Merge "sepolicy: add sepolicy for vpsservice"
diff --git a/qva/private/file_contexts b/qva/private/file_contexts
index 49ebeba..7e32f4c 100755
--- a/qva/private/file_contexts
+++ b/qva/private/file_contexts
@@ -50,6 +50,7 @@
/system/bin/mmi_diag u:object_r:vendor_mmi_sys_exec:s0
/system/bin/perfservice u:object_r:perfservice_exec:s0
/system/bin/mirrorlinkserver u:object_r:mirrorlink_exec:s0
+/system/bin/vpsservice u:object_r:vpsservice_exec:s0
####### data files ################
/data/dpm(/.*)? u:object_r:dpmd_data_file:s0
diff --git a/qva/private/service.te b/qva/private/service.te
index 8f35469..daf0a02 100644
--- a/qva/private/service.te
+++ b/qva/private/service.te
@@ -34,3 +34,4 @@
type wfdservice_service, service_manager_type;
type wigigp2p_service, app_api_service, system_server_service, service_manager_type;
type wigig_service, app_api_service, system_server_service, service_manager_type;
+type vendor_vps_service, app_api_service, service_manager_type;
diff --git a/qva/private/service_contexts b/qva/private/service_contexts
index aa0fc6b..b00ee1d 100755
--- a/qva/private/service_contexts
+++ b/qva/private/service_contexts
@@ -39,3 +39,4 @@
wigigp2p u:object_r:wigigp2p_service:s0
wigig u:object_r:wigig_service:s0
display.smomoservice u:object_r:surfaceflinger_service:s0
+vendor.vpsservice u:object_r:vendor_vps_service:s0
diff --git a/qva/private/system_server.te b/qva/private/system_server.te
index 75b9697..447a66a 100644
--- a/qva/private/system_server.te
+++ b/qva/private/system_server.te
@@ -46,6 +46,10 @@
#Allow system_server to add and find perf service
#add_service(system_server, vendor_perf_service);
allow system_server vendor_perf_service:service_manager find;
+
+#Allow system_server to add and find vps service
+allow system_server vendor_vps_service:service_manager find;
+
binder_call(system_server,qvrd);
#Allow for access to WFD specific debug properties
diff --git a/qva/private/vpsservice.te b/qva/private/vpsservice.te
new file mode 100755
index 0000000..ff63c98
--- /dev/null
+++ b/qva/private/vpsservice.te
@@ -0,0 +1,45 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vpsservice coredomain;
+type vpsservice_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vpsservice)
+
+add_service(vpsservice, vendor_vps_service)
+binder_use(vpsservice);
+binder_call(vpsservice, system_server);
+binder_service(vpsservice);
+
+hal_client_domain(vpsservice, hal_graphics_composer)
+hal_client_domain(vpsservice, hal_graphics_allocator)
+allow vpsservice surfaceflinger:binder call;
+allow vpsservice surfaceflinger:fd use;
+allow vpsservice ion_device:chr_file { open read };
+allow vpsservice media_rw_data_file:dir create_dir_perms;
+allow vpsservice media_rw_data_file:file create_file_perms;
+allow vpsservice gpu_device:chr_file rw_file_perms;
\ No newline at end of file
diff --git a/qva/public/vpsservice.te b/qva/public/vpsservice.te
new file mode 100755
index 0000000..621d0d8
--- /dev/null
+++ b/qva/public/vpsservice.te
@@ -0,0 +1,28 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vpsservice, domain, coredomain;
diff --git a/qva/vendor/common/vpsservice.te b/qva/vendor/common/vpsservice.te
new file mode 100755
index 0000000..ca98cad
--- /dev/null
+++ b/qva/vendor/common/vpsservice.te
@@ -0,0 +1,31 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+hwbinder_use(vpsservice);
+hal_client_domain(vpsservice, hal_vpp)
+hal_client_domain(vpsservice, hal_iop)
+get_prop(vpsservice, vendor_iop_prop)