sepolicy: move the FM sepolicy rules to product

Created the new domain for FM.
Moved the FM sepolicy rules to product.

CRs-Fixed: 2641193
Change-Id: I3cfe84dbe93c108124475a3e3825f7f80b5f6e57

generic/product/public/attributes

@@ -28,3 +28,7 @@
 attribute vendor_hal_systemhelper;
 attribute vendor_hal_systemhelper_client;
 attribute vendor_hal_systemhelper_server;
+
+attribute vendor_hal_perf;
+attribute vendor_hal_perf_client;
+attribute vendor_hal_perf_server;

generic/vendor/common/attributes

@@ -29,10 +29,6 @@ attribute vendor_hal_hbtp;
 attribute vendor_hal_hbtp_client;
 attribute vendor_hal_hbtp_server;
 
-attribute vendor_hal_perf;
-attribute vendor_hal_perf_client;
-attribute vendor_hal_perf_server;
-
 attribute vendor_hal_qdutils_disp;
 attribute vendor_hal_qdutils_disp_client;
 attribute vendor_hal_qdutils_disp_server;

qva/product/private/fm_app.te

@@ -0,0 +1,39 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_fm_app coredomain;
+app_domain(vendor_fm_app)
+
+hal_client_domain(vendor_fm_app, vendor_hal_fm);
+hal_client_domain(vendor_fm_app, vendor_hal_btconfigstore);
+hal_client_domain(vendor_fm_app, vendor_hal_qspmhal);
+hal_client_domain(vendor_fm_app, vendor_hal_perf);
+
+binder_call(vendor_fm_app, gpuservice)
+allow vendor_fm_app radio_service:service_manager find;
+allow vendor_fm_app audioserver_service:service_manager find;
+allow vendor_fm_app mediaserver_service:service_manager find;

qva/product/private/seapp_contexts

@@ -26,3 +26,5 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #Add new domain for system helper service using for Trusted UI
+# FM app
+user=_app seinfo=platform name=com.caf.fmradio domain=vendor_fm_app type=app_data_file levelFrom=all

qva/product/public/attributes

@@ -24,3 +24,15 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+attribute vendor_hal_qspmhal;
+attribute vendor_hal_qspmhal_client;
+attribute vendor_hal_qspmhal_server;
+
+attribute vendor_hal_btconfigstore;
+attribute vendor_hal_btconfigstore_client;
+attribute vendor_hal_btconfigstore_server;
+
+attribute vendor_hal_fm;
+attribute vendor_hal_fm_client;
+attribute vendor_hal_fm_server;

qva/product/public/fm_app.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_fm_app, domain;

qva/vendor/common/attributes

@@ -85,10 +85,6 @@ attribute vendor_hal_cvp;
 attribute vendor_hal_cvp_client;
 attribute vendor_hal_cvp_server;
 
-attribute vendor_hal_fm;
-attribute vendor_hal_fm_client;
-attribute vendor_hal_fm_server;
-
 attribute vendor_hal_wigig;
 attribute vendor_hal_wigig_client;
 attribute vendor_hal_wigig_server;
@@ -101,10 +97,6 @@ attribute vendor_hal_fstman;
 attribute vendor_hal_fstman_client;
 attribute vendor_hal_fstman_server;
 
-attribute vendor_hal_btconfigstore;
-attribute vendor_hal_btconfigstore_client;
-attribute vendor_hal_btconfigstore_server;
-
 attribute vendor_hal_wifilearner;
 attribute vendor_hal_wifilearner_client;
 attribute vendor_hal_wifilearner_server;
@@ -113,10 +105,6 @@ attribute vendor_hal_srvctracker;
 attribute vendor_hal_srvctracker_client;
 attribute vendor_hal_srvctracker_server;
 
-attribute vendor_hal_qspmhal;
-attribute vendor_hal_qspmhal_client;
-attribute vendor_hal_qspmhal_server;
-
 attribute vendor_hal_bluetooth_dun;
 attribute vendor_hal_bluetooth_dun_client;
 attribute vendor_hal_bluetooth_dun_server;

qva/vendor/common/fm_app.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+allow vendor_fm_app vendor_sysfs_kgsl:file r_file_perms;
+get_prop(vendor_fm_app, vendor_bluetooth_prop)

qva/vendor/common/hal_bluetooth_default.te

@@ -27,3 +27,5 @@
 
 hal_server_domain(hal_bluetooth_default, vendor_hal_fm)
 hal_server_domain(hal_bluetooth_default, vendor_hal_btconfigstore)
+# hal_bluetooth_default needes  open read on fm_radio_device
+allow hal_bluetooth_default vendor_fm_radio_device:chr_file r_file_perms;

qva/vendor/common/platform_app.te

@@ -40,11 +40,5 @@ hal_client_domain(platform_app, vendor_hal_qspmhal)
 hal_client_domain(platform_app, hal_fingerprint)
 # allow platform_app to interact with pasr hal
 hal_client_domain(platform_app, vendor_hal_pasrmanager)
-#fm
-hal_client_domain(platform_app, vendor_hal_fm);
-# fm_radio app needes  open read on fm_radio_device
-allow platform_app vendor_fm_radio_device:chr_file r_file_perms;
-#allow platform_app to access btconfigstore hal
-hal_client_domain(platform_app, vendor_hal_btconfigstore);
 #allow platform_app to access embmssl hal
 hal_client_domain(platform_app, vendor_hal_embmssl)

qva/vendor/common/system_app.te

@@ -28,10 +28,6 @@
 
 #allow system_app access factory
 hal_client_domain(system_app, vendor_hal_factory_qti);
-hal_client_domain(system_app, vendor_hal_fm);
-
-# fm_radio app needes  open read on fm_radio_device
-allow system_app vendor_fm_radio_device:chr_file r_file_perms;
 
 #allow system_app access sensorscalibration service
 hal_client_domain(system_app, vendor_hal_sensorscalibrate_qti);
@@ -48,9 +44,6 @@ hal_client_domain(system_app, vendor_hal_display_color);
 # allow system_app to interact with light hal
 hal_client_domain(system_app, hal_light);
 
-#allow system app to access btconfigstore hal
-hal_client_domain(system_app, vendor_hal_btconfigstore);
-
 # update engine
 binder_call( system_app, update_engine )