sepolicy: legacy: Import QSPMHAL sepolicies

from: https://github.com/AOSPA/android_device_qcom_sepolicy_vndr Change-Id: Icff1154918c8fa4e529591295536c2f2fdc2ce33 Signed-off-by: Jprimero15 <jprimero15@aospa.co>
2024-01-03 13:29:38 +08:00 · 2024-01-03 13:29:38 +08:00 · 256ee462b1
parent 4b2c610a6e
commit 256ee462b1
18 changed files with 100 additions and 5 deletions
--- a/sepolicy/legacy/vendor/common/bluetooth.te
+++ b/sepolicy/legacy/vendor/common/bluetooth.te
@ -86,6 +86,9 @@ hal_client_domain(bluetooth, hal_btconfigstore);
 #allow bluetooth to access perf hal
 hal_client_domain(bluetooth, vendor_hal_perf);

+#allow bluetooth to access qspmhal
+hal_client_domain(bluetooth, vendor_hal_qspmhal)
+
 #allow bluetooth to make binder call to gpuservice
 binder_call(bluetooth, gpuservice);

--- a/sepolicy/legacy/vendor/common/file.te
+++ b/sepolicy/legacy/vendor/common/file.te
@ -97,6 +97,9 @@ type sensors_socket, file_type;
 type sensors_persist_file, file_type, vendor_persist_type;
 type sysfs_sensors, sysfs_type, fs_type;

+#qspm-hal
+type vendor_qspmhal_data_file, file_type, data_file_type;
+
 #Memory offlining file types
 type sysfs_memory_offline, sysfs_type, fs_type;

--- a/sepolicy/legacy/vendor/common/file_contexts
+++ b/sepolicy/legacy/vendor/common/file_contexts
@ -364,6 +364,8 @@
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.power\.pasrmanager\@1\.0-service u:object_r:hal_pasrmanager_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.capabilityconfigstore@1\.0-service u:object_r:hal_capabilityconfigstore_qti_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qccvndhal@1\.0-service       u:object_r:vendor_hal_qccvndhal_qti_exec:s0
+/vendor/bin/vendor\.qti\.qspmhal@1\.0-service                                      u:object_r:vendor_hal_qspmhal_default_exec:s0
+/vendor/bin/vendor\.qti\.qspmhal-service                                           u:object_r:vendor_hal_qspmhal_default_exec:s0

 ###################################
 # sysfs files
@ -597,7 +599,7 @@
 /data/vendor/scve(/.*)?                                             u:object_r:vendor_scve_data_file:s0
 /data/vendor/fm(/.*)?                                               u:object_r:vendor_fm_data_file:s0
 /data/vendor/sensors(/.*)?                                          u:object_r:sensors_vendor_data_file:s0
-
+/data/vendor/gaming(/.*)?                                           u:object_r:vendor_qspmhal_data_file:s0

 ###################################
 # persist files --only mnt/vendor/persist should be added here
@ -736,6 +738,9 @@
 # SVA files
 /vendor/lib(64)?/liblistenjni\.so           u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/liblistensoundmodel2\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor.qti.qspmhal@1.0\.so  u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor.qti.qspmhal-V1-ndk\.so  u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libqspm-mem-utils-vendor\.so  u:object_r:same_process_hal_file:s0

 # libnpu
 /vendor/lib(64)?/libnpu\.so                 u:object_r:same_process_hal_file:s0
--- a/sepolicy/legacy/vendor/common/hal_perf_default.te
+++ b/sepolicy/legacy/vendor/common/hal_perf_default.te
@ -109,3 +109,6 @@ allow vendor_hal_perf_default self:capability { kill };
 binder_call(vendor_hal_perf_default, hal_graphics_composer_default)

 allow vendor_hal_perf_default sysfs_soc:dir r_dir_perms;
+
+# Allow QSPM access
+hal_client_domain(vendor_hal_perf_default, vendor_hal_qspmhal);
--- a/sepolicy/legacy/vendor/common/hwservice.te
+++ b/sepolicy/legacy/vendor/common/hwservice.te
@ -71,3 +71,4 @@ type vendor_hal_qccvndhal_hwservice, hwservice_manager_type, protected_hwservice
 type hal_debugutils_hwservice, hwservice_manager_type;
 type vendor_hal_limits_hwservice, hwservice_manager_type, protected_hwservice;
 type vendor_hal_embmssl_hwservice, hwservice_manager_type, protected_hwservice;
+type vendor_hal_qspmhal_hwservice, hwservice_manager_type;
--- a/sepolicy/legacy/vendor/common/hwservice_contexts
+++ b/sepolicy/legacy/vendor/common/hwservice_contexts
@ -115,3 +115,4 @@ vendor.qti.hardware.mwqemadapter::IMwqemAdapter              u:object_r:vendor_h
 vendor.qti.hardware.dsp::IDspService                         u:object_r:vendor_hal_dspmanager_hwservice:s0
 vendor.qti.hardware.qccvndhal::IQccvndhal                     u:object_r:vendor_hal_qccvndhal_hwservice:s0
 vendor.qti.hardware.embmssl::IEmbms                          u:object_r:vendor_hal_embmssl_hwservice:s0
+vendor.qti.qspmhal::IQspmhal                                 u:object_r:vendor_hal_qspmhal_hwservice:s0
--- a/sepolicy/legacy/vendor/common/mediaserver.te
+++ b/sepolicy/legacy/vendor/common/mediaserver.te
@ -64,4 +64,4 @@ allow mediaserver surfaceflinger:unix_stream_socket rw_socket_perms;
 hal_client_domain(mediaserver, hal_graphics_composer)
 #binder_call(mediaserver, hal_display_config);

-hal_client_domain(mediaserver, vendor_hal_qspmhal)
+dontaudit mediaserver vendor_hal_qspmhal_hwservice:hwservice_manager find;
--- a/sepolicy/legacy/vendor/common/platform_app.te
+++ b/sepolicy/legacy/vendor/common/platform_app.te
@ -52,6 +52,9 @@ hal_client_domain(platform_app, hal_hbtp)
 #for perf-hal call
 hal_client_domain(platform_app, vendor_hal_perf)

+#qspmhal
+hal_client_domain(platform_app, vendor_hal_qspmhal)
+
 #allow embms app to access vendor radio property
 get_prop(platform_app, vendor_radio_prop)

--- a/sepolicy/legacy/vendor/common/priv_app.te
+++ b/sepolicy/legacy/vendor/common/priv_app.te
@ -28,4 +28,7 @@
 hal_client_domain(priv_app, vendor_hal_perf)
 # TODO(b/123050471): this grants renderscript exec permissions to the
 # priv_app domain
-allow priv_app rs_exec:file rx_file_perms;
+allow priv_app rs_exec:file rx_file_perms;
+
+#allow priv_app to access hal_qspmhal
+hal_client_domain(priv_app, vendor_hal_qspmhal)
--- a/sepolicy/legacy/vendor/common/property.te
+++ b/sepolicy/legacy/vendor/common/property.te
@ -193,3 +193,6 @@ vendor_internal_prop(vendor_dcvs_prop);

 # Pasrmanager
 vendor_public_prop(vendor_pasr_prop);
+
+# QSPM
+vendor_restricted_prop(vendor_qspm_prop);
--- a/sepolicy/legacy/vendor/common/property_contexts
+++ b/sepolicy/legacy/vendor/common/property_contexts
@ -238,3 +238,6 @@ vendor.dcvs.prop                 u:object_r:vendor_dcvs_prop:s0
 # PASR
 vendor.pasr.            u:object_r:vendor_pasr_prop:s0
 ro.vendor.pasr.         u:object_r:vendor_pasr_prop:s0
+
+# QSPM
+ro.vendor.qspm.enable            u:object_r:vendor_qspm_prop:s0 exact bool
--- a/sepolicy/legacy/vendor/common/qspmhal.te
+++ b/sepolicy/legacy/vendor/common/qspmhal.te
@ -0,0 +1,54 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_hal_qspmhal_default, domain;
+type vendor_hal_qspmhal_default_exec, exec_type, vendor_file_type, file_type;
+typeattribute vendor_hal_qspmhal_default untrusted_app_visible_halserver_violators;
+
+init_daemon_domain(vendor_hal_qspmhal_default)
+
+hal_server_domain(vendor_hal_qspmhal_default, vendor_hal_qspmhal)
+hal_client_domain(vendor_hal_qspmhal_default, hal_allocator)
+
+binder_call(vendor_hal_qspmhal_client, vendor_hal_qspmhal_server)
+binder_call(vendor_hal_qspmhal_server, vendor_hal_qspmhal_client)
+
+hal_attribute_service(vendor_hal_qspmhal, vendor_hal_qspmhal_service)
+binder_call(vendor_hal_qspmhal_server, servicemanager)
+
+# Add hwservice related rules
+hal_attribute_hwservice(vendor_hal_qspmhal, vendor_hal_qspmhal_hwservice)
+
+#Add permission to create/write file
+allow vendor_hal_qspmhal_default vendor_qspmhal_data_file:file  create_file_perms;
+allow vendor_hal_qspmhal_default vendor_qspmhal_data_file:dir rw_dir_perms;
+
+allow vendor_hal_qspmhal_default vendor_qspmhal_data_file:dir { add_name create getattr open read remove_name unlink write };
+allow vendor_hal_qspmhal_default vendor_qspmhal_data_file:file { open write };
+
+#getprop rule for qspm debug prop
+#userdebug_or_eng(`get_prop(vendor_hal_qspmhal_default, vendor_qspm_dbg_prop)')
--- a/sepolicy/legacy/vendor/common/radio.te
+++ b/sepolicy/legacy/vendor/common/radio.te
@ -49,3 +49,6 @@ hal_client_domain(radio, vendor_hal_perf)

 allow radio vendor_hal_atfwd_hwservice:hwservice_manager find;
 allow radio hidl_base_hwservice:hwservice_manager add;
+
+#qspm
+hal_client_domain(radio, vendor_hal_qspmhal)
--- a/sepolicy/legacy/vendor/common/service.te
+++ b/sepolicy/legacy/vendor/common/service.te
@ -38,3 +38,4 @@ type improve_touch_service,       service_manager_type;
 type dtseagleservice_service,     service_manager_type;
 type gba_auth_service,            service_manager_type;
 type vendor_hal_perf2_service,           hal_service_type, protected_service, service_manager_type;
+type vendor_hal_qspmhal_service,         hal_service_type, service_manager_type;
--- a/sepolicy/legacy/vendor/common/service_contexts
+++ b/sepolicy/legacy/vendor/common/service_contexts
@ -45,3 +45,4 @@ com.qualcomm.qti.uceservice                    u:object_r:imsrcs_service:s0
 vendor.qti.hardware.wifi.supplicant.ISupplicantVendor/default    u:object_r:hal_wifi_supplicant_service:s0
 vendor.qti.gnss.ILocAidlGnss/default           u:object_r:hal_gnss_service:s0
 vendor.qti.hardware.perf2.IPerf/default        u:object_r:vendor_hal_perf2_service:s0
+vendor.qti.qspmhal.IQspmhal/default            u:object_r:vendor_hal_qspmhal_service:s0
--- a/sepolicy/legacy/vendor/common/system_app.te
+++ b/sepolicy/legacy/vendor/common/system_app.te
@ -174,7 +174,8 @@ hal_client_domain(system_app, hal_soter);

 get_prop(system_app, vendor_radio_prop)

-
-
 #allow system app to access capabilityconfigstore hal
 hal_client_domain(system_app, hal_capabilityconfigstore_qti);
+
+#allow system app to access hal_qspmhal
+hal_client_domain(system_app, vendor_hal_qspmhal);
--- a/sepolicy/legacy/vendor/common/system_server.te
+++ b/sepolicy/legacy/vendor/common/system_server.te
@ -187,4 +187,9 @@ get_prop(system_server, vendor_xlat_prop)
 # allow system_server to access IWifiStats HAL service
 hal_client_domain(system_server, hal_wifilearner)

+# allow system_server to access Qspmhal
+hal_client_domain(system_server, vendor_hal_qspmhal);
+
+get_prop(system_server, vendor_qspm_prop)
+
 dontaudit system_server vendor_default_prop:file read;
--- a/sepolicy/legacy/vendor/common/vendor_init.te
+++ b/sepolicy/legacy/vendor/common/vendor_init.te
@ -132,4 +132,6 @@ allow vendor_init ipa_dev:file create_file_perms;

 set_prop(vendor_init, vendor_persist_dpm_prop)

+set_prop(vendor_init, vendor_qspm_prop)
+
 allow vendor_init block_device:lnk_file setattr;