sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL

* Dropped in S sepolicy but we need it since we have
  blobs from R.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ifb8fa7d8e28b1d74c1bf3ea6b817afd3c84a90c6

basic/non_plat/file_contexts

@@ -716,6 +716,10 @@
 # Google Trusty system files
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0
 
+# gpu hal
+/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.gpu@1\.0-service u:object_r:mtk_hal_gpu_exec:s0
+/vendor/lib(64)?/vendor\.mediatek\.hardware\.gpu@1\.0.so u:object_r:same_process_hal_file:s0
+
 # MTEE keymaster4.0/4.1 system files
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service\.mtee u:object_r:hal_keymaster_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service\.mtee u:object_r:hal_keymaster_default_exec:s0

basic/non_plat/hal_gpu.te

@@ -0,0 +1,6 @@
+# HwBinder IPC from clients into server, and callbacks
+binder_call(hal_gpu_client, hal_gpu_server)
+binder_call(hal_gpu_server, hal_gpu_client)
+
+# give permission for hal client
+allow hal_gpu_client mtk_hal_gpu_hwservice :hwservice_manager find;

basic/non_plat/hwservice.te

@@ -74,3 +74,6 @@ type mtk_hal_bluetooth_audio_hwservice,hwservice_manager_type;
 # Date: 2021/06/30
 # composer extension HIDL
 type mtk_hal_composer_ext_hwservice, hwservice_manager_type, protected_hwservice;
+
+# GPU HIDL
+type mtk_hal_gpu_hwservice, hwservice_manager_type;

basic/non_plat/hwservice_contexts

@@ -10,6 +10,9 @@ vendor.mediatek.hardware.radio::ISap                                u:object_r:m
 vendor.mediatek.hardware.interfaces_tc1.mtkradioex_tc1::IMtkRadioEx u:object_r:mtk_hal_rild_hwservice:s0
 vendor.mediatek.hardware.radio_op::IRadioOp                         u:object_r:mtk_hal_rild_hwservice:s0
 
+# GPU HIDL
+vendor.mediatek.hardware.gpu::IGraphicExt u:object_r:mtk_hal_gpu_hwservice:s0
+
 # Date: 2017/06/07
 # power hidl
 vendor.mediatek.hardware.mtkpower::IMtkPerf  u:object_r:hal_power_hwservice:s0

basic/non_plat/mtk_hal_gpu.te

@@ -0,0 +1,30 @@
+type mtk_hal_gpu, domain;
+type mtk_hal_gpu_exec, exec_type, file_type, vendor_file_type;
+
+# Setup for domain transition
+init_daemon_domain(mtk_hal_gpu)
+
+# Allow to use HWBinder IPC
+hwbinder_use(mtk_hal_gpu);
+
+# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder.
+hal_server_domain(mtk_hal_gpu, hal_gpu)
+
+# add/find permission rule to hwservicemanager
+add_hwservice(hal_gpu, mtk_hal_gpu_hwservice)
+allow hal_gpu_client mtk_hal_gpu_hwservice:hwservice_manager find;
+
+# Allow to allocate hidl memory
+hal_client_domain(mtk_hal_gpu, hal_allocator)
+
+# Purpose : Allow to use kernel driver
+allow mtk_hal_gpu graphics_device:chr_file rw_file_perms;
+
+allow mtk_hal_gpu proc_ged:file rw_file_perms;
+allowxperm mtk_hal_gpu proc_ged:file ioctl { proc_ged_ioctls };
+
+allow mtk_hal_gpu hal_graphics_allocator_default:fd use;
+allow mtk_hal_gpu ion_device:chr_file r_file_perms;
+allow mtk_hal_gpu debugfs_ion:dir search;
+
+allow mtk_hal_gpu merged_hal_service:fd use;

basic/plat_public/attributes

@@ -33,6 +33,11 @@ attribute hal_mtk_lbs;
 attribute hal_mtk_lbs_client;
 attribute hal_mtk_lbs_server;
 
+# GPU HIDL
+attribute hal_gpu;
+attribute hal_gpu_client;
+attribute hal_gpu_server;
+
 # Date: 2017/06/27
 # IMSA HIDL
 attribute hal_mtk_imsa;

bsp/non_plat/camerapostalgo.te

@@ -23,4 +23,5 @@ hal_client_domain(camerapostalgo, hal_mtk_mms)
 hal_client_domain(camerapostalgo, hal_graphics_allocator)
 allow camerapostalgo hal_graphics_mapper_hwservice:hwservice_manager find;
 allow camerapostalgo hal_configstore_default:binder call;
+allow camerapostalgo mtk_hal_gpu_hwservice:hwservice_manager find;