From b924fa405828c07fd36163fbeed0d7d646f0c3d6 Mon Sep 17 00:00:00 2001
From: SamarV-121 <samarvispute121@pm.me>
Date: Sat, 17 Sep 2022 11:43:05 +0530
Subject: [PATCH] sepolicy: basic: non_plat: Add selinux rules for
 mtkcodecservice HAL

Change-Id: Ia024bc02b07c45c17475005b4216baa50cee9c13
---
 basic/non_plat/file_contexts                  |  1 +
 basic/non_plat/hal_mtkcodecservice_default.te | 17 +++++++++++++++++
 basic/non_plat/hwservice.te                   |  1 +
 basic/non_plat/hwservice_contexts             |  2 ++
 basic/non_plat/mediacodec.te                  |  2 ++
 basic/non_plat/mediaserver.te                 |  2 ++
 basic/non_plat/system_server.te               |  2 ++
 basic/plat_public/attributes                  |  4 ++++
 8 files changed, 31 insertions(+)
 create mode 100644 basic/non_plat/hal_mtkcodecservice_default.te

diff --git a/basic/non_plat/file_contexts b/basic/non_plat/file_contexts
index c2ce153..59087e3 100644
--- a/basic/non_plat/file_contexts
+++ b/basic/non_plat/file_contexts
@@ -712,6 +712,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2@1\.2-mediatek                   u:object_r:mtk_hal_c2_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2@1\.2-mediatek-64b               u:object_r:mtk_hal_c2_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.mediatek                u:object_r:mtk_hal_memtrack_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.mediatek\.hardware\.mtkcodecservice@1\.1-service     u:object_r:hal_mtkcodecservice_default_exec:s0
 
 # Google Trusty system files
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0
diff --git a/basic/non_plat/hal_mtkcodecservice_default.te b/basic/non_plat/hal_mtkcodecservice_default.te
new file mode 100644
index 0000000..2d98cc6
--- /dev/null
+++ b/basic/non_plat/hal_mtkcodecservice_default.te
@@ -0,0 +1,17 @@
+type hal_mtkcodecservice_default, domain;
+type hal_mtkcodecservice_default_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(hal_mtkcodecservice_default)
+
+hal_server_domain(hal_mtkcodecservice_default, hal_mtkcodecservice)
+
+hal_client_domain(hal_mtkcodecservice_default, hal_allocator)
+
+binder_call(hal_mtkcodecservice_client, hal_mtkcodecservice_server)
+binder_call(hal_mtkcodecservice_server, hal_mtkcodecservice_client)
+
+add_hwservice(hal_mtkcodecservice_server, hal_mtkcodecservice_hwservice)
+allow hal_mtkcodecservice_client hal_mtkcodecservice_hwservice:hwservice_manager find;
+
+allow hal_mtkcodecservice_default hidl_allocator_hwservice:hwservice_manager find;
+allow hal_mtkcodecservice_default hidl_memory_hwservice:hwservice_manager find;
diff --git a/basic/non_plat/hwservice.te b/basic/non_plat/hwservice.te
index 16bfdf4..74afe86 100644
--- a/basic/non_plat/hwservice.te
+++ b/basic/non_plat/hwservice.te
@@ -77,3 +77,4 @@ type mtk_hal_composer_ext_hwservice, hwservice_manager_type, protected_hwservice
 
 # GPU HIDL
 type mtk_hal_gpu_hwservice, hwservice_manager_type;
+type hal_mtkcodecservice_hwservice, hwservice_manager_type;
diff --git a/basic/non_plat/hwservice_contexts b/basic/non_plat/hwservice_contexts
index cffdba4..a080125 100644
--- a/basic/non_plat/hwservice_contexts
+++ b/basic/non_plat/hwservice_contexts
@@ -90,3 +90,5 @@ vendor.mediatek.hardware.bluetooth.audio::IBluetoothAudioProvidersFactory u:obje
 # Date: 2021/06/30
 # composer extension HIDL
 vendor.mediatek.hardware.composer_ext::IComposerExt u:object_r:mtk_hal_composer_ext_hwservice:s0
+
+vendor.mediatek.hardware.mtkcodecservice::IMtkCodecService u:object_r:hal_mtkcodecservice_hwservice:s0
diff --git a/basic/non_plat/mediacodec.te b/basic/non_plat/mediacodec.te
index fc0847e..e8b61be 100644
--- a/basic/non_plat/mediacodec.te
+++ b/basic/non_plat/mediacodec.te
@@ -150,3 +150,5 @@ get_prop(mediacodec, vendor_mtk_crossmount_prop)
 get_prop(mediacodec, vendor_mtk_deinterlace_prop)
 get_prop(mediacodec, vendor_mtk_omx_core_prop)
 get_prop(mediacodec, vendor_mtk_hdr_video_prop)
+
+hal_client_domain(mediacodec, hal_mtkcodecservice)
diff --git a/basic/non_plat/mediaserver.te b/basic/non_plat/mediaserver.te
index 1cc0cf4..7a770c7 100644
--- a/basic/non_plat/mediaserver.te
+++ b/basic/non_plat/mediaserver.te
@@ -307,3 +307,5 @@ hal_client_domain(mediaserver, hal_keymaster)
 hal_client_domain(mediaserver, hal_power)
 
 allow mediaserver vpud_device:chr_file rw_file_perms;
+
+hal_client_domain(mediaserver, hal_mtkcodecservice)
diff --git a/basic/non_plat/system_server.te b/basic/non_plat/system_server.te
index f7b527a..8496364 100644
--- a/basic/non_plat/system_server.te
+++ b/basic/non_plat/system_server.te
@@ -276,3 +276,5 @@ allow system_server proc_mgq:dir search;
 
 # when anr dump process, SystemServer need send sigal
 allow system_server mtk_hal_pq:process signal;
+
+hal_client_domain(system_server, hal_mtkcodecservice)
diff --git a/basic/plat_public/attributes b/basic/plat_public/attributes
index 07ef535..6245013 100644
--- a/basic/plat_public/attributes
+++ b/basic/plat_public/attributes
@@ -116,3 +116,7 @@ attribute mtk_safe_halserverdomain_type;
 attribute hal_mtk_mmagent;
 attribute hal_mtk_mmagent_client;
 attribute hal_mtk_mmagent_server;
+
+attribute hal_mtkcodecservice;
+attribute hal_mtkcodecservice_client;
+attribute hal_mtkcodecservice_server;