From 59f88dbaf33b347692b95922bb4380ac432a5cb4 Mon Sep 17 00:00:00 2001
From: dianlujitao <dianlujitao@lineageos.org>
Date: Thu, 7 May 2020 00:10:55 +0800
Subject: sdm660-common: Make fastrpc_shell_3 publicly available

 * Used by GCAM for DSP-accelerated HDR processing
 * Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to
   same_process_hal_file like Pixels, but the partition is prebuilt thus
   we're unable to relabel it.
 * Copy the file to writable tmpfs, setup attributes and bind mount back
   to workaround the limitation.

Change-Id: Ide90e5c7307d413db5ece736e859559f06679545
---
 sepolicy/vendor/app.te         | 3 +++
 sepolicy/vendor/file.te        | 3 ++-
 sepolicy/vendor/file_contexts  | 5 +++++
 sepolicy/vendor/vendor_init.te | 2 ++
 4 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'sepolicy/vendor')

diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
index 511cc3f..971d3fa 100644
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -1,2 +1,5 @@
 get_prop({ appdomain -isolated_app }, hal_fingerprint_prop)
 get_prop({ appdomain -isolated_app }, mlipay_prop)
+
+allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms;
+allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms;
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index f2e1ab4..6e4d3e4 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -1,4 +1,5 @@
 type ir_dev_file, file_type;
-type sysfs_touchpanel, fs_type, sysfs_type;
+type public_adsprpcd_file, file_type;
 type sysfs_fingerprint, fs_type, sysfs_type;
+type sysfs_touchpanel, fs_type, sysfs_type;
 type thermal_data_file, file_type, data_file_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 616afd3..164e75b 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -12,6 +12,11 @@
 /firmware                                       u:object_r:firmware_file:s0
 /bt_firmware                                    u:object_r:bt_firmware_file:s0
 
+# Hexagon DSP-side executable needed for Halide operation
+# This is labeled as public_adsprpcd_file as it needs to be read by apps
+# (e.g. Google Camera App)
+/mnt/vendor/dsp/fastrpc_shell_3                 u:object_r:public_adsprpcd_file:s0
+
 # IR
 /dev/lirc0                                      u:object_r:spidev_device:s0
 /dev/spidev7.1                                  u:object_r:spidev_device:s0
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 466bd1d..9138eaa 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -5,5 +5,7 @@ allow vendor_init {
   tombstone_data_file
 }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
 
+allow init adsprpcd_file:file mounton;
+
 set_prop(vendor_init, freq_prop)
 set_prop(vendor_init, camera_prop)
-- 
cgit v1.2.3