From dfc216bfd9eea1088a388a72fc624eda7cbe62fd Mon Sep 17 00:00:00 2001
From: Sanju0910 <sreeshankar0910@gmail.com>
Date: Sun, 28 May 2023 19:34:30 +0530
Subject: [PATCH] sepolicy: qti: Add rules for Dolby Atmos

---
 sepolicy/qti/vendor/attributes                |  3 +++
 sepolicy/qti/vendor/hal_audio_default.te      |  5 +++++
 sepolicy/qti/vendor/hwservice.te              |  3 +++
 sepolicy/qti/vendor/hwservice_contexts        |  3 +++
 sepolicy/qti/vendor/mediacodec.te             |  2 ++
 sepolicy/qti/vendor/priv_app.te               |  1 +
 sepolicy/qti/vendor/vendor_hal_dms.te         |  5 +++++
 sepolicy/qti/vendor/vendor_hal_dms_default.te | 13 +++++++++++++
 8 files changed, 35 insertions(+)
 create mode 100644 sepolicy/qti/vendor/mediacodec.te
 create mode 100644 sepolicy/qti/vendor/priv_app.te
 create mode 100644 sepolicy/qti/vendor/vendor_hal_dms.te
 create mode 100644 sepolicy/qti/vendor/vendor_hal_dms_default.te

diff --git a/sepolicy/qti/vendor/attributes b/sepolicy/qti/vendor/attributes
index a308c01..459382e 100644
--- a/sepolicy/qti/vendor/attributes
+++ b/sepolicy/qti/vendor/attributes
@@ -1,3 +1,6 @@
 vendor_hal_attribute(cameraMDM)
 vendor_hal_attribute(oplusPerf)
 vendor_hal_attribute(oplusSensor)
+vendor_hal_attribute(dms)
+vendor_hal_attribute(dmsClient)
+vendor_hal_attribute(dmsServer)
diff --git a/sepolicy/qti/vendor/hal_audio_default.te b/sepolicy/qti/vendor/hal_audio_default.te
index ea08ad8..3e80864 100644
--- a/sepolicy/qti/vendor/hal_audio_default.te
+++ b/sepolicy/qti/vendor/hal_audio_default.te
@@ -1,3 +1,8 @@
 allow hal_audio_default ultrasound_device:chr_file rw_file_perms;
 
 hal_client_domain(hal_audio_default, vendor_hal_oplusPerf)
+
+hal_client_domain(hal_audio_default, vendor_hal_dms)
+
+allow hal_audio_default vendor_hal_dms_default:binder { transfer call };
+allow hal_audio_default vendor_hal_dms_hwservice:hwservice_manager { find };
diff --git a/sepolicy/qti/vendor/hwservice.te b/sepolicy/qti/vendor/hwservice.te
index c04e62e..3174e9d 100644
--- a/sepolicy/qti/vendor/hwservice.te
+++ b/sepolicy/qti/vendor/hwservice.te
@@ -2,6 +2,9 @@
 type vendor_hal_camera_extension_hwservice, hwservice_manager_type, protected_hwservice;
 type vendor_hal_cameraMDM_hwservice, hwservice_manager_type, protected_hwservice;
 
+# Dolby Atmos
+type vendor_hal_dms_hwservice, hwservice_manager_type, protected_hwservice;
+
 # ORMS
 type vendor_hal_orms_hwservice, hwservice_manager_type, protected_hwservice;
 
diff --git a/sepolicy/qti/vendor/hwservice_contexts b/sepolicy/qti/vendor/hwservice_contexts
index bb05204..5731b82 100644
--- a/sepolicy/qti/vendor/hwservice_contexts
+++ b/sepolicy/qti/vendor/hwservice_contexts
@@ -8,6 +8,9 @@ vendor.qti.hardware.camera.cameraextension::ICameraExtensionService    u:object_
 vendor.pixelworks.hardware.display::IIris           u:object_r:hal_graphics_composer_hwservice:s0
 vendor.pixelworks.hardware.feature::IIrisFeature    u:object_r:hal_graphics_composer_hwservice:s0
 
+# Dolby Atmos
+vendor.dolby.hardware.dms::IDms          u:object_r:vendor_hal_dms_hwservice:s0
+
 # Fingerprint
 vendor.oplus.hardware.biometrics.fingerprint::IBiometricsFingerprint    u:object_r:hal_fingerprint_hwservice:s0
 vendor.oplus.hardware.commondcs::ICommonDcsHalService                   u:object_r:hal_fingerprint_hwservice:s0
diff --git a/sepolicy/qti/vendor/mediacodec.te b/sepolicy/qti/vendor/mediacodec.te
new file mode 100644
index 0000000..3d02060
--- /dev/null
+++ b/sepolicy/qti/vendor/mediacodec.te
@@ -0,0 +1,2 @@
+allow mediacodec vendor_hal_dms_hwservice:hwservice_manager find;
+allow mediacodec vendor_hal_dms_default:binder { call transfer };
diff --git a/sepolicy/qti/vendor/priv_app.te b/sepolicy/qti/vendor/priv_app.te
new file mode 100644
index 0000000..e5af57a
--- /dev/null
+++ b/sepolicy/qti/vendor/priv_app.te
@@ -0,0 +1 @@
+hal_client_domain(priv_app, vendor_hal_dms);
diff --git a/sepolicy/qti/vendor/vendor_hal_dms.te b/sepolicy/qti/vendor/vendor_hal_dms.te
new file mode 100644
index 0000000..ae7a695
--- /dev/null
+++ b/sepolicy/qti/vendor/vendor_hal_dms.te
@@ -0,0 +1,5 @@
+binder_call(vendor_hal_dmsClient, vendor_hal_dmsServer);
+binder_call(vendor_hal_dmsServer, vendor_hal_dmsClient);
+
+allow vendor_hal_dmsServer vendor_hal_dms_hwservice:hwservice_manager { find add };
+allow vendor_hal_dmsClient vendor_hal_dms_hwservice:hwservice_manager { find add };
diff --git a/sepolicy/qti/vendor/vendor_hal_dms_default.te b/sepolicy/qti/vendor/vendor_hal_dms_default.te
new file mode 100644
index 0000000..bc266d1
--- /dev/null
+++ b/sepolicy/qti/vendor/vendor_hal_dms_default.te
@@ -0,0 +1,13 @@
+type vendor_hal_dms_default, domain;
+hal_server_domain(vendor_hal_dms_default, vendor_hal_dms)
+
+type vendor_hal_dms_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(vendor_hal_dms_default)
+
+allow vendor_hal_dms_default hidl_base_hwservice:hwservice_manager { add };
+allow vendor_hal_dms_default vendor_hal_dms_hwservice:hwservice_manager { add };
+allow vendor_hal_dms_default vendor_data_file:file { rw_file_perms create unlink };
+allow vendor_hal_dms_default vendor_data_file:dir { rw_file_perms add_name remove_name };
+allow vendor_hal_dms_default mediacodec:binder call;
+binder_call(vendor_hal_dms_default, hal_audio_default)
+binder_call(vendor_hal_dms_default, platform_app)