default sysfs:file { open read write getattr ioctl };
7 | allow hal_sensors_default device:dir { open read };
8 | allow hal_sensors_default sensors_device:chr_file { open read };
9 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_thermal_default.te:
--------------------------------------------------------------------------------
1 | allow hal_thermal_default self:netlink_kobject_uevent_socket { read create setopt getopt bind } ;
2 | allow hal_thermal_default sysfs:file { read open write getattr };
3 | allow hal_thermal_default sysfs:dir { read open };
4 | allow hal_thermal_default sysfs_devices_system_cpu:file { write };
5 | allow hal_thermal_default proc_stat:file {read open getattr};
6 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_usb_default.te:
--------------------------------------------------------------------------------
1 | allow hal_usb_default sysfs_usb_c:dir r_dir_perms;
2 | allow hal_usb_default sysfs_usb_c:lnk_file read;
3 | allow hal_usb_default sysfs_usb_c:file rw_file_perms;
4 | allow hal_usb_default sysfs:file { create } ;
5 |
6 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_usb_impl.te:
--------------------------------------------------------------------------------
1 | type hal_usb_impl, domain;
2 | hal_server_domain(hal_usb_impl, hal_usb)
3 | hal_server_domain(hal_usb_impl, hal_usb_gadget)
4 |
5 | type hal_usb_impl_exec, exec_type, vendor_file_type, file_type;
6 | init_daemon_domain(hal_usb_impl)
7 |
8 | r_dir_file(hal_usb_impl, sysfs_usb_c)
9 | allow hal_usb_impl sysfs_usb_c:file w_file_perms;
10 | allow hal_usb_impl sysfs_usb_device:dir r_dir_perms;
11 | allow hal_usb_impl sysfs_usb_device:file rw_file_perms;
12 | allow hal_usb_impl configfs:file create_file_perms;
13 | allow hal_usb_impl configfs:dir create_dir_perms;
14 | allow hal_usb_impl device:file { write open };
15 | allow hal_usb_impl functionfs:dir { watch watch_reads };
16 |
17 | allow hal_usb_impl ctl_start_prop:property_service { set };
18 | allow hal_usb_impl ctl_stop_prop:property_service { set };
19 | wakelock_use(hal_usb_impl)
20 | set_prop(hal_usb_impl, vendor_usb_config_prop)
21 |
22 | # TODO: Now sysfs_udc label is defined in platform private/file.te.
23 | # Starting from board api level 202504, the definition in public/file.te
24 | # takes effect, at that time sysfs_type below may be changed to sysfs_udc
25 | allow hal_usb_impl sysfs_type:dir search;
26 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_wifi_default.te:
--------------------------------------------------------------------------------
1 | allow hal_wifi_default sysfs:file { write };
2 | set_prop(hal_wifi_default, vendor_wifi_version);
3 | allow hal_wifi_default proc:file { getattr open read write };
4 | allow hal_wifi_default vendor_data_file:dir { create_file_perms rw_file_perms add_name };
5 | allow hal_wifi_default vendor_data_file:file { create open write read append getattr };
6 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hal_wifi_supplicant_default.te:
--------------------------------------------------------------------------------
1 | allow hal_wifi_supplicant_default proc_net:file { write } ;
2 | get_prop(hal_wifi_supplicant_default, vendor_public_default_prop)
3 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/hwservicemanager.te:
--------------------------------------------------------------------------------
1 | allow hwservicemanager securedisplayd:binder {transfer};
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/init-insmod-sh.te:
--------------------------------------------------------------------------------
1 | type init-insmod-sh, domain;
2 | type init-insmod-sh_exec, exec_type, vendor_file_type, file_type;
3 |
4 | init_daemon_domain(init-insmod-sh)
5 |
6 | set_prop(init-insmod-sh, vendor_public_default_prop)
7 |
8 | allow init-insmod-sh vendor_shell_exec:file rx_file_perms;
9 | allow init-insmod-sh vendor_toolbox_exec:file rx_file_perms;
10 |
11 | # Allow insmod
12 | allow init-insmod-sh self:capability sys_module;
13 | allow init-insmod-sh system_file:system module_load;
14 |
15 | allow init-insmod-sh vendor_file:system module_load;
16 |
17 | allow init-insmod-sh vendor_wc_prop:property_service { set };
18 | allow init-insmod-sh proc_cmdline:file { read open getattr };
19 |
20 | allow init-insmod-sh system_dlkm_file:dir r_dir_perms;
21 | allow init-insmod-sh system_dlkm_file:file r_file_perms;
22 | allow init-insmod-sh system_dlkm_file:system module_load;
23 | allow init-insmod-sh self:key write;
24 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/init.te:
--------------------------------------------------------------------------------
1 | allow init cache_file:dir { mounton };
2 | allow init asec_apk_file:dir { mounton };
3 | allow init socket_device:sock_file { setattr create };
4 | allow init tmpfs:lnk_file { create };
5 | allow init storage_file:dir { mounton };
6 | allow init block_device:blk_file { write };
7 | allow init sysfs_devices_system_cpu:file { create };
8 | allow init configfs:dir { write add_name remove_name create };
9 | allow init configfs:file { write create };
10 | allow init configfs:lnk_file { create unlink };
11 | allow init block_device:chr_file { getattr ioctl };
12 | allow init userdata_block_device:blk_file { open read write ioctl getattr };
13 | allow init ram_device:blk_file { write };
14 | allow init sysfs:file { create };
15 | allow init boot_block_device:lnk_file { relabelto };
16 | allow init vbmeta_block_device:lnk_file { relabelto };
17 | allow init dtbo_block_device:lnk_file { relabelto };
18 | allow init sysfs_dm:file { write open };
19 | allow init sysfs_devices_system_cpu:file { write };
20 | allow init sysfs_block_devices:file { open write setattr };
21 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/install_recovery.te:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/imx9/sepolicy/install_recovery.te
--------------------------------------------------------------------------------
/common/imx9/sepolicy/installd.te:
--------------------------------------------------------------------------------
1 | allow installd vendor_configs_file:file { map };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/kernel.te:
--------------------------------------------------------------------------------
1 | allow kernel self:capability { mknod };
2 | allow kernel fuse:file rw_file_perms;
3 | allow kernel fuse:dir rw_dir_perms;
4 | allow kernel device:dir { add_name write create remove_name rmdir };
5 | allow kernel device:chr_file { create setattr getattr unlink };
6 | allow kernel sysfs:blk_file { create setattr };
7 | allow kernel sysfs_devices_system_cpu:file { write };
8 | allow kernel mediaprovider:fd use;
9 | allow kernel vendor_file:file { read open map getattr };
10 | allow kernel vendor_file:dir { read };
11 | allow kernel rootfs:file { execute };
12 | allow kernel vendor_configs_file:file { map };
13 | allow kernel vold_data_file:file { write };
14 | dontaudit kernel device:blk_file { create };
15 |
16 | allow kernel shell_exec:file { read open execute map getattr };
17 | domain_auto_trans(kernel, shell_exec, ueventd)
18 | allow ueventd kernel:fd { use };
19 | allow kernel init-insmod-sh:key { search };
20 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/logd.te:
--------------------------------------------------------------------------------
1 | allow logd init:unix_stream_socket { connectto };
2 | allow logd property_socket:sock_file { write };
3 |
4 | r_dir_file(logd, logbuffer_device)
5 | allow logd logbuffer_device:chr_file r_file_perms;
6 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/mediacodec.te:
--------------------------------------------------------------------------------
1 | allow mediacodec sysfs:file { read write open getattr };
2 | allow mediacodec tmpfs:dir { search write add_name create};
3 | allow mediacodec tmpfs:file { create open read write };
4 | allow mediacodec audio_device:chr_file { open ioctl map read write };
5 | allow mediacodec debugfs_tracing:file { write open };
6 | allow mediacodec rootfs:lnk_file { getattr };
7 | allow mediacodec video_device:dir { search write add_name create};
8 | allow mediacodec video_device:file { create open read write setattr };
9 | allow mediacodec video_device:chr_file { create open read write setattr };
10 | allow mediacodec video_device:fifo_file create_file_perms;
11 | allow mediacodec video_device:fifo_file rw_file_perms;
12 | allow mediacodec system_file:dir r_dir_perms;
13 | allow mediacodec sysfs_soc:dir { read open search };
14 | allow mediacodec sysfs_soc:file { open read getattr };
15 | allow mediacodec tee_device:chr_file { open read write ioctl };
16 | allow mediacodec dmabuf_heap_device:chr_file { open ioctl map read write };
17 | allow mediacodec dmabuf_heap_device:dir { read open search };
18 | allow mediacodec dmabuf_system_heap_device:chr_file { open ioctl map read write };
19 | allow mediacodec dmabuf_system_heap_device:dir { read open search };
20 |
21 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/mediaextractor.te:
--------------------------------------------------------------------------------
1 | allow mediaextractor system_server:fifo_file { write };
2 | allow mediaextractor sdcardfs:file { read getattr};
3 | allow mediaextractor vendor_file:dir { read open };
4 | allow mediaextractor vfat:file rw_file_perms;
5 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/mediaprovider.te:
--------------------------------------------------------------------------------
1 | get_prop(mediaprovider, vendor_public_default_prop)
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/mediaserver.te:
--------------------------------------------------------------------------------
1 | get_prop(mediaserver, vendor_public_default_prop)
2 |
3 | allow mediaserver tmpfs:dir rw_dir_perms;
4 | allow mediaserver tmpfs:file rw_file_perms;
5 | allow mediaserver mediaserver:netlink_kobject_uevent_socket { create setopt bind read };
6 | allow mediaserver sysfs_soc:file r_file_perms;
7 | allow mediaserver sysfs_soc:dir { read open search };
8 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/mediaswcodec.te:
--------------------------------------------------------------------------------
1 | allow mediaswcodec gpu_device:chr_file { read open write ioctl map };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/modprobe.te:
--------------------------------------------------------------------------------
1 | allow modprobe vendor_file:system { module_load };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/netd.te:
--------------------------------------------------------------------------------
1 | allow netd netd:capability { sys_module };
2 | allow netd proc_net:file { create };
3 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/platform_app.te:
--------------------------------------------------------------------------------
1 | allow platform_app hal_graphics_allocator_default_tmpfs:file { read write map };
2 |
3 | get_prop(platform_app, vendor_public_default_prop)
4 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/postinstall.te:
--------------------------------------------------------------------------------
1 | # to access ro.boot.soc_type and ro.boot.boot_device_root
2 | # and ro.boot.soc_rev
3 | get_prop(postinstall, vendor_public_default_prop);
4 |
5 | # to search block device files under /dev/block directory
6 | allow postinstall block_device:dir { search };
7 |
8 | allow postinstall emmc_boot0:blk_file { rw_file_perms };
9 | allow postinstall sdcard:blk_file { rw_file_perms };
10 |
11 | allow postinstall sysfs_block_devices:dir { search };
12 | allow postinstall sysfs_block_devices:file { rw_file_perms };
13 |
14 | allow postinstall proc:dir { search };
15 | allow postinstall proc_drop_caches:file { w_file_perms };
16 |
17 | allow postinstall bootloader_block_device:blk_file { open read write ioctl getattr };
18 |
19 | allow postinstall dek_extractor_service:service_manager { find };
20 | allow postinstall tee:binder { call };
21 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/priv_app.te:
--------------------------------------------------------------------------------
1 | allow priv_app update_engine_service:service_manager find;
2 | allow priv_app update_engine:binder { call };
3 | allow priv_app ota_package_file:dir rw_dir_perms;
4 | allow priv_app ota_package_file:file create_file_perms;
5 | allow priv_app hal_graphics_allocator_default_tmpfs:file { read write map };
6 |
7 | get_prop(priv_app, vendor_public_default_prop)
8 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/proc_net.te:
--------------------------------------------------------------------------------
1 | allow proc_net proc:filesystem { associate };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/profman.te:
--------------------------------------------------------------------------------
1 | allow profman runtime_event_log_tags_file:file {map};
2 | allow profman apk_data_file:file {map};
3 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/property.te:
--------------------------------------------------------------------------------
1 | vendor_internal_prop(vendor_wc_prop)
2 | vendor_restricted_prop(vendor_usb_config_prop)
3 | vendor_internal_prop(vendor_power_hal_prop)
4 | vendor_internal_prop(vendor_bluetooth_prop)
5 | vendor_restricted_prop(vendor_public_default_prop)
6 | vendor_internal_prop(vendor_wifi_version)
7 | vendor_internal_prop(vendor_logging_prop)
8 | vendor_internal_prop(vendor_camera_prop)
9 | vendor_internal_prop(vendor_trusty_storage_prop)
10 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/recovery.te:
--------------------------------------------------------------------------------
1 | recovery_only(`
2 | allow recovery block_device:chr_file {getattr read write open ioctl};
3 | allow recovery block_device:dir { read write open ioctl add_name};
4 | allow recovery block_device:file { read write open ioctl create};
5 | allow recovery self:capability {sys_resource};
6 | allow recovery cache_file:dir { mounton };
7 | allow recovery debug_prop:property_service { set };
8 | ')
9 |
10 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/securedisplayd.te:
--------------------------------------------------------------------------------
1 | type securedisplayd, domain;
2 | type securedisplayd_exec, exec_type, vendor_file_type, file_type;
3 |
4 | init_daemon_domain(securedisplayd)
5 | hal_server_domain(securedisplayd, hal_graphics_composer)
6 | binder_use(securedisplayd)
7 |
8 | allow securedisplayd tee_device:chr_file {ioctl open read write};
9 | allow securedisplayd ion_device:chr_file {ioctl open read write};
10 | allow securedisplayd gpu_device:chr_file {ioctl open read write};
11 | allow securedisplayd hwservicemanager_prop:file {map open read getattr};
12 | allow securedisplayd hwservicemanager:binder {call transfer};
13 | allow securedisplayd hal_graphics_composer_default:binder {call};
14 | allow securedisplayd hal_graphics_composer_hwservice:hwservice_manager {find};
15 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/sensors.te:
--------------------------------------------------------------------------------
1 | # Integrated qualcomm sensor process
2 | type sensors, domain;
3 | type sensors_exec, exec_type, vendor_file_type, file_type;
4 |
5 | # Started by init
6 | init_daemon_domain(sensors)
7 |
8 | # Change own perms to (nobody,nobody)
9 | allow sensors self:capability { setuid setgid };
10 | # Chown /data/misc/sensors/debug/ to nobody
11 | allow sensors self:capability chown;
12 | dontaudit sensors self:capability fsetid;
13 |
14 | # Access sensor nodes (/dev/msm_dsps)
15 | allow sensors sensors_device:chr_file rw_file_perms;
16 |
17 |
18 | # Wake lock access
19 | wakelock_use(sensors)
20 |
21 | allow sensors cgroup:dir { create add_name };
22 | allow sensors input_device:chr_file rw_file_perms;
23 | allow sensors input_device:dir r_dir_perms;
24 | allow sensors uhid_device:chr_file rw_file_perms;
25 | allow sensors device:dir { open read };
26 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/service.te:
--------------------------------------------------------------------------------
1 | type external_camera_service, service_manager_type;
2 | type dek_extractor_service, service_manager_type;
3 | type hal_secure_enclave_service, protected_service, hal_service_type, service_manager_type;
4 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/service_contexts:
--------------------------------------------------------------------------------
1 | android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0
2 | android.hardware.camera.provider.ICameraProvider/external/0 u:object_r:external_camera_service:s0
3 | nxp.hardware.imx_dek_extractor.IDek_Extractor/default u:object_r:dek_extractor_service:s0
4 | android.hardware.neuralnetworks.IDevice/nnapi-imx_sl u:object_r:hal_neuralnetworks_service:s0
5 | mapper/imx u:object_r:hal_graphics_mapper_service:s0
6 | android.hardware.bluetooth.IBluetoothHci/default u:object_r:hal_bluetooth_service:s0
7 | nxp.hardware.ele.ISecureEnclave/default u:object_r:hal_secure_enclave_service:s0
8 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/shell.te:
--------------------------------------------------------------------------------
1 | allow shell proc_uid_cputime_showstat:file { getattr read open };
2 | allow shell proc_uid_cputime_removeuid:file { getattr read open };
3 | allow shell unlabeled:lnk_file { read };
4 | allow shell system_data_file:file { read };
5 | allow shell rootfs:file { getattr };
6 | allow shell block_device:dir { search };
7 | allow shell kernel:process { setsched };
8 | dontaudit shell self:capability { dac_override };
9 | allow shell vendor_file:file { read execute open getattr };
10 | allow shell system_prop:property_service { set };
11 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/surfaceflinger.te:
--------------------------------------------------------------------------------
1 | allow surfaceflinger debug_prop:property_service { set };
2 | allow surfaceflinger ashmem_device:chr_file {execute};
3 | allow surfaceflinger self:process execmem;
4 | allow surfaceflinger hal_graphics_allocator_default_tmpfs:file { read write getattr map };
5 |
6 | get_prop(surfaceflinger, vendor_public_default_prop)
7 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/system_app.te:
--------------------------------------------------------------------------------
1 | allow system_app system_app_data_file:notdevfile_class_set rw_file_perms;
2 | allow system_app cache_recovery_file:dir { search write add_name };
3 | allow system_app cache_recovery_file:file { create write open };
4 | allow system_app cache_file:dir { rw_file_perms add_name create };
5 | allow system_app cache_file:file { rw_file_perms create };
6 | allow system_app caam_device:chr_file rw_file_perms;
7 | allow system_app net_radio_prop:property_service { set };
8 | allow system_app net_radio_prop:property_service { set };
9 | allow system_app ctl_default_prop:property_service { set };
10 | allow system_app dhcp_prop:property_service { set };
11 | allow system_app update_engine:binder { call transfer };
12 | allow system_app fs_bpf:dir { search };
13 | allow system_app hal_graphics_allocator_default_tmpfs:file { read write map };
14 | allow system_app hal_secure_enclave_default:binder { call transfer };
15 |
16 | get_prop(system_app, vendor_public_default_prop)
17 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/tee.te:
--------------------------------------------------------------------------------
1 | # secure-os storage-daemon
2 |
3 | allow tee self:capability { setuid setgid sys_rawio };
4 |
5 | # secure os communication
6 | # in global tee.te
7 |
8 | # rpmb operations
9 | allow tee block_device:dir { search };
10 | allow tee mmc_rpmb_char_device:chr_file rw_file_perms;
11 | allow tee tee_data_file:dir create_dir_perms;
12 |
13 | # trusty_apploader operations
14 | allow tee vendor_file:file { read open map };
15 | allow tee dmabuf_system_heap_device:chr_file { read open ioctl };
16 | allow tee dmabuf_system_secure_heap_device:chr_file { read open ioctl };
17 | allow tee metadata_file:dir { search };
18 | allow tee gsi_metadata_file:dir { search };
19 |
20 | allow tee dek_extractor_service:service_manager { add };
21 | allow tee servicemanager:binder { call transfer };
22 |
23 | allow tee video_device:chr_file { open read write };
24 |
25 | set_prop(tee, vendor_trusty_storage_prop)
26 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/toolbox.te:
--------------------------------------------------------------------------------
1 | allow toolbox init:fifo_file { write };
2 | allow toolbox init:fifo_file { getattr };
3 | allow toolbox ram_device:blk_file { write read open getattr };
4 |
5 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/untrusted_app_25.te:
--------------------------------------------------------------------------------
1 | get_prop(untrusted_app_25, vendor_public_default_prop)
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/untrusted_app_29.te:
--------------------------------------------------------------------------------
1 | allow untrusted_app_29 hal_graphics_allocator_default_tmpfs:file { read write map };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/update_engine.te:
--------------------------------------------------------------------------------
1 | allow update_engine system_app:binder { call transfer };
2 | allow update_engine dtbo_block_device:blk_file { open read write ioctl getattr };
3 | allow update_engine storage_file:dir { search read write };
4 | allow update_engine storage_file:lnk_file { read write };
5 | allow update_engine mnt_user_file:dir { search write };
6 | allow update_engine mnt_user_file:lnk_file { read write };
7 | allow update_engine sdcardfs:dir { search };
8 | allow update_engine sdcardfs:file { read open getattr };
9 | allow update_engine media_rw_data_file:file { read open getattr };
10 | allow update_engine loop_device:blk_file { open write };
11 | allow update_engine bootloader_block_device:blk_file { open read write ioctl getattr };
12 | allow update_engine proc_bootconfig:file { open read getattr };
13 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/update_engine_common.te:
--------------------------------------------------------------------------------
1 | allow update_engine_common vbmeta_block_device:blk_file rw_file_perms;
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/vendor_init.te:
--------------------------------------------------------------------------------
1 | allow vendor_init file_contexts_file:file { map };
2 | allow vendor_init cache_file:lnk_file { getattr read };
3 | allow vendor_init sysfs_block_devices:file { open write setattr };
4 | allow vendor_init proc_sysrq:file { write };
5 | allow vendor_init device:file { create write };
6 | allow vendor_init device:dir { setattr search };
7 | allow vendor_init proc_sched:file w_file_perms;
8 |
9 | set_prop(vendor_init, vendor_wc_prop)
10 | set_prop(vendor_init, vendor_usb_config_prop)
11 | set_prop(vendor_init, vendor_power_hal_prop)
12 | set_prop(vendor_init, vendor_bluetooth_prop)
13 | set_prop(vendor_init, vendor_public_default_prop)
14 | set_prop(vendor_init, vendor_public_default_prop)
15 | set_prop(vendor_init, system_prop)
16 | set_prop(vendor_init, vendor_logging_prop)
17 | set_prop(vendor_init, vendor_camera_prop)
18 |
19 | userdebug_or_eng(`
20 | set_prop(vendor_init, logpersistd_logging_prop)
21 | ')
22 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/vndservicemanager.te:
--------------------------------------------------------------------------------
1 | allow vndservicemanager runtime_event_log_tags_file:file { map };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/vold.te:
--------------------------------------------------------------------------------
1 | allow vold vendor_configs_file:file { map };
2 | allow vold proc_swaps:file { read open getattr };
3 | allow vold sysfs_block_devices:file {write};
4 | allow vold dumpstate:fd { use };
5 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/vold_prepare_subdirs.te:
--------------------------------------------------------------------------------
1 | allow vold_prepare_subdirs vendor_configs_file:file { map };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/webview_zygote.te:
--------------------------------------------------------------------------------
1 | allow webview_zygote zygote:unix_dgram_socket { write };
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/wificond.te:
--------------------------------------------------------------------------------
1 | get_prop(wificond, vendor_public_default_prop)
2 |
--------------------------------------------------------------------------------
/common/imx9/sepolicy/zygote.te:
--------------------------------------------------------------------------------
1 | get_prop(zygote, vendor_public_default_prop)
2 |
3 | allow zygote gpu_device:chr_file { read write open ioctl getattr };
4 | allow zygote storage_file:dir { getattr };
5 |
--------------------------------------------------------------------------------
/common/imx_path/ImxPathConfig.mk:
--------------------------------------------------------------------------------
1 | # config.mk
2 | #
3 | # Product-specific compile-time definitions.
4 | #
5 |
6 | FSL_PROPRIETARY_PATH := vendor/nxp
7 | LINUX_FIRMWARE_PATH := vendor/nxp
8 | FSL_CODEC_PATH := vendor/nxp
9 | FSL_IMX_OMX_PATH := vendor/nxp
10 | IMX_FIRMWARE_PATH := vendor/nxp
11 | IMX_G2D_PXP_PATH := vendor/nxp
12 | IMX_VPU_CNM_PATH := vendor/nxp
13 | IMX_VPU_HANTRO_PATH := vendor/nxp
14 | LINUX_FIRMWARE_IMX_PATH := vendor/nxp
15 | IMX_MCU_SDK_PATH := vendor/nxp
16 | IMX_ANDROID_MM_PATH := vendor/nxp
17 | IMX_MEDIA_CODEC_XML_PATH:= vendor/nxp/imx_android_mm
18 | IMX_WSI_ALLOC_PATH := vendor/nxp/wsialloc
19 |
20 | FSL_RESTRICTED_CODEC_PATH := vendor/nxp-private
21 | GPU_VIV6_PATH := vendor/nxp-private
22 | VVCAM_PATH := vendor/nxp-opensource/verisilicon_sw_isp_vvcam
23 | MXMWIFI_PATH := vendor/nxp-opensource/nxp-mwifiex
24 | RESTRICTED_APP_PATH := vendor/nxp-private
25 | IMX_SECURITY_PATH := vendor/nxp-private/security
26 |
27 | ATF_IMX_PATH := vendor/ezurio
28 | KERNEL_IMX_PATH := vendor/ezurio
29 | UBOOT_IMX_PATH := vendor/ezurio
30 | IMX_LIB_PATH := vendor/nxp-opensource
31 | IMX_MKIMAGE_PATH := vendor/nxp-opensource
32 | IMX_PATH := vendor/nxp-opensource
33 | FSL_IMX_DEMO_PATH := vendor/nxp-opensource
34 | LIBDRM_IMX := vendor/nxp-opensource
35 |
--------------------------------------------------------------------------------
/common/input/eGalax_Touch_Screen.idc:
--------------------------------------------------------------------------------
1 | touch.deviceType = touchScreen
2 | touch.orientationAware = 1
3 |
4 | touch.size.calibration = none
5 | touch.orientation.calibration = none
6 |
--------------------------------------------------------------------------------
/common/kernel-headers/linux/dma-buf-imx.h:
--------------------------------------------------------------------------------
1 | /*
2 | * This file is auto-generated. Modifications will be lost.
3 | *
4 | * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/
5 | * for more information.
6 | */
7 | #ifndef _LINUX_DMABUF_IMX_H
8 | #define _LINUX_DMABUF_IMX_H
9 | #include
10 | struct dmabuf_imx_phys_data {
11 | __u32 dmafd;
12 | __u64 phys;
13 | };
14 | struct dmabuf_imx_heap_name {
15 | __u32 dmafd;
16 | __u8 name[32];
17 | };
18 | #define FLUSH_CACHE 0
19 | #define INVALIDATE_CACHE 1
20 | struct dmabuf_imx_sync {
21 | __u32 dmafd;
22 | __u32 operation;
23 | };
24 | #define DMABUF_GET_PHYS _IOWR('M', 32, struct dmabuf_imx_phys_data)
25 | #define DMABUF_GET_HEAP_NAME _IOWR('M', 33, struct dmabuf_imx_heap_name)
26 | #define DMABUF_SYNC _IOWR('M', 34, struct dmabuf_imx_sync)
27 | #endif
28 |
--------------------------------------------------------------------------------
/common/kernel-headers/linux/dma-buf.h:
--------------------------------------------------------------------------------
1 | /*
2 | * This file is auto-generated. Modifications will be lost.
3 | *
4 | * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/
5 | * for more information.
6 | */
7 | #ifndef _DMA_BUF_UAPI_H_
8 | #define _DMA_BUF_UAPI_H_
9 | #include
10 | struct dma_buf_sync {
11 | __u64 flags;
12 | };
13 | #define DMA_BUF_SYNC_READ (1 << 0)
14 | #define DMA_BUF_SYNC_WRITE (2 << 0)
15 | #define DMA_BUF_SYNC_RW (DMA_BUF_SYNC_READ | DMA_BUF_SYNC_WRITE)
16 | #define DMA_BUF_SYNC_START (0 << 2)
17 | #define DMA_BUF_SYNC_END (1 << 2)
18 | #define DMA_BUF_SYNC_VALID_FLAGS_MASK (DMA_BUF_SYNC_RW | DMA_BUF_SYNC_END)
19 | #define DMA_BUF_NAME_LEN 32
20 | struct dma_buf_export_sync_file {
21 | __u32 flags;
22 | __s32 fd;
23 | };
24 | struct dma_buf_import_sync_file {
25 | __u32 flags;
26 | __s32 fd;
27 | };
28 | #define DMA_BUF_BASE 'b'
29 | #define DMA_BUF_IOCTL_SYNC _IOW(DMA_BUF_BASE, 0, struct dma_buf_sync)
30 | #define DMA_BUF_SET_NAME _IOW(DMA_BUF_BASE, 1, const char *)
31 | #define DMA_BUF_SET_NAME_A _IOW(DMA_BUF_BASE, 1, __u32)
32 | #define DMA_BUF_SET_NAME_B _IOW(DMA_BUF_BASE, 1, __u64)
33 | #define DMA_BUF_IOCTL_EXPORT_SYNC_FILE _IOWR(DMA_BUF_BASE, 2, struct dma_buf_export_sync_file)
34 | #define DMA_BUF_IOCTL_IMPORT_SYNC_FILE _IOW(DMA_BUF_BASE, 3, struct dma_buf_import_sync_file)
35 | #endif
36 |
--------------------------------------------------------------------------------
/common/kernel-headers/linux/secure_ion.h:
--------------------------------------------------------------------------------
1 | /****************************************************************************
2 | ****************************************************************************
3 | ***
4 | *** This header was automatically generated from a Linux kernel header
5 | *** of the same name, to make information necessary for userspace to
6 | *** call into the kernel available to libc. It contains only constants,
7 | *** structures, and macros generated from the original header, and thus,
8 | *** contains no copyrightable information.
9 | ***
10 | *** To edit the content of this header, modify the corresponding
11 | *** source file (e.g. under external/kernel-headers/original/) then
12 | *** run bionic/libc/kernel/tools/update_all.py
13 | ***
14 | *** Any manual change here will be lost the next time this script will
15 | *** be run. You've been warned!
16 | ***
17 | ****************************************************************************
18 | ****************************************************************************/
19 | #ifndef _LINUX_SECURE_ION_H
20 | #define _LINUX_SECURE_ION_H
21 | #define DWL_ION_ENCODED_BUFFER_OPTEE_HEAP_MASK 4
22 | #define DWL_ION_ENCODED_BUFFER_OPTEE_HEAP_NAME "optee"
23 | #define DWL_ION_DECODED_BUFFER_DISPLAY_HEAP_MASK 2
24 | #define DWL_ION_DECODED_BUFFER_DISPLAY_HEAP_NAME "display"
25 | #endif
26 |
--------------------------------------------------------------------------------
/common/kernel-headers/linux/version.h:
--------------------------------------------------------------------------------
1 | /*
2 | * This file is auto-generated. Modifications will be lost.
3 | *
4 | * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/
5 | * for more information.
6 | */
7 | #define LINUX_VERSION_CODE 394808
8 | #define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + ((c) > 255 ? 255 : (c)))
9 | #define LINUX_VERSION_MAJOR 6
10 | #define LINUX_VERSION_PATCHLEVEL 6
11 | #define LINUX_VERSION_SUBLEVEL 56
12 |
--------------------------------------------------------------------------------
/common/ota/com.fsl.android.ota.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/common/ota/ota.conf:
--------------------------------------------------------------------------------
1 | server=boundarydevices.com.commondatastorage.googleapis.com
2 | port=80
3 | ota_folder_suffix=android
4 |
--------------------------------------------------------------------------------
/common/overlay/frameworks/base/core/res/res/xml/power_profile.xml:
--------------------------------------------------------------------------------
1 |
2 |
20 |
21 |
22 |
23 | 0.1
24 |
25 |
26 | - 4800
27 |
28 |
--------------------------------------------------------------------------------
/common/overlay/frameworks/base/packages/SettingsProvider/res/values/defaults.xml:
--------------------------------------------------------------------------------
1 |
2 |
19 |
20 |
21 | true
22 | false
23 | true
24 | 3600000
25 | true
26 | com.android.inputmethod.latin/.LatinIME
27 | com.android.inputmethod.latin/.LatinIME
28 |
29 |
--------------------------------------------------------------------------------
/common/overlay/packages/apps/Bluetooth/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 |
15 |
16 | true
17 |
18 |
--------------------------------------------------------------------------------
/common/overlay/packages/apps/Settings/res/values/bools.xml:
--------------------------------------------------------------------------------
1 |
2 |
16 |
17 |
18 | true
19 |
20 |
--------------------------------------------------------------------------------
/common/overlay/packages/apps/Settings/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 |
16 |
17 |
18 | com.fsl.android.ota
19 | com.fsl.android.ota.OtaAppActivity
20 |
21 |
22 |
--------------------------------------------------------------------------------
/common/overlay/packages/apps/Settings/res/values/strings.xml:
--------------------------------------------------------------------------------
1 |
2 |
16 |
17 |
18 |
19 |
20 | http://support.google.com/wifi
21 | http://support.google.com/accounts
22 |
23 |
--------------------------------------------------------------------------------
/common/recovery/Android.mk:
--------------------------------------------------------------------------------
1 | LOCAL_PATH := $(call my-dir)
2 | include $(CLEAR_VARS)
3 |
4 | LOCAL_C_INCLUDES += \
5 | bootable/recovery \
6 | bootable/recovery/recovery_ui/include
7 | LOCAL_SRC_FILES := recovery_ui.cpp
8 |
9 | # should match TARGET_RECOVERY_UI_LIB set in BoardConfigCommon.mk
10 | LOCAL_MODULE := librecovery_ui_imx
11 |
12 | ifeq ($(TARGET_USE_DYNAMIC_PARTITIONS),true)
13 | LOCAL_CFLAGS += -DDYNAMIC_PARTITIONS
14 | endif
15 |
16 | include $(BUILD_STATIC_LIBRARY)
17 |
18 | include $(CLEAR_VARS)
19 |
--------------------------------------------------------------------------------
/common/security/bluetooth.pk8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/bluetooth.pk8
--------------------------------------------------------------------------------
/common/security/firmware_encrypt_key.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/firmware_encrypt_key.bin
--------------------------------------------------------------------------------
/common/security/firmware_private_key.der:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/firmware_private_key.der
--------------------------------------------------------------------------------
/common/security/firmware_public_key.der:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/firmware_public_key.der
--------------------------------------------------------------------------------
/common/security/generate_keystore.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # Inspired from: http://jmlinnik.blogspot.com/2011/12/keystores.html
4 | FILES=`find . -name "*.pk8"`
5 |
6 | for FILE in $FILES; do
7 | FILE_NAME=`echo $FILE | awk -F.pk8 '{print $1}'`
8 | NAME=`basename $FILE_NAME`
9 | if [ -f ${FILE_NAME}.pem ]
10 | then
11 | echo "file ${FILE_NAME}.pem exists"
12 | else
13 | `openssl pkcs8 -inform DER -nocrypt -in ${FILE} -out ${FILE_NAME}.pem`
14 | fi
15 |
16 | `openssl pkcs12 -export -in ${FILE_NAME}.x509.pem -out ${FILE_NAME}.p12 -inkey ${FILE_NAME}.pem -password pass:android -name ${NAME}`
17 | #`openssl pkcs12 -export -in ${FILE_NAME}.x509.pem -out ${FILE_NAME}.p12 -inkey ${FILE_NAME}.pem -password pass:android -name androiddebugkey`
18 | done
19 |
20 | # now generate the platform keystore
21 |
22 | keytool -importkeystore -deststorepass android -destkeystore ./shared.jks -srckeystore ./shared.p12 -srcstoretype PKCS12 -srcstorepass android
23 | keytool -importkeystore -deststorepass android -destkeystore ./testkey.jks -srckeystore ./testkey.p12 -srcstoretype PKCS12 -srcstorepass android
24 | keytool -importkeystore -deststorepass android -destkeystore ./media.jks -srckeystore ./media.p12 -srcstoretype PKCS12 -srcstorepass android
25 | keytool -importkeystore -deststorepass android -destkeystore ./platform.jks -srckeystore ./platform.p12 -srcstoretype PKCS12 -srcstorepass android
26 |
--------------------------------------------------------------------------------
/common/security/media.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/media.jks
--------------------------------------------------------------------------------
/common/security/media.pk8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/media.pk8
--------------------------------------------------------------------------------
/common/security/networkstack.pk8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/networkstack.pk8
--------------------------------------------------------------------------------
/common/security/networkstack.x509.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIID/TCCAuWgAwIBAgIJAORD/AmlWKnGMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
3 | VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g
4 | VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE
5 | AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
6 | Fw0xOTExMTIxMzM0MThaFw00NzAzMzAxMzM0MThaMIGUMQswCQYDVQQGEwJVUzET
7 | MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G
8 | A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p
9 | ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI
10 | hvcNAQEBBQADggEPADCCAQoCggEBAJzR89QL7AsVRMrVK3sGQk7XfdAQ3tdF4uNj
11 | kPh8EIaQQfDAVAc3P2c5I3HSTu5SlBfc8CKzS98P+NwKNVwodpqHusyQSJn4d33e
12 | tuWnfKbiSvj/CLkk5YMRvADQ5HxzXyM/pjhmudyyOjfuKJAmJnyKIIPnvz8004Qa
13 | G/W4GoUAquloVcDiTU0dFHidPh+OqxwCutmhqHZdZjL4Q1bujQ2N2PzKlGOm4uG5
14 | UJvWL1KXxELUCQlGnPT3X6QQhlZ7NwO5L/DMI+BlVIBc9CHZKHbhuQw/9iY8Wpxk
15 | 0yNkR0LKUVwz6Gn08kqujT67bgI2yRjmNrhPe7tzG9aX3sS26GUCAwEAAaNQME4w
16 | HQYDVR0OBBYEFHyOxEFeE4SJa/myPKjnz7IeFmLUMB8GA1UdIwQYMBaAFHyOxEFe
17 | E4SJa/myPKjnz7IeFmLUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
18 | ABVhtnIoW7PX5jqXEgUnF4OTcNquqHIg4rS7H0ZOnXeicS38IoVIvV/+sY35js4V
19 | fY7Bb/8KxmMAcYbpFaMUWtrGjHkCxrDnV5V86y8heARACBitj0Avn5Q2QyQRx/3c
20 | DXbR0yJ8FsycCcPl/8ZHeRfoOsqzQCLjMql4f4SB+lxWEXhazAnY4V3l8Q0gG72Q
21 | zeApjvz7ob0uYmvKWFQd1ldB+h1wX59f3m6skB9q1nf01WUfo2SV6snAVNmwY2bX
22 | L6Jbq36Knosy/6gA24egU9tgae1hCLpDN3/18/N6jrFxxA2MQSgTE1IKzcvne9gi
23 | PqTA0s1BJkfkLRe2vgFTJ88=
24 | -----END CERTIFICATE-----
25 |
--------------------------------------------------------------------------------
/common/security/nfc.pk8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/nfc.pk8
--------------------------------------------------------------------------------
/common/security/nfc.x509.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEDTCCAvWgAwIBAgIUd8kdAvyLpSlml6wBIRJ0wM5DNU4wDQYJKoZIhvcNAQEL
3 | BQAwgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
4 | DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRy
5 | b2lkMRAwDgYDVQQDDAdBbmRyb2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFu
6 | ZHJvaWQuY29tMCAXDTI0MDUyOTA2MzQzN1oYDzIwNTExMDE1MDYzNDM3WjCBlDEL
7 | MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50
8 | YWluIFZpZXcxEDAOBgNVBAoMB0FuZHJvaWQxEDAOBgNVBAsMB0FuZHJvaWQxEDAO
9 | BgNVBAMMB0FuZHJvaWQxIjAgBgkqhkiG9w0BCQEWE2FuZHJvaWRAYW5kcm9pZC5j
10 | b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC++XB327or7CQVcPsq
11 | zzLOj8/C4H+WClzIMo3BqnUaTgbC/4UrTbIktKtxet1iELwOVbDbWTuIsrxHraiR
12 | 4bCX3gk1OgucwHitaP4m60Qlapxm7yedyeZKUOO0xawJvTNMvSQ8sBgVIHUTnhPZ
13 | 0ZsZjBzeALJ0Ozsek3BdCUKIFKr2Ln1XfOXMxtAqNIiYR6yqWLnR4Qo8qStx9huf
14 | swOqPf5S2Ql03aKLQ4XVLvsV75ZV8UE/HbOJ546RM4JPJ5gDqLAIqSbGtZOKiY7v
15 | lroy30834HSlPWQDxxbU5YGRUTmGqHXe3nA7aGQn6PTnorNo1uNpdtpGHcQRv67e
16 | OrLzAgMBAAGjUzBRMB0GA1UdDgQWBBThsaem/OHdCHQILh8ScNyvGcI3xjAfBgNV
17 | HSMEGDAWgBThsaem/OHdCHQILh8ScNyvGcI3xjAPBgNVHRMBAf8EBTADAQH/MA0G
18 | CSqGSIb3DQEBCwUAA4IBAQCpF3990u5UtiAU2VXTInrSZwtt4da8T3tw4gJoXQMQ
19 | 2lZitaaFZ+4EJRG6+7NE5pV21LrKG6gu2j8Ow+hsluM3tEWbCoSWgYcLxzv87oH+
20 | nXLe5rFdsKMp6BLGYReN8C1HEjDtHVWLPtQ8O+mfGgwaYJrUtw6ppcnAdpwxMJ55
21 | ltFzTUxtHu5nvaEQutY9egTLBAgKQvlCj9iqNm+biJWXbP/MNgcRKZa3WiytM/Ku
22 | UzYQug6PzrzKzaqcuF9O/8re6XK0nDQhJuWMPWtQgZOJHiGh0JSN+JqXwY+xIVVP
23 | hhAAXJLEilc4kLMF8p/dDPWXdZIVY8deZhDtfXUpWncS
24 | -----END CERTIFICATE-----
25 |
--------------------------------------------------------------------------------
/common/security/platform.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/platform.jks
--------------------------------------------------------------------------------
/common/security/platform.pk8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/platform.pk8
--------------------------------------------------------------------------------
/common/security/releasekey.pk8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/releasekey.pk8
--------------------------------------------------------------------------------
/common/security/releasekey.x509.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIID8TCCAtmgAwIBAgIUcBdWZAT/iKjSu4Gvn2oOdTBSnywwDQYJKoZIhvcNAQEL
3 | BQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ8wDQYDVQQH
4 | DAZJcnZpbmUxDzANBgNVBAoMBkV6dXJpbzEPMA0GA1UECwwGRXp1cmlvMQ8wDQYD
5 | VQQDDAZFenVyaW8xHjAcBgkqhkiG9w0BCQEWD2luZm9AZXp1cmlvLmNvbTAgFw0y
6 | NTAxMjExNzU2NThaGA8yMDUyMDYwODE3NTY1OFowgYYxCzAJBgNVBAYTAlVTMRMw
7 | EQYDVQQIDApDYWxpZm9ybmlhMQ8wDQYDVQQHDAZJcnZpbmUxDzANBgNVBAoMBkV6
8 | dXJpbzEPMA0GA1UECwwGRXp1cmlvMQ8wDQYDVQQDDAZFenVyaW8xHjAcBgkqhkiG
9 | 9w0BCQEWD2luZm9AZXp1cmlvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
10 | AQoCggEBAJGZTtVBeoFhkRTJnVwZSRZD9cW10ov891mFw7xTPKKK39T+OzmJiPY9
11 | cG5z45bSXZnISzg1HafUcPdMiZSdHfU3VUzJOAmV42pw6AQNINSrMQrmHkzi8EWE
12 | uGt8H71C12boTgIo42sCz/dOE1N6CkblbwVl6OV5CQhZbJz17e78SCjAXrHuTVIx
13 | Ec7mOMoT5F+oqVZ5Xid3ydMkKO5PVdxdXt/URl3RSpc3i42NTxE4lJ3smHJTJ/1x
14 | WjicefogJtyVxyw4a5DJCEuBA83J7RR39N6JSG7rn3LofNcvGiw5pKy5UGWBcYrK
15 | u67rT0OfNWxhJEox5xPtTOcZT1WILTMCAwEAAaNTMFEwHQYDVR0OBBYEFFKAjF9B
16 | R30LqtpYrvJCENCrze2CMB8GA1UdIwQYMBaAFFKAjF9BR30LqtpYrvJCENCrze2C
17 | MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGZdI82GsJjKU8NO
18 | 0WVAWE2VF1m/GpJSBxr+WrMHykDQoVO8IcBuifmKiaun0c9JQp6ck1OQ2XmSu9HD
19 | oz88uo8E//6uf6kU3481N3Wx7YCUCWooDjefvtZPsLH2JjAru2ysrgXU089AKm1r
20 | CMvfdWS8MtRxdwJDQJpL8hiVEvTWI8/uDNzIg+yXxub0rLxfabAtn7m+gUc6fj9l
21 | 5sftndUVVpLDr/KRGXK5ymznnP1+CeexCwk5hOqqlS4u+RrrmIgme7jhC689sxka
22 | WQWMHOYH3IEBv0anodgH4TzxdNOdTPoo4vOYIrD6PR5/L4KulDJUGeKhUB/g4/x9
23 | KcKTFfE=
24 | -----END CERTIFICATE-----
25 |
--------------------------------------------------------------------------------
/common/security/rpmb_key_test.bin:
--------------------------------------------------------------------------------
1 | RPMB��������������������������������
--------------------------------------------------------------------------------
/common/security/sdk_sandbox.pk8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/sdk_sandbox.pk8
--------------------------------------------------------------------------------
/common/security/sdk_sandbox.x509.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEDTCCAvWgAwIBAgIUG9C2pQZ9ZYvzlVrdHRNDKzKTkFswDQYJKoZIhvcNAQEL
3 | BQAwgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
4 | DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRy
5 | b2lkMRAwDgYDVQQDDAdBbmRyb2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFu
6 | ZHJvaWQuY29tMCAXDTIyMDgxNzEzNDk1MFoYDzIwNTAwMTAyMTM0OTUwWjCBlDEL
7 | MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50
8 | YWluIFZpZXcxEDAOBgNVBAoMB0FuZHJvaWQxEDAOBgNVBAsMB0FuZHJvaWQxEDAO
9 | BgNVBAMMB0FuZHJvaWQxIjAgBgkqhkiG9w0BCQEWE2FuZHJvaWRAYW5kcm9pZC5j
10 | b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8pq3R2azvZ60fXJHc
11 | hk8G8e7WkzDQfGy6/y3FNiZt/UthFBgsMXUpi/hdLXxBFu+va2n24cjvCuNnp+d6
12 | RLDSa+GWjaIKxw4QfVxisgUEhVADsAR5C4P7wkfCaMHOIqWDORV5bZohLdbexcVc
13 | lKyZnbP2ZaX6+s3MInLfgicHY1QOR+yy2eSrHODc5g4g/qo/n7LS0JSMZOT/1lBB
14 | RLxqxM4t1p9MAOWItnu+UEROnDXG/u9N4+mDpogeqnLl1/1YjzO/TuGRvgO5Hlic
15 | fsmX1kgyQkBfqfZDTJyOb6DxQjRmFwAVKWooLoUGGwyAOnuZHpg41K0GpMWRYsB2
16 | kv03AgMBAAGjUzBRMB0GA1UdDgQWBBTFOfpXrzMsB0IV7bz6iuwYcMHo2DAfBgNV
17 | HSMEGDAWgBTFOfpXrzMsB0IV7bz6iuwYcMHo2DAPBgNVHRMBAf8EBTADAQH/MA0G
18 | CSqGSIb3DQEBCwUAA4IBAQCE6D5ui4OR1aQ2L4E7mF/0fqkPhgFMwNX/yAjAp3IP
19 | fQAhQ2LI928g3Pzkt2uqjH2VR7ONrJli9fyKqnYeJwjaWD6zYyKRfkDaDPFt/2hZ
20 | piC3pbWP45IqJldFk8kU/WU9iJZfhBaAX5hMR6SnpsJZNv2c0fOEXKQBZm3UXif/
21 | TOEDAFFm3jO9d240BIMbziJhjrekee9aySMULTGzz7pJivEmQEI5ce9pZn4sIcff
22 | oUG8BjUuJGTXqqo2qTklgVBSZnxgFSne9g+D1O6EDUVz3hlg1dWE3scTmXrCvnZK
23 | Y4vtfgc8mEpFFlD9vutZGjz3HIfOgMS0PEWhLjIdbO//
24 | -----END CERTIFICATE-----
25 |
--------------------------------------------------------------------------------
/common/security/shared.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/shared.jks
--------------------------------------------------------------------------------
/common/security/shared.pk8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/shared.pk8
--------------------------------------------------------------------------------
/common/security/testkey.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/testkey.jks
--------------------------------------------------------------------------------
/common/security/testkey.pk8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/testkey.pk8
--------------------------------------------------------------------------------
/common/security/testkey_public_rsa4096.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/common/security/testkey_public_rsa4096.bin
--------------------------------------------------------------------------------
/common/soong/imx_namespaces.mk:
--------------------------------------------------------------------------------
1 | PRODUCT_SOONG_NAMESPACES += vendor/nxp-opensource/imx/display/hwcomposer3
2 |
--------------------------------------------------------------------------------
/common/tools/gen_rpmb_key.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | touch rpmb_key.bin
4 | #the rpmb key should be started with magic "RPMB"
5 | echo -n "RPMB" > rpmb_key.bin
6 | #generate 32 bytes random numbers
7 | head -c 32 /dev/urandom >> rpmb_key.bin
8 |
--------------------------------------------------------------------------------
/common/tools/generate_key.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 |
4 | if [ "$#" -ne 3 ]; then
5 | echo -e "Usage: $0 "
6 | exit 1
7 | fi
8 |
9 | PRIVATE_KEY_FILE=$1
10 | PUBLIC_KEY_FILE=$2
11 | ENCRYPT_KEY_FILE=$3
12 |
13 | openssl ecparam \
14 | -genkey \
15 | -name prime256v1 \
16 | -noout \
17 | -outform DER \
18 | -out "$PRIVATE_KEY_FILE"
19 |
20 | openssl ec \
21 | -inform DER \
22 | -in "$PRIVATE_KEY_FILE" \
23 | -pubout \
24 | -outform DER \
25 | -out "$PUBLIC_KEY_FILE"
26 |
27 | # generate ase key
28 | openssl rand 16 > "$ENCRYPT_KEY_FILE"
29 | #openssl rand 16 -out aeskey.bin
30 |
--------------------------------------------------------------------------------
/common/tools/update_kernel_header.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # usage: cd android_dir & ./common/tools/update_kerenl_header.sh
4 | # if user add imx special user header file, you can use below way to update:
5 | # cd android_dir & touch device/ezurio/common/kernel-headers/linux/new_uapi &
6 | # ./common/tools/update_kerenl_header.sh
7 |
8 | bionic_uapi_tool_path="bionic/libc/kernel/tools"
9 | bionic_kernel_header_path="bionic/libc/kernel/uapi/linux"
10 | imx_kernel_header_path="device/ezurio/common/kernel-headers/linux/"
11 | bionic_drm_kernel_header_path="bionic/libc/kernel/uapi/drm"
12 | libdrm_imx_kernel_header_path="vendor/nxp-opensource/libdrm-imx/include/drm"
13 |
14 | function prepare_work
15 | {
16 | mkdir -p external/imx_kernel/linux-stable
17 | cp -r vendor/ezurio/kernel_imx/* external/imx_kernel/linux-stable/.
18 | }
19 |
20 | function clean_work
21 | {
22 | cd external/kernel-headers
23 | git checkout .
24 | git clean -df
25 | cd ../../
26 | cd bionic
27 | git checkout .
28 | git clean -df
29 | cd ../
30 | rm external/imx_kernel -rf
31 | }
32 |
33 | prepare_work
34 |
35 | ${bionic_uapi_tool_path}/generate_uapi_headers.sh --use-kernel-dir external/imx_kernel/linux-stable
36 | ${bionic_uapi_tool_path}/update_all.py
37 |
38 | for file in $(ls ${imx_kernel_header_path})
39 | do
40 | cp ${bionic_kernel_header_path}/$file device/ezurio/common/kernel-headers/linux/.
41 | done
42 |
43 | cp ${bionic_drm_kernel_header_path}/imx_drm.h ${libdrm_imx_kernel_header_path}/.
44 |
45 | clean_work
46 |
--------------------------------------------------------------------------------
/common/wifi/p2p_supplicant_overlay.conf:
--------------------------------------------------------------------------------
1 | disable_scan_offload=1
2 | p2p_no_group_iface=1
3 |
--------------------------------------------------------------------------------
/common/wifi/wpa_supplicant.conf:
--------------------------------------------------------------------------------
1 | ##### wpa_supplicant configuration file template #####
2 | update_config=1
3 | eapol_version=1
4 | ap_scan=1
5 | fast_reauth=1
6 | disable_scan_offload=1
7 |
--------------------------------------------------------------------------------
/common/wifi/wpa_supplicant_overlay.conf:
--------------------------------------------------------------------------------
1 | disable_scan_offload=1
2 | p2p_disabled=1
3 | tdls_external_control=1
4 | p2p_no_group_iface=1
5 |
--------------------------------------------------------------------------------
/nitrogen8m/AndroidBoard.mk:
--------------------------------------------------------------------------------
1 | LOCAL_PATH := $(call my-dir)
2 |
3 | include $(CONFIG_REPO_PATH)/common/build/dtbo.mk
4 | include $(CONFIG_REPO_PATH)/common/build/gpt.mk
5 | include $(CONFIG_REPO_PATH)/common/build/bootscript.mk
6 | include $(CONFIG_REPO_PATH)/common/build/preboot.mk
7 | include $(FSL_PROPRIETARY_PATH)/fsl-proprietary/media-profile/media-profile.mk
8 | -include $(IMX_MEDIA_CODEC_XML_PATH)/mediacodec-profile/mediacodec-profile.mk
9 |
--------------------------------------------------------------------------------
/nitrogen8m/SharedBoardConfig.mk:
--------------------------------------------------------------------------------
1 | # -------@block_kernel_bootimg-------
2 |
3 | KERNEL_NAME := Image.gz
4 | TARGET_KERNEL_ARCH := arm64
5 |
6 | #Enable this to disable product partition build.
7 | IMX_NO_PRODUCT_PARTITION := true
8 |
9 | # Wi-Fi & Bluetooth driver modules
10 | BOARD_VENDOR_KERNEL_MODULES += \
11 | $(wildcard $(PRODUCT_OUT)/obj/BACKPORTS_OBJ/*.ko)
12 |
13 | # Dummy battery module
14 | BOARD_VENDOR_KERNEL_MODULES += \
15 | $(KERNEL_OUT)/drivers/power/supply/dummy_battery.ko
16 |
17 | # -------@block_security-------
18 | #Enable this to include trusty support
19 | PRODUCT_IMX_TRUSTY := false
20 |
--------------------------------------------------------------------------------
/nitrogen8m/UbootKernelBoardConfig.mk:
--------------------------------------------------------------------------------
1 | TARGET_BOOTLOADER_POSTFIX := bin
2 | UBOOT_POST_PROCESS := true
3 |
4 | TARGET_BOOTLOADER_CONFIG := imx8mq:nitrogen8m_defconfig
5 |
6 | TARGET_BOOTLOADER_PREBUILT := nitrogen8m nitrogen8m_2g nitrogen8m_4g nitrogen8m_2g_dp nitrogen8m_som_2g nitrogen8m_som_4g
7 |
8 | TARGET_KERNEL_DEFCONFIG := ezurio_android_defconfig
9 |
10 | # absolute path is used, not the same as relative path used in AOSP make
11 | TARGET_DEVICE_DIR := $(patsubst %/, %, $(dir $(realpath $(lastword $(MAKEFILE_LIST)))))
12 |
13 | # define bootloader rollback index
14 | BOOTLOADER_RBINDEX ?= 0
15 |
--------------------------------------------------------------------------------
/nitrogen8m/bluetooth/bdroid_buildcfg.h:
--------------------------------------------------------------------------------
1 | #ifndef _BDROID_BUILDCFG_H
2 | #define _BDROID_BUILDCFG_H
3 |
4 | #define BTM_DEF_LOCAL_NAME "Nitrogen8m"
5 |
6 | #endif
7 |
--------------------------------------------------------------------------------
/nitrogen8m/camera_config_imx8mq-back-only.json:
--------------------------------------------------------------------------------
1 | {
2 | "__readme": [
3 | "Basic Camera HAL v3 configuration."
4 | ],
5 |
6 | "hal_version": "3",
7 | "cam_blit_copy": "GPU_3D",
8 | "cam_blit_csc": "GPU_3D",
9 | "use_cpu_encoder": "1",
10 |
11 | "camera_metadata": [
12 | {
13 | "camera_type": "back",
14 | "camera_name": "mx6s-csi",
15 | "bus_info": "platform:30a90000.csi1_bridge",
16 | "subdev_path": "/dev/v4l-subdev0",
17 | "orientation": "0",
18 | "buffer_type": "mmap",
19 | "ActiveArrayWidth": "2592",
20 | "ActiveArrayHeight": "1944",
21 | "PixelArrayWidth": "2592",
22 | "PixelArrayHeight": "1944",
23 | "PhysicalWidth": "3.6288",
24 | "PhysicalHeight": "2.7216",
25 | "FocalLength": "3.37",
26 | "MaxJpegSize": "8388608",
27 | "MinFrameDuration": "33333333",
28 | "MaxFrameDuration": "300000000",
29 | "MinFrameDurationBlob5M": "600000000",
30 | "OmitFrame": [
31 | {
32 | "width": "2592",
33 | "height": "1944",
34 | "omit_num": "3"
35 | },
36 | {
37 | "width": "1920",
38 | "height": "1080",
39 | "omit_num": "2"
40 | }
41 | ]
42 | }
43 | ]
44 | }
45 |
--------------------------------------------------------------------------------
/nitrogen8m/compatibility_matrix.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | netutils-wrapper
4 | 1.0
5 |
6 |
7 |
--------------------------------------------------------------------------------
/nitrogen8m/device_framework_matrix.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | nxp.hardware.secureime
4 | 1
5 |
6 | ISecureIME
7 | default
8 |
9 |
10 |
11 | nxp.hardware.imx_dek_extractor
12 | 1
13 |
14 | IDek_Extractor
15 | default
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/nitrogen8m/display_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/nitrogen8m/early.init.cfg:
--------------------------------------------------------------------------------
1 | modprobe
2 |
--------------------------------------------------------------------------------
/nitrogen8m/fstab-ab.nxp:
--------------------------------------------------------------------------------
1 | # Android fstab file.
2 | #
3 | # The filesystem that contains the filesystem checker binary (typically /system) cannot
4 | # specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
5 |
6 | /devices/platform/soc@0/38200000.usb/xhci-hcd.* auto auto defaults voldmanaged=usb:auto,encryptable=userdata
7 |
8 | /dev/block/by-name/userdata /data ext4 nosuid,nodev,nodiratime,noatime,noauto_da_alloc,errors=panic latemount,wait,formattable,quota,fileencryption=software,reservedsize=128M
9 | /dev/block/by-name/metadata /metadata ext4 noatime,nosuid,nodev,discard,sync wait,formattable,first_stage_mount,check
10 | /dev/block/by-name/misc /misc emmc defaults defaults
11 |
12 | /dev/block/zram0 none swap defaults zramsize=629145600
13 | /tmp /sdcard none defaults,bind recoveryonly
14 |
--------------------------------------------------------------------------------
/nitrogen8m/fw_env.config:
--------------------------------------------------------------------------------
1 | /dev/block/mmcblk0boot0 -0x2000 0x2000
2 |
--------------------------------------------------------------------------------
/nitrogen8m/init.recovery.nxp.rc:
--------------------------------------------------------------------------------
1 | on init
2 | # disable cursor blink for fbcon, if no splash screen support
3 | write /sys/class/graphics/fbcon/cursor_blink 0
4 |
5 | setprop sys.usb.configfs 1
6 |
7 | on early-boot
8 | setprop sys.usb.controller "38100000.usb"
9 |
--------------------------------------------------------------------------------
/nitrogen8m/input-port-associations.xml:
--------------------------------------------------------------------------------
1 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/nitrogen8m/overlay/frameworks/base/core/res/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 |
19 |
20 |
22 |
23 |
24 | true
25 |
26 |
27 | - /dev/ttymxc1
28 | - /dev/ttymxc3
29 | - /dev/ttyUSB0
30 | - /dev/ttyUSB1
31 | - /dev/ttyACM0
32 | - /dev/ttyACM1
33 |
34 |
35 |
--------------------------------------------------------------------------------
/nitrogen8m/product.prop:
--------------------------------------------------------------------------------
1 |
2 | # Set supported Bluetooth profiles to enabled
3 | bluetooth.profile.asha.central.enabled?=false
4 | bluetooth.profile.a2dp.source.enabled?=true
5 | bluetooth.profile.avrcp.target.enabled?=true
6 | bluetooth.profile.bas.client.enabled?=false
7 | bluetooth.profile.gatt.enabled?=true
8 | bluetooth.profile.hfp.ag.enabled?=true
9 | bluetooth.profile.hid.device.enabled?=true
10 | bluetooth.profile.hid.host.enabled?=true
11 | bluetooth.profile.map.server.enabled?=true
12 | bluetooth.profile.opp.enabled?=true
13 | bluetooth.profile.pan.nap.enabled?=true
14 | bluetooth.profile.pan.panu.enabled?=true
15 | bluetooth.profile.pbap.server.enabled?=true
16 | bluetooth.profile.sap.server.enabled?=true
17 |
--------------------------------------------------------------------------------
/nitrogen8m/seccomp/mediacodec-seccomp.policy:
--------------------------------------------------------------------------------
1 | select: 1
2 |
--------------------------------------------------------------------------------
/nitrogen8m/seccomp/mediaextractor-seccomp.policy:
--------------------------------------------------------------------------------
1 | uname: 1
2 | fchmodat: 1
3 | ftruncate64: 1
4 | readlinkat: 1
5 | pread64: 1
6 |
--------------------------------------------------------------------------------
/nitrogen8m/sepolicy/genfs_contexts:
--------------------------------------------------------------------------------
1 | genfscon sysfs /devices/platform/soc@0/30800000.bus/30880000.serial/serial0/serial0-0/bluetooth/hci0/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
2 | genfscon sysfs /devices/platform/soc@0/30800000.bus/30b40000.mmc/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_block_devices:s0
3 | genfscon sysfs /devices/platform/soc@0/30800000.bus/30b50000.mmc/mmc_host/mmc1/mmc1:0001/block/mmcblk1 u:object_r:sysfs_block_devices:s0
4 | genfscon sysfs /devices/platform/soc@0/30800000.bus/30a20000.i2c/i2c-0/i2c-7/7-0068/rtc/rtc0/hctosys u:object_r:sysfs_rtc:s0
5 | genfscon sysfs /devices/platform/soc@0/30000000.bus/30370000.snvs/30370000.snvs:snvs-rtc-lp/rtc/rtc1/hctosys u:object_r:sysfs_rtc:s0
6 | genfscon sysfs /devices/platform/soc@0/30800000.bus/30be0000.ethernet/net u:object_r:sysfs_net:s0
7 | genfscon sysfs /devices/platform/soc@0/33800000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/net u:object_r:sysfs_net:s0
8 | genfscon sysfs /devices/platform/soc@0/33c00000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/net u:object_r:sysfs_net:s0
9 | genfscon sysfs /devices/platform/backlight-mipi/backlight u:object_r:sysfs_leds:s0
10 | genfscon sysfs /devices/platform/soc@0/38100000.usb u:object_r:sysfs_usb_device:s0
11 | genfscon sysfs /devices/platform/soc@0/33c00000.pcie/pci0001:00/0001:00:00.0/0001:01:00.1/net u:object_r:sysfs_net:s0
12 |
--------------------------------------------------------------------------------
/nitrogen8m/thermal_info_config_imx8mq.json:
--------------------------------------------------------------------------------
1 | {
2 | "HotplugCPUs":[
3 | "cpu2",
4 | "cpu3"
5 | ],
6 | "Sensors":[
7 | {
8 | "Name":"cpu-thermal",
9 | "Type":"CPU",
10 | "HotThreshold":[
11 | "NAN",
12 | 80.0,
13 | 82.0,
14 | 86.0,
15 | 88.0,
16 | "NAN",
17 | 90.0
18 | ],
19 | "HotHysteresis":[
20 | 2.0,
21 | 2.0,
22 | 2.0,
23 | 2.0,
24 | 2.0,
25 | 2.0,
26 | 2.0
27 | ],
28 | "VrThreshold":"NAN",
29 | "Multiplier":0.001,
30 | "Monitor":true
31 | },
32 | {
33 | "Name":"battery",
34 | "Type":"BATTERY",
35 | "HotThreshold":[
36 | "NAN",
37 | "NAN",
38 | "NAN",
39 | "NAN",
40 | "NAN",
41 | "NAN",
42 | 100.0
43 | ],
44 | "VrThreshold":"NAN",
45 | "Multiplier":0.001,
46 | "Monitor":true
47 | }
48 | ],
49 | "CoolingDevices":[
50 | {
51 | "Name":"thermal-gpufreq-0",
52 | "Type":"GPU"
53 | },
54 | {
55 | "Name":"cpufreq-cpu0",
56 | "Type":"CPU"
57 | }
58 | ]
59 | }
60 |
--------------------------------------------------------------------------------
/nitrogen8mm/AndroidBoard.mk:
--------------------------------------------------------------------------------
1 | LOCAL_PATH := $(call my-dir)
2 |
3 | include $(CONFIG_REPO_PATH)/common/build/dtbo.mk
4 | include $(CONFIG_REPO_PATH)/common/build/gpt.mk
5 | include $(CONFIG_REPO_PATH)/common/build/bootscript.mk
6 | include $(CONFIG_REPO_PATH)/common/build/preboot.mk
7 | include $(FSL_PROPRIETARY_PATH)/fsl-proprietary/media-profile/media-profile.mk
8 | -include $(IMX_MEDIA_CODEC_XML_PATH)/mediacodec-profile/mediacodec-profile.mk
9 |
--------------------------------------------------------------------------------
/nitrogen8mm/AndroidTee.mk:
--------------------------------------------------------------------------------
1 | # uboot.imx in android combine scfw.bin and uboot.bin
2 | MAKE += SHELL=/bin/bash
3 |
4 | define build_uboot_w_tee
5 | $(MAKE) -C bootable/bootloader/arm-trusted-firmware/ -B CROSS_COMPILE=aarch64-linux-android- PLAT=imx8mm V=1 SPD=opteed DECRYPTED_BUFFER_START=$(DECRYPTED_BUFFER_START) DECRYPTED_BUFFER_LEN=$(DECRYPTED_BUFFER_LEN) DECODED_BUFFER_START=$(DECODED_BUFFER_START) DECODED_BUFFER_LEN=$(DECODED_BUFFER_LEN) bl31; \
6 | cp bootable/bootloader/arm-trusted-firmware/build/imx8mm/release/bl31.bin $(IMX_MKIMAGE_PATH)/imx-mkimage/iMX8M/.;\
7 | aarch64-linux-android-objcopy -O binary $(OUT)/optee/arm-plat-imx/core/tee.elf $(IMX_MKIMAGE_PATH)/imx-mkimage/iMX8M/tee.bin; \
8 | $(MAKE) -C $(IMX_MKIMAGE_PATH)/imx-mkimage/ clean; \
9 | $(MAKE) -C $(IMX_MKIMAGE_PATH)/imx-mkimage/ SOC=iMX8M flash_hdmi_spl_uboot; \
10 | cp $(IMX_MKIMAGE_PATH)/imx-mkimage/iMX8M/flash.bin $(PRODUCT_OUT)/u-boot-$(strip $(2)).imx;
11 | endef
12 |
--------------------------------------------------------------------------------
/nitrogen8mm/SharedBoardConfig.mk:
--------------------------------------------------------------------------------
1 | # -------@block_kernel_bootimg-------
2 |
3 | KERNEL_NAME := Image.gz
4 | TARGET_KERNEL_ARCH := arm64
5 | IMX8MM_USES_GKI := false
6 |
7 | # -------@block_memory-------
8 | LOW_MEMORY := false
9 |
10 | # -------@block_security-------
11 | # Enable this to include trusty support
12 | PRODUCT_IMX_TRUSTY := false
13 |
14 | # -------@block_kernel-------
15 | # Wi-Fi & Bluetooth driver modules
16 | BOARD_VENDOR_KERNEL_MODULES += \
17 | $(wildcard $(PRODUCT_OUT)/obj/BACKPORTS_OBJ/*.ko)
18 |
19 | # Dummy battery module
20 | BOARD_VENDOR_KERNEL_MODULES += \
21 | $(KERNEL_OUT)/drivers/power/supply/dummy_battery.ko
22 |
--------------------------------------------------------------------------------
/nitrogen8mm/UbootKernelBoardConfig.mk:
--------------------------------------------------------------------------------
1 | TARGET_BOOTLOADER_POSTFIX := bin
2 | UBOOT_POST_PROCESS := true
3 |
4 | TARGET_BOOTLOADER_CONFIG := imx8mm:nitrogen8mm_2g_defconfig imx8mm:nitrogen8mm_4g_defconfig imx8mm:nitrogen8mm_rev2_2gr0_defconfig imx8mm:imx8mm_nitrogen_smarc_2gr0
5 |
6 | TARGET_BOOTLOADER_PREBUILT := nitrogen8mm_2g nitrogen8mm_4g nitrogen8mm_rev2_2g nitrogen8mm_som_2g nitrogen8mm_som_4g imx8mm_nitrogen_smarc_2gr0
7 |
8 | TARGET_KERNEL_DEFCONFIG := ezurio_android_defconfig
9 |
10 | # absolute path is used, not the same as relative path used in AOSP make
11 | TARGET_DEVICE_DIR := $(patsubst %/, %, $(dir $(realpath $(lastword $(MAKEFILE_LIST)))))
12 |
13 | # define bootloader rollback index
14 | BOOTLOADER_RBINDEX ?= 0
15 |
--------------------------------------------------------------------------------
/nitrogen8mm/bluetooth/bdroid_buildcfg.h:
--------------------------------------------------------------------------------
1 | #ifndef _BDROID_BUILDCFG_H
2 | #define _BDROID_BUILDCFG_H
3 |
4 | #define BTM_DEF_LOCAL_NAME "Nitrogen8mm"
5 |
6 | #endif
7 |
--------------------------------------------------------------------------------
/nitrogen8mm/compatibility_matrix.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | netutils-wrapper
4 | 1.0
5 |
6 |
7 |
--------------------------------------------------------------------------------
/nitrogen8mm/device_framework_matrix.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | nxp.hardware.secureime
4 | 1
5 |
6 | ISecureIME
7 | default
8 |
9 |
10 |
11 | nxp.hardware.imx_dek_extractor
12 | 1
13 |
14 | IDek_Extractor
15 | default
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/nitrogen8mm/early.init.cfg:
--------------------------------------------------------------------------------
1 | modprobe
2 |
--------------------------------------------------------------------------------
/nitrogen8mm/external_camera_config.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/nitrogen8mm/fstab-ab.nxp:
--------------------------------------------------------------------------------
1 | # Android fstab file.
2 | #
3 | # The filesystem that contains the filesystem checker binary (typically /system) cannot
4 | # specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
5 |
6 | /devices/platform/soc@0/32c00000.bus/32e50000.usb/ci_hdrc.1/* auto auto defaults voldmanaged=usb:auto,encryptable=userdata
7 | /devices/platform/soc@0/30800000.bus/30b50000.mmc/mmc_host/* auto auto defaults voldmanaged=sdcard:auto,encryptable=userdata
8 |
9 | /dev/block/by-name/userdata /data ext4 nosuid,nodev,nodiratime,noatime,noauto_da_alloc,errors=panic latemount,wait,formattable,quota,fileencryption=software,reservedsize=128M
10 | /dev/block/by-name/metadata /metadata ext4 noatime,nosuid,nodev,discard,sync wait,formattable,first_stage_mount,check
11 | /dev/block/by-name/misc /misc emmc defaults defaults
12 | /dev/block/zram0 none swap defaults zramsize=629145600
13 |
14 | /tmp /sdcard none defaults,bind recoveryonly
15 |
--------------------------------------------------------------------------------
/nitrogen8mm/fw_env.config:
--------------------------------------------------------------------------------
1 | /dev/block/mmcblk0boot0 -0x2000 0x2000
2 |
--------------------------------------------------------------------------------
/nitrogen8mm/init.imx8mm.drm.rc:
--------------------------------------------------------------------------------
1 | import /vendor/etc/init/hw/init.${ro.hardware}.${ro.boot.soc_type}.main.rc
2 |
3 | on property:init.svc.mediadrm=running
4 | mkdir /data/vendor/mediadrm 0770 media mediadrm
5 |
6 | on post-fs-data
7 | # create for OP-TEE test
8 | mkdir /data/vendor/tee 0660 media media
9 | mkdir /data/vendor/tee/optee_armtz 0660 media media
10 | restorecon_recursive /data/vendor/tee
11 |
12 |
13 | on boot
14 | # optee device
15 | chmod 0660 /dev/tee0
16 | chown media media /dev/tee0
17 |
18 | chmod 0660 /dev/teepriv0
19 | chown media media /dev/teepriv0
20 |
--------------------------------------------------------------------------------
/nitrogen8mm/init.recovery.nxp.rc:
--------------------------------------------------------------------------------
1 | on init
2 | # disable cursor blink for fbcon, if no splash screen support
3 | write /sys/class/graphics/fbcon/cursor_blink 0
4 |
5 | setprop sys.usb.configfs 1
6 |
7 | on early-boot
8 | setprop sys.usb.controller "ci_hdrc.0"
9 |
--------------------------------------------------------------------------------
/nitrogen8mm/overlay/frameworks/base/core/res/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 |
19 |
20 |
22 |
23 |
24 | true
25 |
26 |
27 | - /dev/ttymxc2
28 | - /dev/ttymxc3
29 | - /dev/ttyUSB0
30 | - /dev/ttyUSB1
31 | - /dev/ttyACM0
32 | - /dev/ttyACM1
33 |
34 |
35 |
--------------------------------------------------------------------------------
/nitrogen8mm/product.prop:
--------------------------------------------------------------------------------
1 |
2 | # Set supported Bluetooth profiles to enabled
3 | bluetooth.profile.asha.central.enabled?=false
4 | bluetooth.profile.a2dp.source.enabled?=true
5 | bluetooth.profile.avrcp.target.enabled?=true
6 | bluetooth.profile.bas.client.enabled?=false
7 | bluetooth.profile.gatt.enabled?=true
8 | bluetooth.profile.hfp.ag.enabled?=true
9 | bluetooth.profile.hid.device.enabled?=true
10 | bluetooth.profile.hid.host.enabled?=true
11 | bluetooth.profile.map.server.enabled?=true
12 | bluetooth.profile.opp.enabled?=true
13 | bluetooth.profile.pan.nap.enabled?=true
14 | bluetooth.profile.pan.panu.enabled?=true
15 | bluetooth.profile.pbap.server.enabled?=true
16 | bluetooth.profile.sap.server.enabled?=true
17 |
--------------------------------------------------------------------------------
/nitrogen8mm/seccomp/mediacodec-seccomp.policy:
--------------------------------------------------------------------------------
1 | select: 1
2 |
--------------------------------------------------------------------------------
/nitrogen8mm/seccomp/mediaextractor-seccomp.policy:
--------------------------------------------------------------------------------
1 | uname: 1
2 | fchmodat: 1
3 | ftruncate64: 1
4 | readlinkat: 1
5 | pread64: 1
6 |
--------------------------------------------------------------------------------
/nitrogen8mm/thermal_info_config_imx8mm.json:
--------------------------------------------------------------------------------
1 | {
2 | "HotplugCPUs":[
3 | "cpu2",
4 | "cpu3"
5 | ],
6 | "Sensors":[
7 | {
8 | "Name":"cpu-thermal",
9 | "Type":"CPU",
10 | "HotThreshold":[
11 | "NAN",
12 | 80.0,
13 | 82.0,
14 | 86.0,
15 | 88.0,
16 | "NAN",
17 | 90.0
18 | ],
19 | "HotHysteresis":[
20 | 2.0,
21 | 2.0,
22 | 2.0,
23 | 2.0,
24 | 2.0,
25 | 2.0,
26 | 2.0
27 | ],
28 | "VrThreshold":"NAN",
29 | "Multiplier":0.001,
30 | "Monitor":true
31 | },
32 | {
33 | "Name":"battery",
34 | "Type":"BATTERY",
35 | "HotThreshold":[
36 | "NAN",
37 | "NAN",
38 | "NAN",
39 | "NAN",
40 | "NAN",
41 | "NAN",
42 | 100.0
43 | ],
44 | "VrThreshold":"NAN",
45 | "Multiplier":0.001,
46 | "Monitor":true
47 | }
48 | ],
49 | "CoolingDevices":[
50 | {
51 | "Name":"thermal-gpufreq-0",
52 | "Type":"GPU"
53 | },
54 | {
55 | "Name":"cpufreq-cpu0",
56 | "Type":"CPU"
57 | }
58 | ]
59 | }
60 |
--------------------------------------------------------------------------------
/nitrogen8mp/AndroidBoard.mk:
--------------------------------------------------------------------------------
1 | LOCAL_PATH := $(call my-dir)
2 |
3 | include $(CONFIG_REPO_PATH)/common/build/dtbo.mk
4 | include $(CONFIG_REPO_PATH)/common/build/gpt.mk
5 | include $(CONFIG_REPO_PATH)/common/build/bootscript.mk
6 | include $(CONFIG_REPO_PATH)/common/build/preboot.mk
7 | include $(FSL_PROPRIETARY_PATH)/fsl-proprietary/media-profile/media-profile.mk
8 | -include $(IMX_MEDIA_CODEC_XML_PATH)/mediacodec-profile/mediacodec-profile.mk
9 |
--------------------------------------------------------------------------------
/nitrogen8mp/SharedBoardConfig.mk:
--------------------------------------------------------------------------------
1 | # -------@block_kernel_bootimg-------
2 | KERNEL_NAME := Image.gz
3 | TARGET_KERNEL_ARCH := arm64
4 | IMX8MP_USES_GKI := false
5 |
6 | # -------@block_memory-------
7 | LOW_MEMORY := false
8 |
9 | # -------@block_security-------
10 | # Enable this to include trusty support
11 | PRODUCT_IMX_TRUSTY := false
12 |
13 | # Wi-Fi & Bluetooth driver modules
14 | BOARD_VENDOR_KERNEL_MODULES += \
15 | $(wildcard $(PRODUCT_OUT)/obj/BACKPORTS_OBJ/*.ko)
16 |
17 | # isp vvcam driver module
18 | BOARD_VENDOR_KERNEL_MODULES += \
19 | $(TARGET_OUT_INTERMEDIATES)/VVCAM_OBJ/vvcam-video.ko \
20 | $(TARGET_OUT_INTERMEDIATES)/VVCAM_OBJ/vvcam-isp.ko \
21 | $(TARGET_OUT_INTERMEDIATES)/VVCAM_OBJ/vvcam-dwe.ko \
22 | $(TARGET_OUT_INTERMEDIATES)/VVCAM_OBJ/imx219.ko \
23 | $(TARGET_OUT_INTERMEDIATES)/VVCAM_OBJ/basler-camera-driver-vvcam.ko
24 |
25 | BOARD_VENDOR_KERNEL_MODULES += \
26 | $(KERNEL_OUT)/drivers/power/supply/dummy_battery.ko \
27 | $(KERNEL_OUT)/drivers/staging/media/imx/imx8-media-dev.ko
28 |
--------------------------------------------------------------------------------
/nitrogen8mp/UbootKernelBoardConfig.mk:
--------------------------------------------------------------------------------
1 | TARGET_BOOTLOADER_POSTFIX := bin
2 | UBOOT_POST_PROCESS := true
3 |
4 | TARGET_BOOTLOADER_CONFIG := imx8mp:nitrogen8mp_2gr0_defconfig imx8mp:nitrogen8mp_4g_defconfig imx8mp:imx8mp_nitrogen_smarc_2gr0_defconfig
5 | TARGET_BOOTLOADER_PREBUILT := nitrogen8mp_2gr0 nitrogen8mp_4g imx8mp_nitrogen_smarc_2gr0
6 |
7 | TARGET_KERNEL_DEFCONFIG := ezurio_android_defconfig
8 |
9 | # absolute path is used, not the same as relative path used in AOSP make
10 | TARGET_DEVICE_DIR := $(patsubst %/, %, $(dir $(realpath $(lastword $(MAKEFILE_LIST)))))
11 |
12 | # define bootloader rollback index
13 | BOOTLOADER_RBINDEX ?= 0
14 |
--------------------------------------------------------------------------------
/nitrogen8mp/bluetooth/bdroid_buildcfg.h:
--------------------------------------------------------------------------------
1 | #ifndef _BDROID_BUILDCFG_H
2 | #define _BDROID_BUILDCFG_H
3 |
4 | #define BTM_DEF_LOCAL_NAME "Nitrogen8mp"
5 |
6 | #endif
7 |
--------------------------------------------------------------------------------
/nitrogen8mp/camera_config_imx8mp-only-ov5640.json:
--------------------------------------------------------------------------------
1 | {
2 | "__readme": [
3 | "Basic Camera HAL v3 configuration."
4 | ],
5 |
6 | "hal_version": "3",
7 | "cam_blit_copy": "GPU_2D",
8 | "cam_blit_csc": "GPU_2D",
9 |
10 | "camera_metadata": [
11 | {
12 | "camera_type": "back",
13 | "camera_name": "mxc_isi.1.capture",
14 | "orientation": "0",
15 | "mplane": "1",
16 | "buffer_type": "dma",
17 | "ActiveArrayWidth": "2592",
18 | "ActiveArrayHeight": "1944",
19 | "PixelArrayWidth": "2592",
20 | "PixelArrayHeight": "1944",
21 | "PhysicalWidth": "3.6288",
22 | "PhysicalHeight": "2.7216",
23 | "FocalLength": "3.37",
24 | "MaxJpegSize": "8388608",
25 | "MinFrameDuration": "33333333",
26 | "MaxFrameDuration": "300000000",
27 | "OmitFrame": [
28 | {
29 | "width": "2592",
30 | "height": "1944",
31 | "omit_num": "1"
32 | }
33 | ]
34 | }
35 | ]
36 | }
37 |
--------------------------------------------------------------------------------
/nitrogen8mp/compatibility_matrix.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | netutils-wrapper
4 | 1.0
5 |
6 |
7 |
--------------------------------------------------------------------------------
/nitrogen8mp/device_framework_matrix.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | nxp.hardware.secureime
4 | 1
5 |
6 | ISecureIME
7 | default
8 |
9 |
10 |
11 | nxp.hardware.imx_dek_extractor
12 | 1
13 |
14 | IDek_Extractor
15 | default
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/nitrogen8mp/display_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
10 |
11 |
12 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/nitrogen8mp/early.init.cfg:
--------------------------------------------------------------------------------
1 | modprobe
2 |
--------------------------------------------------------------------------------
/nitrogen8mp/external_camera_config.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/nitrogen8mp/fstab-ab.nxp:
--------------------------------------------------------------------------------
1 | # Android fstab file.
2 | #
3 | # The filesystem that contains the filesystem checker binary (typically /system) cannot
4 | # specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
5 |
6 | /devices/platform/soc@0/32f10108.usb/38200000.usb/* auto auto defaults voldmanaged=usb:auto,encryptable=userdata
7 | # uncomment below if you want the SD card to appear as external storage on 8MP SOM, for SMARC the index must be updated
8 | #/devices/platform/soc@0/30800000.bus/30b40000.mmc/mmc_host/* auto auto defaults voldmanaged=sdcard:auto,encryptable=userdata
9 |
10 | /dev/block/by-name/userdata /data ext4 nosuid,nodev,nodiratime,noatime,noauto_da_alloc,errors=panic latemount,wait,formattable,quota,fileencryption=software,reservedsize=128M
11 | /dev/block/by-name/metadata /metadata ext4 noatime,nosuid,nodev,discard,sync wait,formattable,first_stage_mount,check
12 | /dev/block/by-name/misc /misc emmc defaults defaults
13 |
14 | /dev/block/zram0 none swap defaults zramsize=402653184
15 | /tmp /sdcard none defaults,bind recoveryonly
16 |
--------------------------------------------------------------------------------
/nitrogen8mp/fw_env.config:
--------------------------------------------------------------------------------
1 | /dev/block/mmcblk2boot0 -0x2000 0x2000
2 |
--------------------------------------------------------------------------------
/nitrogen8mp/init.recovery.nxp.rc:
--------------------------------------------------------------------------------
1 | on init
2 | # disable cursor blink for fbcon, if no splash screen support
3 | write /sys/class/graphics/fbcon/cursor_blink 0
4 |
5 | setprop sys.usb.configfs 1
6 |
7 | on early-boot
8 | setprop sys.usb.controller "38100000.usb"
9 |
--------------------------------------------------------------------------------
/nitrogen8mp/input-port-associations.xml:
--------------------------------------------------------------------------------
1 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/nitrogen8mp/manifest_powersave.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | android.hardware.gatekeeper
4 | 1
5 |
6 | IGatekeeper
7 | default
8 |
9 |
10 |
11 | android.hardware.media.c2
12 | 1
13 | IComponentStore/default
14 |
15 |
16 | android.hardware.security.keymint
17 | 3
18 | IKeyMintDevice/default
19 |
20 |
21 | android.hardware.security.keymint
22 | 3
23 | IRemotelyProvisionedComponent/default
24 |
25 |
26 | android.hardware.security.secureclock
27 | ISecureClock/default
28 |
29 |
30 | android.hardware.security.sharedsecret
31 | ISharedSecret/default
32 |
33 |
34 | android.hardware.oemlock
35 | IOemLock/default
36 |
37 |
38 | android.hardware.security.secretkeeper
39 | 1
40 | ISecretkeeper/default
41 |
42 |
43 |
--------------------------------------------------------------------------------
/nitrogen8mp/overlay/frameworks/base/core/res/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 |
19 |
20 |
22 |
23 |
24 | true
25 |
26 |
27 | - /dev/ttymxc3
28 | - /dev/ttyUSB0
29 | - /dev/ttyUSB1
30 | - /dev/ttyACM0
31 | - /dev/ttyACM1
32 |
33 |
34 |
--------------------------------------------------------------------------------
/nitrogen8mp/overlay/packages/modules/Connectivity/Tethering/res/values/overlay_config.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 1
5 |
6 |
7 |
--------------------------------------------------------------------------------
/nitrogen8mp/overlay/packages/modules/Connectivity/service/ServiceConnectivityResources/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 | eth\\d+
3 |
4 |
--------------------------------------------------------------------------------
/nitrogen8mp/overlay/packages/modules/NetworkStack/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 |
5 |
--------------------------------------------------------------------------------
/nitrogen8mp/product.prop:
--------------------------------------------------------------------------------
1 |
2 | # Set supported Bluetooth profiles to enabled
3 | bluetooth.profile.asha.central.enabled?=false
4 | bluetooth.profile.a2dp.source.enabled?=true
5 | bluetooth.profile.avrcp.target.enabled?=true
6 | bluetooth.profile.bas.client.enabled?=false
7 | bluetooth.profile.gatt.enabled?=true
8 | bluetooth.profile.hfp.ag.enabled?=true
9 | bluetooth.profile.hid.device.enabled?=true
10 | bluetooth.profile.hid.host.enabled?=true
11 | bluetooth.profile.map.server.enabled?=true
12 | bluetooth.profile.opp.enabled?=true
13 | bluetooth.profile.pan.nap.enabled?=true
14 | bluetooth.profile.pan.panu.enabled?=true
15 | bluetooth.profile.pbap.server.enabled?=true
16 | bluetooth.profile.sap.server.enabled?=true
17 |
--------------------------------------------------------------------------------
/nitrogen8mp/seccomp/mediacodec-seccomp.policy:
--------------------------------------------------------------------------------
1 | select: 1
2 |
--------------------------------------------------------------------------------
/nitrogen8mp/seccomp/mediaextractor-seccomp.policy:
--------------------------------------------------------------------------------
1 | uname: 1
2 | fchmodat: 1
3 | ftruncate64: 1
4 | readlinkat: 1
5 | pread64: 1
6 |
--------------------------------------------------------------------------------
/nitrogen8mp/sepolicy/hal_camera_default.te:
--------------------------------------------------------------------------------
1 | set_prop(hal_camera_default, vendor_camera_hal_prop)
2 | get_prop(hal_camera_default, vendor_camera_hal_prop)
3 |
--------------------------------------------------------------------------------
/nitrogen8mp/sepolicy/init.te:
--------------------------------------------------------------------------------
1 | allow init vendor_configs_file:dir { mounton };
2 |
--------------------------------------------------------------------------------
/nitrogen8mp/sepolicy/isp.te:
--------------------------------------------------------------------------------
1 | type isp, domain;
2 | type isp_exec, exec_type, vendor_file_type, file_type;
3 | type isp_file, file_type, data_file_type;
4 |
5 | # Started by init
6 | init_daemon_domain(isp)
7 |
8 | dontaudit isp self:capability { dac_override };
9 |
10 | allow isp isp_file:dir { add_name write search };
11 | allow isp isp_file:file { create lock open read write };
12 | allow isp video_device:chr_file { open read write ioctl map getattr };
13 | allow isp self:capability { sys_nice };
14 | allow isp sysfs:dir { open read };
15 | allow isp sysfs:file { open read };
16 |
--------------------------------------------------------------------------------
/nitrogen8mp/sepolicy/property.te:
--------------------------------------------------------------------------------
1 | vendor_internal_prop(vendor_camera_hal_prop)
2 |
--------------------------------------------------------------------------------
/nitrogen8mp/sepolicy/property_contexts:
--------------------------------------------------------------------------------
1 | vendor.rw.camera.isp.control u:object_r:vendor_camera_hal_prop:s0
2 |
--------------------------------------------------------------------------------
/nitrogen95/AndroidBoard.mk:
--------------------------------------------------------------------------------
1 | LOCAL_PATH := $(call my-dir)
2 |
3 | include $(CONFIG_REPO_PATH)/common/build/dtbo.mk
4 | include $(CONFIG_REPO_PATH)/common/build/gpt.mk
5 | include $(CONFIG_REPO_PATH)/common/build/bootscript.mk
6 | include $(CONFIG_REPO_PATH)/common/build/preboot.mk
7 | include $(FSL_PROPRIETARY_PATH)/fsl-proprietary/media-profile/media-profile.mk
8 | -include $(IMX_MEDIA_CODEC_XML_PATH)/mediacodec-profile/mediacodec-profile.mk
9 |
--------------------------------------------------------------------------------
/nitrogen95/SharedBoardConfig.mk:
--------------------------------------------------------------------------------
1 | # -------@block_kernel_bootimg-------
2 | KERNEL_NAME := Image.gz
3 | TARGET_KERNEL_ARCH := arm64
4 | IMX95_USES_GKI := false
5 | LOADABLE_KERNEL_MODULE ?= true
6 |
7 | # -------@block_security-------
8 | # Enable this to include trusty support
9 | PRODUCT_IMX_TRUSTY := false
10 |
11 | # Wi-Fi & Bluetooth driver modules
12 | BOARD_VENDOR_KERNEL_MODULES += \
13 | $(wildcard $(PRODUCT_OUT)/obj/BACKPORTS_OBJ/*.ko)
14 |
15 | BOARD_VENDOR_KERNEL_MODULES += \
16 | $(KERNEL_OUT)/drivers/power/supply/dummy_battery.ko
17 |
--------------------------------------------------------------------------------
/nitrogen95/UbootKernelBoardConfig.mk:
--------------------------------------------------------------------------------
1 | # from BoardConfig.mk
2 | TARGET_BOOTLOADER_POSTFIX := bin
3 | UBOOT_POST_PROCESS := true
4 |
5 | # u-boot target
6 | TARGET_BOOTLOADER_CONFIG := imx95:imx95_nitrogen_smarc_defconfig
7 |
8 | TARGET_KERNEL_DEFCONFIG := ezurio_android_defconfig
9 |
10 | # absolute path is used, not the same as relative path used in AOSP make
11 | TARGET_DEVICE_DIR := $(patsubst %/, %, $(dir $(realpath $(lastword $(MAKEFILE_LIST)))))
12 |
13 | # define bootloader rollback index
14 | BOOTLOADER_RBINDEX ?= 0
15 |
16 |
--------------------------------------------------------------------------------
/nitrogen95/bluetooth/bdroid_buildcfg.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2012 The Android Open Source Project
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | #ifndef _BDROID_BUILDCFG_H
17 | #define _BDROID_BUILDCFG_H
18 |
19 | #define BTM_DEF_LOCAL_NAME "Nitrogen95"
20 |
21 | // Disables Interleave scan
22 | #define BTA_HOST_INTERLEAVE_SEARCH FALSE
23 | // skips conn update at conn completion
24 | #define BTA_BLE_SKIP_CONN_UPD TRUE
25 | // Disables read remote device feature
26 | #define BTA_SKIP_BLE_READ_REMOTE_FEAT TRUE
27 |
28 | //Enable A2DPSink AVRCPController
29 | #define BTA_AV_SINK_INCLUDED TRUE
30 | #endif
31 |
--------------------------------------------------------------------------------
/nitrogen95/camera_config_imx95-ap1302.json:
--------------------------------------------------------------------------------
1 | {
2 | "__readme": [
3 | "Basic Camera HAL v3 configuration."
4 | ],
5 |
6 | "hal_version": "3",
7 | "cam_blit_copy": "DPU",
8 | "cam_blit_csc": "DPU",
9 |
10 | "camera_metadata": [
11 | {
12 | "camera_type": "back",
13 | "camera_name": "ap1302",
14 | "orientation": "0",
15 | "mplane": "1",
16 | "buffer_type": "dma",
17 | "ActiveArrayWidth": "1280",
18 | "ActiveArrayHeight": "800",
19 | "PixelArrayWidth": "1280",
20 | "PixelArrayHeight": "800",
21 | "PhysicalWidth": "3.84",
22 | "PhysicalHeight": "2.4",
23 | "FocalLength": "3.29",
24 | "MaxJpegSize": "4000000",
25 | "MinFrameDuration": "16666666",
26 | "MaxFrameDuration": "300000000"
27 | }
28 | ]
29 | }
30 |
--------------------------------------------------------------------------------
/nitrogen95/camera_config_imx95-os08a20.json:
--------------------------------------------------------------------------------
1 | {
2 | "__readme": [
3 | "Basic Camera HAL v3 configuration."
4 | ],
5 |
6 | "hal_version": "3",
7 | "cam_blit_copy": "DPU",
8 | "cam_blit_csc": "DPU",
9 |
10 | "camera_metadata": [
11 | {
12 | "camera_type": "back",
13 | "camera_name": "os08a20",
14 | "orientation": "0",
15 | "mplane": "1",
16 | "buffer_type": "dma",
17 | "ActiveArrayWidth": "3840",
18 | "ActiveArrayHeight": "2160",
19 | "PixelArrayWidth": "3840",
20 | "PixelArrayHeight": "2160",
21 | "PhysicalWidth": "8.064",
22 | "PhysicalHeight": "4.536",
23 | "FocalLength": "8.0",
24 | "MaxJpegSize": "12582912",
25 | "MinFrameDuration": "33333333",
26 | "MaxFrameDuration": "300000000",
27 | "exposure_ns_min": "116000",
28 | "exposure_ns_max": "33216000",
29 | "PreviewBuffers": 5,
30 | "LibcameraBuffers": 5
31 | }
32 | ]
33 | }
34 |
--------------------------------------------------------------------------------
/nitrogen95/compatibility_matrix.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | netutils-wrapper
4 | 1.0
5 |
6 |
7 |
--------------------------------------------------------------------------------
/nitrogen95/device_framework_matrix.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | nxp.hardware.secureime
4 | 1
5 |
6 | ISecureIME
7 | default
8 |
9 |
10 |
11 | nxp.hardware.ele
12 | 1
13 |
14 | ISecureEnclave
15 | default
16 |
17 |
18 |
19 | nxp.hardware.imx_dek_extractor
20 | 1
21 |
22 | IDek_Extractor
23 | default
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/nitrogen95/display_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/nitrogen95/early.init.cfg:
--------------------------------------------------------------------------------
1 | # support insmod xx.ko; setprop xx xx; modeprobe
2 | modprobe
3 |
--------------------------------------------------------------------------------
/nitrogen95/external_camera_config.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/nitrogen95/fw_env.config:
--------------------------------------------------------------------------------
1 | /dev/block/mmcblk0boot0 -0x2000 0x2000
2 |
--------------------------------------------------------------------------------
/nitrogen95/init.recovery.nxp.rc:
--------------------------------------------------------------------------------
1 | on init
2 | # disable cursor blink for fbcon, if no splash screen support
3 | write /sys/class/graphics/fbcon/cursor_blink 0
4 |
5 | setprop sys.usb.configfs 1
6 |
7 | on early-boot
8 | setprop sys.usb.controller "ci_hdrc.0"
9 |
--------------------------------------------------------------------------------
/nitrogen95/input-port-associations.xml:
--------------------------------------------------------------------------------
1 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/nitrogen95/overlay/frameworks/base/core/res/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 |
19 |
20 |
22 |
23 |
24 | true
25 |
26 |
27 | - /dev/ttyUSB0
28 | - /dev/ttyUSB1
29 | - /dev/ttyACM0
30 | - /dev/ttyACM1
31 |
32 |
33 |
--------------------------------------------------------------------------------
/nitrogen95/overlay/packages/modules/Connectivity/Tethering/res/values/overlay_config.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 1
5 |
6 |
7 |
--------------------------------------------------------------------------------
/nitrogen95/overlay/packages/modules/Connectivity/service/ServiceConnectivityResources/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 | eth\\d+
3 |
4 |
--------------------------------------------------------------------------------
/nitrogen95/overlay/packages/modules/NetworkStack/res/values/config.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 |
5 |
--------------------------------------------------------------------------------
/nitrogen95/product.prop:
--------------------------------------------------------------------------------
1 |
2 | # Set supported Bluetooth profiles to enabled
3 | bluetooth.profile.asha.central.enabled?=false
4 | bluetooth.profile.a2dp.source.enabled?=true
5 | bluetooth.profile.avrcp.target.enabled?=true
6 | bluetooth.profile.bas.client.enabled?=false
7 | bluetooth.profile.gatt.enabled?=true
8 | bluetooth.profile.hfp.ag.enabled?=true
9 | bluetooth.profile.hid.device.enabled?=true
10 | bluetooth.profile.hid.host.enabled?=true
11 | bluetooth.profile.map.server.enabled?=true
12 | bluetooth.profile.opp.enabled?=true
13 | bluetooth.profile.pan.nap.enabled?=true
14 | bluetooth.profile.pan.panu.enabled?=true
15 | bluetooth.profile.pbap.server.enabled?=true
16 | bluetooth.profile.sap.server.enabled?=true
17 |
--------------------------------------------------------------------------------
/nitrogen95/seccomp/mediacodec-seccomp.policy:
--------------------------------------------------------------------------------
1 | select: 1
2 |
--------------------------------------------------------------------------------
/nitrogen95/seccomp/mediaextractor-seccomp.policy:
--------------------------------------------------------------------------------
1 | uname: 1
2 | fchmodat: 1
3 | ftruncate64: 1
4 | readlinkat: 1
5 | pread64: 1
6 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/app.te:
--------------------------------------------------------------------------------
1 | allow { appdomain -isolated_app_all } npu_device:chr_file rw_file_perms;
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/bootanim.te:
--------------------------------------------------------------------------------
1 | allow bootanim sysfs_mali_gpu:file { getattr read open };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/cameraserver.te:
--------------------------------------------------------------------------------
1 | allow cameraserver hal_graphics_allocator_default_tmpfs:file { read write map };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/crash_dump.te:
--------------------------------------------------------------------------------
1 | allow crash_dump profiling_mali_gpu:file { read open getattr map };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/device.te:
--------------------------------------------------------------------------------
1 | type dmabuf_cma_heap_device, dmabuf_heap_device_type, dev_type;
2 | type npu_device, dev_type, mlstrustedobject;
3 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/file.te:
--------------------------------------------------------------------------------
1 | type sysfs_mali_gpu, fs_type, sysfs_type;
2 | type profiling_mali_gpu, vendor_file_type, file_type;
3 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/hal_camera_default.te:
--------------------------------------------------------------------------------
1 | set_prop(hal_camera_default, vendor_camera_hal_prop)
2 | get_prop(hal_camera_default, vendor_camera_hal_prop)
3 | allow hal_camera_default dmabuf_cma_heap_device:chr_file r_file_perms;
4 | allow hal_camera_default hal_graphics_allocator_default_tmpfs:file { read write map };
5 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/hal_graphics_allocator_default.te:
--------------------------------------------------------------------------------
1 | allow hal_graphics_allocator_default dmabuf_cma_heap_device:chr_file r_file_perms;
2 | allow { hal_graphics_allocator_client -isolated_app_all } hal_graphics_allocator_default_tmpfs:file { getattr read write map };
3 | allow { hal_graphics_allocator_client -isolated_app_all } sysfs_mali_gpu:file { getattr read open };
4 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/init.te:
--------------------------------------------------------------------------------
1 | allow init vendor_configs_file:dir { mounton };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/mediacodec.te:
--------------------------------------------------------------------------------
1 | allow mediacodec hal_graphics_allocator_default_tmpfs:file { read write map };
2 | allow mediacodec dmabuf_cma_heap_device:chr_file { open ioctl map read write };
3 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/mediaserver.te:
--------------------------------------------------------------------------------
1 | allow mediaserver hal_graphics_allocator_default_tmpfs:file { read write map };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/platform_app.te:
--------------------------------------------------------------------------------
1 | allow platform_app sysfs_mali_gpu:file { getattr read open };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/priv_app.te:
--------------------------------------------------------------------------------
1 | allow priv_app sysfs_mali_gpu:file { getattr read open };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/property.te:
--------------------------------------------------------------------------------
1 | vendor_internal_prop(vendor_camera_hal_prop)
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/property_contexts:
--------------------------------------------------------------------------------
1 | ro.vendor.arm.gralloc. u:object_r:vendor_public_default_prop:s0
2 | ro.vendor.arm.egl.configs. u:object_r:vendor_public_default_prop:s0
3 | vendor.mali. u:object_r:vendor_public_default_prop:s0
4 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/service_contexts:
--------------------------------------------------------------------------------
1 | mapper/arm u:object_r:hal_graphics_mapper_service:s0
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/shell.te:
--------------------------------------------------------------------------------
1 | allow shell profiling_mali_gpu:file { read open getattr map execute };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/surfaceflinger.te:
--------------------------------------------------------------------------------
1 | allow surfaceflinger sysfs_mali_gpu:file { getattr read open };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/system_app.te:
--------------------------------------------------------------------------------
1 | allow system_app sysfs_mali_gpu:file { getattr read open };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/system_server.te:
--------------------------------------------------------------------------------
1 | allow system_server sysfs_mali_gpu:file { getattr read open };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/untrusted_app.te:
--------------------------------------------------------------------------------
1 | allow untrusted_app hal_graphics_allocator_default_tmpfs:file { read write map };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/untrusted_app_27.te:
--------------------------------------------------------------------------------
1 | allow untrusted_app_27 hal_graphics_allocator_default_tmpfs:file { read write map };
2 |
--------------------------------------------------------------------------------
/nitrogen95/sepolicy/untrusted_app_30.te:
--------------------------------------------------------------------------------
1 | allow untrusted_app_30 hal_graphics_allocator_default_tmpfs:file { read write map };
2 |
--------------------------------------------------------------------------------
/nitrogen95/thermal_info_config_imx95.json:
--------------------------------------------------------------------------------
1 | {
2 | "HotplugCPUs":[
3 | "cpu3",
4 | "cpu4",
5 | "cpu5"
6 | ],
7 | "Sensors":[
8 | {
9 | "Name":"a55",
10 | "Type":"CPU",
11 | "HotThreshold":[
12 | "NAN",
13 | 80.0,
14 | 82.0,
15 | 86.0,
16 | 88.0,
17 | "NAN",
18 | 90.0
19 | ],
20 | "HotHysteresis":[
21 | 2.0,
22 | 2.0,
23 | 2.0,
24 | 2.0,
25 | 2.0,
26 | 2.0,
27 | 2.0
28 | ],
29 | "VrThreshold":"NAN",
30 | "Multiplier":0.001,
31 | "Monitor":true
32 | },
33 | {
34 | "Name":"battery",
35 | "Type":"BATTERY",
36 | "HotThreshold":[
37 | "NAN",
38 | "NAN",
39 | "NAN",
40 | "NAN",
41 | "NAN",
42 | "NAN",
43 | 100.0
44 | ],
45 | "VrThreshold":"NAN",
46 | "Multiplier":0.001,
47 | "Monitor":true
48 | }
49 | ],
50 | "CoolingDevices":[
51 | {
52 | "Name":"cpufreq-cpu0",
53 | "Type":"CPU"
54 | }
55 | ]
56 | }
57 |
--------------------------------------------------------------------------------
/release/release_config_map.mk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boundarydevices/android_device_boundary/ab71964b084ae3c024f99a254a2e8aa4dd10e799/release/release_config_map.mk
--------------------------------------------------------------------------------
/release/release_config_map.textproto:
--------------------------------------------------------------------------------
1 | default_containers: "product"
2 | default_containers: "system"
3 | default_containers: "system_ext"
4 | default_containers: "vendor"
5 |
--------------------------------------------------------------------------------
/release/release_configs/nxp_stable.textproto:
--------------------------------------------------------------------------------
1 | name: "nxp_stable"
2 | inherits: "ap4a"
3 |
--------------------------------------------------------------------------------
/scripts/build_id.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | . build/make/core/build_id.mk
3 | sed -i "s/BUILD_ID=.*/BUILD_ID=$BUILD_ID.$(date +%Y%m%d)/" build/make/core/build_id.mk
4 |
--------------------------------------------------------------------------------
/scripts/create_gpt.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | if ! [ $# -eq 1 ]; then
4 | echo "Usage: $0 sizeMiB"
5 | exit -1 ;
6 | fi
7 |
8 | if [ -z "$PRODUCT" ]; then PRODUCT=nitrogen6x; fi
9 | if [ -z "$OUT" ]; then OUT=out/target/product/$PRODUCT; fi
10 |
11 | if ! [ -d $OUT ]; then
12 | echo "Missing $OUT";
13 | exit 1;
14 | fi
15 |
16 | sizeMB=$1
17 |
18 | dd if=/dev/zero of=$OUT/image.img bs=1 count=0 seek=${sizeMB}M
19 |
20 | SCRIPT_DIR=`dirname $0`
21 | source $SCRIPT_DIR/partitions.inc
22 |
23 | parted -a optimal -s $OUT/image.img \
24 | unit MiB \
25 | mklabel gpt \
26 | $MKPART_COMMAND \
27 | print
28 |
29 | dd if=$OUT/image.img of=$OUT/gpt.img count=64
30 | rm -rf $OUT/image.img
31 |
32 | echo "$OUT/gpt.img is ready!"
33 |
--------------------------------------------------------------------------------