Allow camera HAL and GCA to access Aurora GXP device. am: e95f5edafe

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17035623

Change-Id: If5cbce0c7a2489272853813e915a58560e1cfe86

whitechapel_pro/device.te

@@ -12,6 +12,7 @@ type lwis_device, dev_type;
 type logbuffer_device, dev_type;
 type rls_device, dev_type;
 type fingerprint_device, dev_type;
+type gxp_device, dev_type, mlstrustedobject;
 type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
 type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
 type vframe_heap_device, dmabuf_heap_device_type, dev_type;

whitechapel_pro/file_contexts

@@ -43,6 +43,7 @@
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
 /vendor/firmware/mali_csffw\.bin                                            u:object_r:same_process_hal_file:s0
+/vendor/firmware/gxp_fw_core[0-3]                                           u:object_r:same_process_hal_file:s0
 
 # Vendor libraries
 /vendor/lib(64)?/libdrm\.so                                                 u:object_r:same_process_hal_file:s0
@@ -56,6 +57,7 @@
 /vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so                      u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/vendor-pixelatoms-cpp\.so                                  u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libprotobuf-cpp-lite-3\.9\.1\.so                           u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgxp\.so                                                 u:object_r:same_process_hal_file:s0
 
 # Graphics
 /vendor/lib(64)?/hw/gralloc\.gs201\.so                                      u:object_r:same_process_hal_file:s0
@@ -133,6 +135,7 @@
 /dev/dri/card0                                                              u:object_r:graphics_device:s0
 /dev/fimg2d                                                                 u:object_r:graphics_device:s0
 /dev/g2d                                                                    u:object_r:graphics_device:s0
+/dev/gxp                                                                    u:object_r:gxp_device:s0
 /dev/dit2                                                                   u:object_r:vendor_toe_device:s0
 /dev/trusty-ipc-dev0                                                        u:object_r:tee_device:s0
 /dev/sg1                                                                    u:object_r:sg_device:s0

whitechapel_pro/google_camera_app.te

@@ -7,3 +7,9 @@ allow google_camera_app cameraserver_service:service_manager find;
 allow google_camera_app mediaextractor_service:service_manager find;
 allow google_camera_app mediametrics_service:service_manager find;
 allow google_camera_app mediaserver_service:service_manager find;
+
+# Allows camera app to access the GXP device.
+allow google_camera_app gxp_device:chr_file rw_file_perms;
+
+# Allows camera app to search for GXP firmware file.
+allow google_camera_app vendor_fw_file:dir search;

whitechapel_pro/hal_camera_default.te

@@ -24,6 +24,9 @@ allow hal_camera_default sysfs_edgetpu:file r_file_perms;
 allow hal_camera_default edgetpu_vendor_service:service_manager find;
 binder_call(hal_camera_default, edgetpu_vendor_server)
 
+# Allow the camera hal to access the GXP device.
+allow hal_camera_default gxp_device:chr_file rw_file_perms;
+
 # Allow access to data files used by the camera HAL
 allow hal_camera_default mnt_vendor_file:dir search;
 allow hal_camera_default persist_file:dir search;