Merge "Separate GRIL sepolicy for AIDL and HIDL by folders" into main

gril/aidl/2.0/compatibility_matrix.xml

@@ -0,0 +1,10 @@
+<compatibility-matrix version="1.0" type="framework">
+    <hal format="aidl" optional="true">
+        <name>vendor.google.radio_ext</name>
+        <version>2</version>
+        <interface>
+            <name>IRadioExt</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
+</compatibility-matrix>

gril/aidl/2.0/gril_aidl.mk

@@ -0,0 +1,3 @@
+PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/aidl/2.0/compatibility_matrix.xml
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/aidl/2.0/sepolicy

gril/aidl/2.0/sepolicy/file_contexts

@@ -0,0 +1 @@
+/vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_aidl_radio_ext_exec:s0

gril/aidl/2.0/sepolicy/grilservice_app.te

@@ -0,0 +1,4 @@
+# allow grilservice_app to find hal_aidl_radio_ext_service
+allow grilservice_app hal_aidl_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_aidl_radio_ext)
+binder_call(grilservice_app, twoshay)

gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te

@@ -0,0 +1,33 @@
+# hal_aidl_radio_ext domain
+type hal_aidl_radio_ext, domain;
+type hal_aidl_radio_ext_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(hal_aidl_radio_ext)
+
+get_prop(hal_aidl_radio_ext, hwservicemanager_prop)
+get_prop(hal_aidl_radio_ext, telephony_modemtype_prop)
+set_prop(hal_aidl_radio_ext, vendor_gril_prop)
+
+binder_call(hal_aidl_radio_ext, servicemanager)
+binder_call(hal_aidl_radio_ext, grilservice_app)
+binder_call(hal_aidl_radio_ext, hal_bluetooth_btlinux)
+
+add_service(hal_aidl_radio_ext, hal_aidl_radio_ext_service)
+
+# RW /dev/oem_ipc0
+allow hal_aidl_radio_ext radio_device:chr_file rw_file_perms;
+
+# RW MIPI Freq files
+allow hal_aidl_radio_ext radio_vendor_data_file:dir create_dir_perms;
+allow hal_aidl_radio_ext radio_vendor_data_file:file create_file_perms;
+
+# Bluetooth
+allow hal_aidl_radio_ext hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+allow hal_aidl_radio_ext hal_bluetooth_coexistence_service:service_manager find;
+
+# Allow access to the backlight driver to set ssc_mode
+allow hal_aidl_radio_ext sysfs_leds:dir search;
+allow hal_aidl_radio_ext sysfs_leds:file rw_file_perms;
+
+# legacy/zuma/vendor
+allow hal_aidl_radio_ext sysfs_display:file rw_file_perms;

gril/aidl/2.0/sepolicy/hal_camera_default.te

@@ -0,0 +1,2 @@
+# allow hal_camera_default to binder call hal_aidl_radio_ext
+binder_call(hal_camera_default, hal_aidl_radio_ext);

gril/aidl/2.0/sepolicy/service.te

@@ -0,0 +1,2 @@
+# Radio Ext AIDL service
+type hal_aidl_radio_ext_service, hal_service_type, protected_service, service_manager_type;

gril/aidl/2.0/sepolicy/service_contexts

@@ -0,0 +1 @@
+vendor.google.radio_ext.IRadioExt/default                 u:object_r:hal_aidl_radio_ext_service:s0

gril/aidl/2.0/sepolicy/twoshay.te

@@ -0,0 +1,2 @@
+# allow twoshay to binder call hal_aidl_radio_ext
+binder_call(twoshay, hal_aidl_radio_ext)

gril/hidl/1.7/compatibility_matrix.xml

@@ -0,0 +1,10 @@
+<compatibility-matrix version="1.0" type="framework">
+    <hal format="hidl" optional="true">
+        <name>vendor.google.radioext</name>
+        <version>1.7</version>
+        <interface>
+            <name>IRadioExt</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
+</compatibility-matrix>

gril/hidl/1.7/gril_hidl.mk

@@ -0,0 +1,3 @@
+PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/hidl/1.7/compatibility_matrix.xml
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/hidl/1.7/sepolicy

gril/hidl/1.7/sepolicy/file_contexts

@@ -0,0 +1 @@
+/vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0

gril/hidl/1.7/sepolicy/grilservice_app.te

@@ -0,0 +1,2 @@
+# allow grilservice_app to binder call hal_radioext_default
+binder_call(grilservice_app, hal_radioext_default)

gril/hidl/1.7/sepolicy/hal_camera_default.te

@@ -0,0 +1,2 @@
+# allow hal_camera_default to binder call hal_radioext_default
+binder_call(hal_camera_default, hal_radioext_default);

gril/hidl/1.7/sepolicy/hal_radioext_default.te

@@ -0,0 +1,28 @@
+# hal_radioext_default domain
+type hal_radioext_default, domain;
+type hal_radioext_default_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_radioext_default)
+
+hwbinder_use(hal_radioext_default)
+get_prop(hal_radioext_default, hwservicemanager_prop)
+get_prop(hal_radioext_default, telephony_modemtype_prop)
+set_prop(hal_radioext_default, vendor_gril_prop)
+add_hwservice(hal_radioext_default, hal_radioext_hwservice)
+
+binder_call(hal_radioext_default, servicemanager)
+binder_call(hal_radioext_default, grilservice_app)
+binder_call(hal_radioext_default, hal_bluetooth_btlinux)
+
+# RW /dev/oem_ipc0
+allow hal_radioext_default radio_device:chr_file rw_file_perms;
+
+# RW MIPI Freq files
+allow hal_radioext_default radio_vendor_data_file:dir create_dir_perms;
+allow hal_radioext_default radio_vendor_data_file:file create_file_perms;
+
+# Bluetooth
+allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find;
+
+# legacy/zuma/vendor
+allow hal_radioext_default sysfs_display:file rw_file_perms;

gril/hidl/1.7/sepolicy/hwservice_contexts

@@ -0,0 +1,2 @@
+# GRIL HAL
+vendor.google.radioext::IRadioExt                                                  u:object_r:hal_radioext_hwservice:s0

gril/hidl/1.7/sepolicy/twoshay.te

@@ -0,0 +1,2 @@
+# allow twoshay to binder call hal_radioext_default
+binder_call(twoshay, hal_radioext_default)