From bc5e83a6188820b9564bcd35fbf10bcdd7380553 Mon Sep 17 00:00:00 2001
From: pjgowtham <pjgowtham@gmail.com>
Date: Tue, 20 Aug 2024 08:01:57 +0530
Subject: [PATCH] camera: Make fastrpc_shell_3 publicly available

 * Used by GCAM for DSP-accelerated HDR processing
 * Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to
   same_process_hal_file like Pixels, but the partition is prebuilt thus
   we're unable to relabel it.
 * Copy the file to writable tmpfs, setup attributes and bind mount back
   to workaround the limitation.

[ghostrider-reborn]:
Allow adsp/cdsprpcd and neuralnetworks HAL to access fastrpc_shell_3

[kras edit:
 1. rename some contexts as per qva/kona
 2. extend to allow camera HAL and VPP service to access it as well]

Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
Change-Id: Ide90e5c7307d413db5ece736e859559f06679545
Signed-off-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
---
 init/init.oplus.camera.rc                     | 8 ++++++++
 sepolicy/vendor/adsprpcd.te                   | 1 +
 sepolicy/vendor/app.te                        | 2 ++
 sepolicy/vendor/cdsprpcd.te                   | 1 +
 sepolicy/vendor/file.te                       | 1 +
 sepolicy/vendor/file_contexts                 | 5 +++++
 sepolicy/vendor/hal_camera_default.te         | 1 +
 sepolicy/vendor/hal_neuralnetworks_default.te | 1 +
 sepolicy/vendor/init.te                       | 2 ++
 sepolicy/vendor/vppservice.te                 | 1 +
 10 files changed, 23 insertions(+)
 create mode 100644 sepolicy/vendor/adsprpcd.te
 create mode 100644 sepolicy/vendor/app.te
 create mode 100644 sepolicy/vendor/cdsprpcd.te
 create mode 100644 sepolicy/vendor/file.te
 create mode 100644 sepolicy/vendor/hal_camera_default.te
 create mode 100644 sepolicy/vendor/hal_neuralnetworks_default.te
 create mode 100644 sepolicy/vendor/vppservice.te

diff --git a/init/init.oplus.camera.rc b/init/init.oplus.camera.rc
index 7cbfd7e..703c03a 100644
--- a/init/init.oplus.camera.rc
+++ b/init/init.oplus.camera.rc
@@ -4,6 +4,14 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
+on post-fs-data
+
+    # Bind mount fastrpc_shell_3 for labelling
+    mkdir /mnt/vendor/dsp 0770 root root
+    copy /vendor/dsp/cdsp/fastrpc_shell_3 /mnt/vendor/dsp/fastrpc_shell_3
+    chmod 0644 /mnt/vendor/dsp/fastrpc_shell_3
+    mount none /mnt/vendor/dsp/fastrpc_shell_3 /vendor/dsp/cdsp/fastrpc_shell_3 bind
+
 on boot
     # OIS
     chown cameraserver cameraserver /sys/kernel/ois_control/dump_registers
diff --git a/sepolicy/vendor/adsprpcd.te b/sepolicy/vendor/adsprpcd.te
new file mode 100644
index 0000000..71945f2
--- /dev/null
+++ b/sepolicy/vendor/adsprpcd.te
@@ -0,0 +1 @@
+r_dir_file(vendor_adsprpcd, public_adsprpcd_file)
diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
new file mode 100644
index 0000000..bb8de86
--- /dev/null
+++ b/sepolicy/vendor/app.te
@@ -0,0 +1,2 @@
+allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms;
+allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms;
diff --git a/sepolicy/vendor/cdsprpcd.te b/sepolicy/vendor/cdsprpcd.te
new file mode 100644
index 0000000..cead8a9
--- /dev/null
+++ b/sepolicy/vendor/cdsprpcd.te
@@ -0,0 +1 @@
+r_dir_file(vendor_cdsprpcd, public_adsprpcd_file)
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
new file mode 100644
index 0000000..7631599
--- /dev/null
+++ b/sepolicy/vendor/file.te
@@ -0,0 +1 @@
+type public_adsprpcd_file, file_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index caed2e7..60bf3e3 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -125,3 +125,8 @@
 /vendor/lib64/android\.hardware\.graphics\.allocator@[2-4]\.0\.so                       u:object_r:same_process_hal_file:s0
 /vendor/lib64/android\.hardware\.graphics\.common-V[1-2]-ndk_platform\.so               u:object_r:same_process_hal_file:s0
 /vendor/lib64/android\.hardware\.graphics\.common-V[1-3]-ndk\.so                        u:object_r:same_process_hal_file:s0
+
+# Hexagon DSP-side executable needed for Halide operation
+# This is labeled as public_adsprpcd_file as it needs to be read by apps
+# (e.g. Google Camera App)
+/mnt/vendor/dsp/fastrpc_shell_3							        u:object_r:public_adsprpcd_file:s0
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
new file mode 100644
index 0000000..6907001
--- /dev/null
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -0,0 +1 @@
+allow hal_camera_default public_adsprpcd_file:file r_file_perms;
diff --git a/sepolicy/vendor/hal_neuralnetworks_default.te b/sepolicy/vendor/hal_neuralnetworks_default.te
new file mode 100644
index 0000000..7763c49
--- /dev/null
+++ b/sepolicy/vendor/hal_neuralnetworks_default.te
@@ -0,0 +1 @@
+r_dir_file(vendor_hal_neuralnetworks_default, public_adsprpcd_file)
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index 6d9b469..c4da25e 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -1 +1,3 @@
+allow init adsprpcd_file:file mounton;
+
 set_prop(vendor_init, vendor_camera_prop)
diff --git a/sepolicy/vendor/vppservice.te b/sepolicy/vendor/vppservice.te
new file mode 100644
index 0000000..e9e1809
--- /dev/null
+++ b/sepolicy/vendor/vppservice.te
@@ -0,0 +1 @@
+r_dir_file(vendor_vppservice, public_adsprpcd_file)