[ALPS04383692] GPU: GPU HIDL
[Detail]
Add sepolicy for gpu hidl
Change-Id: I7a0ed82e546391a509687ef1b4cf5927cfbefe46
CR-Id: ALPS04383692
Feature: OpenGL|ES
diff --git a/basic/non_plat/file_contexts b/basic/non_plat/file_contexts
index 19fbc82..79e24b0 100644
--- a/basic/non_plat/file_contexts
+++ b/basic/non_plat/file_contexts
@@ -714,6 +714,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2@1\.2-mediatek u:object_r:mtk_hal_c2_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2@1\.2-mediatek-64b u:object_r:mtk_hal_c2_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.mediatek u:object_r:mtk_hal_memtrack_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.mediatek\.hardware\.gpu@1\.0-service u:object_r:mtk_hal_gpu_exec:s0
# Google Trusty system files
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0
diff --git a/basic/non_plat/hal_gpu.te b/basic/non_plat/hal_gpu.te
new file mode 100644
index 0000000..296057a
--- /dev/null
+++ b/basic/non_plat/hal_gpu.te
@@ -0,0 +1,6 @@
+# HwBinder IPC from clients into server, and callbacks
+binder_call(hal_gpu_client, hal_gpu_server)
+binder_call(hal_gpu_server, hal_gpu_client)
+
+# give permission for hal client
+allow hal_gpu_client mtk_hal_gpu_hwservice:hwservice_manager find;
diff --git a/basic/non_plat/hwservice.te b/basic/non_plat/hwservice.te
index 1c869cd..3ea506e 100644
--- a/basic/non_plat/hwservice.te
+++ b/basic/non_plat/hwservice.te
@@ -76,3 +76,4 @@
type mtk_hal_composer_ext_hwservice, hwservice_manager_type, protected_hwservice;
type mtk_hal_keyinstall_hwservice, hwservice_manager_type;
+type mtk_hal_gpu_hwservice, hwservice_manager_type;
diff --git a/basic/non_plat/hwservice_contexts b/basic/non_plat/hwservice_contexts
index 6627bf6..052bba6 100644
--- a/basic/non_plat/hwservice_contexts
+++ b/basic/non_plat/hwservice_contexts
@@ -89,3 +89,4 @@
vendor.mediatek.hardware.composer_ext::IComposerExt u:object_r:mtk_hal_composer_ext_hwservice:s0
vendor.mediatek.hardware.keyinstall::IKeyinstall u:object_r:mtk_hal_keyinstall_hwservice:s0
+vendor.mediatek.hardware.gpu::IGraphicExt u:object_r:mtk_hal_gpu_hwservice:s0
diff --git a/basic/non_plat/mtk_hal_gpu.te b/basic/non_plat/mtk_hal_gpu.te
new file mode 100644
index 0000000..792430e
--- /dev/null
+++ b/basic/non_plat/mtk_hal_gpu.te
@@ -0,0 +1,44 @@
+# ==============================================
+# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.gpu@1.0-service Executable File
+
+# ==============================================
+# Type Declaration
+# ==============================================
+
+type mtk_hal_gpu, domain;
+type mtk_hal_gpu_exec, exec_type, file_type, vendor_file_type;
+
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Setup for domain transition
+init_daemon_domain(mtk_hal_gpu)
+
+# Allow to use HWBinder IPC
+hwbinder_use(mtk_hal_gpu);
+
+# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder.
+hal_server_domain(mtk_hal_gpu, hal_gpu)
+
+# add/find permission rule to hwservicemanager
+add_hwservice(hal_gpu, mtk_hal_gpu_hwservice)
+allow hal_gpu_client mtk_hal_gpu_hwservice:hwservice_manager find;
+
+# Allow to allocate hidl memory
+hal_client_domain(mtk_hal_gpu, hal_allocator)
+
+# Purpose : Allow to use kernel driver
+allow mtk_hal_gpu graphics_device:chr_file rw_file_perms;
+
+# Purpose : Allow property set
+allow mtk_hal_gpu init:unix_stream_socket connectto;
+allow mtk_hal_gpu property_socket:sock_file write;
+
+allow mtk_hal_gpu debugfs_ged:dir rw_dir_perms;
+allow mtk_hal_gpu debugfs_ged:file rw_file_perms;
+allow mtk_hal_gpu proc_ged:file rw_file_perms;
+
+allow mtk_hal_gpu hal_graphics_allocator_default:fd use;
+allow mtk_hal_gpu ion_device:chr_file r_file_perms;
+allow mtk_hal_gpu debugfs_ion:dir search;
diff --git a/bsp/plat_public/attributes b/bsp/plat_public/attributes
index 0447d0f..c63b434 100644
--- a/bsp/plat_public/attributes
+++ b/bsp/plat_public/attributes
@@ -115,3 +115,8 @@
attribute hal_teei_wechat;
attribute hal_teei_wechat_client;
attribute hal_teei_wechat_server;
+
+# GPU HIDL
+attribute hal_gpu;
+attribute hal_gpu_client;
+attribute hal_gpu_server;