From 92b6e36b7163cf94e58c4e5b3e4c34fdb0c3d4b2 Mon Sep 17 00:00:00 2001
From: dianlujitao <dianlujitao@lineageos.org>
Date: Thu, 7 May 2020 00:10:55 +0800
Subject: [PATCH] sm6250-common: Make fastrpc_shell_3 publicly available

 * Used by GCAM for DSP-accelerated HDR processing
 * Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to
   same_process_hal_file like Pixels, but the partition is prebuilt thus
   we're unable to relabel it.
 * Copy the file to writable tmpfs, setup attributes and bind mount back
   to workaround the limitation.

[ghostrider-reborn]:
Allow adsp/cdsprpcd and neuralnetworks HAL to access fastrpc_shell_3

[kras edit:
 1. rename some contexts as per qva/kona
 2. extend to allow camera HAL and VPP service to access it as well]

[dereference23: Remove VPP policy because atoll doesn't use it]

Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
Change-Id: Ide90e5c7307d413db5ece736e859559f06679545
---
 rootdir/etc/init.qcom.rc                      | 5 +++++
 sepolicy/vendor/adsprpcd.te                   | 1 +
 sepolicy/vendor/app.te                        | 3 +++
 sepolicy/vendor/cdsprpcd.te                   | 1 +
 sepolicy/vendor/file.te                       | 2 ++
 sepolicy/vendor/file_contexts                 | 5 +++++
 sepolicy/vendor/hal_camera_default.te         | 2 ++
 sepolicy/vendor/hal_neuralnetworks_default.te | 1 +
 sepolicy/vendor/init.te                       | 2 ++
 9 files changed, 22 insertions(+)
 create mode 100644 sepolicy/vendor/cdsprpcd.te
 create mode 100644 sepolicy/vendor/hal_neuralnetworks_default.te

diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc
index 89d2f1c..23a3f3e 100644
--- a/rootdir/etc/init.qcom.rc
+++ b/rootdir/etc/init.qcom.rc
@@ -73,6 +73,11 @@ on post-fs
     chmod 0660 /sys/class/leds/red/brightness
     chown system system /sys/class/leds/red/brightness
 
+    mkdir /mnt/vendor/dsp 0770 root root
+    copy /vendor/dsp/cdsp/fastrpc_shell_3 /mnt/vendor/dsp/fastrpc_shell_3
+    chmod 0644 /mnt/vendor/dsp/fastrpc_shell_3
+    mount none /mnt/vendor/dsp/fastrpc_shell_3 /vendor/dsp/cdsp/fastrpc_shell_3 bind
+
 on early-boot
     # set RLIMIT_MEMLOCK to 64MB
     setrlimit 8 67108864 67108864
diff --git a/sepolicy/vendor/adsprpcd.te b/sepolicy/vendor/adsprpcd.te
index 58fe3e7..5227744 100644
--- a/sepolicy/vendor/adsprpcd.te
+++ b/sepolicy/vendor/adsprpcd.te
@@ -1 +1,2 @@
+r_dir_file(vendor_adsprpcd, public_adsprpcd_file)
 r_dir_file(vendor_adsprpcd, vendor_sysfs_graphics)
diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
index 6ea1879..1d7fae3 100644
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -1,2 +1,5 @@
+allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms;
+allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms;
+
 get_prop({ appdomain -isolated_app }, vendor_fp_prop)
 get_prop({ appdomain -isolated_app }, vendor_tee_listener_prop)
diff --git a/sepolicy/vendor/cdsprpcd.te b/sepolicy/vendor/cdsprpcd.te
new file mode 100644
index 0000000..cead8a9
--- /dev/null
+++ b/sepolicy/vendor/cdsprpcd.te
@@ -0,0 +1 @@
+r_dir_file(vendor_cdsprpcd, public_adsprpcd_file)
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 5b3c5b4..f26fafe 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -6,6 +6,8 @@ type fingerprint_data_file, data_file_type, file_type, vendor_persist_type;
 
 type persist_subsys_file, vendor_persist_type, file_type;
 
+type public_adsprpcd_file, file_type;
+
 type sysfs_msm_boot, fs_type, sysfs_type;
 
 type sysfs_msm_subsys, sysfs_type, fs_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 7dc74d3..765ce1f 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -17,6 +17,11 @@
 /data/vendor/goodix(/.*)?                                               u:object_r:fingerprint_data_file:s0
 /data/vendor/fpc(/.*)?                                                  u:object_r:fingerprint_data_file:s0
 
+# Hexagon DSP-side executable needed for Halide operation
+# This is labeled as public_adsprpcd_file as it needs to be read by apps
+# (e.g. Google Camera App)
+/mnt/vendor/dsp/fastrpc_shell_3                                         u:object_r:public_adsprpcd_file:s0
+
 # IR
 /dev/spidev0.1                                                          u:object_r:lirc_device:s0
 
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index b82ed14..2ae8360 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -15,3 +15,5 @@ set_prop(hal_camera_default, vendor_camera_prop)
 
 allow hal_camera_default socket_device:sock_file write;
 allow hal_camera_default proc_stat:file { open };
+
+allow hal_camera_default public_adsprpcd_file:file r_file_perms;
diff --git a/sepolicy/vendor/hal_neuralnetworks_default.te b/sepolicy/vendor/hal_neuralnetworks_default.te
new file mode 100644
index 0000000..7763c49
--- /dev/null
+++ b/sepolicy/vendor/hal_neuralnetworks_default.te
@@ -0,0 +1 @@
+r_dir_file(vendor_hal_neuralnetworks_default, public_adsprpcd_file)
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index 3a57d5d..9d47579 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -2,3 +2,5 @@
 allow init debugfs_tracing_debug:dir mounton;
 
 allow init same_process_hal_file:file execute;
+
+allow init adsprpcd_file:file mounton;