From 28ad0a90cfc35817fdff097a6a3ed73251c24800 Mon Sep 17 00:00:00 2001
From: Badhri Jagan Sridharan <badhri@google.com>
Date: Wed, 27 Jun 2018 21:37:27 -0700
Subject: [PATCH 01/12] usb gadget hal: Increase disconnect timeout
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Increase disconnect timeout from 10ms to 100ms for the host ports which
dont strictly adhere to the spec to sense disconnect.

This is a work around given that some of the root ports dont detect
it. From the USB 2.0 spec guidelines, the disconnect should be
detected in 2.5us.

From the USB 2.0 spec (pg 186)
Time to detect a disconnect event
at a hub’s downstream facing port
TDDIS Section 7.1.7.3 2 2.5 µs


Bug: 110412433
Test: Walleye entering accessory mode in USB 3.0 with IOGear cable
and USB 3.0 host.

Change-Id: I8d8f62dc1a7bcbc9c7727c51cad7f3cb07ba6b50
---
 usb/UsbGadget.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usb/UsbGadget.cpp b/usb/UsbGadget.cpp
index 603afbba..66ac85e5 100644
--- a/usb/UsbGadget.cpp
+++ b/usb/UsbGadget.cpp
@@ -30,7 +30,7 @@ constexpr int BUFFER_SIZE = 512;
 constexpr int MAX_FILE_PATH_LENGTH = 256;
 constexpr int EPOLL_EVENTS = 10;
 constexpr bool DEBUG = false;
-constexpr int DISCONNECT_WAIT_US = 10000;
+constexpr int DISCONNECT_WAIT_US = 100000;
 
 #define BUILD_TYPE "ro.build.type"
 #define GADGET_PATH "/config/usb_gadget/g1/"

From 0e5b3f13963b6ba92f52251749bba76ab1cafcc8 Mon Sep 17 00:00:00 2001
From: Eva Bertels <evabertels@google.com>
Date: Thu, 23 Aug 2018 18:34:06 +0100
Subject: [PATCH 02/12] Add check for misprovisioned Pixel devices.

Some Pixel devices had a wrong brand value provisioned into keymaster.
Due to this misprovisioning those devices fail device ID attestation because it includes a check for the correct brand value.
This is now solved by re-trying Device ID attestation if we are running on a potentially misprovisioned device, allowing for the known incorrect brand value.

Bug: 69471841
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: I41b51a355e1b582fd7c7f12f8b7e0992294b16e3
Merged-In: I73dd4501416bcc2587d137d8b1e27127e3bfc0c0
---
 overlay/frameworks/base/core/res/res/values/config.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/overlay/frameworks/base/core/res/res/values/config.xml b/overlay/frameworks/base/core/res/res/values/config.xml
index 5f42508a..8294e6f1 100755
--- a/overlay/frameworks/base/core/res/res/values/config.xml
+++ b/overlay/frameworks/base/core/res/res/values/config.xml
@@ -341,4 +341,9 @@
     <!-- Colon separated list of package names that should be granted DND access -->
     <string name="config_defaultDndAccessPackages" translatable="false">com.google.android.gms:com.google.android.GoogleCamera:com.google.intelligence.sense:com.google.android.settings.intelligence</string>
 
+    <!-- Specify model in case of attestation failure due to misprovisioned device. -->
+    <string name="config_misprovisionedDeviceModel" translatable="false">Pixel 2</string>
+
+    <!-- Brand value for attestation of misprovisioned device. -->
+    <string name="config_misprovisionedBrandValue" translatable="false">htc</string>
 </resources>

From 3ef04ad9ce35623dd4a14fce2db20767d8fe89ce Mon Sep 17 00:00:00 2001
From: Elisa Pascual Trevino <elisapascual@google.com>
Date: Thu, 6 Sep 2018 15:21:02 -0700
Subject: [PATCH 03/12] Update SVN for November for Wahoo to 20 on pi-dev &
 master Bug:114110585

---
 device.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device.mk b/device.mk
index 5ca99748..9ea22039 100755
--- a/device.mk
+++ b/device.mk
@@ -36,7 +36,7 @@ PRODUCT_COPY_FILES += \
 
 # Set the SVN for the targeted MR release
 PRODUCT_PROPERTY_OVERRIDES += \
-    ro.vendor.build.svn=18
+    ro.vendor.build.svn=20
 
 # Enforce privapp-permissions whitelist
 PRODUCT_PROPERTY_OVERRIDES += \

From 456e7806bcca703775c469fc4cf6ceeb450111b9 Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Fri, 7 Sep 2018 15:16:39 -0700
Subject: [PATCH 04/12] OWNERS: Add nnk and remove dcashman

Bug: 114211287
Test: none
Change-Id: Ibbc83152cbd3535db2018d9c3d084a1c4190b33e
---
 sepolicy/OWNERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sepolicy/OWNERS b/sepolicy/OWNERS
index 9d3f1b17..e6fbbd47 100644
--- a/sepolicy/OWNERS
+++ b/sepolicy/OWNERS
@@ -1,9 +1,9 @@
 alanstokes@google.com
 bowgotsai@google.com
-dcashman@google.com
 jbires@google.com
 jeffv@google.com
 jgalenson@google.com
+nnk@google.com
 sspatil@google.com
 tomcherry@google.com
 trong@google.com

From 625cb1899c49e794e2a781b6e54f6a0920610480 Mon Sep 17 00:00:00 2001
From: Eino-Ville Talvala <etalvala@google.com>
Date: Fri, 27 Jul 2018 16:51:01 -0700
Subject: [PATCH 05/12] Allow GoogleCameraNext to use google_camera_app domain

GoogleCameraNext is the in-dogfood version of GoogleCamera, and needs
access to the same resources as the release version does.

(cherry picked from commit eb4b693940625ad232a8f7ee160a65f5b0dcf1b8)

Test: adb shell ps -O LABEL -p `adb shell pidof com.google.android.googlecamera.fishfood` shows
      google_camera_app security label after installing and starting GoogleCameraNext
Bug: 115554881
Change-Id: I8b8fd58fc7cccdbd79c001e15817e08b1a86efbb
---
 sepolicy/vendor/certs/pulse-release.x509.pem | 15 +++++++++++++++
 sepolicy/vendor/keys.conf                    |  3 +++
 sepolicy/vendor/mac_permissions.xml          |  3 +++
 sepolicy/vendor/seapp_contexts               |  5 ++++-
 4 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 sepolicy/vendor/certs/pulse-release.x509.pem

diff --git a/sepolicy/vendor/certs/pulse-release.x509.pem b/sepolicy/vendor/certs/pulse-release.x509.pem
new file mode 100644
index 00000000..fb11572f
--- /dev/null
+++ b/sepolicy/vendor/certs/pulse-release.x509.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n
+bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w
+HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv
+b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93
+bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/
+jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B
+IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe
+tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td
+0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg
+Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b
+aIOMFB0Km9HbEZHLKg33kOoMsS2zpA==
+-----END CERTIFICATE-----
diff --git a/sepolicy/vendor/keys.conf b/sepolicy/vendor/keys.conf
index 2b72a8b4..c0e83857 100644
--- a/sepolicy/vendor/keys.conf
+++ b/sepolicy/vendor/keys.conf
@@ -9,6 +9,9 @@ USER        : device/google/wahoo/sepolicy/vendor/certs/tango_userdev.x509.pem
 [@GOOGLE]
 ALL : device/google/wahoo/sepolicy/vendor/certs/app.x509.pem
 
+[@GOOGLEPULSE]
+ALL : device/google/wahoo/sepolicy/vendor/certs/pulse-release.x509.pem
+
 [@EASEL]
 ALL : device/google/wahoo/sepolicy/vendor/certs/easel.x509.pem
 
diff --git a/sepolicy/vendor/mac_permissions.xml b/sepolicy/vendor/mac_permissions.xml
index 95feba7b..3752a38b 100644
--- a/sepolicy/vendor/mac_permissions.xml
+++ b/sepolicy/vendor/mac_permissions.xml
@@ -24,6 +24,9 @@
     <signer signature="@GOOGLE" >
       <seinfo value="google" />
     </signer>
+    <signer signature="@GOOGLEPULSE" >
+      <seinfo value="googlepulse" />
+    </signer>
     <signer signature="@TANGO" >
       <seinfo value="tango" />
     </signer>
diff --git a/sepolicy/vendor/seapp_contexts b/sepolicy/vendor/seapp_contexts
index 6d17cf73..a4f429ba 100644
--- a/sepolicy/vendor/seapp_contexts
+++ b/sepolicy/vendor/seapp_contexts
@@ -17,7 +17,10 @@ user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_d
 user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
 
 # Use a custom domain for GoogleCamera, to allow for Hexagon DSP access
-user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=user
+user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
+
+# Also allow GoogleCameraNext, the dogfood beta version, the same access as GoogleCamera
+user=_app seinfo=googlepulse name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all
 
 #Needed for time service apk
 user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file

From c1a57ef03602d3f91c4e253187a60e40c3148a31 Mon Sep 17 00:00:00 2001
From: Jasmine Cha <chajasmine@google.com>
Date: Thu, 10 May 2018 17:29:58 +0800
Subject: [PATCH 06/12] audio: Enable Waves effect

- turn on config and add effect library for Waves effect

Bug: 111283341
Test: build pass and manual audio test on product/aosp

Change-Id: Idba8eb83a88e3aa4f254b5ab4beddaa6a4477cd8
Signed-off-by: Jasmine Cha <chajasmine@google.com>
---
 BoardConfig.mk | 1 +
 device.mk      | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/BoardConfig.mk b/BoardConfig.mk
index b502a35b..f274d6b6 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -129,6 +129,7 @@ AUDIO_FEATURE_ENABLED_MULTI_VOICE_SESSIONS := true
 AUDIO_FEATURE_ENABLED_SND_MONITOR := true
 AUDIO_FEATURE_ENABLED_USB_TUNNEL := true
 BOARD_ROOT_EXTRA_SYMLINKS := /vendor/lib/dsp:/dsp
+AUDIO_FEATURE_ENABLED_MAXX_AUDIO := true
 
 # Include whaoo modules
 USES_DEVICE_GOOGLE_WAHOO := true
diff --git a/device.mk b/device.mk
index 9ea22039..9c03ce3a 100755
--- a/device.mk
+++ b/device.mk
@@ -481,7 +481,8 @@ PRODUCT_PACKAGES += \
     libqcomvisualizer \
     libqcomvoiceprocessing \
     libqcomvoiceprocessingdescriptors \
-    libqcompostprocbundle
+    libqcompostprocbundle \
+    libmalistener
 
 PRODUCT_PACKAGES += \
     audio.primary.msm8998 \

From e6e35aa88baf55b4dce16b058ee43675c46c112d Mon Sep 17 00:00:00 2001
From: Siddharth Kapoor <ksiddharth@google.com>
Date: Tue, 18 Sep 2018 18:36:09 +0800
Subject: [PATCH 07/12] display: Avoid selinux denials for
 vendor.debug.egl.swapinterval

Graphics prebuilts from gfx promotion #0062.03 introduce additional property acccess
 vendor.debug.egl.swapinterval
Add sepolicy to let bootanimation/apps access it cleanly.
This is a regression issue from ag/4888277 which leads to log flooding of access denials.

Bug: 117629985
Test: device logs does not throw following error:
      E libc    : Access denied finding property "vendor.debug.egl.swapinterval"
Change-Id: I28f13e60c679ab041abed65d848f492c5c9a9ce6
(cherry picked from commit cccfdee4ad0b2ea0f40beb2ebc2a0193d77fc8cb)
---
 sepolicy/vendor/property_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 112fcfa4..773a4c39 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -50,6 +50,7 @@ ro.vendor.graphics.memory  u:object_r:public_vendor_default_prop:s0
 vendor.debug.egl.changepixelformat  u:object_r:public_vendor_default_prop:s0
 vendor.debug.prerotation.disable  u:object_r:public_vendor_default_prop:s0
 vendor.debug.rs.           u:object_r:public_vendor_default_prop:s0
+vendor.debug.egl.swapinterval      u:object_r:public_vendor_default_prop:s0
 
 # public_vendor_system_prop
 # They are public_vendor_system_props for vendor-specific extension.

From c3df45169762eafdcc93ced580e5b9cd54ba2f6b Mon Sep 17 00:00:00 2001
From: Adam Seaton <aseaton@google.com>
Date: Fri, 12 Oct 2018 15:31:35 -0700
Subject: [PATCH 08/12] Update SVN for Walleye/Taimen to 21 for December
 release bug: 117667960

---
 device.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device.mk b/device.mk
index 9c03ce3a..9afbc6a8 100755
--- a/device.mk
+++ b/device.mk
@@ -36,7 +36,7 @@ PRODUCT_COPY_FILES += \
 
 # Set the SVN for the targeted MR release
 PRODUCT_PROPERTY_OVERRIDES += \
-    ro.vendor.build.svn=20
+    ro.vendor.build.svn=21
 
 # Enforce privapp-permissions whitelist
 PRODUCT_PROPERTY_OVERRIDES += \

From 93ef496fe8cce1192932954b00dbb2d97e4ed271 Mon Sep 17 00:00:00 2001
From: Wei Wang <wvw@google.com>
Date: Wed, 7 Nov 2018 11:34:26 -0800
Subject: [PATCH 09/12] [DO NOT MERGE]Allow stats_companion to register thermal
 throttling event listener.

Test: Build

Bug: b/112432890
Change-Id: Idec8b17f81583e4ba0137eeeec5224e1a8b0d5f1
---
 sepolicy/vendor/system_server.te   | 2 ++
 sepolicy/vendor/thermalserviced.te | 1 +
 2 files changed, 3 insertions(+)
 create mode 100644 sepolicy/vendor/thermalserviced.te

diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index bcba87c3..28da4728 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -27,3 +27,5 @@ typeattribute system_server system_writes_vendor_properties_violators;
 set_prop(system_server, public_vendor_system_prop)
 
 dontaudit system_server self:capability sys_module;
+
+allow system_server thermal_service:service_manager find;
diff --git a/sepolicy/vendor/thermalserviced.te b/sepolicy/vendor/thermalserviced.te
new file mode 100644
index 00000000..aa6a0857
--- /dev/null
+++ b/sepolicy/vendor/thermalserviced.te
@@ -0,0 +1 @@
+binder_call(thermalserviced, system_server)

From 03e0999ed75406a72bb73a7ced6459f7070507f4 Mon Sep 17 00:00:00 2001
From: Jasmine Cha <chajasmine@google.com>
Date: Tue, 6 Nov 2018 06:27:39 +0000
Subject: [PATCH 10/12] Revert "audio: Enable Waves effect"

This reverts commit c1a57ef03602d3f91c4e253187a60e40c3148a31.

Reason for revert:
There are regressions and it needs more time to debug.
We decide to revert it first since the cutoff data of Feb. QPR is close.
bug: 119152162

Change-Id: Iabf587b8da713dd79b734c27d912eed86635dd59
---
 BoardConfig.mk | 1 -
 device.mk      | 3 +--
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/BoardConfig.mk b/BoardConfig.mk
index f274d6b6..b502a35b 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -129,7 +129,6 @@ AUDIO_FEATURE_ENABLED_MULTI_VOICE_SESSIONS := true
 AUDIO_FEATURE_ENABLED_SND_MONITOR := true
 AUDIO_FEATURE_ENABLED_USB_TUNNEL := true
 BOARD_ROOT_EXTRA_SYMLINKS := /vendor/lib/dsp:/dsp
-AUDIO_FEATURE_ENABLED_MAXX_AUDIO := true
 
 # Include whaoo modules
 USES_DEVICE_GOOGLE_WAHOO := true
diff --git a/device.mk b/device.mk
index 9afbc6a8..2b4a4289 100755
--- a/device.mk
+++ b/device.mk
@@ -481,8 +481,7 @@ PRODUCT_PACKAGES += \
     libqcomvisualizer \
     libqcomvoiceprocessing \
     libqcomvoiceprocessingdescriptors \
-    libqcompostprocbundle \
-    libmalistener
+    libqcompostprocbundle
 
 PRODUCT_PACKAGES += \
     audio.primary.msm8998 \

From 8356cefbe882feec9c955777c542bd8a49a1dd6e Mon Sep 17 00:00:00 2001
From: samchchang <samchchang@google.com>
Date: Wed, 22 Aug 2018 15:40:23 +0800
Subject: [PATCH 11/12] wahoo: sepolicy: Add missing vendor_radio_prop

Add missing vendor_radio_prop:
vendor.radio.pwr.curb_backoff

radio_prop is neverallow since android P.
Move this prop to vendor_radio_prop

Bug: 115943152
Test: Camera function work.
Change-Id: Ia6e9bc68e3e71e14a00bf10718c656eb64b5ea13
(cherry picked from commit be739c6382f9620449f563afd19def200b89b050)
---
 sepolicy/vendor/hal_camera_default.te | 2 ++
 sepolicy/vendor/property_contexts     | 1 +
 sepolicy/vendor/rild.te               | 2 +-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index dcc69ac0..d61e9013 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -21,3 +21,5 @@ userdebug_or_eng(`
   allow hal_camera_default camera_vendor_data_file:dir create_dir_perms;
   allow hal_camera_default camera_vendor_data_file:file create_file_perms;
 ')
+
+get_prop(hal_camera_default, vendor_radio_prop);
\ No newline at end of file
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 773a4c39..1dfdb0b5 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -194,6 +194,7 @@ persist.radio.snapshot_timer  u:object_r:vendor_radio_prop:s0
 persist.radio.videopause.mode  u:object_r:vendor_radio_prop:s0
 persist.radio.VT_ENABLE    u:object_r:vendor_radio_prop:s0
 persist.radio.VT_HYBRID_ENABLE  u:object_r:vendor_radio_prop:s0
+vendor.radio.pwr.curb_backoff  u:object_r:vendor_radio_prop:s0
 
 # vendor_bluetooth_prop
 persist.vendor.bluetooth.a4wp           u:object_r:vendor_bluetooth_prop:s0
diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te
index 609bf2f7..7c86d222 100644
--- a/sepolicy/vendor/rild.te
+++ b/sepolicy/vendor/rild.te
@@ -28,7 +28,7 @@ dontaudit rild diag_device:chr_file rw_file_perms;
 allow rild radio_vendor_data_file:dir rw_dir_perms;
 allow rild radio_vendor_data_file:file create_file_perms;
 
-get_prop(rild, vendor_radio_prop)
+set_prop(rild, vendor_radio_prop)
 
 # Allow vendor native process to read the proc file of xt_qtaguid
 allow rild proc_qtaguid_stat:file r_file_perms;

From a7f299ffed7d7c03b43ef3a6adcdca1845b44522 Mon Sep 17 00:00:00 2001
From: Elisa Pascual Trevino <elisapascual@google.com>
Date: Wed, 28 Nov 2018 12:18:25 -0800
Subject: [PATCH 12/12] Update SVN for Wahoo to 23 for Feb 2019 Release Bug:
 120144419 (cherry picked from commit
 cd2d29dc83b24e7ebe6700cccdc10212e93c7ca2)

Change-Id: I58855207a151d1035aca86593a57df1966751059
---
 device.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device.mk b/device.mk
index 2b4a4289..d55231be 100755
--- a/device.mk
+++ b/device.mk
@@ -36,7 +36,7 @@ PRODUCT_COPY_FILES += \
 
 # Set the SVN for the targeted MR release
 PRODUCT_PROPERTY_OVERRIDES += \
-    ro.vendor.build.svn=21
+    ro.vendor.build.svn=23
 
 # Enforce privapp-permissions whitelist
 PRODUCT_PROPERTY_OVERRIDES += \