Sepolicy: Allow processes to access new restricted DSP device node

Allow the known processes to offload to ADSP / SLPI using the new
device node.

Change-Id: Icaf8c4e1195b10711208bb5a331572ce78143560

vendor/common/adsprpcd.te

@@ -5,6 +5,7 @@ init_daemon_domain(adsprpcd)
 
 allow adsprpcd ion_device:chr_file r_file_perms;
 allow adsprpcd qdsp_device:chr_file r_file_perms;
+allow adsprpcd xdsp_device:chr_file r_file_perms;
 
 allow adsprpcd system_file:dir r_dir_perms;
 

vendor/common/cdsprpcd.te

@@ -36,6 +36,7 @@ init_daemon_domain(cdsprpcd)
 r_dir_file(cdsprpcd, adsprpcd_file)
 
 allow cdsprpcd qdsp_device:chr_file r_file_perms;
+allow cdsprpcd xdsp_device:chr_file r_file_perms;
 allow cdsprpcd ion_device:chr_file r_file_perms;
 
 r_dir_file(cdsprpcd, sysfs_devfreq)

vendor/common/chre.te

@@ -9,4 +9,5 @@ r_dir_file(chre, adsprpcd_file)
 
 allow chre ion_device:chr_file r_file_perms;
 allow chre qdsp_device:chr_file r_file_perms;
+allow chre xdsp_device:chr_file r_file_perms;
 allow chre dsp_device:chr_file r_file_perms;

vendor/common/device.te

@@ -7,6 +7,7 @@ type citadel_device, dev_type;
 type custom_ab_block_device, dev_type;
 type diag_device, dev_type, mlstrustedobject;
 type dsp_device, dev_type;
+type xdsp_device, dev_type;
 type easel_device, dev_type;
 type hbtp_device, dev_type;
 type hvdcp_device, dev_type;

vendor/common/file_contexts

@@ -22,6 +22,7 @@
 /dev/spcom                                      u:object_r:spcom_device:s0
 /dev/jpeg[0-9]*                                 u:object_r:video_device:s0
 /dev/adsprpc-smd                                u:object_r:qdsp_device:s0
+/dev/adsprpc-smd-secure                         u:object_r:xdsp_device:s0
 /dev/sdsprpc-smd                                u:object_r:dsp_device:s0
 /dev/wcd-dsp-glink                              u:object_r:audio_device:s0
 /dev/wcd_dsp0_control                           u:object_r:audio_device:s0

vendor/common/hal_camera.te

@@ -46,6 +46,7 @@ allow hal_camera sysfs_easel:file rw_file_perms;
 
 # access hexagon
 allow hal_camera qdsp_device:chr_file r_file_perms;
+allow hal_camera xdsp_device:chr_file r_file_perms;
 
 #needed for full_treble
 hal_client_domain(hal_camera_default, hal_graphics_composer)

vendor/common/hal_sensors_default.te

@@ -8,6 +8,7 @@ allowxperm hal_sensors_default self:socket ioctl msm_sock_ipc_ioctls;
 allow hal_sensors sysfs_soc:file r_file_perms;
 
 allow hal_sensors_default qdsp_device:chr_file r_file_perms;
+allow hal_sensors_default xdsp_device:chr_file r_file_perms;
 
 allow hal_sensors sysfs_data:file r_file_perms;
 allow hal_sensors sysfs_sensors:dir r_dir_perms;

vendor/common/hbtp.te

@@ -4,7 +4,7 @@ type hbtp_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hbtp)
 hal_server_domain(hbtp, hal_hbtp)
 # Allow access for /dev/hbtp_input and /dev/jdi-bu21150
-allow hbtp { hbtp_device qdsp_device dsp_device bu21150_device }:chr_file rw_file_perms;
+allow hbtp { hbtp_device qdsp_device dsp_device bu21150_device xdsp_device }:chr_file rw_file_perms;
 
 allow hbtp hbtp_log_file:dir rw_dir_perms;
 allow hbtp hbtp_log_file:file create_file_perms;

vendor/common/sensors.te

@@ -30,6 +30,7 @@ allow sensors sysfs_data:file r_file_perms;
 
 allow sensors ion_device:chr_file r_file_perms;
 allow sensors qdsp_device:chr_file r_file_perms;
+allow sensors xdsp_device:chr_file r_file_perms;
 
 # For reading dir/files on /dsp
 r_dir_file(sensors, adsprpcd_file)

vendor/sdm845/hal_neuralnetworks.te

@@ -33,6 +33,7 @@ init_daemon_domain(hal_neuralnetworks_default)
 
 allow hal_neuralnetworks_default fwk_sensor_hwservice:hwservice_manager find;
 allow hal_neuralnetworks_default qdsp_device:chr_file r_file_perms;
+allow hal_neuralnetworks_default xdsp_device:chr_file r_file_perms;
 allow hal_neuralnetworks_default ion_device:chr_file r_file_perms;
 
 allow hal_neuralnetworks_default app_data_file:file { read getattr };