Merge "sepolicy: Add permissions for seccam"

qva/vendor/common/attributes

@@ -1,4 +1,4 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -53,6 +53,10 @@ attribute hal_qteeconnector;
 attribute hal_qteeconnector_client;
 attribute hal_qteeconnector_server;
 
+attribute hal_seccam;
+attribute hal_seccam_client;
+attribute hal_seccam_server;
+
 attribute wifidisplayhalservice;
 attribute wifidisplayhalservice_client;
 attribute wifidisplayhalservice_server;

qva/vendor/common/file_contexts

@@ -102,6 +102,7 @@
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.gnss@.*-service                        u:object_r:hal_gnss_qti_exec:s0
 /(vendor|system/vendor)/bin/xtwifi-inet-agent                                      u:object_r:location_exec:s0
 /(vendor|system/vendor)/bin/xtwifi-client                                          u:object_r:location_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.seccam@1\.0-service-qti      u:object_r:hal_seccam_qti_exec:s0
 /(vendor|system/vendor)/bin/garden_app                                             u:object_r:location_exec:s0
 /(vendor|system/vendor)/bin/DR_AP_Service                                          u:object_r:location_exec:s0
 /(vendor|system/vendor)/bin/slim_daemon                                            u:object_r:location_exec:s0
@@ -119,6 +120,7 @@
 /data/vendor/wifi/sockets(/.*)?                                     u:object_r:wifi_vendor_wpa_socket:s0
 /data/vendor/wifi/wigig_sockets(/.*)?                               u:object_r:wifi_vendor_wpa_socket:s0
 /data/vendor/wifi/wigig_sockets/wpa_ctrl.*                          u:object_r:wifi_vendor_wpa_socket:s0
+/dev/cam-hyp-intf-[0-9]+                                            u:object_r:video_device:s0
 /data/vendor/dataqti(/.*)?                                          u:object_r:vendor_qti_data_file:s0
 /data/vendor/qdmastats(/.*)?                                        u:object_r:vendor_qdma_data_file:s0
 /data/vendor/qdma(/.*)?                                             u:object_r:vendor_qdma_data_file:s0

qva/vendor/common/hal_seccam_qti.te

@@ -0,0 +1,42 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type hal_seccam_qti, domain;
+
+type hal_seccam_qti_exec, exec_type, file_type, vendor_file_type;
+init_daemon_domain(hal_seccam_qti)
+hal_server_domain(hal_seccam_qti, hal_seccam)
+
+binder_call(hal_seccam_client, hal_seccam_server)
+binder_call(hal_seccam_server, hal_seccam_client)
+
+add_hwservice(hal_seccam_server, hal_seccam_hwservice)
+
+allow hal_seccam_qti video_device:chr_file rw_file_perms;
+hal_client_domain(hal_seccam_qti, hal_graphics_allocator)
+hal_client_domain(hal_seccam_qti, hal_perf)
+set_prop(hal_seccam_qti, vendor_core_ctl_prop);

qva/vendor/common/hwservice.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -33,6 +33,7 @@ type wifidisplayhalservice_hwservice , hwservice_manager_type;
 type hal_alarm_qti_hwservice , hwservice_manager_type;
 type hal_vpp_hwservice , hwservice_manager_type;
 type hal_wigig_hwservice , hwservice_manager_type;
+type hal_seccam_hwservice, hwservice_manager_type;
 type hal_wigig_npt_hwservice , hwservice_manager_type;
 type hal_qteeconnector_hwservice , hwservice_manager_type;
 type hal_sensorscalibrate_qti_hwservice , hwservice_manager_type;

qva/vendor/common/hwservice_contexts

@@ -41,6 +41,7 @@ com.qualcomm.qti.bluetooth_audio::IBluetoothAudio            u:object_r:hal_audi
 vendor.qti.hardware.btconfigstore::IBTConfigStore            u:object_r:hal_bluetooth_hwservice:s0
 com.qualcomm.qti.dpm.api::IdpmQmi                            u:object_r:hal_dpmqmi_hwservice:s0
 vendor.qti.hardware.audiohalext::IAudioHalExt                u:object_r:hal_audio_hwservice:s0
+vendor.qti.hardware.seccam::ISecCam                          u:object_r:hal_seccam_hwservice:s0
 vendor.qti.gnss::ILocHidlGnss                                u:object_r:hal_gnss_hwservice:s0
 vendor.nxp.hardware.nfc::INqNfc                              u:object_r:hal_nfc_hwservice:s0
 vendor.qti.hardware.sensorscalibrate::ISensorsCalibrate      u:object_r:hal_sensorscalibrate_qti_hwservice:s0

qva/vendor/common/property.te

@@ -62,6 +62,9 @@ type vendor_video_prop, property_type;
 # Audio debug props
 type vendor_audio_debug_prop, property_type;
 
+# Seccam Prop
+type vendor_core_ctl_prop, property_type;
+
 # property for location
 type location_prop, property_type;
 

qva/vendor/common/property_contexts

@@ -59,6 +59,9 @@ vendor.video.disable.ubwc                    u:object_r:vendor_video_prop:s0
 # factory properties
 ctl.vendor.mmid                              u:object_r:ctl_vendor_mmid_prop:s0
 
+#seccam hal_service
+vendor.hyp_core_ctl                          u:object_r:vendor_core_ctl_prop:s0
+
 persist.vendor.mmi.                          u:object_r:vendor_mmi_prop:s0
 
 # izat location property

qva/vendor/common/seccam_app.te

@@ -0,0 +1,38 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type seccam_app, domain;
+app_domain(seccam_app)
+net_domain(seccam_app)
+
+hal_client_domain(seccam_app, hal_seccam);
+hal_client_domain(seccam_app, hal_qteeconnector);
+
+allow seccam_app system_app_data_file:dir create_dir_perms;
+allow seccam_app system_app_data_file:file create_file_perms;
+allow seccam_app { activity_service app_api_service } :service_manager find;
+allow seccam_app self:qipcrtr_socket create_socket_perms_no_ioctl;

qva/vendor/common/sysmonapp/seapp_contexts

@@ -28,3 +28,6 @@
 # sysmonapp applications
 user=_app seinfo=sysmonapp domain=sysmonapp_app name=com.qualcomm.sysmonappInternal type=app_data_file levelFrom=all
 user=_app seinfo=sysmonapp domain=sysmonapp_app name=com.qualcomm.qti.sysmonappExternal type=app_data_file levelFrom=all
+
+#Add new domain for secure camera service app
+user=system seinfo=platform name=com.qualcomm.qti.seccamservice:remote domain=seccam_app type=system_app_data_file