Qvirtservice hal selinux changes

Change-Id: I58d2580c50f4000c47ba0320f7ccf306f91218ef
2023-01-25 12:26:11 +05:30 · 2023-01-25 12:26:11 +05:30 · 10fd7ed18c
commit 10fd7ed18c
parent 2f0bc4276d
7 changed files with 59 additions and 2 deletions
--- a/generic/private/compat/33.0/33.0.ignore.cil
+++ b/generic/private/compat/33.0/33.0.ignore.cil
@ -4,4 +4,6 @@
 (type new_objects)
 (typeattribute new_objects)
 (typeattributeset new_objects
-  ( new_objects))
+  ( new_objects
+    vendor_hal_qvirtservice_qti
+    vendor_hal_qvirt_service))
--- a/generic/private/service_contexts
+++ b/generic/private/service_contexts
@ -24,6 +24,11 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
 cneservice                                           u:object_r:vendor_cne_service:s0
 com.qualcomm.qti.ustaservice.USTAServiceImpl         u:object_r:vendor_usta_app_service:s0
 dpmservice                                     u:object_r:vendor_dpmservice:s0
@ -49,4 +54,5 @@ nfc.st_ext                                     u:object_r:nfc_service:s0
 vendor.qti.gnss.ILocAidlGnss/default           u:object_r:hal_gnss_service:s0
 vendor.qvirtmgr                                u:object_r:vendor_qvirtmgr_service:s0
 vendor.qti.qesdsys.IQesdSys/default            u:object_r:vendor_qesdk_service:s0
-vendor.qti.hardware.radio.atcmdfwd.IAtCmdFwd/AtCmdFwdAidl u:object_r:radio_service:s0
+vendor.qti.hardware.radio.atcmdfwd.IAtCmdFwd/AtCmdFwdAidl u:object_r:radio_service:s0
+vendor.qti.qvirt.IVirtualizationService/default   u:object_r:vendor_hal_qvirt_service:s0
--- a/generic/product/private/file_contexts
+++ b/generic/product/private/file_contexts
@ -33,3 +33,4 @@
 /(product|system|system_ext)/bin/qvirtmgr                        u:object_r:vendor_qvirtmgr_exec:s0
 /(product|system|system_ext)/bin/qcrosvm                         u:object_r:vendor_qcrosvm_exec:s0
 /(product|system/product)/vm-system(/.*)?                        u:object_r:vendor_vm_qti_system_file:s0
+/(product|system|system_ext)/bin/vendor\.qti\.qvirt-service      u:object_r:vendor_hal_qvirtservice_qti_exec:s0
--- a/generic/product/private/qvirtservice.te
+++ b/generic/product/private/qvirtservice.te
@ -0,0 +1,29 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# Policy for qvirtservice
+typeattribute vendor_hal_qvirtservice_qti coredomain;
+type vendor_hal_qvirtservice_qti_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_hal_qvirtservice_qti);
+
+binder_use(vendor_hal_qvirtservice_qti);
+
+hal_server_domain(vendor_hal_qvirtservice_qti,vendor_hal_qvirtservice);
+
+hal_attribute_service(vendor_hal_qvirtservice,vendor_hal_qvirt_service);
+
+binder_call(vendor_hal_qvirtservice_server, vendor_hal_qvirtservice_client);
+binder_call(vendor_hal_qvirtservice_client, vendor_hal_qvirtservice_server);
+
+binder_use(vendor_hal_qvirtservice_client);
+
+domain_auto_trans(vendor_hal_qvirtservice_qti, vendor_qcrosvm_exec, vendor_qvirtmgr)
+
+allow vendor_qvirtmgr vendor_hal_qvirtservice_qti:fd use;
+
+set_prop(vendor_hal_qvirtservice_qti, vendor_qvirtmgr_prop)
+
+allow vendor_hal_qvirtservice_qti vendor_qcrosvm_exec:file {r_file_perms getattr execute map };
+
+allow vendor_hal_qvirtservice_qti self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
--- a/generic/public/attributes
+++ b/generic/public/attributes
@ -29,6 +29,10 @@
 #
 # Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
 # SPDX-License-Identifier: BSD-3-Clause-Clear
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear

 attribute vendor_hal_hbtp;
 attribute vendor_hal_hbtp_client;
@ -304,3 +308,7 @@ attribute system_halserverdomain;
 attribute vendor_hal_atfwd;
 attribute vendor_hal_atfwd_server;
 attribute vendor_hal_atfwd_client;
+
+attribute vendor_hal_qvirtservice;
+attribute vendor_hal_qvirtservice_server;
+attribute vendor_hal_qvirtservice_client;
--- a/generic/public/qvirtservice.te
+++ b/generic/public/qvirtservice.te
@ -0,0 +1,4 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+type vendor_hal_qvirtservice_qti, domain;
--- a/generic/public/service.te
+++ b/generic/public/service.te
@ -24,6 +24,13 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
 type vendor_usta_app_service,        app_api_service, system_api_service, service_manager_type;
 type vendor_hal_displayconfig_service,      hal_service_type, protected_service, service_manager_type;
 type vendor_hal_telephony_service, hal_service_type, protected_service, service_manager_type;
+type vendor_hal_qvirt_service,    hal_service_type, protected_service, service_manager_type;
+