From 3d5b846424db0a99bd2ba15c507cb2ebb22659f9 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Mon, 7 Nov 2022 22:14:27 -0500
Subject: [PATCH] gsi: Build QcRilAm and import SEPolicy for it

Fixes in-call audio on QCOM
---
 device.mk                           |  4 ++++
 sepolicy/private/hal_telephony.te   |  4 ++++
 sepolicy/private/hwservice_contexts |  3 +++
 sepolicy/private/qcrilam_app.te     | 22 ++++++++++++++++++++++
 sepolicy/private/seapp_contexts     |  1 +
 5 files changed, 34 insertions(+)
 create mode 100644 sepolicy/private/hal_telephony.te
 create mode 100644 sepolicy/private/hwservice_contexts
 create mode 100644 sepolicy/private/qcrilam_app.te
 create mode 100644 sepolicy/private/seapp_contexts

diff --git a/device.mk b/device.mk
index 2d5a5d1..783f26f 100644
--- a/device.mk
+++ b/device.mk
@@ -69,6 +69,10 @@ PRODUCT_COPY_FILES += \
     device/peter/gsi/bluetooth/audio/config/sysbta_audio_policy_configuration.xml:$(TARGET_COPY_OUT_SYSTEM)/etc/sysbta_audio_policy_configuration.xml \
     device/peter/gsi/bluetooth/audio/config/sysbta_audio_policy_configuration_7_0.xml:$(TARGET_COPY_OUTY_SYSTEM)/etc/sysbta_audio_policy_configuration_7_0.xml
 
+# QcRilAm service for QCOM in-call audio (packages/apps/QcRilAm)
+PRODUCT_PACKAGES += \
+    QcRilAm
+
 # Enable ro.adb.secure on userdebug and user
 ifeq (,$(filter eng,$(TARGET_BUILD_VARIANT)))
     PRODUCT_SYSTEM_EXT_PROPERTIES += \
diff --git a/sepolicy/private/hal_telephony.te b/sepolicy/private/hal_telephony.te
new file mode 100644
index 0000000..398de41
--- /dev/null
+++ b/sepolicy/private/hal_telephony.te
@@ -0,0 +1,4 @@
+type rild, domain;
+
+allow system_app hal_telephony_hwservice:hwservice_manager find;
+allow { rild system_app } { rild system_app }:binder { call transfer };
diff --git a/sepolicy/private/hwservice_contexts b/sepolicy/private/hwservice_contexts
new file mode 100644
index 0000000..91e2392
--- /dev/null
+++ b/sepolicy/private/hwservice_contexts
@@ -0,0 +1,3 @@
+# HIDL interface for QcRilAm
+vendor.qti.hardware.radio.am::IQcRilAudio    u:object_r:hal_telephony_hwservice:s0
+vendor.qti.qcril.am::IQcRilAudio             u:object_r:hal_telephony_hwservice:s0
diff --git a/sepolicy/private/qcrilam_app.te b/sepolicy/private/qcrilam_app.te
new file mode 100644
index 0000000..8b3dc0e
--- /dev/null
+++ b/sepolicy/private/qcrilam_app.te
@@ -0,0 +1,22 @@
+type qcrilam_app, domain;
+
+app_domain(qcrilam_app)
+
+# Needed to get access to /data/data/com.sony.qcrilam
+# Only getattr and search are requested since qcrilam does not write to its own directory
+# /data/data/com.sony.qcrilam only has two empty subdirs
+dontaudit qcrilam_app app_data_file:dir { getattr search };
+
+# Access services that should be available to all apps
+allow qcrilam_app app_api_service:service_manager find;
+
+# Find media.audio_flinger
+allow qcrilam_app audioserver_service:service_manager find;
+# Find isub
+allow qcrilam_app radio_service:service_manager find;
+
+# Find the vendor.qti.hardware.radio.am::IQcRilAudio HIDL service
+# And grant binder access to the host (`rild`)
+hal_client_domain(qcrilam_app, hal_telephony)
+
+allow qcrilam_app cgroup:file w_file_perms;
diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts
new file mode 100644
index 0000000..2153f7d
--- /dev/null
+++ b/sepolicy/private/seapp_contexts
@@ -0,0 +1 @@
+user=_app seinfo=platform name=com.sony.qcrilam domain=qcrilam_app type=app_data_file