msm8953-common: Address Dolby denials

Co-authored-by: Rohan Hasabe <rohanhasabe8@gmail.com>
2020-03-24 14:12:20 +01:00
parent d68a31c631
commit 675d96b639
11 changed files with 35 additions and 1 deletions
--- a/sepolicy/vendor/attributes
+++ b/sepolicy/vendor/attributes
@@ -0,0 +1,3 @@
+attribute hal_dms;
+attribute hal_dms_client;
+attribute hal_dms_server; 
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -27,6 +27,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-fpcservice    u:object_r:hal_fingerprint_fpc_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service-ets   u:object_r:hal_fingerprint_fpc_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service.motorola_msm8953    u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.dolby\.hardware\.dms@1\.0-service                     u:object_r:hal_dms_default_exec:s0
 /(vendor|system/vendor)/bin/init\.mmi\.(laser|usb)\.sh                          u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.power\.sh                               u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/perfd                                               u:object_r:perfd_exec:s0
--- a/sepolicy/vendor/hal_audio_default.te
+++ b/sepolicy/vendor/hal_audio_default.te
@@ -1,3 +1,4 @@
 unix_socket_connect(hal_audio_default, perfd, perfd)
-
 allow hal_audio_default sysfs:dir { open read };
+allow hal_audio_default hal_dms_default:binder { transfer call };
+allow hal_audio_default hal_dms_hwservice:hwservice_manager find;
--- a/sepolicy/vendor/hal_dms.te
+++ b/sepolicy/vendor/hal_dms.te
@@ -0,0 +1,5 @@
+binder_call(hal_dms_client, hal_dms_server)
+binder_call(hal_dms_server, hal_dms_client)
+
+add_hwservice(hal_dms_server, hal_dms_hwservice)
+allow hal_dms_client hal_dms_hwservice:hwservice_manager find; 
--- a/sepolicy/vendor/hal_dms_default.te
+++ b/sepolicy/vendor/hal_dms_default.te
@@ -0,0 +1,13 @@
+type hal_dms_default, domain;
+hal_server_domain(hal_dms_default, hal_dms)
+
+type hal_dms_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_dms_default)
+
+allow hal_dms_default hal_audio_default:binder call;
+allow hal_dms_default platform_app:binder call;
+allow hal_dms_default vendor_data_file:file { rw_file_perms create };
+allow hal_dms_default vendor_data_file:dir { rw_file_perms add_name };
+
+allow hal_dms_default vendor_media_data_file:dir { add_name remove_name read write search open };
+allow hal_dms_default vendor_media_data_file:file { read write open create ioctl getattr lock unlink };
--- a/sepolicy/vendor/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -2,3 +2,4 @@ type fpc_extension_service, hwservice_manager_type;

 type nxpese_hwservice, hwservice_manager_type;
 type nxpnfc_hwservice, hwservice_manager_type;
+type hal_dms_hwservice, hwservice_manager_type;
--- a/sepolicy/vendor/hwservice_contexts
+++ b/sepolicy/vendor/hwservice_contexts
@@ -4,3 +4,4 @@ com.fingerprints.extension::IFingerprintEngineering
 com.fingerprints.extension::IFingerprintNavigation                                u:object_r:fpc_extension_service:s0
 com.fingerprints.extension::IFingerprintSensorTest                                u:object_r:fpc_extension_service:s0
 vendor.egistec.hardware.fingerprint::IBiometricsFingerprintEts                    u:object_r:fpc_extension_service:s0
+vendor.dolby.hardware.dms::IDms                                            u:object_r:hal_dms_hwservice:s0
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -9,3 +9,7 @@ allow init mnt_product_file:dir mounton;
 allow init bt_firmware_file:filesystem getattr;
 allow init firmware_file:filesystem getattr;
 allow init fsg_firmware_file:filesystem getattr;
+
+allow init vendor_data_file:file lock;
+allow init hal_audio_default:binder call;
+allow init platform_app:binder call;
--- a/sepolicy/vendor/platform_app.te
+++ b/sepolicy/vendor/platform_app.te
@@ -2,4 +2,7 @@ allow platform_app sysfs_kgsl:dir search;
 allow platform_app sysfs_kgsl:file { getattr open read };
 allow platform_app sysfs_healthd:dir r_dir_perms;
 allow platform_app sysfs_healthd:file rw_file_perms;
+allow platform_app hal_dms_hwservice:hwservice_manager find;
+allow platform_app hal_dms_default:binder { call transfer };
+allow platform_app sysfs_kgsl:lnk_file read;
 get_prop(platform_app, moto_boot_prop)
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -1,3 +1,4 @@
 type power_prop, property_type;
 type moto_boot_prop, property_type;
 type vendor_fm_prop, property_type;
+type vendor_dolby_loglevel_prop, property_type;
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -34,3 +34,4 @@ vendor.boot_completed      u:object_r:moto_boot_prop:s0
 ro.vendor.fm.              u:object_r:vendor_fm_prop:s0

 persist.vendor.camera.     u:object_r:camera_prop:s0
+persist.vendor.dolby.loglevel   u:object_r:vendor_dolby_loglevel_prop:s0