sanders: Address Dolby denials

Signed-off-by: ronaxdevil <pratabidya.007@gmail.com>

sepolicy/vendor/attributes

@@ -0,0 +1,3 @@
+attribute hal_dms;
+attribute hal_dms_client;
+attribute hal_dms_server;

sepolicy/vendor/file_contexts

@@ -137,3 +137,6 @@
 
 # Files in fsg
 /fsg(/.*)?               u:object_r:fsg_file:s0
+
+# Dolby
+/(vendor|system/vendor)/bin/hw/vendor\.dolby\.hardware\.dms@1\.0-service                     u:object_r:hal_dms_default_exec:s0

sepolicy/vendor/hal_audio_default.te

@@ -1,3 +1,7 @@
 allow hal_audio_default sysfs:dir {open read };
 get_prop(hal_audio_default, dirac_prop)
 set_prop(hal_audio_default, dirac_prop)
+
+# Dolby
+allow hal_audio_default hal_dms_default:binder { transfer call };
+allow hal_audio_default hal_dms_hwservice:hwservice_manager find;

sepolicy/vendor/hal_dms.te

@@ -0,0 +1,5 @@
+binder_call(hal_dms_client, hal_dms_server)
+binder_call(hal_dms_server, hal_dms_client)
+
+add_hwservice(hal_dms_server, hal_dms_hwservice)
+allow hal_dms_client hal_dms_hwservice:hwservice_manager find; 

sepolicy/vendor/hal_dms_default.te

@@ -0,0 +1,13 @@
+type hal_dms_default, domain;
+hal_server_domain(hal_dms_default, hal_dms)
+
+type hal_dms_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_dms_default)
+
+allow hal_dms_default hal_audio_default:binder call;
+allow hal_dms_default platform_app:binder call;
+allow hal_dms_default vendor_data_file:file { rw_file_perms create };
+allow hal_dms_default vendor_data_file:dir { rw_file_perms add_name };
+
+allow hal_dms_default vendor_media_data_file:dir { add_name remove_name read write search open };
+allow hal_dms_default vendor_media_data_file:file { read write open create ioctl getattr lock unlink };

sepolicy/vendor/hwservice.te

@@ -0,0 +1 @@
+type hal_dms_hwservice, hwservice_manager_type;

sepolicy/vendor/hwservice_contexts

@@ -3,3 +3,5 @@ vendor.nxp.nxpnfc::INxpNfc                                       u:object_r:hal_
 
 motorola.hardware.camera.provider::ICameraProvider               u:object_r:hal_camera_hwservice:s0
 motorola.hardware.mods_camera.provider::ICameraProvider          u:object_r:hal_camera_hwservice:s0
+
+vendor.dolby.hardware.dms::IDms                                                   u:object_r:hal_dms_hwservice:s0

sepolicy/vendor/init.te

@@ -64,3 +64,7 @@ allow init sysfs:file setattr;
 allow init system_file:dir relabelfrom;
 allow init shell_exec:file execute_no_trans;
 allow init system_file:file relabelfrom;
+
+allow init vendor_data_file:file lock;
+allow init hal_audio_default:binder call;
+allow init platform_app:binder call;

sepolicy/vendor/platform_app.te

@@ -5,3 +5,7 @@ allow platform_app rootfs:dir getattr;
 allow platform_app init:unix_stream_socket { read write };
 allow platform_app hal_sensors_default:unix_stream_socket { read write };
 allow platform_app vendor_file:file getattr;
+
+allow platform_app hal_dms_hwservice:hwservice_manager find;
+allow platform_app hal_dms_default:binder { call transfer };
+allow platform_app sysfs_kgsl:lnk_file read;

sepolicy/vendor/property.te

@@ -10,3 +10,6 @@ type wcnss_prop, property_type;
 type dirac_prop, property_type;
 # Spectrum
 type spectrum_prop, property_type;
+
+# Dolby
+type vendor_dolby_loglevel_prop, property_type;

sepolicy/vendor/property_contexts

@@ -7,3 +7,5 @@ sys.listeners.registered           u:object_r:tee_listener_prop:s0
 persist.audio.dirac.               u:object_r:dirac_prop:s0
 # Spectrum
 persist.spectrum.profile           u:object_r:spectrum_prop:s0
+
+persist.vendor.dolby.loglevel      u:object_r:vendor_dolby_loglevel_prop:s0