Add support for setting up userdata for automated testing
This only triggers when a special file in /data is placed which can be
flashed as part of the device setup in an automated environment.
It should not have any effect on phones that don't have this trigger.
Additionally,
* Adjust to Android 11: Migrate all changes from system/{core,sepolicy}
into one FP3 device change.
* Move to Android.bp.
Issue: FP3-A11#130
Change-Id: I0b86b95660e82a224848efa54e4aeceb4d05d802
(cherry picked from commit d92419520ea3507cbf4828dac01bfc7cefe70e41)
Depends-On: I780e7c112cc39251cb6af9781e8eab4f5aa95c6f
diff --git a/automation_setup/Android.bp b/automation_setup/Android.bp
new file mode 100644
index 0000000..8079e10
--- /dev/null
+++ b/automation_setup/Android.bp
@@ -0,0 +1,12 @@
+//
+// Copyright 2021-2022 Fairphone B.V.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+cc_prebuilt_binary {
+ name: "automation_setup",
+
+ srcs: ["automation_setup.sh"],
+ init_rc: ["automation_setup.rc"],
+}
diff --git a/automation_setup/automation_setup.rc b/automation_setup/automation_setup.rc
new file mode 100644
index 0000000..4e54ab8
--- /dev/null
+++ b/automation_setup/automation_setup.rc
@@ -0,0 +1,15 @@
+#
+# Copyright 2021-2022 Fairphone B.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+on load_persist_props_action
+ start automation_setup
+
+service automation_setup /system/bin/automation_setup
+ user system
+ group root
+ stdio_to_kmsg
+ oneshot
+ disabled
diff --git a/automation_setup/automation_setup.sh b/automation_setup/automation_setup.sh
new file mode 100644
index 0000000..744d4ef
--- /dev/null
+++ b/automation_setup/automation_setup.sh
@@ -0,0 +1,35 @@
+#!/system/bin/sh
+
+# Check if this script should trigger, exit quietly otherwise.
+if [ ! -f /data/userdata_automation/trigger ]; then
+ echo >&2 "+++ SKIPPING automation setup for ATS. Trigger not set. +++"
+ exit 0
+fi
+
+settings_put() {
+ echo >&2 "[automation_setup] settings put $*"
+ # -w: Wait for the service to be ready, as we're running in early boot
+ cmd -w settings put "$@"
+}
+
+# Output on stderr, to be picked up via stdio_to_kmsg on kmsg.
+echo >&2 "+++ TRIGGERING AUTOMATION SETUP FOR ATS +++"
+
+# Move supplied adb public key to correct directory
+mv -v /data/userdata_automation/adb_keys /data/misc/adb/adb_keys
+chown -v 1000:2000 /data/misc/adb/adb_keys
+
+# Enable adb
+setprop persist.sys.usb.config adb
+settings_put global development_settings_enabled 1
+settings_put global verifier_verify_adb_installs 0
+settings_put global adb_enabled 1
+
+# Skip setupwizard
+settings_put global device_provisioned 1
+settings_put secure user_setup_complete 1
+
+# Remove trigger so we don't run again
+rm -v /data/userdata_automation/trigger
+
+echo >&2 "+++ TRIGGERING AUTOMATION SETUP FOR ATS DONE +++"
diff --git a/sepolicy/vendor/automation_setup/automation_setup.te b/sepolicy/vendor/automation_setup/automation_setup.te
new file mode 100644
index 0000000..0590763
--- /dev/null
+++ b/sepolicy/vendor/automation_setup/automation_setup.te
@@ -0,0 +1,36 @@
+#
+# Copyright 2021-2022 Fairphone B.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+type automation_setup, domain, coredomain;
+type automation_setup_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(automation_setup)
+
+# Allow the script to execute some tools
+allow automation_setup shell_exec:file rx_file_perms;
+allow automation_setup toolbox_exec:file rx_file_perms;
+allow automation_setup system_file:file rx_file_perms;
+
+# Allow file system permissions in /data/userdata_automation
+allow automation_setup userdata_automation_file:dir create_dir_perms;
+allow automation_setup userdata_automation_file:file create_file_perms;
+
+# Allow file system permission to /data/misc/adb/adb_keys
+allow automation_setup adb_keys_file:dir rw_dir_perms;
+allow automation_setup adb_keys_file:file create_file_perms;
+
+# Allow cmd settings put
+allow automation_setup settings_service:service_manager find;
+binder_call(automation_setup, servicemanager)
+binder_call(servicemanager, automation_setup)
+binder_call(automation_setup, system_server)
+binder_call(system_server, automation_setup)
+
+# Allow setprop
+set_prop(automation_setup, system_prop)
+
+# Allow service option "stdio_to_kmsg"
+allow automation_setup kmsg_debug_device:chr_file { ioctl open getattr append write };
diff --git a/sepolicy/vendor/automation_setup/file.te b/sepolicy/vendor/automation_setup/file.te
new file mode 100644
index 0000000..5d56c16
--- /dev/null
+++ b/sepolicy/vendor/automation_setup/file.te
@@ -0,0 +1,8 @@
+#
+# Copyright 2021-2022 Fairphone B.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# /data/userdata_automation
+type userdata_automation_file, file_type, data_file_type, core_data_file_type;
diff --git a/sepolicy/vendor/automation_setup/file_contexts b/sepolicy/vendor/automation_setup/file_contexts
new file mode 100644
index 0000000..3352aac
--- /dev/null
+++ b/sepolicy/vendor/automation_setup/file_contexts
@@ -0,0 +1,8 @@
+#
+# Copyright 2021-2022 Fairphone B.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+/system/bin/automation_setup u:object_r:automation_setup_exec:s0
+/data/userdata_automation(/.*)? u:object_r:userdata_automation_file:s0
diff --git a/sepolicy/vendor/automation_setup/system_server.te b/sepolicy/vendor/automation_setup/system_server.te
new file mode 100644
index 0000000..ac167d7
--- /dev/null
+++ b/sepolicy/vendor/automation_setup/system_server.te
@@ -0,0 +1,10 @@
+#
+# Copyright 2021-2022 Fairphone B.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# automation_setup is logging errors to kmsg via stdio_to_kmsg. It's calling
+# system services that get their stderr redirected to kmsg as well. These
+# service calls would fail if they don't have write access kmsg.
+allow system_server kmsg_debug_device:chr_file { ioctl open getattr append write };