From 9fcf99ba09036f2dfbd05deb6f4145d6c75a1b39 Mon Sep 17 00:00:00 2001
From: Ian-Y Chen <ian-y.chen@mediatek.com>
Date: Sat, 18 Jan 2020 10:13:32 +0800
Subject: [PATCH] [ALPS04328846] power: refine sepolicy

[Detail]
1. Add prefix PERFMGR for performance related ioctl
2. Add property permission for PowerHAL

MTK-Commit-Id: 91ef99a47ee2de3c48426298c9a67d5e4dd10a6b

Change-Id: I5979aefc7fb110ee540425bc53896babdcac08bd
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
---
 non_plat/app.te            |  8 ++++----
 non_plat/bootanim.te       |  8 ++++----
 non_plat/cameraserver.te   |  8 ++++----
 non_plat/ioctl_defines     | 32 ++++++++++++++++----------------
 non_plat/mtk_hal_power.te  |  8 ++++++--
 non_plat/property.te       |  3 +++
 non_plat/property_contexts |  4 ++++
 non_plat/surfaceflinger.te | 10 +++++-----
 non_plat/system_server.te  |  8 ++++----
 9 files changed, 50 insertions(+), 39 deletions(-)

diff --git a/non_plat/app.te b/non_plat/app.te
index 40ee4ae..5a64433 100644
--- a/non_plat/app.te
+++ b/non_plat/app.te
@@ -44,10 +44,10 @@ allow appdomain mtk_cmdq_device:chr_file {open read ioctl};
 allow appdomain proc_perfmgr:dir search;
 allow appdomain proc_perfmgr:file { getattr open read ioctl};
 allowxperm appdomain proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
 };
 
 # Date : W19.4
diff --git a/non_plat/bootanim.te b/non_plat/bootanim.te
index 55e3d1a..5027d92 100644
--- a/non_plat/bootanim.te
+++ b/non_plat/bootanim.te
@@ -35,8 +35,8 @@ allowxperm bootanim proc_ged:file ioctl {
   GED_BRIDGE_IO_GE_INFO
 };
 allowxperm bootanim proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
 };
diff --git a/non_plat/cameraserver.te b/non_plat/cameraserver.te
index 821267e..a85ca40 100644
--- a/non_plat/cameraserver.te
+++ b/non_plat/cameraserver.te
@@ -357,8 +357,8 @@ allow cameraserver debugfs_ion:dir search;
 allow cameraserver proc_perfmgr:dir {read search};
 allow cameraserver proc_perfmgr:file r_file_perms;
 allowxperm cameraserver proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
 };
diff --git a/non_plat/ioctl_defines b/non_plat/ioctl_defines
index a49e819..6455068 100755
--- a/non_plat/ioctl_defines
+++ b/non_plat/ioctl_defines
@@ -28,26 +28,26 @@ define(`GED_BRIDGE_IO_IOCTLCMD_0F', `0x670f')
 define(`GED_BRIDGE_IO_IOCTLCMD_10', `0x6710')
 
 #####################################
-# perf_ioctl.h
+# perf_ioctl.h : FPSGO
 #
-define(`FPSGO_QUEUE', `0x6701')
-define(`FPSGO_DEQUEUE', `0x6703')
-define(`FPSGO_VSYNC', `0x6705')
-define(`FPSGO_TOUCH', `0x670a')
-define(`FPSGO_QUEUE_CONNECT', `0x670f')
-define(`FPSGO_BQID', `0x6710')
+define(`PERFMGR_FPSGO_QUEUE', `0x6701')
+define(`PERFMGR_FPSGO_DEQUEUE', `0x6703')
+define(`PERFMGR_FPSGO_VSYNC', `0x6705')
+define(`PERFMGR_FPSGO_TOUCH', `0x670a')
+define(`PERFMGR_FPSGO_QUEUE_CONNECT', `0x670f')
+define(`PERFMGR_FPSGO_BQID', `0x6710')
 
-#####################################
-#
-#
-define(`EARA_NN_BEGIN', `0x6701')
-define(`EARA_NN_END', `0x6702')
-define(`EARA_GETUSAGE', `0x6703')
+# perf_ioctl.h : EARA
+define(`PERFMGR_EARA_NN_BEGIN', `0x6701')
+define(`PERFMGR_EARA_NN_END', `0x6702')
+define(`PERFMGR_EARA_GETUSAGE', `0x6703')
 
-#####################################
-#
-#
+# perf_ioctl.h : others
 define(`PERFMGR_CPU_PREFER', `0x6701')
+
+#####################################
+#
+#
 define(`MMC_IOCTLCMD', `0xb300')
 define(`UFS_IOCTLCMD', `0x5388')
 
diff --git a/non_plat/mtk_hal_power.te b/non_plat/mtk_hal_power.te
index d45caa6..b06acbb 100644
--- a/non_plat/mtk_hal_power.te
+++ b/non_plat/mtk_hal_power.te
@@ -40,7 +40,7 @@ allow mtk_hal_power mtk_hal_audio:dir r_dir_perms;
 # Purpose : Allow powerHAL to access perfmgr
 allow mtk_hal_power proc_perfmgr:dir r_dir_perms;
 allow mtk_hal_power proc_perfmgr:file rw_file_perms;
-allowxperm mtk_hal_power proc_perfmgr:file ioctl FPSGO_TOUCH;
+allowxperm mtk_hal_power proc_perfmgr:file ioctl PERFMGR_FPSGO_TOUCH;
 
 # Date : 2017/10/11
 # Operation: SQC
@@ -100,6 +100,10 @@ allow mtk_hal_power proc_mtktz:file rw_file_perms;
 # Date : 2019/05/08
 # Operation: SQC
 # Purpose : Allow powerHAL to access /proc/[pid]
-# 2019/04/24 : redundant setting
 allow mtk_hal_power system_server:dir r_dir_perms;
 allow mtk_hal_power system_server:file r_file_perms;
+
+# Date : 2019/05/22
+# Operation: SQC
+# Purpose : Allow powerHAL to access prop
+set_prop(mtk_hal_power, mtk_powerhal_prop)
diff --git a/non_plat/property.te b/non_plat/property.te
index fcb6fd6..e44a99c 100644
--- a/non_plat/property.te
+++ b/non_plat/property.te
@@ -307,3 +307,6 @@ type logmuch_prop, property_type, extended_core_property_type;
 
 #=============mtk bt enable SAP profile property=============
 type mtk_bt_sap_enable_prop, property_type, mtk_core_property_type;
+
+#=============MTK powerhal property================
+type mtk_powerhal_prop, property_type;
diff --git a/non_plat/property_contexts b/non_plat/property_contexts
index 3994dbc..e286fc9 100644
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@@ -341,3 +341,7 @@ ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int
 ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int
 ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int
 ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int
+
+#=============allow processes to change powerhal config================
+persist.vendor.powerhal. u:object_r:mtk_powerhal_prop:s0
+vendor.powerhal. u:object_r:mtk_powerhal_prop:s0
diff --git a/non_plat/surfaceflinger.te b/non_plat/surfaceflinger.te
index e51aaba..f811394 100644
--- a/non_plat/surfaceflinger.te
+++ b/non_plat/surfaceflinger.te
@@ -47,11 +47,11 @@ allow surfaceflinger mtkbootanimation:file { read getattr open };
 allow surfaceflinger proc_perfmgr:dir {read search};
 allow surfaceflinger proc_perfmgr:file {open read ioctl};
 allowxperm surfaceflinger proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
-  FPSGO_VSYNC
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
+  PERFMGR_FPSGO_VSYNC
 };
 
 # Date : WK17.43
diff --git a/non_plat/system_server.te b/non_plat/system_server.te
index 7fcdcd2..dac2b0e 100644
--- a/non_plat/system_server.te
+++ b/non_plat/system_server.te
@@ -178,10 +178,10 @@ allow system_server mtk_hal_power_hwservice:hwservice_manager find;
 allow system_server proc_perfmgr:dir {read search};
 allow system_server proc_perfmgr:file {open read ioctl};
 allowxperm system_server proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
 };
 
 # Date : W18.22