sepolicy: add domain for sysmonapp applications

Add a domain with necessary permissions for sysmonapp applications
signed using the certificate provided.

Change-Id: Id61eb7e263cf83724305eda624fb06c2df5ac555

Android.mk

@@ -5,7 +5,8 @@ BOARD_SEPOLICY_DIRS := \
        $(BOARD_SEPOLICY_DIRS) \
        $(LOCAL_PATH) \
        $(LOCAL_PATH)/vendor/common \
-       $(LOCAL_PATH)/vendor/$(TARGET_BOARD_PLATFORM)
+       $(LOCAL_PATH)/vendor/$(TARGET_BOARD_PLATFORM) \
+       $(LOCAL_PATH)/vendor/common/sysmonapp
 
 BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
     $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \

vendor/common/sysmonapp/keys.conf

@@ -0,0 +1,2 @@
+[@SYSMONAPP]
+ALL : device/qcom/sepolicy/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem

vendor/common/sysmonapp/mac_permissions.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+    * Neither the name of The Linux Foundation nor the names of its
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+
+<policy>
+    <signer signature="@SYSMONAPP" >
+      <seinfo value="sysmonapp" />
+    </signer>
+</policy>

vendor/common/sysmonapp/seapp_contexts

@@ -0,0 +1,30 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# sysmonapp applications
+user=_app seinfo=sysmonapp domain=sysmonapp_app name=com.qualcomm.sysmonappInternal type=app_data_file levelFrom=all
+user=_app seinfo=sysmonapp domain=sysmonapp_app name=com.qualcomm.qti.sysmonappExternal type=app_data_file levelFrom=all

vendor/common/sysmonapp/sysmonapp_app.te

@@ -0,0 +1,43 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+## sysmonapp_app
+## This file defines permissions that sysmonapp_app can carry
+
+type sysmonapp_app, domain;
+app_domain(sysmonapp_app);
+
+# For service manager access
+allow sysmonapp_app app_api_service:service_manager find;
+
+# For access to camera and media
+allow sysmonapp_app cameraserver_service:service_manager find;
+allow sysmonapp_app mediaserver_service:service_manager find;
+
+# To access FastRPC devices
+allow sysmonapp_app qdsp_device:chr_file r_file_perms;
+allow sysmonapp_app xdsp_device:chr_file r_file_perms;

vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID+zCCAuOgAwIBAgIJAI6ZXMpc0lvVMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJJTjESMBAGA1UECAwJVGVsYW5nYW5hMRIwEAYDVQQHDAlIeWRlcmFiYWQx
+FjAUBgNVBAoMDVF1YWxjb21tLEluYy4xDDAKBgNVBAsMA1FDVDEPMA0GA1UEAwwG
+c2dhbmRlMSYwJAYJKoZIhvcNAQkBFhdzZ2FuZGVAcXRpLnF1YWxjb21tLmNvbTAe
+Fw0xODA2MTgwNTM0MTVaFw00NTExMDMwNTM0MTVaMIGUMQswCQYDVQQGEwJJTjES
+MBAGA1UECAwJVGVsYW5nYW5hMRIwEAYDVQQHDAlIeWRlcmFiYWQxFjAUBgNVBAoM
+DVF1YWxjb21tLEluYy4xDDAKBgNVBAsMA1FDVDEPMA0GA1UEAwwGc2dhbmRlMSYw
+JAYJKoZIhvcNAQkBFhdzZ2FuZGVAcXRpLnF1YWxjb21tLmNvbTCCASAwDQYJKoZI
+hvcNAQEBBQADggENADCCAQgCggEBAJf2rCxstFL2XNWAfKOfDYDkIBXDR5hIQgki
+TlO3gOt7HuQ2VJXwiE7u9DxuBo2Z/bjqA0jsTyoVPUv4L0ZzV5sJHTyNmGtZbE8Y
+1HaXopIWTTM3rACZc/flhDUilEwLwhwSnaPLb+ZfBAziJfB4zlVFTqtW9ppyHTuK
+LtyZ/T3d0IbpKsQveuUrRi2C7D+DLw4ma8jLxZxB74SIrJDHAwO2fBfVYdr1zomV
+2Xw3yByP9LtH1iZn0mazK2iwLc0jwMA0MkP9vXy0AgU/K05fK2NGA1ohYGE+VylP
+2/xdOoTGYG9o+rQ4E4aRHLhUm0rrYJ+gMr5dNfAYKrYkNhYAFQ8CAQOjUDBOMB0G
+A1UdDgQWBBTmhWIosfZ4boEKTQfYpXyEEKWJczAfBgNVHSMEGDAWgBTmhWIosfZ4
+boEKTQfYpXyEEKWJczAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA5
+60hYg8NV88l1vIJm67f2ZNOdRRcdN9cfRZcvQJ+5b6Fi5y3OWrAZZUoq809GwVzM
+BLD39kW7FeD7SGoXEn0aEiNPW7Ow0wEyNIKcnbL1BSCqNbuFpoDuTm8WA81NG3jV
+I3seJtbJBlOH800udMsuq1HlR2Bf0gG7CrCqSAoWupu6wFT9bvjRH92xd/nx9f5H
+vKdLHuCavy9woAp+pAZG06QYQ3r5xghUrSFzeBwRZyCvEdoPNMKRnAsLSPDVNPKh
+mrvpzBOuFpFrMikMTniOua0O7u1Mozb9JUCVJ3gKg6XDjkOggUZz4YOnjZTYCt+U
+M4A7lXTNwu+o0hww8cEB
+-----END CERTIFICATE-----