sepolicy: qti: Allow rules for subsystem_daemon

Change-Id: I22040ac0d0ab70f32de07a5ac451d41f045433a9

sepolicy/qti/public/attributes

@@ -11,3 +11,4 @@ vendor_hal_attribute(oplus_project)
 vendor_hal_attribute(oplus_sensor)
 vendor_hal_attribute(oplus_touch)
 vendor_hal_attribute(oplus_urcc)
+vendor_hal_attribute(subsys)

sepolicy/qti/vendor/file.te

@@ -36,6 +36,9 @@ type vendor_proc_mm_fb, fs_type, proc_type;
 # NVRAM
 type nvram_socket, file_type;
 
+# Olog
+type vendor_olog_file, file_type, data_file_type;
+
 # Performance
 type vendor_proc_oplus_ctp, fs_type, proc_type;
 type vendor_proc_oplus_scheduler, fs_type, proc_type;

sepolicy/qti/vendor/file_contexts

@@ -87,6 +87,9 @@
 /dev/block/platform/soc/1d84000\.ufshc/by-name/nonmodemst2    u:object_r:nvram_device:s0
 /dev/socket/nvram                                             u:object_r:nvram_socket:s0
 
+# Olog
+/data/vendor/olog(/.*)?    u:object_r:vendor_olog_file:s0
+
 # OSENSE
 /vendor/bin/hw/vendor\.oplus\.hardware\.osense\.client-service    u:object_r:hal_oplus_osense_aidl_exec:s0
 
@@ -114,7 +117,8 @@
 /(odm|vendor/odm)/bin/hw/vendor.oplus.hardware.stability.oplus_project-V1-service    u:object_r:hal_oplus_project_aidl_exec:s0
 
 # Radio
-/vendor/bin/nrmodeswitcher    u:object_r:vendor_nrmodeswitcher_exec:s0
+/(odm|vendor/odm)/bin/hw/subsys_daemon    u:object_r:subsystem_daemon_exec:s0
+/vendor/bin/nrmodeswitcher                u:object_r:vendor_nrmodeswitcher_exec:s0
 
 # RMT
 /dev/block/platform/soc/1d84000\.ufshc/by-name/oem_dycnvbk          u:object_r:vendor_modem_efs_partition_device:s0

sepolicy/qti/vendor/subsystem_daemon.te

@@ -0,0 +1,22 @@
+type subsystem_daemon, domain;
+binder_use(subsystem_daemon)
+
+hal_server_domain(subsystem_daemon, vendor_hal_subsys)
+
+type subsystem_daemon_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(subsystem_daemon)
+
+binder_call(vendor_hal_subsys_client, vendor_hal_subsys_server)
+binder_call(vendor_hal_subsys_server, vendor_hal_subsys_client)
+
+hal_attribute_service(vendor_hal_subsys, hal_subsys_service)
+
+allow subsystem_daemon block_device:dir r_dir_perms;
+allow subsystem_daemon self:qipcrtr_socket create_socket_perms_no_ioctl;
+allow subsystem_daemon vendor_reserve_partition:blk_file r_file_perms;
+allow subsystem_daemon vendor_sysfs_soc_sensitive:file r_file_perms;
+
+set_prop(subsystem_daemon, vendor_nw_exported_system_prop)
+set_prop(subsystem_daemon, vendor_radio_prop)
+
+rw_dir_file(subsystem_daemon, vendor_olog_file)

sepolicy/qti/vendor/vendor_hal_imsrtp.te

@@ -1,5 +1,5 @@
 add_service(vendor_hal_imsrtp, hal_imsrtp_service)
 
-allow vendor_hal_imsrtp hal_subsys_service:service_manager find;
+hal_client_domain(vendor_hal_imsrtp, vendor_hal_subsys)
 
 get_prop(vendor_hal_imsrtp, boot_status_prop)

sepolicy/qti/vendor/vendor_qti_init_shell.te

@@ -1,8 +1,10 @@
 allow vendor_qti_init_shell proc_cmdline:file r_file_perms;
 
 allow vendor_qti_init_shell proc_page_cluster:file create_file_perms;
+allow vendor_qti_init_shell vendor_olog_file:file create_file_perms;
 allow vendor_qti_init_shell vendor_proc_camera:file create_file_perms;
 
+allow vendor_qti_init_shell vendor_olog_file:dir rw_dir_perms;
 allow vendor_qti_init_shell vendor_qmcs_file:dir r_dir_perms;
 allow vendor_qti_init_shell vendor_spunvm_file:dir r_dir_perms;