sepolicy: Define new policy rule to read gpu model

Add  a new file context label for gpu_model sysfs entry. allowed read
access to that entry.
Addressing the following denials :
type=1400 audit(0.0:62): avc: denied { read } for
name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:mediaserver:s0
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
type=1400 audit(0.0:88): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=78734 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0 app=com.android.systemui
type=1400 audit(0.0:100): avc: denied { read }
for name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
app=com.android.launcher3

Change-Id: I9e1b9ffbb88ea62b4cc530564d811d7cfc640bbc

generic/vendor/common/bootanim.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018,2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -33,3 +33,5 @@ allow bootanim hwservicemanager:binder call;
 dontaudit bootanim system_data_file:dir read;
 
 dontaudit bootanim vendor_hal_qspmhal_hwservice:hwservice_manager find;
+
+allow bootanim vendor_sysfs_kgsl_gpu_model:file r_file_perms;

generic/vendor/common/file.te

@@ -200,3 +200,6 @@ type vendor_qdcmsocket_socket, file_type;
 type vendor_sysfs_mhi, sysfs_type, fs_type;
 
 type vendor_sysfs_suspend, fs_type, sysfs_type;
+
+# kgsl gpu model file type for sysfs access
+type vendor_sysfs_kgsl_gpu_model, sysfs_type, fs_type;

generic/vendor/common/file_contexts

@@ -432,6 +432,7 @@
 
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0(/.*)? u:object_r:vendor_sysfs_kgsl:s0
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/devfreq/[a-f0-9]+.qcom,kgsl-3d0(/.*)? u:object_r:vendor_sysfs_kgsl:s0
+/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model u:object_r:vendor_sysfs_kgsl_gpu_model:s0
 
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-f0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,usb-pdphy@[0-9]+/usbpd/usbpd[0-9](/.*)? u:object_r:vendor_sysfs_usbpd_device:s0
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-f0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,qpnp-smb2/power_supply/usb(/.*)?        u:object_r:vendor_sysfs_usb_supply:s0

generic/vendor/common/gmscore_app.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+allow gmscore_app vendor_sysfs_kgsl_gpu_model:file r_file_perms;

generic/vendor/common/priv_app.te

@@ -31,3 +31,5 @@ hal_client_domain(priv_app, vendor_hal_perf)
 # priv_app domain
 allow priv_app rs_exec:file rx_file_perms;
 
+allow priv_app vendor_sysfs_kgsl_gpu_model:file r_file_perms;
+

generic/vendor/common/system_server.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -52,3 +52,5 @@ get_prop(system_server, vendor_display_prop)
 get_prop(system_server, vendor_per_mgr_state_prop);
 
 hal_client_domain(system_server, vendor_hal_dataconnection_qti)
+
+allow system_server vendor_sysfs_kgsl_gpu_model:file r_file_perms;

legacy/vendor/common/domain.te

@@ -64,4 +64,4 @@ allowxperm domain domain:icmp_socket ioctl { unpriv_sock_ioctls unpriv_tty_ioctl
 get_prop(domain, vendor_security_patch_level_prop)
 get_prop(domain, public_vendor_default_prop)
 
-allow domain qti_debugfs:dir search;
+allow domain qti_debugfs:dir search;

legacy/vendor/common/file.te

@@ -284,6 +284,8 @@ type sysfs_kgsl, sysfs_type, fs_type;
 type sysfs_kgsl_proc, sysfs_type, fs_type;
 # kgsl snapshot file type for sysfs access
 type sysfs_kgsl_snapshot, sysfs_type, fs_type;
+# kgsl gpu model file type for sysfs access
+type sysfs_kgsl_gpu_model, sysfs_type, fs_type;
 
 # secure touch files
 type sysfs_securetouch, fs_type, sysfs_type;

legacy/vendor/common/file_contexts

@@ -483,6 +483,7 @@
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/devfreq/[a-f0-9]+.qcom,kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/snapshot(/.*)? u:object_r:sysfs_kgsl_snapshot:s0
+/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model u:object_r:sysfs_kgsl_gpu_model:s0
 
 /sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc0/clk_scaling(/.*)? u:object_r:sysfs_mmc_host:s0
 /sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc[0-9]/mmc0:[0-9]+/block/mmcblk[0-9]/bdi/read_ahead_kb u:object_r:sysfs_mmc_host:s0

legacy/vendor/common/location_app.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -55,3 +55,4 @@ allowxperm vendor_location_app self:socket ioctl msm_sock_ipc_ioctls;
 allow vendor_location_app self:qipcrtr_socket create_socket_perms_no_ioctl;
 allow vendor_location_app sysfs_data:file r_file_perms;
 unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd)
+allow location_app sysfs_kgsl_gpu_model:file r_file_perms;

legacy/vendor/common/priv_app.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2017, 2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2017, 2019-2020, The Linux Foundation. All rights reserved.
 
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -29,3 +29,5 @@ hal_client_domain(priv_app, hal_perf)
 # TODO(b/123050471): this grants renderscript exec permissions to the
 # priv_app domain
 allow priv_app rs_exec:file rx_file_perms;
+
+allow priv_app sysfs_kgsl_gpu_model:file r_file_perms;