sepolicy: qti: Add inital eSIM support

Change-Id: Iae2d3c17a6eb5a9b1c71198c8ac861ad4e5f85d5

sepolicy/qti/vendor/device.te

@@ -7,6 +7,11 @@ type vendor_camera_turbo_device, dev_type;
 # Charging
 type oplus_charger_device, dev_type;
 
+# eSIM
+type esim_det_device, dev_type;
+type esim_en_device, dev_type;
+type esim_gpio_device, dev_type;
+
 # Fingerprint
 type fingerprint_device, dev_type;
 

sepolicy/qti/vendor/file_contexts

@@ -38,6 +38,12 @@
 # Engineering
 /mnt/vendor/persist/engineermode(/.*)?    u:object_r:vendor_persist_engineer_file:s0
 
+# eSIM
+/(odm|vendor/odm)/bin/hw/vendor\.oplus\.hardware\.esim@1\.0-service    u:object_r:hal_oplus_esim_aidl_exec:s0
+/dev/esim-det                                                          u:object_r:esim_det_device:s0
+/dev/esim-en                                                           u:object_r:esim_en_device:s0
+/dev/esim-gpio                                                         u:object_r:esim_gpio_device:s0
+
 # Fingerprint
 /data/vendor/fingerprint(_ori)?(/.*)?                                                            u:object_r:fingerprint_vendor_data_file:s0
 /mnt/vendor/persist/fingerprint(/.*)?                                                            u:object_r:vendor_persist_fingerprint_file:s0

sepolicy/qti/vendor/hal_oplus_esim_aidl.te

@@ -0,0 +1,22 @@
+type hal_oplus_esim_aidl, domain;
+binder_use(hal_oplus_esim_aidl)
+
+type hal_oplus_esim_aidl_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_oplus_esim_aidl)
+
+add_service(hal_oplus_esim_aidl, hal_oplus_esim_aidl_service)
+
+allow hal_oplus_esim_aidl esim_det_device:chr_file rw_file_perms;
+allow hal_oplus_esim_aidl esim_en_device:chr_file rw_file_perms;
+allow hal_oplus_esim_aidl esim_gpio_device:chr_file rw_file_perms;
+
+allow hal_oplus_esim_aidl mnt_vendor_file:dir search;
+rw_dir_file(hal_oplus_esim_aidl, oplus_reserve_radio_file)
+
+allow hal_oplus_esim_aidl block_device:dir search;
+allow hal_oplus_esim_aidl vendor_reserve_partition:blk_file {read write open};
+
+allow hal_oplus_esim_aidl self:qipcrtr_socket create_socket_perms_no_ioctl;
+
+set_prop(hal_oplus_esim_aidl, vendor_oplus_esim_prop)
+set_prop(hal_oplus_esim_aidl, vendor_radio_prop)

sepolicy/qti/vendor/property.te

@@ -1,3 +1,6 @@
+# eSIM
+vendor_internal_prop(vendor_oplus_esim_prop)
+
 # Fingerprint
 vendor_internal_prop(vendor_fingerprint_prop)
 

sepolicy/qti/vendor/property_contexts

@@ -12,6 +12,9 @@ vendor.oppo.camera.            u:object_r:vendor_camera_prop:s0
 # Display
 vendor.dps.dump.composerpid    u:object_r:vendor_display_prop:s0
 
+# eSIM
+ro.vendor.oplus.esim.support    u:object_r:vendor_oplus_esim_prop:s0
+
 # Fingerprint
 persist.vendor.fingerprint.                    u:object_r:vendor_fingerprint_prop:s0
 persist.vendor.side.fp.near.feature.support    u:object_r:vendor_fingerprint_prop:s0

sepolicy/qti/vendor/rild.te

@@ -1,5 +1,5 @@
 allow rild mnt_vendor_file:dir search;
-allow rild oplus_reserve_file:dir search;
+rw_dir_file(rild, oplus_reserve_radio_file)
 
 allow rild vendor_proc_display:file r_file_perms;
 

sepolicy/qti/vendor/service.te

@@ -21,6 +21,9 @@ type hal_oplus_displaypanel_aidl_service, hal_service_type, service_manager_type
 # Display (Pixelworks)
 type hal_display_iris_aidl_service, hal_service_type, service_manager_type;
 
+# eSIM
+type hal_oplus_esim_aidl_service, hal_service_type, service_manager_type;
+
 # Fingerprint Pay
 type hal_fingerprintpay_service, hal_service_type, service_manager_type;
 

sepolicy/qti/vendor/service_contexts

@@ -24,6 +24,9 @@ vendor.oplus.hardware.displaypanelfeature.IDisplayPanelFeature/default   u:objec
 # Display (Pixelworks)
 vendor.pixelworks.hardware.display.IIris/default    u:object_r:hal_display_iris_aidl_service:s0
 
+# eSIM
+vendor.oplus.hardware.esim.IOplusEsim/default    u:object_r:hal_oplus_esim_aidl_service:s0
+
 # Fingerprint Pay
 vendor.oplus.hardware.biometrics.fingerprintpay.IFingerprintPay/default    u:object_r:hal_fingerprintpay_service:s0