Define security policy for DSP FastRPC daemons

Create unified policy module xdsprpcd with attribute-based approach
covering all DSP daemon domains (ADSP, CDSP, GDSP, SDSP) and required
permissions for FastRPC device access, DMA operations, and system
integration.

- xdsprpcd.fc: Label DSP daemon executables with respective exec_t types
- xdsprpcd.if: Define interface file describing all DSP daemons
  Source: https://github.com/qualcomm/fastrpc.git
- xdsprpcd.te: Define xdsprpcd_domain attribute and daemon domains with permissions:
  * Unix datagram socket creation and sendto for logging
  * FastRPC device access via dev_read_secure_fastrpc() and
    dev_read_fastrpc() interfaces
  * DMA heap device access (/dev/dma_heap/*) via dev_rw_dma_dev()
  * Sysfs reading for device tree model information
  * Configuration file reading from /usr/share/qcom/
  * Directory watching (inotify) for /dev, /usr/lib, and /usr/share
  * Runtime directory search and syslog messaging
  * Localization file access

The policy uses attribute-based approach for clean abstraction and
maintainability, with provision for daemon-specific rules when needed.

Signed-off-by: Vinayak Katoch <vkatoch@qti.qualcomm.com>

Author: quic-vkatoch

policy/modules/services/xdsprpcd.fc

@@ -0,0 +1,4 @@
+/usr/bin/adsprpcd	--	gen_context(system_u:object_r:adsprpcd_exec_t,s0)
+/usr/bin/cdsprpcd	--	gen_context(system_u:object_r:cdsprpcd_exec_t,s0)
+/usr/bin/gdsprpcd	--	gen_context(system_u:object_r:gdsprpcd_exec_t,s0)
+/usr/bin/sdsprpcd	--	gen_context(system_u:object_r:sdsprpcd_exec_t,s0)

policy/modules/services/xdsprpcd.if

@@ -0,0 +1,17 @@
+## <summary>Qualcomm DSP FastRPC daemons</summary>
+##
+## <desc>
+## <p>
+## Consolidated policy module for Qualcomm DSP FastRPC daemons.
+## These daemons establish connections to various DSP processors:
+## </p>
+## <ul>
+## <li>adsprpcd - ADSP daemon</li>
+## <li>cdsprpcd - CDSP daemon</li>
+## <li>gdsprpcd - GDSP daemon</li>
+## <li>sdsprpcd - SDSP daemon</li>
+## </ul>
+## <p>
+## Source: https://github.com/qualcomm/fastrpc.git
+## </p>
+## </desc>

policy/modules/services/xdsprpcd.te

@@ -0,0 +1,79 @@
+policy_module(xdsprpcd)
+
+########################################
+#
+# Declarations
+#
+
+## <desc>
+## <p>
+## Consolidated policy for Qualcomm DSP FastRPC daemons.
+## Covers ADSP, CDSP, GDSP, and SDSP daemon processes.
+## </p>
+## </desc>
+
+attribute xdsprpcd_domain;
+
+type adsprpcd_t;
+type adsprpcd_exec_t;
+init_daemon_domain(adsprpcd_t, adsprpcd_exec_t)
+typeattribute adsprpcd_t xdsprpcd_domain;
+
+type cdsprpcd_t;
+type cdsprpcd_exec_t;
+init_daemon_domain(cdsprpcd_t, cdsprpcd_exec_t)
+typeattribute cdsprpcd_t xdsprpcd_domain;
+
+type gdsprpcd_t;
+type gdsprpcd_exec_t;
+init_daemon_domain(gdsprpcd_t, gdsprpcd_exec_t)
+typeattribute gdsprpcd_t xdsprpcd_domain;
+
+type sdsprpcd_t;
+type sdsprpcd_exec_t;
+init_daemon_domain(sdsprpcd_t, sdsprpcd_exec_t)
+typeattribute sdsprpcd_t xdsprpcd_domain;
+
+########################################
+#
+# xdsprpcd_domain local policy
+#
+
+allow xdsprpcd_domain self:unix_dgram_socket { create_socket_perms sendto };
+
+dev_read_fastrpc(xdsprpcd_domain)
+dev_read_secure_fastrpc(xdsprpcd_domain)
+dev_read_sysfs(xdsprpcd_domain)
+dev_rw_dma_dev(xdsprpcd_domain)
+dev_watch_dev_dirs(xdsprpcd_domain)
+
+files_read_usr_files(xdsprpcd_domain)
+files_watch_usr_dirs(xdsprpcd_domain)
+
+init_search_runtime(xdsprpcd_domain)
+
+libs_watch_shared_libs_dirs(xdsprpcd_domain)
+
+logging_send_syslog_msg(xdsprpcd_domain)
+
+miscfiles_read_localization(xdsprpcd_domain)
+
+########################################
+#
+# Daemon-specific policy
+#
+# Add daemon-specific permissions below if needed in the future.
+# Example:
+#
+# # ADSP-specific policy
+# allow adsprpcd_t some_type:some_class { some_permission };
+#
+# # CDSP-specific policy
+# allow cdsprpcd_t some_type:some_class { some_permission };
+#
+# # GDSP-specific policy
+# allow gdsprpcd_t some_type:some_class { some_permission };
+#
+# # SDSP-specific policy
+# allow sdsprpcd_t some_type:some_class { some_permission };
+#