camera: Make fastrpc_shell_3 publicly available

* Used by GCAM for DSP-accelerated HDR processing * Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to same_process_hal_file like Pixels, but the partition is prebuilt thus we're unable to relabel it. * Copy the file to writable tmpfs, setup attributes and bind mount back to workaround the limitation. [ghostrider-reborn]: Allow adsp/cdsprpcd and neuralnetworks HAL to access fastrpc_shell_3 [kras edit: 1. rename some contexts as per qva/kona 2. extend to allow camera HAL and VPP service to access it as well] Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com> Change-Id: Ide90e5c7307d413db5ece736e859559f06679545 Signed-off-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
2024-08-20 08:01:57 +05:30
parent 5d17e5edd6
commit bc5e83a618
10 changed files with 23 additions and 0 deletions
--- a/init/init.oplus.camera.rc
+++ b/init/init.oplus.camera.rc
@@ -4,6 +4,14 @@
 # SPDX-License-Identifier: Apache-2.0
 #

+on post-fs-data
+
+    # Bind mount fastrpc_shell_3 for labelling
+    mkdir /mnt/vendor/dsp 0770 root root
+    copy /vendor/dsp/cdsp/fastrpc_shell_3 /mnt/vendor/dsp/fastrpc_shell_3
+    chmod 0644 /mnt/vendor/dsp/fastrpc_shell_3
+    mount none /mnt/vendor/dsp/fastrpc_shell_3 /vendor/dsp/cdsp/fastrpc_shell_3 bind
+
 on boot
    # OIS
    chown cameraserver cameraserver /sys/kernel/ois_control/dump_registers
--- a/sepolicy/vendor/adsprpcd.te
+++ b/sepolicy/vendor/adsprpcd.te
@@ -0,0 +1 @@
+r_dir_file(vendor_adsprpcd, public_adsprpcd_file)
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -0,0 +1,2 @@
+allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms;
+allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms;
--- a/sepolicy/vendor/cdsprpcd.te
+++ b/sepolicy/vendor/cdsprpcd.te
@@ -0,0 +1 @@
+r_dir_file(vendor_cdsprpcd, public_adsprpcd_file)
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -0,0 +1 @@
+type public_adsprpcd_file, file_type;
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -125,3 +125,8 @@
 /vendor/lib64/android\.hardware\.graphics\.allocator@[2-4]\.0\.so                       u:object_r:same_process_hal_file:s0
 /vendor/lib64/android\.hardware\.graphics\.common-V[1-2]-ndk_platform\.so               u:object_r:same_process_hal_file:s0
 /vendor/lib64/android\.hardware\.graphics\.common-V[1-3]-ndk\.so                        u:object_r:same_process_hal_file:s0
+
+# Hexagon DSP-side executable needed for Halide operation
+# This is labeled as public_adsprpcd_file as it needs to be read by apps
+# (e.g. Google Camera App)
+/mnt/vendor/dsp/fastrpc_shell_3							        u:object_r:public_adsprpcd_file:s0
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -0,0 +1 @@
+allow hal_camera_default public_adsprpcd_file:file r_file_perms;
--- a/sepolicy/vendor/hal_neuralnetworks_default.te
+++ b/sepolicy/vendor/hal_neuralnetworks_default.te
@@ -0,0 +1 @@
+r_dir_file(vendor_hal_neuralnetworks_default, public_adsprpcd_file)
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -1 +1,3 @@
+allow init adsprpcd_file:file mounton;
+
 set_prop(vendor_init, vendor_camera_prop)
--- a/sepolicy/vendor/vppservice.te
+++ b/sepolicy/vendor/vppservice.te
@@ -0,0 +1 @@
+r_dir_file(vendor_vppservice, public_adsprpcd_file)
				`@@ -0,0 +1 @@`
				`r_dir_file(vendor_adsprpcd, public_adsprpcd_file)`
				`@@ -0,0 +1 @@`
				`r_dir_file(vendor_cdsprpcd, public_adsprpcd_file)`
				`@@ -0,0 +1 @@`
				`allow hal_camera_default public_adsprpcd_file:file r_file_perms;`
				`@@ -0,0 +1 @@`
				`r_dir_file(vendor_hal_neuralnetworks_default, public_adsprpcd_file)`
				`@@ -0,0 +1 @@`
				`r_dir_file(vendor_vppservice, public_adsprpcd_file)`