selinux for sxrservice and sxrsplitauxservice

add sepolicy for sxrservice and sxrsplitauxservice

Change-Id: If31f4fe36ce684b9937fca5507ef974a4457e7ae

generic/private/audioserver.te

@@ -26,6 +26,6 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 binder_call(audioserver,vendor_wfdservice);
-
+binder_call(audioserver,vendor_sys_sxrauxd);
 #allow access to ALSA MMAP FDs for AAudio API
 allow audioserver audio_service:service_manager find;

generic/private/file.te

@@ -31,3 +31,5 @@ type vendor_dpmd_data_file, file_type, data_file_type, core_data_file_type;
 type vendor_dpmwrapper_socket, file_type, coredomain_socket, mlstrustedobject;
 type vendor_qcc_data_file, file_type, data_file_type, core_data_file_type;
 type vendor_qcc_app_socket, file_type, mlstrustedobject, coredomain_socket;
+type vendor_sys_sxrauxd_data_file, file_type, data_file_type, core_data_file_type;
+type vendor_sys_sxrauxd_socket, file_type, coredomain_socket;

generic/private/file_contexts

@@ -60,8 +60,10 @@
 /(system_ext|system/system_ext)/bin/mmi_diag    u:object_r:vendor_mmi_sys_exec:s0
 /(system_ext|system/system_ext)/bin/qspmsvc           u:object_r:vendor_qspmsvc_exec:s0
 /(system_ext|system/system_ext)/bin/perfetto_dump\.sh           u:object_r:vendor_perfetto_dump_exec:s0
+/(system_ext|system/system_ext)/bin/qxrsplitauxservice  u:object_r:vendor_sys_sxrauxd_exec:s0
 
 ####### data files ################
 /data/dpm(/.*)?                                 u:object_r:vendor_dpmd_data_file:s0
 /data/nfc(/.*)?                                 u:object_r:nfc_data_file:s0
 /data/misc/qdma(/.*)?                           u:object_r:vendor_qcc_data_file:s0
+/data/misc/sxraux(/.*)?                         u:object_r:vendor_sys_sxrauxd_data_file:s0

generic/private/sxrauxd.te

@@ -0,0 +1,50 @@
+# Copyright (c) 2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_sys_sxrauxd, domain;
+typeattribute vendor_sys_sxrauxd coredomain;
+typeattribute vendor_sys_sxrauxd vendor_hal_sxrservice_qti_socket_fd_use_client;
+type vendor_sys_sxrauxd_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_sys_sxrauxd)
+
+allow vendor_sys_sxrauxd vendor_sys_sxrauxservice_qti_socket_client:unix_stream_socket { getopt read setopt shutdown write };
+# Allow access to our socket
+allow vendor_sys_sxrauxd vendor_sys_sxrauxd_socket:sock_file rw_file_perms;
+
+# Allow access to sxrservice
+hal_client_domain(vendor_sys_sxrauxd, vendor_hal_sxrservice_qti);
+
+#Allow access to Audio Flinger APIs
+binder_call(vendor_sys_sxrauxd, audioserver);
+allow vendor_sys_sxrauxd audioserver_service : service_manager find;
+
+# Allow interracting with vendor_sxrauxd directory
+allow vendor_sys_sxrauxd vendor_sys_sxrauxd_data_file:dir create_dir_perms;
+allow vendor_sys_sxrauxd vendor_sys_sxrauxd_data_file:file create_file_perms;
+
+#allow binder use for checking permissions
+binder_use(vendor_sys_sxrauxd)

generic/private/untrusted_app.te

@@ -34,3 +34,4 @@ userdebug_or_eng(`
 ')
 qesdk_app_access(untrusted_app);
 typeattribute untrusted_app vendor_hal_qvrservice_qti_socket_fd_use_client;
+typeattribute untrusted_app vendor_hal_sxrservice_qti_socket_fd_use_client;

generic/private/untrusted_app_29.te

@@ -27,3 +27,4 @@
 
 qesdk_app_access(untrusted_app_29);
 typeattribute untrusted_app_29 vendor_hal_qvrservice_qti_socket_fd_use_client;
+typeattribute untrusted_app_29 vendor_hal_sxrservice_qti_socket_fd_use_client;

generic/private/xrcb_app.te

@@ -28,9 +28,11 @@
 type vendor_xrcb_app,domain;
 typeattribute vendor_xrcb_app coredomain;
 typeattribute vendor_xrcb_app vendor_hal_qvrservice_qti_socket_client;
+typeattribute vendor_xrcb_app vendor_hal_sxrservice_qti_socket_client;
 app_domain(vendor_xrcb_app);
 
 hal_client_domain(vendor_xrcb_app, vendor_hal_qvrservice_qti);
+hal_client_domain(vendor_xrcb_app, vendor_hal_sxrservice_qti);
 hal_client_domain(vendor_xrcb_app, vendor_hal_perf);
 allow vendor_xrcb_app app_api_service:service_manager find;
 get_prop(vendor_xrcb_app, vendor_xrcb_prop);

generic/public/attributes

@@ -272,3 +272,10 @@ attribute vendor_hal_qvrservice_qti_socket_fd_use_client;
 attribute hal_wificfr;
 attribute hal_wificfr_client;
 attribute hal_wificfr_server;
+
+attribute vendor_hal_sxrservice_qti;
+attribute vendor_hal_sxrservice_qti_client;
+attribute vendor_hal_sxrservice_qti_server;
+attribute vendor_hal_sxrservice_qti_socket_client;
+attribute vendor_hal_sxrservice_qti_socket_fd_use_client;
+attribute vendor_sys_sxrauxservice_qti_socket_client;