hikey: Add support for contexthub hal and neonkey / argonkey sensor hal
Compile: make TARGET_SENSOR_MEZZANINE=<mezzanine_name>
(<mezzanine_name> can be neonkey or argonkey)
Test: builds
Change-Id: I11c2734965b96cb34aef7558b7c822d0e5ea5c65
Signed-off-by: Ben Fennema <fennema@google.com>
diff --git a/sepolicy/file.te b/sepolicy/file.te
new file mode 100644
index 0000000..ce6faad
--- /dev/null
+++ b/sepolicy/file.te
@@ -0,0 +1,6 @@
+# /data
+type nanohub_lock_file, file_type, data_file_type;
+type sensor_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+
+# /sys
+type sysfs_nanoapp_cmd, sysfs_type, fs_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 79c0727..c5edebb 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -4,10 +4,18 @@
/dev/ttyFIQ0 u:object_r:console_device:s0
/dev/mali u:object_r:gpu_device:s0
/dev/mali0 u:object_r:gpu_device:s0
+/dev/nanohub u:object_r:sensors_device:s0
+/dev/nanohub_comms u:object_r:sensors_device:s0
/dev/dri/card0 u:object_r:gpu_device:s0
/dev/hci_tty u:object_r:hci_attach_dev:s0
/dev/ttyAMA1 u:object_r:hci_attach_dev:s0
/dev/ttyAMA4 u:object_r:hci_attach_dev:s0
/dev/hifi_misc u:object_r:audio_device:s0
-/system/vendor/bin/uim u:object_r:hci_attach_exec:s0
-/system/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service\.hikey u:object_r:hal_bluetooth_hikey_exec:s0
+
+# files in /vendor
+/(vendor|system/vendor)/bin/uim u:object_r:hci_attach_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service\.hikey u:object_r:hal_bluetooth_hikey_exec:s0
+/(vendor|system/vendor)/bin/nanoapp_cmd u:object_r:nanoapp_cmd_exec:s0
+
+# /data
+/data/vendor/sensor(/.*)? u:object_r:sensor_vendor_data_file:s0
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
new file mode 100644
index 0000000..fbea22a
--- /dev/null
+++ b/sepolicy/genfs_contexts
@@ -0,0 +1,2 @@
+# sysfs
+genfscon sysfs /devices/virtual/nanohub/nanohub u:object_r:sysfs_nanoapp_cmd:s0
diff --git a/sepolicy/hal_contexthub.te b/sepolicy/hal_contexthub.te
new file mode 100644
index 0000000..2788b24
--- /dev/null
+++ b/sepolicy/hal_contexthub.te
@@ -0,0 +1,5 @@
+allow hal_contexthub sensors_device:chr_file rw_file_perms;
+
+allow hal_contexthub sensor_vendor_data_file:dir create_dir_perms;
+allow hal_contexthub sensor_vendor_data_file:file create_file_perms;
+allow hal_contexthub nanohub_lock_file:file create_file_perms;
diff --git a/sepolicy/hal_sensors.te b/sepolicy/hal_sensors.te
new file mode 100644
index 0000000..885902a
--- /dev/null
+++ b/sepolicy/hal_sensors.te
@@ -0,0 +1,22 @@
+#Allow access to nanohub device
+allow hal_sensors sensors_device:chr_file rw_file_perms;
+
+# Allow acess to uinput for lidstate determination
+allow hal_sensors uhid_device:chr_file rw_file_perms;
+
+# Allow access to saved settings file and nanohub_lock dir/file
+allow hal_sensors sensor_vendor_data_file:dir create_dir_perms;
+allow hal_sensors sensor_vendor_data_file:file create_file_perms;
+
+# Allow access to sensor properties
+set_prop(hal_sensors, sensors_prop)
+
+# Allow access to gralloc shared memory (ion), for sensor direct report
+allow hal_sensors ion_device:chr_file { open read ioctl };
+allow hal_sensors hal_graphics_allocator:fd use;
+
+# allow sensor hal to call scheduling policy service in system server
+allow hal_sensors_default system_server:binder call;
+
+# allow access to detect change in /dev folder
+allow hal_sensors_default device:dir { open read };
diff --git a/sepolicy/nanoapp_cmd.te b/sepolicy/nanoapp_cmd.te
new file mode 100644
index 0000000..c4f5b3e
--- /dev/null
+++ b/sepolicy/nanoapp_cmd.te
@@ -0,0 +1,8 @@
+type nanoapp_cmd, domain;
+type nanoapp_cmd_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(nanoapp_cmd)
+
+allow nanoapp_cmd sensors_device:chr_file rw_file_perms;
+allow nanoapp_cmd sysfs_nanoapp_cmd:dir search;
+allow nanoapp_cmd sysfs_nanoapp_cmd:file rw_file_perms;
diff --git a/sepolicy/property.te b/sepolicy/property.te
new file mode 100644
index 0000000..93e029d
--- /dev/null
+++ b/sepolicy/property.te
@@ -0,0 +1 @@
+type sensors_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
new file mode 100644
index 0000000..3a4bde3
--- /dev/null
+++ b/sepolicy/property_contexts
@@ -0,0 +1 @@
+sensors. u:object_r:sensors_prop:s0