From eadc0d0114749e7007581ca246467150e1b12e7f Mon Sep 17 00:00:00 2001
From: Shinru Han <shinruhan@google.com>
Date: Tue, 20 Feb 2024 09:32:05 +0000
Subject: [PATCH] gps: Enable Pixel GNSS HAL

avc:  denied  { call } for  scontext=u:r:hal_gnss_pixel:s0 tcontext=u:r:hal_gnss_default:s0 tclass=binder permissive=0
avc:  denied  { call } for  scontext=u:r:hal_gnss_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0
avc:  denied  { read } for  name="modem_state" dev="sysfs" ino=66325 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc:  denied  { open } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=66325 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc:  denied  { getattr } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=66325 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Test: CTS/VTS pass
Bug: 320567656
Change-Id: I22ed09fe37a7e9811f78bf66c21420d2809da9c6
---
 gps/lsi/s5400.mk                              |  3 +++
 gps/lsi/sepolicy/hal_gnss_default.te          |  3 +++
 gps/pixel/device_framework_matrix_product.xml | 10 ++++++++++
 gps/pixel/pixel_gnss_hal.mk                   | 15 +++++++++++++++
 gps/pixel/sepolicy/file.te                    |  1 +
 gps/pixel/sepolicy/file_contexts              |  2 ++
 gps/pixel/sepolicy/genfs_contexts             |  2 ++
 gps/pixel/sepolicy/hal_gnss_pixel.te          | 14 ++++++++++++++
 gps/pixel/sepolicy/service_contexts           |  1 +
 9 files changed, 51 insertions(+)
 create mode 100644 gps/pixel/device_framework_matrix_product.xml
 create mode 100644 gps/pixel/pixel_gnss_hal.mk
 create mode 100644 gps/pixel/sepolicy/file.te
 create mode 100644 gps/pixel/sepolicy/file_contexts
 create mode 100644 gps/pixel/sepolicy/genfs_contexts
 create mode 100644 gps/pixel/sepolicy/hal_gnss_pixel.te
 create mode 100644 gps/pixel/sepolicy/service_contexts

diff --git a/gps/lsi/s5400.mk b/gps/lsi/s5400.mk
index de676ff..1bfc88e 100644
--- a/gps/lsi/s5400.mk
+++ b/gps/lsi/s5400.mk
@@ -14,3 +14,6 @@ PRODUCT_PACKAGES += \
 ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
     PRODUCT_VENDOR_PROPERTIES += vendor.gps.aol.enabled=true
 endif
+
+# Enable Pixel GNSS HAL
+include device/google/gs-common/gps/pixel/pixel_gnss_hal.mk
\ No newline at end of file
diff --git a/gps/lsi/sepolicy/hal_gnss_default.te b/gps/lsi/sepolicy/hal_gnss_default.te
index 54a08f9..7d363f0 100644
--- a/gps/lsi/sepolicy/hal_gnss_default.te
+++ b/gps/lsi/sepolicy/hal_gnss_default.te
@@ -8,3 +8,6 @@ binder_call(hal_gnss_default, gnssd);
 
 #Read GPS property
 get_prop(hal_gnss_default, vendor_gps_prop)
+
+#IPC between pixel and vendor HAL
+binder_call(hal_gnss_default, hal_gnss_pixel)
diff --git a/gps/pixel/device_framework_matrix_product.xml b/gps/pixel/device_framework_matrix_product.xml
new file mode 100644
index 0000000..2c93444
--- /dev/null
+++ b/gps/pixel/device_framework_matrix_product.xml
@@ -0,0 +1,10 @@
+<compatibility-matrix version="1.0" type="framework" level="8">
+    <hal format="aidl" optional="true">
+        <name>android.hardware.gnss</name>
+        <version>3</version>
+        <interface>
+            <name>IGnss</name>
+            <instance>vendor</instance>
+        </interface>
+    </hal>
+</compatibility-matrix>
diff --git a/gps/pixel/pixel_gnss_hal.mk b/gps/pixel/pixel_gnss_hal.mk
new file mode 100644
index 0000000..b0edff7
--- /dev/null
+++ b/gps/pixel/pixel_gnss_hal.mk
@@ -0,0 +1,15 @@
+# Include this file to enable Pixel GNSS HAL
+
+$(call soong_config_set, pixel_gnss, enable_pixel_gnss_aidl_service, true)
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/pixel/sepolicy
+
+PRODUCT_PACKAGES += \
+    android.hardware.gnss-service.pixel
+
+PRODUCT_VENDOR_PROPERTIES += \
+    persist.vendor.gps.hal.service.name=vendor
+
+# Compatibility matrix
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += \
+    device/google/gs-common/gps/pixel/device_framework_matrix_product.xml
diff --git a/gps/pixel/sepolicy/file.te b/gps/pixel/sepolicy/file.te
new file mode 100644
index 0000000..79e95ab
--- /dev/null
+++ b/gps/pixel/sepolicy/file.te
@@ -0,0 +1 @@
+type sysfs_modem_state, sysfs_type, fs_type;
diff --git a/gps/pixel/sepolicy/file_contexts b/gps/pixel/sepolicy/file_contexts
new file mode 100644
index 0000000..8bd8f92
--- /dev/null
+++ b/gps/pixel/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/hw/android\.hardware\.gnss-service\.pixel             u:object_r:hal_gnss_pixel_exec:s0
+
diff --git a/gps/pixel/sepolicy/genfs_contexts b/gps/pixel/sepolicy/genfs_contexts
new file mode 100644
index 0000000..494aa97
--- /dev/null
+++ b/gps/pixel/sepolicy/genfs_contexts
@@ -0,0 +1,2 @@
+# modem state node
+genfscon sysfs /devices/platform/cpif/modem_state       u:object_r:sysfs_modem_state:s0
diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te
new file mode 100644
index 0000000..512ecc9
--- /dev/null
+++ b/gps/pixel/sepolicy/hal_gnss_pixel.te
@@ -0,0 +1,14 @@
+type hal_gnss_pixel, domain;
+hal_server_domain(hal_gnss_pixel, hal_gnss)
+
+type hal_gnss_pixel_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_gnss_pixel)
+
+#IPC between pixel and vendor HAL
+binder_call(hal_gnss_pixel, hal_gnss_default)
+
+#Read modem state
+allow hal_gnss_pixel sysfs_modem_state:file r_file_perms;
+
+#Toggle coredump node
+allow hal_gnss_pixel sysfs_gps:file rw_file_perms;
diff --git a/gps/pixel/sepolicy/service_contexts b/gps/pixel/sepolicy/service_contexts
new file mode 100644
index 0000000..cc9871f
--- /dev/null
+++ b/gps/pixel/sepolicy/service_contexts
@@ -0,0 +1 @@
+android.hardware.gnss.IGnss/vendor                                 u:object_r:hal_gnss_service:s0
\ No newline at end of file