non_plat: Label neural networks hidls and grant required permissions

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I32d6131cb52ac77aa90e9ac1e73b1ca498ffe5cd

non_plat/file_contexts

@@ -737,3 +737,7 @@
 
 # DFPS
 /(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.dfps@1\.0-service u:object_r:mtk_hal_dfps_exec:s0
+
+# Neural Networks
+/(system\/vendor|vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.1-service-gpunn u:object_r:mtk_hal_neuralnetworks_exec:s0
+/(system\/vendor|vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.1-service-neuron-ann u:object_r:mtk_hal_neuralnetworks_exec:s0

non_plat/mtk_hal_neuralnetworks.te

@@ -0,0 +1,38 @@
+type mtk_hal_neuralnetworks, domain;
+type mtk_hal_neuralnetworks_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(mtk_hal_neuralnetworks)
+hal_server_domain(mtk_hal_neuralnetworks, hal_neuralnetworks)
+
+allow mtk_hal_neuralnetworks ion_device:chr_file r_file_perms;
+allow mtk_hal_neuralnetworks debugfs_ion:dir r_dir_perms;
+allow mtk_hal_neuralnetworks vpu_device:chr_file rw_file_perms;
+allow mtk_hal_neuralnetworks mdla_device:chr_file rw_file_perms;
+allow mtk_hal_neuralnetworks gpu_device:chr_file rw_file_perms;
+allow mtk_hal_neuralnetworks untrusted_app_25:binder { call transfer };
+allow mtk_hal_neuralnetworks untrusted_app:binder { call transfer };
+allow mtk_hal_neuralnetworks shell_data_file:file read;
+allow mtk_hal_neuralnetworks vendor_configs_file:file r_file_perms;
+allow mtk_hal_neuralnetworks vendor_configs_file:dir r_dir_perms;
+allow mtk_hal_neuralnetworks sdcardfs:file r_file_perms;
+allow mtk_hal_neuralnetworks untrusted_app_25:fd use;
+allow mtk_hal_neuralnetworks untrusted_app:fd use;
+allow mtk_hal_neuralnetworks sysfs_lowmemorykiller:dir r_dir_perms;
+allow mtk_hal_neuralnetworks sysfs_lowmemorykiller:file r_file_perms;
+allow mtk_hal_neuralnetworks proc_zoneinfo:file r_file_perms;
+allow mtk_hal_neuralnetworks apk_data_file:file read;
+allow mtk_hal_neuralnetworks proc_ged:file rw_file_perms;
+allow mtk_hal_neuralnetworks gpu_device:dir r_dir_perms;
+
+allow mtk_hal_neuralnetworks proc_perfmgr:dir r_dir_perms;
+allow mtk_hal_neuralnetworks proc_perfmgr:file r_file_perms;
+
+allowxperm mtk_hal_neuralnetworks proc_perfmgr:file ioctl {
+  PERFMGR_EARA_NN_BEGIN
+  PERFMGR_EARA_NN_END
+  PERFMGR_EARA_GETUSAGE
+};
+
+allow mtk_hal_neuralnetworks proc_ged:file r_file_perms;
+
+allowxperm mtk_hal_neuralnetworks proc_ged:file ioctl { proc_ged_ioctls };

non_plat/platform_app.te

@@ -125,3 +125,6 @@ binder_call(platform_app, mtk_hal_bgs)
 binder_call(mtk_hal_bgs, platform_app)
 binder_call(platform_app, mtk_hal_camera)
 binder_call(mtk_hal_camera, platform_app)
+
+# Neuralnetwork
+allow platform_app mtk_hal_neuralnetworks:binder { call transfer };

non_plat/system_app.te

@@ -48,3 +48,6 @@ allow system_app mtk_hal_hdmi:binder call;
 allow system_app self:netlink_kobject_uevent_socket {read bind create setopt };
 # system_app need to read from sysfs /sys/class/switch/hdmi/state
 r_dir_file(system_app, sysfs_switch);
+
+# Neuralnetwork
+allow system_app mtk_hal_neuralnetworks:binder { call transfer };

non_plat/untrusted_app.te

@@ -10,3 +10,6 @@
 #					 from MTK kernel modules for thermal tests at OEM/ODM.
 allow untrusted_app proc_mtktz:dir search;
 allow untrusted_app proc_mtktz:file r_file_perms;
+
+# Neural network
+allow untrusted_app mtk_hal_neuralnetworks:binder { call transfer };