sm6375-common: sepolicy: Address pixel power HAL denials

Change-Id: I7327bd54c0d12fde03472695a5598d2a3d22f716

sepolicy/vendor/file.te

@@ -27,6 +27,7 @@ type fsg_file, file_type, contextmount_type, vendor_file_type;
 # Power
 type proc_sched_lib_mask_cpuinfo, proc_type, fs_type;
 type vendor_sysfs_dt2w, fs_type, sysfs_type;
+type vendor_sysfs_msm_subsys, fs_type, sysfs_type;
 
 # SKU version
 type vendor_sysfs_sku_version, fs_type, sysfs_type;

sepolicy/vendor/file_contexts

@@ -74,6 +74,9 @@
 /dev/sec-nfc u:object_r:nfc_device:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.samsung u:object_r:hal_nfc_default_exec:s0
 
+# Power
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service\.moto_sm6375-libperfmgr  u:object_r:hal_power_default_exec:s0
+
 # Radio
 /data/vendor/misc/cutback(/.*)?                         u:object_r:cutback_data_file:s0
 /dev/socket/cutback                                     u:object_r:cutback_socket:s0

sepolicy/vendor/genfs_contexts

@@ -33,6 +33,20 @@ genfscon proc /hw
 genfscon proc /sys/kernel/sched_lib_name                                        u:object_r:proc_sched_lib_mask_cpuinfo:s0
 genfscon proc /sys/kernel/sched_lib_mask_force                                  u:object_r:proc_sched_lib_mask_cpuinfo:s0
 genfscon sysfs /devices/platform/soc/a94000.i2c/i2c-2/2-0049/double_click       u:object_r:vendor_sysfs_dt2w:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/clkgate_enable    u:object_r:vendor_sysfs_scsi_host:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/idle_encoder_mask                        u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/idle_state                               u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/idle_timeout_ms                          u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/early_wakeup        u:object_r:vendor_sysfs_msm_subsys:s0
+genfscon sysfs /devices/platform/soc/5900000.qcom,kgsl-3d0                                          u:object_r:vendor_sysfs_msm_subsys:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-bw                                        u:object_r:vendor_sysfs_msm_subsys:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-lat                                      u:object_r:vendor_sysfs_msm_subsys:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu6-cpu-ddr-lat                                      u:object_r:vendor_sysfs_msm_subsys:s0
+genfscon sysfs /devices/platform/soc/fd90100.qcom,cpu0-cpu-l3-lat                                   u:object_r:vendor_sysfs_msm_subsys:s0
+genfscon sysfs /devices/platform/soc/fd90100.qcom,cpu6-cpu-l3-lat                                   u:object_r:vendor_sysfs_msm_subsys:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display                                           u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,gpubw                                                 u:object_r:vendor_sysfs_msm_subsys:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,gpubw/devfreq                                         u:object_r:vendor_sysfs_msm_subsys:s0
 
 # RTC
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pmk8350@0:rtc/rtc/rtc0 u:object_r:sysfs_rtc:s0

sepolicy/vendor/hal_power_default.te

@@ -1,6 +1,33 @@
-allow hal_power_default vendor_sysfs_touchpanel:dir search;
-allow hal_power_default vendor_sysfs_touchpanel:file rw_file_perms;
-allow hal_power_default vendor_sysfs_input:dir search;
-allow hal_power_default vendor_sysfs_sensors:dir search;
-allow hal_power_default vendor_sysfs_dt2w:dir search;
-allow hal_power_default vendor_sysfs_dt2w:{ file lnk_file } rw_file_perms;
+allow hal_power_default {
+  vendor_sysfs_devfreq
+  vendor_sysfs_dt2w
+  vendor_sysfs_input
+  vendor_sysfs_msm_subsys
+  vendor_sysfs_sensors
+  vendor_sysfs_touchpanel
+}:dir search;
+
+allow hal_power_default {
+  cgroup
+  proc
+  vendor_sysfs_devfreq
+  sysfs_devices_system_cpu
+  vendor_sysfs_devfreq
+  vendor_sysfs_dt2w
+  vendor_sysfs_graphics
+  vendor_sysfs_kgsl
+  vendor_sysfs_msm_subsys
+  vendor_sysfs_scsi_host
+  vendor_sysfs_touchpanel
+}:{
+  file
+  lnk_file
+} rw_file_perms;
+
+allow hal_power_default vendor_latency_device:chr_file rw_file_perms;
+
+# Rule for hal_power_default to access graphics composer process
+unix_socket_connect(hal_power_default, vendor_pps, hal_graphics_composer_default);
+
+# To get/set powerhal state property
+set_prop(hal_power_default, vendor_power_prop)

sepolicy/vendor/property.te

@@ -5,3 +5,6 @@ vendor_internal_prop(vendor_mot_fingerprint_prop);
 vendor_internal_prop(vendor_mot_hw_prop);
 vendor_internal_prop(vendor_mot_touch_prop);
 vendor_internal_prop(vendor_mot_nfc_prop);
+
+# Power
+vendor_internal_prop(vendor_power_prop)

sepolicy/vendor/property_contexts

@@ -21,3 +21,6 @@ vendor.nfc.fw_status       u:object_r:vendor_mot_nfc_prop:s0
 persist.vendor.hardware.fingerprint            u:object_r:vendor_mot_fingerprint_prop:s0
 vendor.hw.fps.ident                            u:object_r:vendor_mot_fingerprint_prop:s0
 vendor.hw.fingerprint.status                   u:object_r:vendor_mot_fingerprint_prop:s0
+
+# Power
+vendor.powerhal.                   u:object_r:vendor_power_prop:s0

sepolicy/vendor/vendor_init.te

@@ -1,7 +1,7 @@
 set_prop(vendor_init, vendor_camera_prop)
 set_prop(vendor_init, vendor_ims_prop)
 set_prop(vendor_init, vendor_mot_hw_prop)
-
+set_prop(vendor_init, vendor_power_prop)
 allow vendor_init proc_sched_lib_mask_cpuinfo:file w_file_perms;
 
 allow init vendor_sysfs_scsi_host:file w_file_perms;