Merge "Selinux enabled for sxr_vndr."

qva/vendor/common/file.te

@@ -127,6 +127,10 @@ type vendor_sysfs_qvr_external_sensor, sysfs_type, fs_type;
 type vendor_qvrd_vndr_data_file, file_type, data_file_type;
 type vendor_qvrd_vndr_socket, file_type;
 
+#sxrservice file
+type vendor_sxrd_vndr_data_file, file_type, data_file_type;
+type vendor_sxrd_vndr_socket, file_type;
+
 #GuestVM PIL files
 type vendor_sysfs_bootguestvm, fs_type, sysfs_type;
 

qva/vendor/common/file_contexts

@@ -66,6 +66,7 @@
 /dev/socket/wigig/sensingdaemon                 u:object_r:vendor_sensingdaemon_socket:s0
 /dev/socket/qvrservice_vndr                     u:object_r:vendor_qvrd_vndr_socket:s0
 /dev/socket/qvrservice_vndr_camera              u:object_r:vendor_qvrd_vndr_socket:s0
+/dev/socket/sxrservice_vndr                     u:object_r:vendor_sxrd_vndr_socket:s0
 
 /dev/smcinvoke                                  u:object_r:tee_device:s0
 ###################################
@@ -142,6 +143,7 @@
 /vendor/bin/qesdk-manager                                                          u:object_r:vendor_hal_qesdhal_default_exec:s0
 /(vendor|system/vendor)/bin/mutualex                                               u:object_r:vendor_mutualex_exec:s0
 /(vendor|system/vendor)/bin/hw/qvrservice                                          u:object_r:vendor_qvrd_vndr_exec:s0
+/(vendor|system/vendor)/bin/hw/sxrservice                                          u:object_r:vendor_sxrd_vndr_exec:s0
 /vendor/bin/modemManager                                                           u:object_r:vendor_modem_manager_exec:s0
 
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qccvndhal@1\.0-service       u:object_r:vendor_hal_qccvndhal_qti_exec:s0
@@ -214,6 +216,7 @@
 /data/vendor/sensing(/.*)?                                          u:object_r:vendor_sensing_vendor_data_file:s0
 /data/vendor/gaming(/.*)?                                           u:object_r:vendor_qspmhal_data_file:s0
 /data/vendor/qvr(/.*)?                                              u:object_r:vendor_qvrd_vndr_data_file:s0
+/data/vendor/sxr(/.*)?                                              u:object_r:vendor_sxrd_vndr_data_file:s0
 
 ###################################
 # persist files

qva/vendor/common/service.te

@@ -28,3 +28,4 @@
 type vendor_dun_service,                 service_manager_type;
 type vendor_imsrcs_service,              service_manager_type;
 type vendor_hal_qvrd_service,            vendor_service,service_manager_type;
+type vendor_hal_sxrd_service,            vendor_service,service_manager_type;

qva/vendor/common/service_contexts

@@ -28,3 +28,5 @@
 vendor.qti.hardware.qxr.IQXRCoreService/default        u:object_r:vendor_hal_qvrd_service:s0
 vendor.qti.hardware.qxr.IQXRCamService/default         u:object_r:vendor_hal_qvrd_service:s0
 vendor.qti.hardware.qxr.IQXRModService/default         u:object_r:vendor_hal_qvrd_service:s0
+vendor.qti.hardware.qxr.IQXRSplitService/default        u:object_r:vendor_hal_sxrd_service:s0
+vendor.qti.hardware.qxr.IQXRAudioService/default        u:object_r:vendor_hal_sxrd_service:s0

qva/vendor/common/sxrd_vndr.te

@@ -0,0 +1,77 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_sxrd_vndr, domain;
+typeattribute vendor_sxrd_vndr vendor_sys_sxrauxservice_qti_socket_client;
+type vendor_sxrd_vndr_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_sxrd_vndr)
+
+hal_server_domain_bypass(vendor_sxrd_vndr, vendor_hal_sxrservice_qti)
+binder_call(vendor_hal_sxrservice_qti_client, vendor_hal_sxrservice_qti_server)
+binder_call(vendor_hal_sxrservice_qti_server, vendor_hal_sxrservice_qti_client)
+
+allow vendor_hal_sxrservice_qti_client vendor_hal_sxrd_service:service_manager find;
+allow vendor_sxrd_vndr vendor_hal_sxrd_service:service_manager find;
+add_service(vendor_hal_sxrservice_qti_server, vendor_hal_sxrd_service)
+
+allow vendor_sxrd_vndr vendor_hal_sxrservice_qti_socket_client:unix_stream_socket { getopt read setopt shutdown write };
+allow vendor_hal_sxrservice_qti_socket_fd_use_client vendor_sxrd_vndr: fd use;
+
+binder_use(vendor_sxrd_vndr);
+# Allow access to our socket
+allow vendor_sxrd_vndr vendor_sxrd_vndr_socket:sock_file rw_file_perms;
+
+# Allow interracting with vendor_sxrd_vndr directory
+allow vendor_sxrd_vndr vendor_sxrd_vndr_data_file:dir create_dir_perms;
+allow vendor_sxrd_vndr vendor_sxrd_vndr_data_file:file create_file_perms;
+
+#video device
+allow vendor_sxrd_vndr video_device:chr_file rw_file_perms;
+
+#Allow hal graphics allocator permissions
+hal_client_domain(vendor_sxrd_vndr, hal_graphics_allocator);
+
+#access to usb device
+allow vendor_sxrd_vndr usb_device:chr_file rw_file_perms;
+allow vendor_sxrd_vndr usb_device:dir { open read search watch };
+allow vendor_sxrd_vndr device:dir { read watch };
+
+#Allow access to PCM sound card
+allow vendor_sxrd_vndr audio_device:chr_file rw_file_perms;
+allow vendor_sxrd_vndr audio_device:dir r_dir_perms;
+
+# Add rule to access /proc/asound/pcm file
+r_dir_file(vendor_sxrd_vndr, proc_asound);
+
+#Allow access to ion device
+allow vendor_sxrd_vndr ion_device:chr_file { open read };
+
+#add sxrd to access tombstoned
+userdebug_or_eng(`
+crash_dump_fallback(vendor_sxrd_vndr);
+')