From aef13ef6afc1975dc44a33022a68332b7f1117af Mon Sep 17 00:00:00 2001
From: madmax7896 <madmax78968@gmail.com>
Date: Sun, 10 Sep 2023 10:16:28 -0300
Subject: [PATCH] sm6150-common: sepolicy: Import changes for Dolby Atmos

Change-Id: I6999d3a5c6edcf6f85ada7d0077149be639f814d
Signed-off-by: Mesquita <mesquita@aospa.co>
Signed-off-by: basamaryan <basam.aryan@gmail.com>
Signed-off-by: donjohanliebert <donjohanliebert@gmail.com>
---
 sepolicy/vendor/attributes           |  4 ++++
 sepolicy/vendor/file_contexts        |  2 ++
 sepolicy/vendor/hal_audio_default.te |  4 ++++
 sepolicy/vendor/hal_dms.te           |  6 ++++++
 sepolicy/vendor/hal_dms_default.te   | 10 ++++++++++
 sepolicy/vendor/hwservice.te         |  2 ++
 sepolicy/vendor/hwservice_contexts   |  1 +
 sepolicy/vendor/mediacodec.te        |  5 +++++
 8 files changed, 34 insertions(+)
 create mode 100644 sepolicy/vendor/attributes
 create mode 100644 sepolicy/vendor/hal_dms.te
 create mode 100644 sepolicy/vendor/hal_dms_default.te
 create mode 100644 sepolicy/vendor/hwservice.te
 create mode 100644 sepolicy/vendor/mediacodec.te

diff --git a/sepolicy/vendor/attributes b/sepolicy/vendor/attributes
new file mode 100644
index 0000000..33f9ab2
--- /dev/null
+++ b/sepolicy/vendor/attributes
@@ -0,0 +1,4 @@
+# HALs
+attribute hal_dms;
+attribute hal_dms_client;
+attribute hal_dms_server;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 17bf39e..27120f9 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -18,6 +18,7 @@
 
 # Data files
 /data/per_boot(/.*)?                                                 u:object_r:per_boot_file:s0
+/data/vendor/dolby(/.*)?                                             u:object_r:vendor_data_file:s0
 
 # Display
 /dev/xiaomi-touch                                                    u:object_r:touchfeature_device:s0
@@ -38,6 +39,7 @@
 
 # HALs
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.xiaomi u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.dolby\.hardware\.dms@2\.0-service   u:object_r:hal_dms_default_exec:s0
 /vendor/bin/hw/android\.hardware\.light-service\.xiaomi                    u:object_r:hal_light_default_exec:s0
 /vendor/bin/hw/vendor\.lineage\.livedisplay@2\.1-service\.xiaomi_sm6150    u:object_r:hal_lineage_livedisplay_qti_exec:s0
 /vendor/bin/hw/vendor\.xiaomi\.hardware\.motor@1\.0-service                u:object_r:hal_motor_default_exec:s0
diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te
index f54c115..bcb9d43 100644
--- a/sepolicy/vendor/hal_audio_default.te
+++ b/sepolicy/vendor/hal_audio_default.te
@@ -10,3 +10,7 @@ get_prop(hal_audio_default, elliptic_ultrasound_prop)
 allow hal_audio_default audio_socket:sock_file rw_file_perms;
 
 dontaudit hal_audio_default sysfs:dir read;
+
+# Dolby
+allow hal_audio_default hal_dms_hwservice:hwservice_manager find;
+binder_call(hal_audio_default, hal_dms_default)
diff --git a/sepolicy/vendor/hal_dms.te b/sepolicy/vendor/hal_dms.te
new file mode 100644
index 0000000..6f3b093
--- /dev/null
+++ b/sepolicy/vendor/hal_dms.te
@@ -0,0 +1,6 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_dms_client, hal_dms_server)
+binder_call(hal_dms_server, hal_dms_client)
+
+add_hwservice(hal_dms_server, hal_dms_hwservice)
+allow hal_dms_client hal_dms_hwservice:hwservice_manager find;
diff --git a/sepolicy/vendor/hal_dms_default.te b/sepolicy/vendor/hal_dms_default.te
new file mode 100644
index 0000000..886e3e8
--- /dev/null
+++ b/sepolicy/vendor/hal_dms_default.te
@@ -0,0 +1,10 @@
+type hal_dms_default, domain;
+hal_server_domain(hal_dms_default, hal_dms)
+type hal_dms_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_dms_default)
+
+allow hal_dms_default vendor_data_file:file { rw_file_perms create unlink };
+allow hal_dms_default vendor_data_file:dir { rw_file_perms add_name remove_name };
+allow hal_dms_default mediacodec:binder call;
+binder_call(hal_dms_default, hal_audio_default)
+binder_call(hal_dms_default, platform_app)
diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te
new file mode 100644
index 0000000..3ef95d3
--- /dev/null
+++ b/sepolicy/vendor/hwservice.te
@@ -0,0 +1,2 @@
+# Dolby
+type hal_dms_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts
index 8ade151..7aab118 100644
--- a/sepolicy/vendor/hwservice_contexts
+++ b/sepolicy/vendor/hwservice_contexts
@@ -1,3 +1,4 @@
+vendor.dolby.hardware.dms::IDms u:object_r:hal_dms_hwservice:s0
 vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice_xiaomi:s0
 vendor.sw.swfingerprint::ISwfingerprint u:object_r:hal_swfingerprint_hwservice:s0
 vendor.xiaomi.hardware.fingerprintextension::IXiaomiFingerprint u:object_r:hal_fingerprint_hwservice_xiaomi:s0
diff --git a/sepolicy/vendor/mediacodec.te b/sepolicy/vendor/mediacodec.te
new file mode 100644
index 0000000..ffd4b3b
--- /dev/null
+++ b/sepolicy/vendor/mediacodec.te
@@ -0,0 +1,5 @@
+allow mediacodec hal_dms_hwservice:hwservice_manager find;
+binder_call(mediacodec, hal_dms_default)
+
+allow mediacodec hal_dms_default:binder { call transfer };
+allow mediacodec hal_dms_server:binder { call transfer };