sepolicy: Give read/write permission to vender_gles_data_file

Add sepolicy for untrusted_app_25, priv_app.te, domain.te
to read/write vender_gles_data_file to access system_server,
surfaceflinger, bootanim, system_app, platform_app,
priv_app, radio, shell

04-11 21:12:48.359  8395  8395 W RenderThread: type=1400
audit(0.0:1058): avc: denied { read } for
name="esx_config.txt" dev="dm-0" ino=295474
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:vendor_data_file:s0 tclass=file
permissive=0 app=com.qualcomm.adrenotest.

CRs-Fixed:2436094, 2441817

Change-Id: I15dc9873cd38bbca9f955917d57b3da2a5b056b7
Signed-off-by: Vijay Agrawal <vijaagra@codeaurora.org>

generic/vendor/test/domain.te

@@ -25,6 +25,16 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+dontaudit {
+    system_server
+    surfaceflinger
+    bootanim
+    system_app
+    platform_app
+    priv_app
+    radio
+    shell
+} vendor_gles_data_file:dir search;
 #allow all gpu clients to access configuration settings
 userdebug_or_eng(`
 allow domain sysfs_kgsl:dir search;

generic/vendor/test/file.te

@@ -36,3 +36,5 @@ type qti_display_debugfs, fs_type, debugfs_type;
 
 # sensors data file type for script access by test apps
 type sensors_data_file, file_type, data_file_type, core_data_file_type;
+
+type vendor_gles_data_file, file_type, data_file_type;

generic/vendor/test/file_contexts

@@ -90,3 +90,4 @@
 
 # Console via JTAG - debug only
 /dev/hvc0							u:object_r:console_device:s0
+/data/vendor/gpu(/.*)? u:object_r:vendor_gles_data_file:s0

generic/vendor/test/priv_app.te

@@ -0,0 +1,35 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#allow priv_app clients to access configuration settings
+userdebug_or_eng(`
+allow priv_app sysfs_kgsl:dir search;
+r_dir_file(priv_app, sysfs_kgsl_snapshot);
+r_dir_file(priv_app, vendor_gles_data_file);
+allow priv_app vendor_gles_data_file:dir rw_dir_perms;
+allow priv_app vendor_gles_data_file:file rw_file_perms;
+')

generic/vendor/test/untrusted_app_25.te

@@ -0,0 +1,35 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#allow untrusted_app_25 clients to access configuration settings
+userdebug_or_eng(`
+allow untrusted_app_25 sysfs_kgsl:dir search;
+r_dir_file(untrusted_app_25, sysfs_kgsl_snapshot);
+r_dir_file(untrusted_app_25, vendor_gles_data_file);
+allow untrusted_app_25 vendor_gles_data_file:dir rw_dir_perms;
+allow untrusted_app_25 vendor_gles_data_file:file rw_file_perms;
+')