sepolicy_vndr: kona: update sepolicy for KineticsXR controllers

Update sepolicy for KineticsXR controllers. Change-Id: I75a28dc44dfad25e0be8a470a30baa673f95a4b5
author: Meng Wang <quic_mengw@quicinc.com> 2022-12-08 09:29:25 +0800
committer: alk3pInjection <webmaster@raspii.tech> 2023-06-13 00:20:25 +0800
commit: c504c58a6144268e733eaefa7cd790eb94403e4d (patch)
tree: 687a90708b8e7e0410c0e9b0c9f6bcc8bc563959
parent: 095327168912591119f783cf56511a2b1ab25fcc (diff)
6 files changed, 21 insertions, 0 deletions
diff --git a/qva/vendor/kona/file.te b/qva/vendor/kona/file.te
index 0b5cdc51..e888b04a 100644
--- a/qva/vendor/kona/file.te
+++ b/qva/vendor/kona/file.te
@@ -35,3 +35,6 @@ type vendor_biometricsface_data_file, file_type, data_file_type;
 # nordic node file
 type vendor_nordic_sysfs_node, sysfs_type, fs_type;
 
+
+# kineticsxr file
+type vendor_kx_file, file_type, vendor_file_type;
diff --git a/qva/vendor/kona/file_contexts b/qva/vendor/kona/file_contexts
index 2022dffa..e0d98939 100644
--- a/qva/vendor/kona/file_contexts
+++ b/qva/vendor/kona/file_contexts
@@ -33,7 +33,11 @@
 
 # nordic node file
 /(vendor|system/vendor)/bin/hw/vendor\.shadowcreator\.hardware\.nordic@1\.0-service u:object_r:vendor_hal_nordic_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.kineticsxr\.hardware\.nordic@1\.0-service u:object_r:vendor_hal_nordic_default_exec:s0
 /sys/devices/platform/soc/894000\.spi/spi_master/spi0/spi0\.0/jsrequest u:object_r:vendor_nordic_sysfs_node:s0
 /sys/devices/platform/soc/894000\.spi/spi_master/spi0/spi0\.0/jsmem u:object_r:vendor_nordic_sysfs_node:s0
 
 /data/vendor/face3d_dir(/.*)?                                       u:object_r:vendor_biometricsface_data_file:s0
+
+# kineticsxr file
+/etc/resources_ctrlr(/.*)?                                          u:object_r:vendor_kx_file:s0
diff --git a/qva/vendor/kona/hal_nordic_default.te b/qva/vendor/kona/hal_nordic_default.te
index ff877f9a..a93f7478 100644
--- a/qva/vendor/kona/hal_nordic_default.te
+++ b/qva/vendor/kona/hal_nordic_default.te
@@ -8,6 +8,17 @@ init_daemon_domain(vendor_hal_nordic_default);
 binder_call(vendor_hal_nordic_client, vendor_hal_nordic_server)
 binder_call(vendor_hal_nordic_server, vendor_hal_nordic_client)
 hal_attribute_hwservice(vendor_hal_nordic, vendor_hal_nordic_hwservice)
+hal_client_domain(vendor_hal_nordic_default, hal_allocator)
+hal_client_domain(vendor_hal_nordic_default, vendor_hal_dspmanager)
 allow vendor_hal_nordic_default vendor_nordic_sysfs_node:file { open read write };
 allow vendor_hal_nordic_default ion_device:chr_file rw_file_perms;
+allow vendor_hal_nordic_default vendor_qvrd_vndr_socket:sock_file write;
+allow vendor_hal_nordic_default vendor_qvrd_vndr:fd use;
+allow vendor_hal_nordic_default hal_graphics_mapper_hwservice:hwservice_manager find;
+allow vendor_hal_nordic_default vendor_qdsp_device:chr_file ioctl;
+allow vendor_hal_nordic_default vendor_qvrd_vndr:unix_stream_socket connectto;
+allow vendor_hal_nordic_default hal_graphics_allocator_default:fd use;
+allow vendor_hal_nordic_default vendor_qdsp_device:file open;
+allow vendor_hal_nordic_default vendor_qdsp_device:chr_file { open read };
+allow vendor_hal_nordic_default vendor_kx_file:file { open read getattr };
 hal_client_domain(vendor_hal_nordic_default, hal_allocator)
diff --git a/qva/vendor/kona/hwservice_contexts b/qva/vendor/kona/hwservice_contexts
index 2e93a850..d80fcf27 100644
--- a/qva/vendor/kona/hwservice_contexts
+++ b/qva/vendor/kona/hwservice_contexts
@@ -2,4 +2,5 @@
 #  SPDX-License-Identifier: BSD-3-Clause-Clear
 
 # hal nordic hwservice
+vendor.kineticsxr.hardware.nordic::INordic    u:object_r:vendor_hal_nordic_hwservice:s0
 vendor.shadowcreator.hardware.nordic::INordic    u:object_r:vendor_hal_nordic_hwservice:s0
diff --git a/qva/vendor/kona/nordic_app.te b/qva/vendor/kona/nordic_app.te
index 8c7456bf..f845066d 100644
--- a/qva/vendor/kona/nordic_app.te
+++ b/qva/vendor/kona/nordic_app.te
@@ -7,3 +7,4 @@ app_domain(vendor_nordic_app)
 hal_client_domain(vendor_nordic_app, vendor_hal_nordic);
 allow vendor_nordic_app activity_service:service_manager find;
 allow vendor_nordic_app vendor_qvrd_vndr:fd use;
+allow vendor_nordic_app content_capture_service:service_manager find;
+\ No newline at end of file
diff --git a/qva/vendor/kona/seapp_contexts b/qva/vendor/kona/seapp_contexts
index 94ef23fe..0f212422 100644
--- a/qva/vendor/kona/seapp_contexts
+++ b/qva/vendor/kona/seapp_contexts
@@ -2,4 +2,5 @@
 #  SPDX-License-Identifier: BSD-3-Clause-Clear
 
 #Add new domain for nordic service app
+user=_app seinfo=platform name=com.kineticsxr.service.nordic.bridge domain=vendor_nordic_app type=app_data_file levelFrom=all
 user=_app seinfo=platform name=com.shadowcreator.service.handshank domain=vendor_nordic_app type=app_data_file levelFrom=all
author	Meng Wang <quic_mengw@quicinc.com>	2022-12-08 09:29:25 +0800
committer	alk3pInjection <webmaster@raspii.tech>	2023-06-13 00:20:25 +0800
commit	c504c58a6144268e733eaefa7cd790eb94403e4d (patch)
tree	687a90708b8e7e0410c0e9b0c9f6bcc8bc563959
parent	095327168912591119f783cf56511a2b1ab25fcc (diff)