sepolicy_vndr: legacy: Addition of sepolicy for cvphal

Cvp is a new computer vision hardware
which interacts with DSP and video driver.
Adding new ion mem permission for cvp domains.

Change-Id: I6c2118b15cf5ccc6505c80969c4090e3396238e4

5 files changed, 65 insertions, 0 deletions

diff --git a/legacy/vendor/common/attributes b/legacy/vendor/common/attributes
index d50f8c0c..a20cc210 100644
--- a/legacy/vendor/common/attributes
+++ b/legacy/vendor/common/attributes
@@ -137,3 +137,7 @@ attribute hal_capabilityconfigstore_qti_server;
 attribute hal_limits;
 attribute hal_limits_client;
 attribute hal_limits_server;
+
+attribute hal_cvp;
+attribute hal_cvp_client;
+attribute hal_cvp_server;
diff --git a/legacy/vendor/common/file_contexts b/legacy/vendor/common/file_contexts
index 49549a55..d81c3bd1 100644
--- a/legacy/vendor/common/file_contexts
+++ b/legacy/vendor/common/file_contexts
@@ -338,6 +338,7 @@
 /(vendor|system/vendor)/bin/tloc_daemon         u:object_r:tlocd_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.factory@1\.[0-1]-service  u:object_r:vendor_hal_factory_qti_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.servicetracker@1\.[0-2]-service u:object_r:vendor_hal_srvctracker_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.cvp@1\.0-service             u:object_r:vendor_cvp_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator-service   u:object_r:hal_graphics_allocator_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.composer@1\.0-service   u:object_r:hal_graphics_composer_default_exec:s0
diff --git a/legacy/vendor/common/hal_cvp.te b/legacy/vendor/common/hal_cvp.te
new file mode 100644
index 00000000..3d3bb10c
--- /dev/null
+++ b/legacy/vendor/common/hal_cvp.te
@@ -0,0 +1,58 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_cvp, domain;
+type vendor_cvp_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_cvp)
+
+hal_server_domain(vendor_cvp, hal_cvp)
+
+add_hwservice(hal_cvp_server, hal_cvp_hwservice)
+
+allow hal_cvp_client hal_cvp_hwservice:hwservice_manager find;
+
+binder_call(hal_cvp_client, hal_cvp_server)
+binder_call(hal_cvp_server, hal_cvp_client)
+
+r_dir_file(vendor_cvp, adsprpcd_file)
+
+#  Access for ion memory
+allow vendor_cvp ion_device:chr_file rw_file_perms;
+
+#  Access for DSP/QDSP device
+allow vendor_cvp qdsp_device:chr_file rw_file_perms;
+allow vendor_cvp dsp_device:chr_file rw_file_perms;
+
+#  Access for sdcard
+userdebug_or_eng(`
+allow vendor_cvp sdcard_type:dir rw_dir_perms;
+allow vendor_cvp sdcard_type:file create_file_perms;
+')
+
+# Access for video device
+allow vendor_cvp video_device:chr_file rw_file_perms;
diff --git a/legacy/vendor/common/hwservice.te b/legacy/vendor/common/hwservice.te
index 7f5af597..354f404b 100644
--- a/legacy/vendor/common/hwservice.te
+++ b/legacy/vendor/common/hwservice.te
@@ -50,6 +50,7 @@ type vendor_hal_qteeconnector_hwservice, hwservice_manager_type;
 type hal_esepowermanager_hwservice, hwservice_manager_type;
 type hal_voiceprint_hwservice, hwservice_manager_type;
 type vendor_hal_factory_qti_hwservice, hwservice_manager_type;
+type hal_cvp_hwservice, hwservice_manager_type;
 type hal_wigig_npt_hwservice, hwservice_manager_type;
 type hal_fstman_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_soter_hwservice, hwservice_manager_type;
diff --git a/legacy/vendor/common/hwservice_contexts b/legacy/vendor/common/hwservice_contexts
index eafd5d2e..ff844063 100644
--- a/legacy/vendor/common/hwservice_contexts
+++ b/legacy/vendor/common/hwservice_contexts
@@ -85,6 +85,7 @@ com.qualcomm.qti.qcril.qcrilhook::IQtiOemHook                u:object_r:hal_tele
 vendor.qti.atcmdfwd::IAtCmdFwd                               u:object_r:vendor_hal_atfwd_hwservice:s0
 com.qualcomm.qti.imsrtpservice::IRTPService                  u:object_r:hal_imsrtp_hwservice:s0
 vendor.qti.hardware.factory::IFactory                        u:object_r:vendor_hal_factory_qti_hwservice:s0
+vendor.qti.hardware.cvp::ICvp                                u:object_r:hal_cvp_hwservice:s0
 vendor.qti.hardware.display.allocator::IQtiAllocator         u:object_r:hal_graphics_allocator_hwservice:s0
 vendor.qti.hardware.display.composer::IQtiComposer           u:object_r:hal_graphics_composer_hwservice:s0
 vendor.qti.hardware.soter::ISoter                            u:object_r:hal_soter_hwservice:s0