From 8d090cc4dbbe449985483873a248da2f3c9225c6 Mon Sep 17 00:00:00 2001
From: Max Weffers <rcstar6696@gmail.com>
Date: Tue, 20 Aug 2019 23:11:46 +0200
Subject: [PATCH] sdm660-common: sepolicy: fix Camera denials for access camera
 data

* needed for clover oreo blobs
---
 sepolicy/vendor/hal_camera_default.te | 5 +++++
 sepolicy/vendor/vendor_init.te        | 1 +
 2 files changed, 6 insertions(+)

diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index 7cdfe433..cc77c2ee 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -1,7 +1,12 @@
 binder_call(hal_camera_default, hal_configstore_default)
 binder_call(hal_camera_default, hal_graphics_allocator_default)
+typeattribute hal_camera_default data_between_core_and_vendor_violators;
 
 allow hal_camera_default { hal_configstore_ISurfaceFlingerConfigs hal_graphics_allocator_hwservice }:hwservice_manager find;
 allow hal_camera_default sysfs:file { getattr open read };
 allow hal_camera_default sysfs_kgsl:file { getattr open read };
+
+allow hal_camera_default camera_data_file:dir w_dir_perms;
+allow hal_camera_default camera_data_file:file create_file_perms;
+
 set_prop(hal_camera_default, vendor_camera_prop)
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 9de87083..5e1d051b 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -5,6 +5,7 @@ allow vendor_init {
   media_rw_data_file
   system_data_file
   tombstone_data_file
+  camera_data_file
 }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
 
 set_prop(vendor_init, camera_prop)