aboutsummaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
authordianlujitao <dianlujitao@lineageos.org>2022-03-20 19:17:05 -0300
committersinanmohd <pcmsinan@gmail.com>2023-01-05 21:30:23 +0530
commit2c11d61122273443086a02b0b0fda9638e677bfc (patch)
tree00982ee09ab793899e874d1eabef13af01d9d2db /sepolicy
parentf84b614229fb517e286de6e72c869a7ef24d8d64 (diff)
veux: sepolicy: Make fastrpc_shell_3 publicly available
* Used by GCAM for DSP-accelerated HDR processing * Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to same_process_hal_file like Pixels, but the partition is prebuilt thus we're unable to relabel it. * Copy the file to writable tmpfs, setup attributes and bind mount back to workaround the limitation. [ghostrider-reborn]: Allow adsp/cdsprpcd and neuralnetworks HAL to access fastrpc_shell_3 [kras edit: 1. rename some contexts as per qva/kona 2. extend to allow camera HAL and VPP service to access it as well] Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/vendor/adsprpcd.te3
-rw-r--r--sepolicy/vendor/app.te3
-rw-r--r--sepolicy/vendor/cdsprpcd.te1
-rw-r--r--sepolicy/vendor/file_contexts5
-rw-r--r--sepolicy/vendor/hal_camera_default.te2
-rw-r--r--sepolicy/vendor/hal_neuralnetworks_default.te1
-rw-r--r--sepolicy/vendor/init.te1
-rw-r--r--sepolicy/vendor/vppservice.te1
8 files changed, 17 insertions, 0 deletions
diff --git a/sepolicy/vendor/adsprpcd.te b/sepolicy/vendor/adsprpcd.te
index 58fe3e7..d5efe9f 100644
--- a/sepolicy/vendor/adsprpcd.te
+++ b/sepolicy/vendor/adsprpcd.te
@@ -1 +1,4 @@
+type public_adsprpcd_file, file_type;
+
+r_dir_file(vendor_adsprpcd, public_adsprpcd_file)
r_dir_file(vendor_adsprpcd, vendor_sysfs_graphics)
diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
index 60325ab..b70be61 100644
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -1 +1,4 @@
+allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms;
+allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms;
+
get_prop({ appdomain -isolated_app }, vendor_mlipay_prop)
diff --git a/sepolicy/vendor/cdsprpcd.te b/sepolicy/vendor/cdsprpcd.te
new file mode 100644
index 0000000..36612a5
--- /dev/null
+++ b/sepolicy/vendor/cdsprpcd.te
@@ -0,0 +1 @@
+r_dir_file(vendor_cdsprpcd, public_adsprpcd_file) \ No newline at end of file
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 7afaa3a..7475fab 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -15,6 +15,11 @@
# Camera
/mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0
+# Hexagon DSP-side executable needed for Halide operation
+# This is labeled as public_adsprpcd_file as it needs to be read by apps
+# (e.g. Google Camera App)
+/mnt/vendor/dsp/fastrpc_shell_3 u:object_r:public_adsprpcd_file:s0
+
# Fingerprint
/dev/goodix_fp u:object_r:vendor_fingerprint_device:s0
/dev/silead_fp u:object_r:vendor_fingerprint_device:s0
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index d97b6ee..cbca59c 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -1,2 +1,4 @@
r_dir_file(hal_camera_default, camera_persist_file)
set_prop(hal_camera_default, vendor_camera_sensor_prop)
+
+allow hal_camera_default public_adsprpcd_file:file r_file_perms;
diff --git a/sepolicy/vendor/hal_neuralnetworks_default.te b/sepolicy/vendor/hal_neuralnetworks_default.te
new file mode 100644
index 0000000..97582e9
--- /dev/null
+++ b/sepolicy/vendor/hal_neuralnetworks_default.te
@@ -0,0 +1 @@
+r_dir_file(vendor_hal_neuralnetworks_default, public_adsprpcd_file) \ No newline at end of file
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
new file mode 100644
index 0000000..5be36d2
--- /dev/null
+++ b/sepolicy/vendor/init.te
@@ -0,0 +1 @@
+allow init adsprpcd_file:file mounton; \ No newline at end of file
diff --git a/sepolicy/vendor/vppservice.te b/sepolicy/vendor/vppservice.te
new file mode 100644
index 0000000..1870236
--- /dev/null
+++ b/sepolicy/vendor/vppservice.te
@@ -0,0 +1 @@
+r_dir_file(vendor_vppservice, public_adsprpcd_file) \ No newline at end of file