sepolicy: basic: non_plat: Add selinux rules for mtkcodecservice HAL

Change-Id: Ia024bc02b07c45c17475005b4216baa50cee9c13

basic/non_plat/file_contexts

@@ -712,6 +712,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2@1\.2-mediatek                   u:object_r:mtk_hal_c2_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2@1\.2-mediatek-64b               u:object_r:mtk_hal_c2_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.mediatek                u:object_r:mtk_hal_memtrack_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.mediatek\.hardware\.mtkcodecservice@1\.1-service     u:object_r:hal_mtkcodecservice_default_exec:s0
 
 # Google Trusty system files
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0

basic/non_plat/hal_mtkcodecservice_default.te

@@ -0,0 +1,17 @@
+type hal_mtkcodecservice_default, domain;
+type hal_mtkcodecservice_default_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(hal_mtkcodecservice_default)
+
+hal_server_domain(hal_mtkcodecservice_default, hal_mtkcodecservice)
+
+hal_client_domain(hal_mtkcodecservice_default, hal_allocator)
+
+binder_call(hal_mtkcodecservice_client, hal_mtkcodecservice_server)
+binder_call(hal_mtkcodecservice_server, hal_mtkcodecservice_client)
+
+add_hwservice(hal_mtkcodecservice_server, hal_mtkcodecservice_hwservice)
+allow hal_mtkcodecservice_client hal_mtkcodecservice_hwservice:hwservice_manager find;
+
+allow hal_mtkcodecservice_default hidl_allocator_hwservice:hwservice_manager find;
+allow hal_mtkcodecservice_default hidl_memory_hwservice:hwservice_manager find;

basic/non_plat/hwservice.te

@@ -77,3 +77,4 @@ type mtk_hal_composer_ext_hwservice, hwservice_manager_type, protected_hwservice
 
 # GPU HIDL
 type mtk_hal_gpu_hwservice, hwservice_manager_type;
+type hal_mtkcodecservice_hwservice, hwservice_manager_type;

basic/non_plat/hwservice_contexts

@@ -90,3 +90,5 @@ vendor.mediatek.hardware.bluetooth.audio::IBluetoothAudioProvidersFactory u:obje
 # Date: 2021/06/30
 # composer extension HIDL
 vendor.mediatek.hardware.composer_ext::IComposerExt u:object_r:mtk_hal_composer_ext_hwservice:s0
+
+vendor.mediatek.hardware.mtkcodecservice::IMtkCodecService u:object_r:hal_mtkcodecservice_hwservice:s0

basic/non_plat/mediacodec.te

@@ -150,3 +150,5 @@ get_prop(mediacodec, vendor_mtk_crossmount_prop)
 get_prop(mediacodec, vendor_mtk_deinterlace_prop)
 get_prop(mediacodec, vendor_mtk_omx_core_prop)
 get_prop(mediacodec, vendor_mtk_hdr_video_prop)
+
+hal_client_domain(mediacodec, hal_mtkcodecservice)

basic/non_plat/mediaserver.te

@@ -307,3 +307,5 @@ hal_client_domain(mediaserver, hal_keymaster)
 hal_client_domain(mediaserver, hal_power)
 
 allow mediaserver vpud_device:chr_file rw_file_perms;
+
+hal_client_domain(mediaserver, hal_mtkcodecservice)

basic/non_plat/system_server.te

@@ -276,3 +276,5 @@ allow system_server proc_mgq:dir search;
 
 # when anr dump process, SystemServer need send sigal
 allow system_server mtk_hal_pq:process signal;
+
+hal_client_domain(system_server, hal_mtkcodecservice)

basic/plat_public/attributes

@@ -116,3 +116,7 @@ attribute mtk_safe_halserverdomain_type;
 attribute hal_mtk_mmagent;
 attribute hal_mtk_mmagent_client;
 attribute hal_mtk_mmagent_server;
+
+attribute hal_mtkcodecservice;
+attribute hal_mtkcodecservice_client;
+attribute hal_mtkcodecservice_server;