From 675d96b63941e672a7a7e29862faa93285d36274 Mon Sep 17 00:00:00 2001
From: trpsl <trpsl755@gmail.com>
Date: Tue, 24 Mar 2020 14:12:20 +0100
Subject: [PATCH] msm8953-common: Address Dolby denials

Co-authored-by: Rohan Hasabe <rohanhasabe8@gmail.com>
---
 sepolicy/vendor/attributes           |  3 +++
 sepolicy/vendor/file_contexts        |  1 +
 sepolicy/vendor/hal_audio_default.te |  3 ++-
 sepolicy/vendor/hal_dms.te           |  5 +++++
 sepolicy/vendor/hal_dms_default.te   | 13 +++++++++++++
 sepolicy/vendor/hwservice.te         |  1 +
 sepolicy/vendor/hwservice_contexts   |  1 +
 sepolicy/vendor/init.te              |  4 ++++
 sepolicy/vendor/platform_app.te      |  3 +++
 sepolicy/vendor/property.te          |  1 +
 sepolicy/vendor/property_contexts    |  1 +
 11 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 sepolicy/vendor/attributes
 create mode 100644 sepolicy/vendor/hal_dms.te
 create mode 100644 sepolicy/vendor/hal_dms_default.te

diff --git a/sepolicy/vendor/attributes b/sepolicy/vendor/attributes
new file mode 100644
index 0000000..1de2697
--- /dev/null
+++ b/sepolicy/vendor/attributes
@@ -0,0 +1,3 @@
+attribute hal_dms;
+attribute hal_dms_client;
+attribute hal_dms_server; 
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 1bfbec1..139d26b 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -27,6 +27,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-fpcservice    u:object_r:hal_fingerprint_fpc_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service-ets   u:object_r:hal_fingerprint_fpc_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service.motorola_msm8953    u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.dolby\.hardware\.dms@1\.0-service                     u:object_r:hal_dms_default_exec:s0
 /(vendor|system/vendor)/bin/init\.mmi\.(laser|usb)\.sh                          u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qcom\.power\.sh                               u:object_r:qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/perfd                                               u:object_r:perfd_exec:s0
diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te
index e4ee9a0..dfd2a20 100644
--- a/sepolicy/vendor/hal_audio_default.te
+++ b/sepolicy/vendor/hal_audio_default.te
@@ -1,3 +1,4 @@
 unix_socket_connect(hal_audio_default, perfd, perfd)
-
 allow hal_audio_default sysfs:dir { open read };
+allow hal_audio_default hal_dms_default:binder { transfer call };
+allow hal_audio_default hal_dms_hwservice:hwservice_manager find;
diff --git a/sepolicy/vendor/hal_dms.te b/sepolicy/vendor/hal_dms.te
new file mode 100644
index 0000000..3611554
--- /dev/null
+++ b/sepolicy/vendor/hal_dms.te
@@ -0,0 +1,5 @@
+binder_call(hal_dms_client, hal_dms_server)
+binder_call(hal_dms_server, hal_dms_client)
+
+add_hwservice(hal_dms_server, hal_dms_hwservice)
+allow hal_dms_client hal_dms_hwservice:hwservice_manager find; 
diff --git a/sepolicy/vendor/hal_dms_default.te b/sepolicy/vendor/hal_dms_default.te
new file mode 100644
index 0000000..ce3c360
--- /dev/null
+++ b/sepolicy/vendor/hal_dms_default.te
@@ -0,0 +1,13 @@
+type hal_dms_default, domain;
+hal_server_domain(hal_dms_default, hal_dms)
+
+type hal_dms_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_dms_default)
+
+allow hal_dms_default hal_audio_default:binder call;
+allow hal_dms_default platform_app:binder call;
+allow hal_dms_default vendor_data_file:file { rw_file_perms create };
+allow hal_dms_default vendor_data_file:dir { rw_file_perms add_name };
+
+allow hal_dms_default vendor_media_data_file:dir { add_name remove_name read write search open };
+allow hal_dms_default vendor_media_data_file:file { read write open create ioctl getattr lock unlink };
diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te
index 341cf6e..4ee4bbf 100644
--- a/sepolicy/vendor/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -2,3 +2,4 @@ type fpc_extension_service, hwservice_manager_type;
 
 type nxpese_hwservice, hwservice_manager_type;
 type nxpnfc_hwservice, hwservice_manager_type;
+type hal_dms_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts
index 9a4b6e9..69b5954 100644
--- a/sepolicy/vendor/hwservice_contexts
+++ b/sepolicy/vendor/hwservice_contexts
@@ -4,3 +4,4 @@ com.fingerprints.extension::IFingerprintEngineering
 com.fingerprints.extension::IFingerprintNavigation                                u:object_r:fpc_extension_service:s0
 com.fingerprints.extension::IFingerprintSensorTest                                u:object_r:fpc_extension_service:s0
 vendor.egistec.hardware.fingerprint::IBiometricsFingerprintEts                    u:object_r:fpc_extension_service:s0
+vendor.dolby.hardware.dms::IDms                                            u:object_r:hal_dms_hwservice:s0
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index 2c66338..701a91a 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -9,3 +9,7 @@ allow init mnt_product_file:dir mounton;
 allow init bt_firmware_file:filesystem getattr;
 allow init firmware_file:filesystem getattr;
 allow init fsg_firmware_file:filesystem getattr;
+
+allow init vendor_data_file:file lock;
+allow init hal_audio_default:binder call;
+allow init platform_app:binder call;
diff --git a/sepolicy/vendor/platform_app.te b/sepolicy/vendor/platform_app.te
index 02a9832..dce6488 100644
--- a/sepolicy/vendor/platform_app.te
+++ b/sepolicy/vendor/platform_app.te
@@ -2,4 +2,7 @@ allow platform_app sysfs_kgsl:dir search;
 allow platform_app sysfs_kgsl:file { getattr open read };
 allow platform_app sysfs_healthd:dir r_dir_perms;
 allow platform_app sysfs_healthd:file rw_file_perms;
+allow platform_app hal_dms_hwservice:hwservice_manager find;
+allow platform_app hal_dms_default:binder { call transfer };
+allow platform_app sysfs_kgsl:lnk_file read;
 get_prop(platform_app, moto_boot_prop)
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index ad0918b..808d58f 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -1,3 +1,4 @@
 type power_prop, property_type;
 type moto_boot_prop, property_type;
 type vendor_fm_prop, property_type;
+type vendor_dolby_loglevel_prop, property_type;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 00d46ee..559aea9 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -34,3 +34,4 @@ vendor.boot_completed      u:object_r:moto_boot_prop:s0
 ro.vendor.fm.              u:object_r:vendor_fm_prop:s0
 
 persist.vendor.camera.     u:object_r:camera_prop:s0
+persist.vendor.dolby.loglevel   u:object_r:vendor_dolby_loglevel_prop:s0