Add rules for dspservice
init : Could not start service 'vendor.dspservice' as part of class 'hal':
File /vendor/bin/dspservice(labeled "u:object_r:vendor_file:s0") has incorrect
label or no domain transition from u:r:init:s0 to another SELinux domain defined.
Reference to https://team.git.corp.google.com/bramble-sw/qcom/lito/platform/vendor/qcom/sepolicy_vndr/+/3f418248
avc: denied { read } for comm="dspservice" name="u:object_r:hwservicemanager_prop:s0"
dev="tmpfs" ino=25144 scontext=u:r:dspservice:s0
tcontext=u:object_r:hwservicemanager_prop:s0 tclass=file permissive=0
avc: denied { call } for comm="dspservice" scontext=u:r:dspservice:s0
tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=0
avc: denied { find } for
interface=vendor.qti.hardware.dsp::IDspService sid=u:r:dspservice:s0
pid=5610 scontext=u:r:dspservice:s0
tcontext=u:object_r:hal_dspmanager_hwservice:s0 tclass=hwservice_manager
permissive=0
Bug: 183686628
Merged-In: I3906d01008e67c9d4ab9640217b19cb622ed45aa
Change-Id: I3906d01008e67c9d4ab9640217b19cb622ed45aa
diff --git a/vendor/qcom/common/dspservice.te b/vendor/qcom/common/dspservice.te
new file mode 100644
index 0000000..a00a6fb
--- /dev/null
+++ b/vendor/qcom/common/dspservice.te
@@ -0,0 +1,18 @@
+# Policy for DSP HAL service
+type dspservice, domain;
+type dspservice_exec, exec_type, vendor_file_type, file_type;
+
+# Started by init
+init_daemon_domain(dspservice)
+
+hal_attribute(dspmanager);
+
+# Allow DSP clients to perform binder IPC to DSP HAL server
+binder_call(hal_dspmanager_client, hal_dspmanager_server);
+binder_call(hal_dspmanager_server, hal_dspmanager_client);
+
+hal_server_domain(dspservice, hal_dspmanager);
+
+# Add dspservice to hwservice_manager and allow it to be discovered
+hal_attribute_hwservice(hal_dspmanager, hal_dspmanager_hwservice)
+
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index a01eb18..35d45ae 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -37,6 +37,7 @@
/(vendor|system/vendor)/bin/cnss_diag u:object_r:wcnss_service_exec:s0
/(vendor|system/vendor)/bin/adsprpcd u:object_r:adsprpcd_exec:s0
/(vendor|system/vendor)/bin/cdsprpcd u:object_r:cdsprpcd_exec:s0
+/vendor/bin/dspservice u:object_r:dspservice_exec:s0
/(vendor|system/vendor)/bin/wpa_cli u:object_r:wcnss_service_exec:s0
/(vendor|system/vendor)/bin/mdm_helper u:object_r:mdm_helper_exec:s0
/(vendor|system/vendor)/bin/mdm_helper_proxy u:object_r:mdm_helper_exec:s0
@@ -191,6 +192,7 @@
/vendor/lib(64)?/libadsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libcdsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libsdsprpc\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor\.qti\.hardware\.dsp@1\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libdiag\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libtime_genoff\.so u:object_r:same_process_hal_file:s0
diff --git a/vendor/qcom/common/hwservice.te b/vendor/qcom/common/hwservice.te
index 2118778..75d3e8f 100644
--- a/vendor/qcom/common/hwservice.te
+++ b/vendor/qcom/common/hwservice.te
@@ -17,3 +17,4 @@
type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice;
type hal_imsfactory_hwservice, hwservice_manager_type, protected_hwservice;
type hal_qspmhal_hwservice, hwservice_manager_type;
+type hal_dspmanager_hwservice, hwservice_manager_type, vendor_hwservice_type;
diff --git a/vendor/qcom/common/hwservice_contexts b/vendor/qcom/common/hwservice_contexts
index ba872a8..e9dfda3 100644
--- a/vendor/qcom/common/hwservice_contexts
+++ b/vendor/qcom/common/hwservice_contexts
@@ -33,3 +33,4 @@
vendor.qti.ims.callinfo::IService u:object_r:hal_imscallinfo_hwservice:s0
vendor.qti.hardware.qseecom::IQSEECom u:object_r:hal_qseecom_hwservice:s0
vendor.qti.qspmhal::IQspmhal u:object_r:hal_qspmhal_hwservice:s0
+vendor.qti.hardware.dsp::IDspService u:object_r:hal_dspmanager_hwservice:s0
