[ALPS04532537] Copy vendor modem db and filter

New feature:

Add selinux of HIDL service and client.

Use HIDL copy modem db and filter from vendor image

to data partition for modem log tool.

MTK-Commit-Id: 7fadaf0f2a60d05d7464264ef9e23a75ca27bb66

Change-Id: I12cc8614537f30e90a1717f9838c52283342eb55
CR-Id: ALPS04532537
Feature: Modem Log Tool

non_plat/attributes

@@ -71,5 +71,6 @@ attribute hal_atci;
 attribute hal_atci_client;
 attribute hal_atci_server;
 
-
+# Date: 2019/06/12
-
+# modem db filter hidl
+attribute mtk_hal_md_dbfilter_server;

non_plat/file_contexts

@@ -649,6 +649,8 @@
 
 /vendor/bin/em_hidl u:object_r:em_hidl_exec:s0
 
+/vendor/bin/hw/modemdbfilter_service u:object_r:modemdbfilter_service_exec:s0
+
 # Date : 2018/06/15
 # Purpose : mtk EM flash reading
 /proc/mounts u:object_r:proc_flash:s0

non_plat/hwservice.te

@@ -50,3 +50,7 @@ type mtk_hal_keymanage_hwservice, hwservice_manager_type;
 # GPU HIDL
 type mtk_hal_gpu_hwservice, hwservice_manager_type;
 
+# Date: 2019/06/12
+# modem db filter hidl
+type mtk_hal_md_dbfilter_hwservice, hwservice_manager_type;
+

non_plat/hwservice_contexts

@@ -57,3 +57,7 @@ vendor.mediatek.hardware.mms::IMms u:object_r:mtk_hal_mms_hwservice:s0
 # GPU HIDL
 vendor.mediatek.hardware.gpu::IGraphicExt u:object_r:mtk_hal_gpu_hwservice:s0
 
+# Date: 2019/06/12
+# modem db filter hidl
+vendor.mediatek.hardware.modemdbfilter::ICopyDBFilter u:object_r:mtk_hal_md_dbfilter_hwservice:s0
+

non_plat/modemdbfilter_service.te

@@ -0,0 +1,18 @@
+# ==============================================
+# Policy File of /vendor/bin/hw/modemdbfilter_service Executable File
+
+# ==============================================
+# Type Declaration
+# ==============================================
+
+type modemdbfilter_service ,domain;
+type modemdbfilter_service_exec, exec_type, file_type, vendor_file_type;
+typeattribute modemdbfilter_service mlstrustedsubject;
+
+#Purpose : for create hidl server
+hal_server_domain(modemdbfilter_service, mtk_hal_md_dbfilter)
+init_daemon_domain(modemdbfilter_service)
+
+# ==============================================
+# MTK Policy Rule
+# ==============================================

non_plat/mtk_hal_md_dbfilter.te

@@ -0,0 +1,6 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(mtk_hal_md_dbfilter_client, mtk_hal_md_dbfilter_server)
+binder_call(mtk_hal_md_dbfilter_server, mtk_hal_md_dbfilter_client)
+
+add_hwservice(mtk_hal_md_dbfilter_server, mtk_hal_md_dbfilter_hwservice)
+allow mtk_hal_md_dbfilter_client mtk_hal_md_dbfilter_hwservice:hwservice_manager find;

plat_private/emdlogger.te

@@ -73,3 +73,8 @@ allow emdlogger tmpfs:dir write;
 allow emdlogger sysfs_dt_firmware_android:file { read open getattr };
 allow emdlogger system_file:dir open;
 allow emdlogger vendor_default_prop:file { read getattr open };
+
+## Android Q migration
+## purpose:  read modem db and filter folder and file
+allow emdlogger mddb_filter_data_file:dir { r_dir_perms };
+allow emdlogger mddb_filter_data_file:file { r_file_perms };

plat_private/file.te

@@ -7,3 +7,12 @@
 # Operation : Migration
 # Purpose : For drmserver
 type access_sys_file, fs_type, sysfs_type;
+
+######################################
+# core domain file data
+
+# For modem db filter HIDL client
+# Date: WK1924
+# Operation : Save modem db and filter into data partition
+# Purpose : For Modem db and filter file
+type mddb_filter_data_file, file_type, data_file_type, core_data_file_type;

plat_private/file_contexts

@@ -2,6 +2,7 @@
 # Data files
 #
 
+/data/system_de/mdfilter(/.*)? u:object_r:mddb_filter_data_file:s0
 #############################
 # debugfs files
 #
@@ -14,6 +15,7 @@
 /system/bin/aee_core_forwarder u:object_r:aee_core_forwarder_exec:s0
 /system/bin/mdlogger u:object_r:mdlogger_exec:s0
 /system/bin/emdlogger[0-9]+ u:object_r:emdlogger_exec:s0
+/system/bin/modemdbfilter_client u:object_r:modemdbfilter_client_exec:s0
 /system/bin/netdiag u:object_r:netdiag_exec:s0
 /system/bin/loghidlsysservice u:object_r:loghidlsysservice_exec:s0
 /system/bin/cmddumper u:object_r:cmddumper_exec:s0

plat_private/mdlogger.te

@@ -44,6 +44,10 @@ allow mdlogger storage_file:file { create_file_perms };
 ## purpose: avc: denied { read } for name="plat_file_contexts"
 allow mdlogger file_contexts_file:file { read getattr open };
 
-# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 
+# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681
 # scontext=u:r:mdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
 allow mdlogger system_file:dir read;
+## Android Q migration
+## purpose:  read modem db and filter folder and file
+allow mdlogger mddb_filter_data_file:dir { r_dir_perms };
+allow mdlogger mddb_filter_data_file:file { r_file_perms };

plat_private/modemdbfilter_client.te

@@ -0,0 +1,22 @@
+# ==============================================
+# Policy File of /system/bin/modemdbfilter_client Executable File
+
+# ==============================================
+# Type Declaration
+# ==============================================
+# system_file_type for Q
+type modemdbfilter_client_exec, exec_type, system_file_type, file_type;
+typeattribute modemdbfilter_client coredomain;
+init_daemon_domain(modemdbfilter_client)
+
+# Purpose : for create hidl client
+hal_client_domain(modemdbfilter_client, mtk_hal_md_dbfilter)
+
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+allow modemdbfilter_client mddb_filter_data_file:dir { create_dir_perms relabelto };
+allow modemdbfilter_client mddb_filter_data_file:file { create_file_perms };
+allow modemdbfilter_client system_data_file:dir { create_dir_perms relabelfrom };
+allow modemdbfilter_client file_contexts_file:file { r_file_perms };
+

plat_public/attributes

@@ -14,3 +14,7 @@ attribute mtk_hal_lbs;
 attribute mtk_hal_lbs_client;
 attribute mtk_hal_lbs_server;
 
+# Date: 2019/06/12
+# modem db filter hidl
+attribute mtk_hal_md_dbfilter;
+attribute mtk_hal_md_dbfilter_client;

plat_public/modemdbfilter_client.te

@@ -0,0 +1,8 @@
+# ==============================================
+# Policy File of /system/bin/modemdbfilter_client Executable File
+
+# ==============================================
+# Type Declaration
+# ==============================================
+
+type modemdbfilter_client, domain;