sm6150-common: Commonize sepolicy

Taken from davinci, courbet, surya, sweet, and sweet2

Change-Id: Ie9bd3354d42a36e88004ee77343e0da5397a0eba

BoardConfigCommon.mk

@@ -150,6 +150,7 @@ include device/lineage/sepolicy/libperfmgr/sepolicy.mk
 include device/qcom/sepolicy_vndr/SEPolicy.mk
 
 SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/private
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/public
 BOARD_VENDOR_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
 
 # Soong

sepolicy/private/property_contexts

@@ -2,6 +2,11 @@
 ro.camera.req.fmq.size             u:object_r:exported_default_prop:s0
 ro.camera.res.fmq.size             u:object_r:exported_default_prop:s0
 
+# Elliptic ultrasound proximity
+elliptic.ultrasound.multiple_mics. u:object_r:elliptic_ultrasound_prop:s0
+elliptic.ultrasound.               u:object_r:vendor_sensors_prop:s0
+invn.hal                           u:object_r:vendor_sensors_prop:s0
+
 # Sensors
 persist.sensor.                    u:object_r:persist_sensors_prop:s0
 

sepolicy/public/attributes

@@ -0,0 +1,3 @@
+attribute hal_motor;
+attribute hal_motor_client;
+attribute hal_motor_server;

sepolicy/vendor/batterysecret.te

@@ -0,0 +1,51 @@
+type batterysecret, domain;
+type batterysecret_exec, exec_type, vendor_file_type, file_type;
+type persist_subsys_file, vendor_persist_type, file_type;
+
+init_daemon_domain(batterysecret)
+
+r_dir_file(batterysecret, cgroup)
+r_dir_file(batterysecret, mnt_vendor_file)
+r_dir_file(batterysecret, vendor_sysfs_battery_supply)
+r_dir_file(batterysecret, sysfs_batteryinfo)
+r_dir_file(batterysecret, sysfs_type)
+r_dir_file(batterysecret, vendor_sysfs_usb_supply)
+r_dir_file(batterysecret, vendor_sysfs_usbpd_device)
+
+allow batterysecret {
+    mnt_vendor_file
+    persist_subsys_file
+    rootfs
+}:dir rw_dir_perms;
+
+allow batterysecret {
+    persist_subsys_file
+    sysfs
+    vendor_sysfs_battery_supply
+    sysfs_usb
+    vendor_sysfs_usb_supply
+    vendor_sysfs_usbpd_device
+}:file w_file_perms;
+
+allow batterysecret kmsg_device:chr_file rw_file_perms;
+
+allow batterysecret self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+allow batterysecret self:global_capability_class_set {
+    sys_tty_config
+    sys_boot
+};
+
+allow batterysecret self:capability {
+    chown
+    fsetid
+};
+
+allow batterysecret {
+    system_suspend_hwservice
+    hidl_manager_hwservice
+}:hwservice_manager find;
+
+binder_call(batterysecret, system_suspend_server)
+
+wakelock_use(batterysecret)

sepolicy/vendor/cameraserver.te

@@ -0,0 +1 @@
+hal_client_domain(cameraserver, hal_motor)

sepolicy/vendor/file_contexts

@@ -1,6 +1,9 @@
 # Audio
 /dev/socket/audio_hw_socket                                          u:object_r:audio_socket:s0
 
+# Battery secret
+/vendor/bin/batterysecret                                            u:object_r:batterysecret_exec:s0
+
 # Block devices
 /dev/block/mmcblk0p1                                                 u:object_r:sdcard_block_device:s0
 /dev/block/platform/soc/1d84000\.ufshc/by-name/cust                  u:object_r:system_block_device:s0
@@ -37,9 +40,28 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.xiaomi u:object_r:hal_fingerprint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.light-service\.xiaomi                    u:object_r:hal_light_default_exec:s0
 /vendor/bin/hw/vendor\.lineage\.livedisplay@2\.1-service\.xiaomi_sm6150    u:object_r:hal_lineage_livedisplay_qti_exec:s0
+/vendor/bin/hw/vendor\.xiaomi\.hardware\.motor@1\.0-service                u:object_r:hal_motor_default_exec:s0
 
 # IR
+/dev/lirc[0-9]+                                                      u:object_r:lirc_device:s0
 /dev/spidev[0-9]\.1                                                  u:object_r:lirc_device:s0
+/vendor/bin/hw/android\.hardware\.ir-service\.xiaomi                 u:object_r:hal_ir_default_exec:s0
+
+# Motor
+/dev/akm09970                                                        u:object_r:hall_device:s0
+/dev/drv8846_dev                                                     u:object_r:motor_device:s0
+
+# NFC
+/vendor/bin/hw/android\.hardware\.nfc-service\.nxp                   u:object_r:hal_nfc_default_exec:s0
+
+# Persist subsystem
+/mnt/vendor/persist/subsys(/.*)?                                     u:object_r:persist_subsys_file:s0
+
+# Proximity
+/dev/elliptic0                                                       u:object_r:vendor_elliptic_device:s0
+/sys/bus/iio/devices                                                 u:object_r:vendor_sysfs_iio:s0
+/sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:vadc@3100/iio:device1(/.*)? u:object_r:vendor_sysfs_iio:s0
+/sys/devices/platform/us_prox.0/iio:device2(/.*)?                    u:object_r:vendor_sysfs_iio:s0
 
 # Remosaic
 /vendor/bin/remosaic_daemon                                          u:object_r:remosaic_daemon_exec:s0

sepolicy/vendor/genfs_contexts

@@ -1,8 +1,30 @@
+# BMS
+genfscon sysfs /devices/platform/soc/884000.i2c/i2c-3/3-0055/power_supply/bms                u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qpnp,qg/power_supply/qcom-bms u:object_r:vendor_sysfs_battery_supply:s0
+
+# bq2597x charge pump
+genfscon sysfs /devices/platform/soc/890000.i2c/i2c-4/4-0066/power_supply/bq2597x-slave      u:object_r:vendor_sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0051/power_supply/bq2597x-standalone u:object_r:vendor_sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0066/power_supply/bq2597x-master     u:object_r:vendor_sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0066/power_supply/bq2597x-standalone u:object_r:vendor_sysfs_usb_supply:s0
+
 # Display
 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/idle_encoder_mask         u:object_r:vendor_sysfs_graphics:s0
 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/idle_state                u:object_r:vendor_sysfs_graphics:s0
 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/idle_timeout_ms           u:object_r:vendor_sysfs_graphics:s0
 
+# ds28e16 battery verify
+genfscon sysfs /devices/platform/soc/soc:maxim_ds28e16/power_supply/batt_verify u:object_r:vendor_sysfs_battery_supply:s0
+
+# Fingerprint
+genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/compatible_all         u:object_r:vendor_sysfs_fingerprint:s0
+genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/device_prepare         u:object_r:vendor_sysfs_fingerprint:s0
+genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/fingerdown_wait        u:object_r:vendor_sysfs_fingerprint:s0
+genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/irq                    u:object_r:vendor_sysfs_fingerprint:s0
+genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/power_cfg              u:object_r:vendor_sysfs_fingerprint:s0
+genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/request_vreg           u:object_r:vendor_sysfs_fingerprint:s0
+genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/wakeup_enable          u:object_r:vendor_sysfs_fingerprint:s0
+
 # LED
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d000/leds/left u:object_r:vendor_sysfs_graphics:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d000/leds/right u:object_r:vendor_sysfs_graphics:s0
@@ -14,8 +36,14 @@ genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.q
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/wakeup                                                                u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/wakeup                                                                                                                            u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,pm6150_rtc/wakeup                                                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/884000.i2c/i2c-3/3-005a/wakeup                                                                                                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/884000.i2c/i2c-3/3-0055/power_supply/bms/wakeup                                                                                                        u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/884000.i2c/i2c-3/3-0055/wakeup                                                                                                                         u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/888000.i2c/i2c-0/0-0028/wakeup                                                                                                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/890000.i2c/i2c-4/4-0066/power_supply/bq2597x-slave/wakeup                                                                                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/890000.i2c/i2c-4/4-0066/wakeup                                                                                                                         u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/18800000.qcom,icnss/wakeup                                                                                                                             u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qpnp,qg/power_supply/qcom-bms/wakeup                                                 u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/dc/wakeup                                                u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/usb/wakeup                                               u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/main/wakeup                                              u:object_r:sysfs_wakeup:s0
@@ -30,10 +58,13 @@ genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-005a/wakeup
 genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0010/a8c000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump_master/wakeup                                             u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0051/wakeup                                                                                                                         u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0051/power_supply/bq2597x-standalone/wakeup                                                                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0065/wakeup                                                                                                                         u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0066/wakeup                                                                                                                         u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0066/power_supply/bq2597x-standalone/wakeup                                                                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0066/power_supply/bq2597x-master/wakeup                                                                                             u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/soc:maxim_ds28e16/power_supply/batt_verify/wakeup                                                                                                      u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/wakeup                                                                                                                             u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/input/input1/wakeup                                                                                                                                         u:object_r:sysfs_wakeup:s0
 
 # Touchpanel
 genfscon sysfs /devices/virtual/touch/touch_dev/        u:object_r:sysfs_touchpanel:s0

sepolicy/vendor/hal_audio_default.te

@@ -5,6 +5,8 @@ r_dir_file(hal_audio_default, vendor_persist_audio_file)
 
 set_prop(hal_audio_default, vendor_audio_prop)
 
+get_prop(hal_audio_default, elliptic_ultrasound_prop)
+
 allow hal_audio_default audio_socket:sock_file rw_file_perms;
 
 dontaudit hal_audio_default sysfs:dir read;

sepolicy/vendor/hal_fingerprint_default.te

@@ -17,6 +17,7 @@ allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
 allow hal_fingerprint_default touchfeature_device:chr_file rw_file_perms;
 allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
 allow hal_fingerprint_default vendor_qdsp_device:chr_file r_file_perms;
+allow hal_fingerprint_default vendor_sysfs_fingerprint:file rw_file_perms;
 allow hal_fingerprint_default vendor_sysfs_fod:file rw_file_perms;
 allow hal_fingerprint_default vendor_sysfs_graphics:file rw_file_perms;
 allow hal_fingerprint_default vendor_xdsp_device:chr_file r_file_perms;

sepolicy/vendor/hal_motor_default.te

@@ -0,0 +1,26 @@
+type hal_motor_hwservice_xiaomi, hwservice_manager_type;
+type hall_device, dev_type;
+type motor_device, dev_type;
+
+type hal_motor_default, domain;
+hal_server_domain(hal_motor_default, hal_motor)
+
+binder_call(hal_motor_client, hal_motor_server)
+
+binder_call(hal_motor_default, system_app)
+
+type hal_motor_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_motor_default)
+
+add_hwservice(hal_motor_server, hal_motor_hwservice_xiaomi)
+allow hal_motor_client hal_motor_hwservice_xiaomi:hwservice_manager find;
+
+allow hal_motor_default hall_device:chr_file rw_file_perms;
+allow hal_motor_default motor_device:chr_file rw_file_perms;
+
+allow hal_motor_default vendor_persist_sensors_file:dir rw_dir_perms;
+allow hal_motor_default vendor_persist_sensors_file:file rw_file_perms;
+
+allow hal_motor_default mnt_vendor_file:dir { search };
+
+vndbinder_use(hal_motor_default)

sepolicy/vendor/hal_sensors_default.te

@@ -1,7 +1,15 @@
+type vendor_sysfs_iio, fs_type, sysfs_type;
+type vendor_elliptic_device, dev_type;
+
 vendor_internal_prop(persist_sensors_prop)
 
 allow hal_sensors_default hal_audio_default:unix_stream_socket connectto;
 allow hal_sensors_default audio_socket:sock_file rw_file_perms;
 
+allow hal_sensors_default iio_device:chr_file rw_file_perms;
+allow hal_sensors_default vendor_elliptic_device:chr_file rw_file_perms;
+allow hal_sensors_default vendor_sysfs_iio:dir r_dir_perms;
+allow hal_sensors_default vendor_sysfs_iio:file rw_file_perms;
+
 get_prop(hal_sensors_default, persist_sensors_prop)
 get_prop(hal_sensors_default, vendor_adsprpc_prop)

sepolicy/vendor/hwservice_contexts

@@ -1,3 +1,4 @@
 vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice_xiaomi:s0
 vendor.sw.swfingerprint::ISwfingerprint u:object_r:hal_swfingerprint_hwservice:s0
 vendor.xiaomi.hardware.fingerprintextension::IXiaomiFingerprint u:object_r:hal_fingerprint_hwservice_xiaomi:s0
+vendor.xiaomi.hardware.motor::IMotor u:object_r:hal_motor_hwservice_xiaomi:s0

sepolicy/vendor/property.te

@@ -0,0 +1,2 @@
+# Ultrasound
+vendor_public_prop(elliptic_ultrasound_prop)

sepolicy/vendor/service_contexts

@@ -0,0 +1,2 @@
+# NFC
+vendor.nxp.nxpnfc_aidl.INxpNfc/default    u:object_r:hal_nfc_service:s0

sepolicy/vendor/system_app.te

@@ -1,3 +1,11 @@
 type sysfs_doze, sysfs_type, fs_type;
 
+allow system_app hal_motor_hwservice_xiaomi:hwservice_manager find;
+
+binder_call(system_app, hal_motor)
+
 allow system_app sysfs_doze:file rw_file_perms;
+
+allow system_app { motor_device vendor_sysfs_graphics sysfs_leds }:dir search;
+allow system_app { cgroup vendor_sysfs_graphics }:file rw_file_perms;
+allow system_app { motor_device vendor_sysfs_graphics hall_device }:chr_file rw_file_perms;