non_plat: Label and address dfps hidl/service denials

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I4af35f0ad1cb1f77dae7813341e4d98e0c7b884f

non_plat/attributes

@@ -87,4 +87,7 @@ attribute mtk_hal_bgs;
 attribute mtk_hal_bgs_client;
 attribute mtk_hal_bgs_server;
 
-
+# DFPS HIDL
+attribute hal_dfps;
+attribute hal_dfps_client;
+attribute hal_dfps_server;

non_plat/file_contexts

@@ -734,3 +734,6 @@
 # VPU
 /dev/vcu		         u:object_r:vcu_device:s0
 /vendor/bin/vpud               u:object_r:vpud_native_exec:s0
+
+# DFPS
+/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.dfps@1\.0-service u:object_r:mtk_hal_dfps_exec:s0

non_plat/hal_dfps.te

@@ -0,0 +1,4 @@
+binder_call(hal_dfps_client, hal_dfps_server)
+binder_call(hal_dfps_server, hal_dfps_client)
+
+allow hal_dfps_client mtk_hal_dfps_hwservice:hwservice_manager find;

non_plat/hwservice.te

@@ -67,3 +67,6 @@ type mtk_hal_videotelephony_hwservice, hwservice_manager_type;
 
 # Keyinstall
 type mtk_hal_keyinstall_hwservice, hwservice_manager_type;
+
+# DFPS
+type mtk_hal_dfps_hwservice, hwservice_manager_type;

non_plat/hwservice_contexts

@@ -81,3 +81,6 @@ vendor.mediatek.hardware.videotelephony::IVideoTelephony u:object_r:mtk_hal_vide
 
 # Keyinstall
 vendor.mediatek.hardware.keyinstall::IKeyinstall u:object_r:mtk_hal_keyinstall_hwservice:s0
+
+# DFPS
+vendor.mediatek.hardware.dfps::IFpsPolicyService u:object_r:mtk_hal_dfps_hwservice:s0

non_plat/init.te

@@ -148,3 +148,6 @@ allow init vbmeta_block_device:lnk_file relabelto;
 
 # TEE
 allow init teei_client_device:chr_file rw_file_perms;
+
+# DFPS
+allow init mtk_hal_dfps_exec:file getattr;

non_plat/merged_hal_service.te

@@ -66,3 +66,7 @@ allowxperm merged_hal_service proc_ged:file ioctl { proc_ged_ioctls };
 # Date: 2019/06/14
 # Operation : Migration
 allow merged_hal_service nvram_agent_binder_hwservice:hwservice_manager find;
+
+# DFPS
+allow merged_hal_service mtk_hal_dfps:binder call;
+hal_client_domain(merged_hal_service, hal_dfps);

non_plat/mtk_hal_dfps.te

@@ -0,0 +1,18 @@
+type mtk_hal_dfps, domain;
+type mtk_hal_dfps_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(mtk_hal_dfps)
+
+hwbinder_use(mtk_hal_dfps);
+vndbinder_use(mtk_hal_dfps);
+
+hal_server_domain(mtk_hal_dfps, hal_dfps)
+
+add_hwservice(hal_dfps_server, mtk_hal_dfps_hwservice)
+
+r_dir_file(mtk_hal_dfps, sysfs_type)
+r_dir_file(mtk_hal_dfps, proc_net);
+
+get_prop(mtk_hal_dfps, hwservicemanager_prop)
+
+allow mtk_hal_dfps mtk_dfrc_device:chr_file rw_file_perms;

non_plat/mtk_hal_power.te

@@ -175,3 +175,7 @@ allow mtk_hal_power sysfs_pftch_qos:file rw_file_perms;
 # Purpose : Add f2fs permission
 allow mtk_hal_power sysfs_fs_f2fs:dir r_dir_perms;
 allow mtk_hal_power sysfs_fs_f2fs:file rw_file_perms;
+
+# DFPS
+allow mtk_hal_power mtk_hal_dfps:binder call;
+hal_client_domain(mtk_hal_power, hal_dfps);

non_plat/surfaceflinger.te

@@ -82,3 +82,6 @@ allow surfaceflinger mtk_mdp_device:chr_file rw_file_perms;
 # Operation : HDR
 # Purpose: Allow to skip aosp hdr solution
 get_prop(surfaceflinger, graphics_hwc_hdr_prop)
+
+# DFPS
+hal_client_domain(surfaceflinger, hal_dfps)

non_plat/system_server.te

@@ -281,3 +281,6 @@ allow system_server storage_stub_file:dir getattr;
 # TEE
 allow system_server teei_fp_device:chr_file rw_file_perms;
 allow system_server teei_client_device:chr_file r_file_perms;
+
+# DFPS
+hal_client_domain(system_server,hal_dfps)