From d5763c2d21d287417856a080e67d6f391effb790 Mon Sep 17 00:00:00 2001
From: Davide Garberi <dade.garberi@gmail.com>
Date: Fri, 21 Feb 2020 21:06:49 +0100
Subject: sdm660-common: sepolicy: Address some denials

Change-Id: Iaba642838e51a2c39c2961e30456148f9794f60e
---
 sepolicy/vendor/genfs_contexts         | 6 ++++++
 sepolicy/vendor/hal_camera_default.te  | 1 +
 sepolicy/vendor/hal_sensors_default.te | 1 +
 sepolicy/vendor/property_contexts      | 2 ++
 sepolicy/vendor/vendor_init.te         | 1 +
 5 files changed, 11 insertions(+)
 create mode 100644 sepolicy/vendor/hal_camera_default.te
 create mode 100644 sepolicy/vendor/hal_sensors_default.te

(limited to 'sepolicy')

diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 4589cfc..baf0bae 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -1,13 +1,19 @@
 # Battery
 genfscon sysfs /devices/soc/c176000.i2c/i2c-2/2-001d            u:object_r:sysfs_battery_supply:s0
 
+# Camera
+genfscon sysfs /devices/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@3/video4linux/video5/name                                     u:object_r:sysfs_graphics:s0
+genfscon sysfs /camera_sensorid/sensorid                        u:object_r:sysfs_graphics:s0
+
 # Fingerprint
 genfscon sysfs /devices/soc/soc:fingerprint_fpc/device_prepare  u:object_r:sysfs_fingerprint:s0
 genfscon sysfs /devices/soc/soc:fingerprint_fpc/fingerdown_wait u:object_r:sysfs_fingerprint:s0
+genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq             u:object_r:sysfs_fingerprint:s0
 genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq_enable      u:object_r:sysfs_fingerprint:s0
 genfscon sysfs /devices/soc/soc:fingerprint_fpc/wakeup_enable   u:object_r:sysfs_fingerprint:s0
 genfscon sysfs /devices/soc/soc:fpc1020/device_prepare          u:object_r:sysfs_fingerprint:s0
 genfscon sysfs /devices/soc/soc:fpc1020/fingerdown_wait         u:object_r:sysfs_fingerprint:s0
+genfscon sysfs /devices/soc/soc:fpc1020/irq                     u:object_r:sysfs_fingerprint:s0
 genfscon sysfs /devices/soc/soc:fpc1020/irq_enable              u:object_r:sysfs_fingerprint:s0
 genfscon sysfs /devices/soc/soc:fpc1020/wakeup_enable           u:object_r:sysfs_fingerprint:s0
 
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
new file mode 100644
index 0000000..6a3d424
--- /dev/null
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -0,0 +1 @@
+allow hal_camera_default sysfs_kgsl:file r_file_perms;
diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te
new file mode 100644
index 0000000..a72057f
--- /dev/null
+++ b/sepolicy/vendor/hal_sensors_default.te
@@ -0,0 +1 @@
+set_prop(hal_sensors_default, camera_prop)
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 617ac13..6d83f88 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -10,6 +10,8 @@ cameradaemon.SaveMemAtBoot              u:object_r:vendor_default_prop:s0
 cpp.set.clock                           u:object_r:vendor_default_prop:s0
 disable.cpp.power.collapse              u:object_r:vendor_default_prop:s0
 persist.camera.                         u:object_r:vendor_default_prop:s0
+persist.vendor.camera.                  u:object_r:camera_prop:s0
+vendor.camera.eis.gyro_name             u:object_r:camera_prop:s0
 
 # Fingerprint
 fpc_kpi                                 u:object_r:vendor_default_prop:s0
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index b3d4c00..466bd1d 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -6,3 +6,4 @@ allow vendor_init {
 }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
 
 set_prop(vendor_init, freq_prop)
+set_prop(vendor_init, camera_prop)
-- 
cgit v1.2.3