From 060eb640e196169c8210220982287308b27bd345 Mon Sep 17 00:00:00 2001 From: gtk_qingyunmei Date: Sat, 18 Jan 2020 10:17:54 +0800 Subject: [PATCH] [ALPS04707246] porting hdmi hidl service Refactoring hdmi service as hidl service,so that other process can call hdmi services API. Add Selinux permission for hdmi hidl service. MTK-Commit-Id: 0ecef9e52ce92b52413fbecd2b5be492806b8f53 Change-Id: I7f1c5f48d4ae9777acc80436a4af801f32969fac CR-Id: ALPS04707246 Feature: [Module]Settings --- non_plat/attributes | 6 +++++ non_plat/file_contexts | 3 +++ non_plat/hal_hdmi.te | 6 +++++ non_plat/hwservice.te | 3 +++ non_plat/hwservice_contexts | 4 ++++ non_plat/mtk_hal_hdmi.te | 48 +++++++++++++++++++++++++++++++++++++ non_plat/property.te | 3 +++ non_plat/property_contexts | 3 +++ non_plat/system_app.te | 9 +++++++ 9 files changed, 85 insertions(+) create mode 100644 non_plat/hal_hdmi.te create mode 100644 non_plat/mtk_hal_hdmi.te diff --git a/non_plat/attributes b/non_plat/attributes index 4c2568f..344d60d 100644 --- a/non_plat/attributes +++ b/non_plat/attributes @@ -74,3 +74,9 @@ attribute hal_atci_server; # Date: 2019/06/12 # modem db filter hidl attribute mtk_hal_md_dbfilter_server; + +# Date: 2019/07/16 +# HDMI HIDL +attribute hal_hdmi; +attribute hal_hdmi_client; +attribute hal_hdmi_server; diff --git a/non_plat/file_contexts b/non_plat/file_contexts index f3de80b..f2e14a9 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -692,3 +692,6 @@ #MRDUMP /dev/block/platform/bootdevice/by-name/mrdump(/.*)? u:object_r:mrdump_device:s0 +# Date: 2019/07/16 +# hdmi hal +/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.hdmi@1\.0-service u:object_r:mtk_hal_hdmi_exec:s0 diff --git a/non_plat/hal_hdmi.te b/non_plat/hal_hdmi.te new file mode 100644 index 0000000..ea8e0c5 --- /dev/null +++ b/non_plat/hal_hdmi.te @@ -0,0 +1,6 @@ +# HwBinder IPC from clients into server, and callbacks +binder_call(hal_hdmi_client, hal_hdmi_server) +binder_call(hal_hdmi_server, hal_hdmi_client) + +# give permission for hal client +allow hal_hdmi_client mtk_hal_hdmi_hwservice :hwservice_manager find; diff --git a/non_plat/hwservice.te b/non_plat/hwservice.te index a829740..298fa79 100644 --- a/non_plat/hwservice.te +++ b/non_plat/hwservice.te @@ -54,3 +54,6 @@ type mtk_hal_gpu_hwservice, hwservice_manager_type; # modem db filter hidl type mtk_hal_md_dbfilter_hwservice, hwservice_manager_type; +# Date: 2019/07/16 +# HDMI HIDL +type mtk_hal_hdmi_hwservice, hwservice_manager_type; diff --git a/non_plat/hwservice_contexts b/non_plat/hwservice_contexts index 0a9f9f4..67e965a 100644 --- a/non_plat/hwservice_contexts +++ b/non_plat/hwservice_contexts @@ -63,3 +63,7 @@ vendor.mediatek.hardware.modemdbfilter::ICopyDBFilter u:object_r:mtk_hal_md_dbfi vendor.mediatek.hardware.camera.lomoeffect::ILomoEffect u:object_r:hal_camera_hwservice:s0 vendor.mediatek.hardware.camera.ccap::ICCAPControl u:object_r:hal_camera_hwservice:s0 vendor.mediatek.hardware.camera.bgservice::IBGService u:object_r:hal_camera_hwservice:s0 + +# Date : 2019/07/16 +# HDMI HIDL +vendor.mediatek.hardware.hdmi::IMtkHdmiService u:object_r:mtk_hal_hdmi_hwservice:s0 diff --git a/non_plat/mtk_hal_hdmi.te b/non_plat/mtk_hal_hdmi.te new file mode 100644 index 0000000..a1995ca --- /dev/null +++ b/non_plat/mtk_hal_hdmi.te @@ -0,0 +1,48 @@ +# ============================================== +# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.hdmi@1.0-service Executable File + +# ============================================== +# Type Declaration +# ============================================== + +type mtk_hal_hdmi, domain; +type mtk_hal_hdmi_exec, exec_type, file_type, vendor_file_type; + +# ============================================== +# MTK Policy Rule +# ============================================== + +# Setup for domain transition +init_daemon_domain(mtk_hal_hdmi) + +# Allow to use HWBinder IPC +hwbinder_use(mtk_hal_hdmi); + +# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder. +hal_server_domain(mtk_hal_hdmi, hal_hdmi) + +# add/find permission rule to hwservicemanager +add_hwservice(hal_hdmi_server, mtk_hal_hdmi_hwservice) + +# Allow to allocate hidl memory +#hal_client_domain(mtk_hal_hdmi, hal_allocator) + +# Purpose : Allow to use kernel driver +allow mtk_hal_hdmi graphics_device:chr_file rw_file_perms; + +# Purpose : Allow permission to get AmbientLux from hwservice_manager +allow mtk_hal_hdmi fwk_sensor_hwservice:hwservice_manager find; + +#for hdmi uevent +allow mtk_hal_hdmi self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +#============= Key Manager HIDL Service ============== +allow mtk_hal_hdmi mtk_hal_keymanage:binder call; + +# Purpose : Allow hdmi to call vendor.mediatek.hardware.keymanage@1.0-service. +hal_client_domain(mtk_hal_hdmi, hal_keymaster) + +allow mtk_hal_hdmi mtk_hal_keymanage_hwservice:hwservice_manager find; + +# Purpose : Allow permission to set hdmi property +set_prop(mtk_hal_hdmi, mtk_hdmi_prop); diff --git a/non_plat/property.te b/non_plat/property.te index ec7f67d..fad95d8 100644 --- a/non_plat/property.te +++ b/non_plat/property.te @@ -317,3 +317,6 @@ type mtk_nvram_ready_prop, property_type, mtk_core_property_type; #=============allow wifi hotspot to read property=========== type mtk_wifi_hotspot_prop, property_type, mtk_core_property_type; + +#=============mtk hdmi property============= +type mtk_hdmi_prop, property_type, mtk_core_property_type; diff --git a/non_plat/property_contexts b/non_plat/property_contexts index 7b077fd..1d90c4d 100644 --- a/non_plat/property_contexts +++ b/non_plat/property_contexts @@ -344,3 +344,6 @@ vendor.mtk.nvram.ready u:object_r:mtk_nvram_ready_prop:s0 #=============Wi-Fi Hotspot============== wifi.sap.interface u:object_r:mtk_wifi_hotspot_prop:s0 + +#=============allow mtk hdmi==============# +persist.vendor.sys.hdmi_hidl. u:object_r:mtk_hdmi_prop:s0 diff --git a/non_plat/system_app.te b/non_plat/system_app.te index 956a0e3..4e18c90 100644 --- a/non_plat/system_app.te +++ b/non_plat/system_app.te @@ -39,3 +39,12 @@ allow system_app mtk_hal_mms:binder call; # Operation : Migration # Purpose : system_app need vendor_default_prop get_prop(system_app, vendor_default_prop) + +# Date: 2019/07/16 +# Operation : Migration +# Purpose : system_app need use hdmi service and create socktet +allow system_app mtk_hal_hdmi_hwservice:hwservice_manager find; +allow system_app mtk_hal_hdmi:binder call; +allow system_app self:netlink_kobject_uevent_socket {read bind create setopt }; +# system_app need to read from sysfs /sys/class/switch/hdmi/state +r_dir_file(system_app, sysfs_switch);