From 10fd7ed18c15156c1f3d8a9cd85ed22fc3e01d43 Mon Sep 17 00:00:00 2001
From: Karra Harshitha <quic_kharshit@quicinc.com>
Date: Wed, 25 Jan 2023 12:26:11 +0530
Subject: [PATCH] Qvirtservice hal selinux changes

Change-Id: I58d2580c50f4000c47ba0320f7ccf306f91218ef
---
 generic/private/compat/33.0/33.0.ignore.cil |  4 ++-
 generic/private/service_contexts            |  8 +++++-
 generic/product/private/file_contexts       |  1 +
 generic/product/private/qvirtservice.te     | 29 +++++++++++++++++++++
 generic/public/attributes                   |  8 ++++++
 generic/public/qvirtservice.te              |  4 +++
 generic/public/service.te                   |  7 +++++
 7 files changed, 59 insertions(+), 2 deletions(-)
 create mode 100644 generic/product/private/qvirtservice.te
 create mode 100644 generic/public/qvirtservice.te

diff --git a/generic/private/compat/33.0/33.0.ignore.cil b/generic/private/compat/33.0/33.0.ignore.cil
index 8da267f4..cfc2529f 100644
--- a/generic/private/compat/33.0/33.0.ignore.cil
+++ b/generic/private/compat/33.0/33.0.ignore.cil
@@ -4,4 +4,6 @@
 (type new_objects)
 (typeattribute new_objects)
 (typeattributeset new_objects
-  ( new_objects))
+  ( new_objects
+    vendor_hal_qvirtservice_qti
+    vendor_hal_qvirt_service))
diff --git a/generic/private/service_contexts b/generic/private/service_contexts
index 33928d77..15a5615c 100644
--- a/generic/private/service_contexts
+++ b/generic/private/service_contexts
@@ -24,6 +24,11 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
 cneservice                                           u:object_r:vendor_cne_service:s0
 com.qualcomm.qti.ustaservice.USTAServiceImpl         u:object_r:vendor_usta_app_service:s0
 dpmservice                                     u:object_r:vendor_dpmservice:s0
@@ -49,4 +54,5 @@ nfc.st_ext                                     u:object_r:nfc_service:s0
 vendor.qti.gnss.ILocAidlGnss/default           u:object_r:hal_gnss_service:s0
 vendor.qvirtmgr                                u:object_r:vendor_qvirtmgr_service:s0
 vendor.qti.qesdsys.IQesdSys/default            u:object_r:vendor_qesdk_service:s0
-vendor.qti.hardware.radio.atcmdfwd.IAtCmdFwd/AtCmdFwdAidl u:object_r:radio_service:s0
\ No newline at end of file
+vendor.qti.hardware.radio.atcmdfwd.IAtCmdFwd/AtCmdFwdAidl u:object_r:radio_service:s0
+vendor.qti.qvirt.IVirtualizationService/default   u:object_r:vendor_hal_qvirt_service:s0
diff --git a/generic/product/private/file_contexts b/generic/product/private/file_contexts
index 33f6f095..8a56c049 100644
--- a/generic/product/private/file_contexts
+++ b/generic/product/private/file_contexts
@@ -33,3 +33,4 @@
 /(product|system|system_ext)/bin/qvirtmgr                        u:object_r:vendor_qvirtmgr_exec:s0
 /(product|system|system_ext)/bin/qcrosvm                         u:object_r:vendor_qcrosvm_exec:s0
 /(product|system/product)/vm-system(/.*)?                        u:object_r:vendor_vm_qti_system_file:s0
+/(product|system|system_ext)/bin/vendor\.qti\.qvirt-service      u:object_r:vendor_hal_qvirtservice_qti_exec:s0
diff --git a/generic/product/private/qvirtservice.te b/generic/product/private/qvirtservice.te
new file mode 100644
index 00000000..ae812491
--- /dev/null
+++ b/generic/product/private/qvirtservice.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# Policy for qvirtservice
+typeattribute vendor_hal_qvirtservice_qti coredomain;
+type vendor_hal_qvirtservice_qti_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_hal_qvirtservice_qti);
+
+binder_use(vendor_hal_qvirtservice_qti);
+
+hal_server_domain(vendor_hal_qvirtservice_qti,vendor_hal_qvirtservice);
+
+hal_attribute_service(vendor_hal_qvirtservice,vendor_hal_qvirt_service);
+
+binder_call(vendor_hal_qvirtservice_server, vendor_hal_qvirtservice_client);
+binder_call(vendor_hal_qvirtservice_client, vendor_hal_qvirtservice_server);
+
+binder_use(vendor_hal_qvirtservice_client);
+
+domain_auto_trans(vendor_hal_qvirtservice_qti, vendor_qcrosvm_exec, vendor_qvirtmgr)
+
+allow vendor_qvirtmgr vendor_hal_qvirtservice_qti:fd use;
+
+set_prop(vendor_hal_qvirtservice_qti, vendor_qvirtmgr_prop)
+
+allow vendor_hal_qvirtservice_qti vendor_qcrosvm_exec:file {r_file_perms getattr execute map };
+
+allow vendor_hal_qvirtservice_qti self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
diff --git a/generic/public/attributes b/generic/public/attributes
index 0996c903..58b2e871 100644
--- a/generic/public/attributes
+++ b/generic/public/attributes
@@ -29,6 +29,10 @@
 #
 # Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
 # SPDX-License-Identifier: BSD-3-Clause-Clear
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
 
 attribute vendor_hal_hbtp;
 attribute vendor_hal_hbtp_client;
@@ -304,3 +308,7 @@ attribute system_halserverdomain;
 attribute vendor_hal_atfwd;
 attribute vendor_hal_atfwd_server;
 attribute vendor_hal_atfwd_client;
+
+attribute vendor_hal_qvirtservice;
+attribute vendor_hal_qvirtservice_server;
+attribute vendor_hal_qvirtservice_client;
diff --git a/generic/public/qvirtservice.te b/generic/public/qvirtservice.te
new file mode 100644
index 00000000..c2e7ea8f
--- /dev/null
+++ b/generic/public/qvirtservice.te
@@ -0,0 +1,4 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+type vendor_hal_qvirtservice_qti, domain;
diff --git a/generic/public/service.te b/generic/public/service.te
index 6ec631f0..60ce005b 100644
--- a/generic/public/service.te
+++ b/generic/public/service.te
@@ -24,6 +24,13 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
 type vendor_usta_app_service,        app_api_service, system_api_service, service_manager_type;
 type vendor_hal_displayconfig_service,      hal_service_type, protected_service, service_manager_type;
 type vendor_hal_telephony_service, hal_service_type, protected_service, service_manager_type;
+type vendor_hal_qvirt_service,    hal_service_type, protected_service, service_manager_type;
+