db845c: qcom: Add userspace tools to talk to dsp and modem
Add Qcom userspace tools and their respective sepolicy rules.
Userspace tools are downloaded from following github:
To trigger loading of wlan firmware on SDM845
git clone https://github.com/andersson/pd-mapper
Userspace reference for net/qrtr in the Linux kernel
git clone https://github.com/andersson/qrtr
Qualcomm Remote Filesystem Service Implementation
git clone https://github.com/andersson/rmtfs
Trivial File Transfer Protocol server over AF_QIPCRTR
git clone https://github.com/andersson/tqftpserv
Change-Id: Ic466af6fef010a9b71c90e38205f49a876b001e2
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 4d9988f..3e31092 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,2 +1,7 @@
type sysfs_gpu, fs_type, sysfs_type;
+type sysfs_rmtfs, fs_type, sysfs_type;
+type sysfs_tqftpserv, fs_type, sysfs_type;
type dri_device, dev_type;
+type rmtfs_device, dev_type;
+type modem_block_device, dev_type;
+type tqftpserv_vendor_data_file, file_type, data_file_type, mlstrustedobject;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index f1d323c..165f3b3 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,19 +1,40 @@
-/dev/block/by-name/metadata u:object_r:metadata_block_device:s0
+/dev/block/platform/soc@0/1d84000\.ufshc/by-name/fsc u:object_r:modem_block_device:s0
+/dev/block/platform/soc@0/1d84000\.ufshc/by-name/fsg u:object_r:modem_block_device:s0
+/dev/block/platform/soc@0/1d84000\.ufshc/by-name/modemst[12] u:object_r:modem_block_device:s0
+/dev/block/platform/soc@0/1d84000\.ufshc/by-name/metadata u:object_r:metadata_block_device:s0
+/dev/block/platform/soc@0/1d84000\.ufshc/by-name/super u:object_r:super_block_device:s0
+/dev/block/platform/soc@0/1d84000\.ufshc/by-name/userdata u:object_r:userdata_block_device:s0
+
/dev/dri u:object_r:dri_device:s0
/dev/dri/card0 u:object_r:graphics_device:s0
/dev/dri/renderD128 u:object_r:gpu_device:s0
+/dev/qcom_rmtfs_mem1 u:object_r:rmtfs_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
+/sys/bus/platform/drivers/qcom-q6v5-mss u:object_r:sysfs_rmtfs:s0
+/sys/devices/platform/88f00000.memory/rmtfs u:object_r:sysfs_rmtfs:s0
+
/sys/devices/platform/soc/ae00000.mdss u:object_r:sysfs_gpu:s0
/sys/devices/platform/soc/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/rtc u:object_r:sysfs_rtc:s0
# sysfs path changed in v5.4+ kernel for sdm845 devices
+/sys/devices/platform/soc@0/4080000.remoteproc u:object_r:sysfs_rmtfs:s0
/sys/devices/platform/soc@0/ae00000.mdss u:object_r:sysfs_gpu:s0
/sys/devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/rtc u:object_r:sysfs_rtc:s0
-/dev/block/platform/soc@0/1d84000\.ufshc/by-name/userdata u:object_r:userdata_block_device:s0
+/sys/class/remoteproc u:object_r:sysfs_tqftpserv:s0
+/sys/devices/platform/remoteproc-cdsp/remoteproc/remoteproc2/firmware u:object_r:sysfs_tqftpserv:s0
+
+/data/vendor/tmp(/.*)? u:object_r:tqftpserv_vendor_data_file:s0
+/data/vendor/readwrite(/.*)? u:object_r:tqftpserv_vendor_data_file:s0
+/data/vendor/readonly(/.*)? u:object_r:tqftpserv_vendor_data_file:s0
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.software u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/pd-mapper u:object_r:pd_mapper_exec:s0
+/vendor/bin/qrtr-cfg u:object_r:qrtr_exec:s0
+/vendor/bin/qrtr-ns u:object_r:qrtr_exec:s0
+/vendor/bin/rmtfs u:object_r:rmtfs_exec:s0
+/vendor/bin/tqftpserv u:object_r:tqftpserv_exec:s0
/vendor/lib(64)?/dri/.* u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/gralloc\.gbm\.so u:object_r:same_process_hal_file:s0
@@ -21,3 +42,4 @@
/vendor/lib(64)?/libdrm_freedreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgbm\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libglapi\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libqrtr\.so u:object_r:same_process_hal_file:s0
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index 0816df9..caed6c0 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -1,6 +1,9 @@
-genfscon sysfs /devices/platform/soc/ae00000.mdss u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/88f00000.memory/rmtfs u:object_r:sysfs_rmtfs:s0
+genfscon sysfs /devices/platform/soc/ae00000.mdss u:object_r:sysfs_gpu:s0
genfscon sysfs /devices/platform/soc/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000 u:object_r:sysfs_rtc:s0
+genfscon sysfs /devices/platform/remoteproc-cdsp/remoteproc/remoteproc2/firmware u:object_r:sysfs_tqftpserv:s0
# sysfs path changed in v5.4+ kernel for sdm845 devices
-genfscon sysfs /devices/platform/soc@0/ae00000.mdss u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/soc@0/4080000.remoteproc u:object_r:sysfs_rmtfs:s0
+genfscon sysfs /devices/platform/soc@0/ae00000.mdss u:object_r:sysfs_gpu:s0
genfscon sysfs /devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000 u:object_r:sysfs_rtc:s0
diff --git a/sepolicy/pd_mapper.te b/sepolicy/pd_mapper.te
new file mode 100644
index 0000000..6eb348e
--- /dev/null
+++ b/sepolicy/pd_mapper.te
@@ -0,0 +1,6 @@
+type pd_mapper, domain;
+
+type pd_mapper_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(pd_mapper);
+
+allow pd_mapper self:qipcrtr_socket { create getattr read setopt write };
diff --git a/sepolicy/qrtr.te b/sepolicy/qrtr.te
new file mode 100644
index 0000000..8344398
--- /dev/null
+++ b/sepolicy/qrtr.te
@@ -0,0 +1,8 @@
+type qrtr, domain;
+type qrtr_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(qrtr)
+
+allow qrtr self:capability net_admin;
+allow qrtr self:capability sys_admin;
+allow qrtr self:qipcrtr_socket create_socket_perms_no_ioctl;
+allow qrtr self:netlink_route_socket { create nlmsg_write read write };
diff --git a/sepolicy/rmtfs.te b/sepolicy/rmtfs.te
new file mode 100644
index 0000000..fff2e64
--- /dev/null
+++ b/sepolicy/rmtfs.te
@@ -0,0 +1,13 @@
+type rmtfs, domain;
+type rmtfs_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(rmtfs)
+
+allow rmtfs block_device:dir search;
+allow rmtfs modem_block_device:blk_file { open read };
+allow rmtfs rmtfs_device:chr_file { open read write };
+allow rmtfs self:capability net_admin;
+allow rmtfs self:qipcrtr_socket { bind create getattr read setopt write };
+allow rmtfs sysfs_rmtfs:dir { open read search};
+allow rmtfs sysfs_rmtfs:file r_file_perms;
+allow rmtfs sysfs_rmtfs:file write;
diff --git a/sepolicy/tqftpserv.te b/sepolicy/tqftpserv.te
new file mode 100644
index 0000000..46f3926
--- /dev/null
+++ b/sepolicy/tqftpserv.te
@@ -0,0 +1,10 @@
+type tqftpserv, domain;
+
+type tqftpserv_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(tqftpserv);
+
+allow tqftpserv self:qipcrtr_socket { connect create getattr read setopt write };
+allow tqftpserv sysfs_tqftpserv:dir { open read search };
+allow tqftpserv sysfs_tqftpserv:file { open read };
+allow tqftpserv tqftpserv_vendor_data_file:dir { add_name create open read search write };
+allow tqftpserv tqftpserv_vendor_data_file:file { create open write };