[ALPS04383692] GPU: GPU HIDL

[Detail]
Add sepolicy for gpu hidl

MTK-Commit-Id: c603f9f321c0f50cf21227787ccc3c35e50e55d2

Change-Id: I7a0ed82e546391a509687ef1b4cf5927cfbefe46
CR-Id: ALPS04383692
Feature: OpenGL|ES

non_plat/attributes

@@ -76,3 +76,10 @@ attribute hal_mtkcodecservice;
 attribute hal_atci;
 attribute hal_atci_client;
 attribute hal_atci_server;
+
+# Date: 2019/04/19
+# GPU HIDL
+attribute hal_gpu;
+attribute hal_gpu_client;
+attribute hal_gpu_server;
+

non_plat/file_contexts

@@ -575,6 +575,9 @@
 # MTK OMAPI for UICC
 /(system\/vendor|vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service-mediatek u:object_r:mtk_hal_secure_element_exec:s0
 
+#gpu hal
+/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.gpu@1\.0-service u:object_r:mtk_hal_gpu_exec:s0
+
 #############################
 # System/bin files
 
@@ -613,6 +616,8 @@
 /vendor/lib(64)?/vendor\.mediatek\.hardware\.pq@[0-9]\.[0-9]\.so                 u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libpq_prot\.so                                      u:object_r:same_process_hal_file:s0
 
+/vendor/lib(64)?/vendor\.mediatek\.hardware\.gpu@1\.0.so u:object_r:same_process_hal_file:s0
+
 /vendor/lib(64)?/libladder\.so   u:object_r:same_process_hal_file:s0
 
 /vendor/lib(64)?/libtflite_mtk.so u:object_r:same_process_hal_file:s0

non_plat/hal_gpu.te

@@ -0,0 +1,6 @@
+# HwBinder IPC from clients into server, and callbacks
+binder_call(hal_gpu_client, hal_gpu_server)
+binder_call(hal_gpu_server, hal_gpu_client)
+
+# give permission for hal client
+allow hal_gpu_client mtk_hal_gpu_hwservice :hwservice_manager find;

non_plat/hwservice.te

@@ -49,3 +49,8 @@ type mtk_hal_mms_hwservice, hwservice_manager_type;
 
 type hal_atci_hwservice, hwservice_manager_type;
 type mtk_hal_keymanage_hwservice, hwservice_manager_type;
+
+# Date: 2019/04/26
+# GPU HIDL
+type mtk_hal_gpu_hwservice, hwservice_manager_type;
+

non_plat/hwservice_contexts

@@ -56,3 +56,8 @@ vendor.mediatek.hardware.engineermode::IEmd u:object_r:mtk_hal_em_hwservice:s0
 # Date : 2018/07/02
 # MMS HIDL
 vendor.mediatek.hardware.mms::IMms u:object_r:mtk_hal_mms_hwservice:s0
+
+# Date : 2019/04/19
+# GPU HIDL
+vendor.mediatek.hardware.gpu::IGraphicExt u:object_r:mtk_hal_gpu_hwservice:s0
+

non_plat/mtk_hal_gpu.te

@@ -0,0 +1,51 @@
+# ==============================================
+# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.gpu@1.0-service Executable File
+
+# ==============================================
+# Type Declaration
+# ==============================================
+
+type mtk_hal_gpu, domain;
+type mtk_hal_gpu_exec, exec_type, file_type, vendor_file_type;
+
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Setup for domain transition
+init_daemon_domain(mtk_hal_gpu)
+
+# Allow to use HWBinder IPC
+hwbinder_use(mtk_hal_gpu);
+
+# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder.
+hal_server_domain(mtk_hal_gpu, hal_gpu)
+
+# add/find permission rule to hwservicemanager
+add_hwservice(hal_gpu, mtk_hal_gpu_hwservice)
+allow hal_gpu_client mtk_hal_gpu_hwservice:hwservice_manager find;
+
+# Allow to allocate hidl memory
+hal_client_domain(mtk_hal_gpu, hal_allocator)
+
+# Purpose : Allow to use kernel driver
+allow mtk_hal_gpu graphics_device:chr_file rw_file_perms;
+
+# Purpose : Allow property set
+allow mtk_hal_gpu init:unix_stream_socket connectto;
+allow mtk_hal_gpu property_socket:sock_file write;
+
+
+# Purpose : Allow permission to set pq property
+#set_prop(mtk_hal_gpu, mtk_gpu_prop)
+
+allow mtk_hal_gpu debugfs_ged:dir rw_dir_perms;
+allow mtk_hal_gpu debugfs_ged:file rw_file_perms;
+allow mtk_hal_gpu proc_ged:file rw_file_perms;
+
+allow mtk_hal_gpu hal_graphics_allocator_default:fd use;
+allow mtk_hal_gpu ion_device:chr_file r_file_perms;
+allow mtk_hal_gpu debugfs_ion:dir search;
+
+
+