[ALPS04328846] power: refine sepolicy

[Detail] 1. Add prefix PERFMGR for performance related ioctl 2. Add property permission for PowerHAL MTK-Commit-Id: 91ef99a47ee2de3c48426298c9a67d5e4dd10a6b Change-Id: I5979aefc7fb110ee540425bc53896babdcac08bd CR-Id: ALPS04328846 Feature: [Module]PowerHAL
2020-01-18 10:13:32 +08:00 · 2020-01-18 10:13:32 +08:00 · 9fcf99ba09
commit 9fcf99ba09
parent a250fc423c
9 changed files with 50 additions and 39 deletions
--- a/non_plat/app.te
+++ b/non_plat/app.te
@ -44,10 +44,10 @@ allow appdomain mtk_cmdq_device:chr_file {open read ioctl};
 allow appdomain proc_perfmgr:dir search;
 allow appdomain proc_perfmgr:file { getattr open read ioctl};
 allowxperm appdomain proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
 };

 # Date : W19.4
--- a/non_plat/bootanim.te
+++ b/non_plat/bootanim.te
@ -35,8 +35,8 @@ allowxperm bootanim proc_ged:file ioctl {
  GED_BRIDGE_IO_GE_INFO
 };
 allowxperm bootanim proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
 };
--- a/non_plat/cameraserver.te
+++ b/non_plat/cameraserver.te
@ -357,8 +357,8 @@ allow cameraserver debugfs_ion:dir search;
 allow cameraserver proc_perfmgr:dir {read search};
 allow cameraserver proc_perfmgr:file r_file_perms;
 allowxperm cameraserver proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
 };
--- a/non_plat/ioctl_defines
+++ b/non_plat/ioctl_defines
@ -28,26 +28,26 @@ define(`GED_BRIDGE_IO_IOCTLCMD_0F', `0x670f')
 define(`GED_BRIDGE_IO_IOCTLCMD_10', `0x6710')

 #####################################
-# perf_ioctl.h
+# perf_ioctl.h : FPSGO
 #
-define(`FPSGO_QUEUE', `0x6701')
-define(`FPSGO_DEQUEUE', `0x6703')
-define(`FPSGO_VSYNC', `0x6705')
-define(`FPSGO_TOUCH', `0x670a')
-define(`FPSGO_QUEUE_CONNECT', `0x670f')
-define(`FPSGO_BQID', `0x6710')
+define(`PERFMGR_FPSGO_QUEUE', `0x6701')
+define(`PERFMGR_FPSGO_DEQUEUE', `0x6703')
+define(`PERFMGR_FPSGO_VSYNC', `0x6705')
+define(`PERFMGR_FPSGO_TOUCH', `0x670a')
+define(`PERFMGR_FPSGO_QUEUE_CONNECT', `0x670f')
+define(`PERFMGR_FPSGO_BQID', `0x6710')

-#####################################
-#
-#
-define(`EARA_NN_BEGIN', `0x6701')
-define(`EARA_NN_END', `0x6702')
-define(`EARA_GETUSAGE', `0x6703')
+# perf_ioctl.h : EARA
+define(`PERFMGR_EARA_NN_BEGIN', `0x6701')
+define(`PERFMGR_EARA_NN_END', `0x6702')
+define(`PERFMGR_EARA_GETUSAGE', `0x6703')

-#####################################
-#
-#
+# perf_ioctl.h : others
 define(`PERFMGR_CPU_PREFER', `0x6701')
+
+#####################################
+#
+#
 define(`MMC_IOCTLCMD', `0xb300')
 define(`UFS_IOCTLCMD', `0x5388')

--- a/non_plat/mtk_hal_power.te
+++ b/non_plat/mtk_hal_power.te
@ -40,7 +40,7 @@ allow mtk_hal_power mtk_hal_audio:dir r_dir_perms;
 # Purpose : Allow powerHAL to access perfmgr
 allow mtk_hal_power proc_perfmgr:dir r_dir_perms;
 allow mtk_hal_power proc_perfmgr:file rw_file_perms;
-allowxperm mtk_hal_power proc_perfmgr:file ioctl FPSGO_TOUCH;
+allowxperm mtk_hal_power proc_perfmgr:file ioctl PERFMGR_FPSGO_TOUCH;

 # Date : 2017/10/11
 # Operation: SQC
@ -100,6 +100,10 @@ allow mtk_hal_power proc_mtktz:file rw_file_perms;
 # Date : 2019/05/08
 # Operation: SQC
 # Purpose : Allow powerHAL to access /proc/[pid]
-# 2019/04/24 : redundant setting
 allow mtk_hal_power system_server:dir r_dir_perms;
 allow mtk_hal_power system_server:file r_file_perms;
+
+# Date : 2019/05/22
+# Operation: SQC
+# Purpose : Allow powerHAL to access prop
+set_prop(mtk_hal_power, mtk_powerhal_prop)
--- a/non_plat/property.te
+++ b/non_plat/property.te
@ -307,3 +307,6 @@ type logmuch_prop, property_type, extended_core_property_type;

 #=============mtk bt enable SAP profile property=============
 type mtk_bt_sap_enable_prop, property_type, mtk_core_property_type;
+
+#=============MTK powerhal property================
+type mtk_powerhal_prop, property_type;
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@ -341,3 +341,7 @@ ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int
 ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int
 ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int
 ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int
+
+#=============allow processes to change powerhal config================
+persist.vendor.powerhal. u:object_r:mtk_powerhal_prop:s0
+vendor.powerhal. u:object_r:mtk_powerhal_prop:s0
--- a/non_plat/surfaceflinger.te
+++ b/non_plat/surfaceflinger.te
@ -47,11 +47,11 @@ allow surfaceflinger mtkbootanimation:file { read getattr open };
 allow surfaceflinger proc_perfmgr:dir {read search};
 allow surfaceflinger proc_perfmgr:file {open read ioctl};
 allowxperm surfaceflinger proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
-  FPSGO_VSYNC
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
+  PERFMGR_FPSGO_VSYNC
 };

 # Date : WK17.43
--- a/non_plat/system_server.te
+++ b/non_plat/system_server.te
@ -178,10 +178,10 @@ allow system_server mtk_hal_power_hwservice:hwservice_manager find;
 allow system_server proc_perfmgr:dir {read search};
 allow system_server proc_perfmgr:file {open read ioctl};
 allowxperm system_server proc_perfmgr:file ioctl {
-  FPSGO_QUEUE
-  FPSGO_DEQUEUE
-  FPSGO_QUEUE_CONNECT
-  FPSGO_BQID
+  PERFMGR_FPSGO_QUEUE
+  PERFMGR_FPSGO_DEQUEUE
+  PERFMGR_FPSGO_QUEUE_CONNECT
+  PERFMGR_FPSGO_BQID
 };

 # Date : W18.22