Add sepolicy for gxp_logging service to report metrics [RESTRICT AUTOMERGE]

gxp_logging service will periodically check the sysfs files exposed by
the gxp kernel driver and report stats to Suez framework.
These policies are needed to report the metrics.

Tested:
Found no violation with these policies on a P23 device

Bug: 278514198
Change-Id: I8c3e57dfe4e9a6caab425f2424d07e83f5e7b9c6
Signed-off-by: Dinesh Yadav <dkyadav@google.com>

vendor/debug_camera_app.te

@@ -11,8 +11,9 @@ userdebug_or_eng(`
 	allow debug_camera_app mediametrics_service:service_manager find;
 	allow debug_camera_app mediaserver_service:service_manager find;
 
-	# Allows GCA-Eng & GCA-Next access the GXP device.
+	# Allows GCA-Eng & GCA-Next access the GXP device and properties.
 	allow debug_camera_app gxp_device:chr_file rw_file_perms;
+	get_prop(debug_camera_app, vendor_gxp_prop)
 
 	# Allows GCA-Eng & GCA-Next to find and access the EdgeTPU.
 	allow debug_camera_app edgetpu_app_service:service_manager find;

vendor/file.te

@@ -15,6 +15,9 @@ type sysfs_aoc_udfps, sysfs_type, fs_type;
 # Trusty
 type sysfs_trusty, sysfs_type, fs_type;
 
+# Gxp sysfs file
+type sysfs_gxp, sysfs_type, fs_type;
+
 # mount FS
 allow proc_vendor_sched proc:filesystem associate;
 allow bootdevice_sysdev sysfs:filesystem associate;

vendor/genfs_contexts

@@ -23,6 +23,9 @@ genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency
 # EdgeTPU
 genfscon sysfs /devices/platform/1a000000.rio                           u:object_r:sysfs_edgetpu:s0
 
+# Gxp
+genfscon sysfs /devices/platform/20c00000.callisto                      u:object_r:sysfs_gxp:s0
+
 # debugfs
 genfscon debugfs /google_charger                                        u:object_r:vendor_charger_debugfs:s0
 genfscon debugfs /max77729_pmic                                         u:object_r:vendor_charger_debugfs:s0

vendor/google_camera_app.te

@@ -12,6 +12,9 @@ allow google_camera_app mediaserver_service:service_manager find;
 # Allows GCA to acccess the GXP device.
 allow google_camera_app gxp_device:chr_file rw_file_perms;
 
+# Allow GCA to access the GXP properies.
+get_prop(google_camera_app, vendor_gxp_prop)
+
 # Allows GCA to access the PowerHAL.
 hal_client_domain(google_camera_app, hal_power)
 

vendor/gxp_logging.te

@@ -5,6 +5,18 @@ init_daemon_domain(gxp_logging)
 # The logging service accesses /dev/gxp
 allow gxp_logging gxp_device:chr_file rw_file_perms;
 
+# Allow logging service to access /sys/class/gxp
+allow gxp_logging sysfs_gxp:dir search;
+allow gxp_logging sysfs_gxp:file rw_file_perms;
+
+# Allow logging service to log to stats service for reporting metrics.
+allow gxp_logging fwk_stats_service:service_manager find;
+binder_call(gxp_logging, system_server);
+binder_use(gxp_logging)
+
+# Allow logging service to read gxp properties.
+get_prop(gxp_logging, vendor_gxp_prop)
+
 # Allow gxp tracing service to send packets to Perfetto
 userdebug_or_eng(`perfetto_producer(gxp_logging)')
 

vendor/hal_camera_default.te

@@ -31,6 +31,7 @@ allow hal_camera_default vendor_camera_data_file:file create_file_perms;
 
 # Allow the camera hal to access the GXP device.
 allow hal_camera_default gxp_device:chr_file rw_file_perms;
+get_prop(hal_camera_default, vendor_gxp_prop)
 
 # Allow creating dump files for debugging in non-release builds
 userdebug_or_eng(`

vendor/property.te

@@ -16,3 +16,6 @@ vendor_restricted_prop(vendor_arm_runtime_option_prop)
 
 # ArmNN
 vendor_internal_prop(vendor_armnn_config_prop)
+
+# Gxp properties
+system_vendor_config_prop(vendor_gxp_prop)

vendor/property_contexts

@@ -23,3 +23,6 @@ vendor.mali.                               u:object_r:vendor_arm_runtime_option_
 
 # ArmNN configuration
 ro.vendor.armnn.                           u:object_r:vendor_armnn_config_prop:s0 prefix
+
+# Gxp
+vendor.gxp.                                u:object_r:vendor_gxp_prop:s0

vendor/vendor_init.te

@@ -39,3 +39,6 @@ set_prop(vendor_init, vendor_armnn_config_prop)
 
 # MM
 allow vendor_init proc_watermark_scale_factor:file w_file_perms;
+
+# Gxp
+set_prop(vendor_init, vendor_gxp_prop)