From e17643d703870a2450b1c6deb264292eb0192402 Mon Sep 17 00:00:00 2001
From: Alexander Diewald <Diewi@diewald-net.com>
Date: Wed, 8 Nov 2017 22:59:23 +0100
Subject: shinano: Define SEpolicy for adsprpcd.

* Define the ioctls and grant access to the socket.
* Allow access to qseecom socket.
* Label adsprpcd service appropriately.

Change-Id: I4a0ccd322b16c30e7f10dccc1278ed17507d56e2
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
---
 rootdir/init.qcom.rc   |  1 +
 sepolicy/adsprpcd.te   |  7 +++++++
 sepolicy/ioctl_defines | 17 +++++++++++++++++
 sepolicy/ioctl_macros  | 18 ++++++++++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 sepolicy/adsprpcd.te

diff --git a/rootdir/init.qcom.rc b/rootdir/init.qcom.rc
index ff86fcc..61c46a4 100644
--- a/rootdir/init.qcom.rc
+++ b/rootdir/init.qcom.rc
@@ -501,6 +501,7 @@ service adsprpcd /system/bin/adsprpcd
    class main
    user media
    group media
+   seclabel u:r:adsprpcd:s0
 
 service charger /charger
     class charger
diff --git a/sepolicy/adsprpcd.te b/sepolicy/adsprpcd.te
new file mode 100644
index 0000000..8dcef13
--- /dev/null
+++ b/sepolicy/adsprpcd.te
@@ -0,0 +1,7 @@
+# access to qseecom qdsp_device
+allow adsprpcd tee_device:chr_file rw_file_perms;
+allowxperm adsprpcd tee_device:chr_file ioctl qseecom_sock_ipc_ioctls;
+
+# access to qseecom qdsp_device
+allow adsprpcd qdsp_device:chr_file rw_file_perms;
+allowxperm adsprpcd qdsp_device:chr_file ioctl adsprpcd_ioctls;
diff --git a/sepolicy/ioctl_defines b/sepolicy/ioctl_defines
index a031d75..58c1243 100644
--- a/sepolicy/ioctl_defines
+++ b/sepolicy/ioctl_defines
@@ -1,5 +1,22 @@
+# socket ioctls defined in the kernel in ? --> BT
 define(`TCGETS', `0x00005401')
 define(`TCSETS', `0x00005402')
 define(`TCFLSH', `0x0000540b')
 define(`TIOCSETD', `0x00005423')
 define(`IOCTLUNKNOWN', `0x000055c8')
+
+# ioctls for audio dsp defined in kernel in include/linux/msm_adsp.h
+define(`ADSP_IOCTL_ENABLE', `0x00005201')
+define(`ADSP_IOCTL_DISABLE', `0x00005202')
+define(`ADSP_IOCTL_DISABLE_ACK', `0x00005203')
+define(`ADSP_IOCTL_WRITE_COMMAND', `0x00005204')
+define(`ADSP_IOCTL_GET_EVENT', `0x00005205')
+define(`ADSP_IOCTL_SET_CLKRATE', `0x00005206')
+define(`ADSP_IOCTL_DISABLE_EVENT_RSP', `0x0000520a')
+define(`ADSP_IOCTL_REGISTER_PMEM', `0x0000520d')
+define(`ADSP_IOCTL_UNREGISTER_PMEM', `0x0000520e')
+define(`ADSP_IOCTL_ABORT_EVENT_READ', `0x0000520f')
+define(`ADSP_IOCTL_LINK_TASK', `0x00005210')
+
+# ioctls for mlog_qmi; extracted from the log
+define(`MLOG_QMI_UNKNOWN', `0x0000c304')
diff --git a/sepolicy/ioctl_macros b/sepolicy/ioctl_macros
index 99df172..6756faf 100644
--- a/sepolicy/ioctl_macros
+++ b/sepolicy/ioctl_macros
@@ -5,3 +5,21 @@ TCFLSH
 TIOCSETD
 IOCTLUNKNOWN
 }')
+
+define(`adsprpcd_ioctls', `{
+ADSP_IOCTL_ENABLE
+ADSP_IOCTL_DISABLE
+ADSP_IOCTL_DISABLE_ACK
+ADSP_IOCTL_WRITE_COMMAND
+ADSP_IOCTL_GET_EVENT
+ADSP_IOCTL_SET_CLKRATE
+ADSP_IOCTL_DISABLE_EVENT_RSP
+ADSP_IOCTL_REGISTER_PMEM
+ADSP_IOCTL_UNREGISTER_PMEM
+ADSP_IOCTL_ABORT_EVENT_READ
+ADSP_IOCTL_LINK_TASK
+}')
+
+define(`mlog_qmi_ioctls', `{
+MLOG_QMI_UNKNOWN
+}')
-- 
cgit v1.2.3