From d2ce22775d5146878a7677f9c9a57010fdd6f552 Mon Sep 17 00:00:00 2001
From: GuaiYiHu <guaiyihu@foxmail.com>
Date: Wed, 10 Apr 2019 10:40:06 +0800
Subject: [PATCH] sdm660-common: sepolicy: Address camera denials

Change-Id: I052adadca396fb104af49daec1d83047d0809416
---
 sepolicy/vendor/hal_camera_default.te |  1 +
 sepolicy/vendor/property_contexts     | 10 ++++++++--
 sepolicy/vendor/vendor_init.te        |  2 ++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index 0f40bbd0..7cdfe433 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -4,3 +4,4 @@ binder_call(hal_camera_default, hal_graphics_allocator_default)
 allow hal_camera_default { hal_configstore_ISurfaceFlingerConfigs hal_graphics_allocator_hwservice }:hwservice_manager find;
 allow hal_camera_default sysfs:file { getattr open read };
 allow hal_camera_default sysfs_kgsl:file { getattr open read };
+set_prop(hal_camera_default, vendor_camera_prop)
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 96247169..f3a55040 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -1,5 +1,3 @@
-persist.camera.                     u:object_r:camera_prop:s0
-persist.vendor.camera.              u:object_r:camera_prop:s0
 sys.fp.goodix	u:object_r:hal_fingerprint_prop:s0
 sys.fp.vendor   u:object_r:hal_fingerprint_prop:s0
 persist.sys.fp.info u:object_r:hal_fingerprint_prop:s0
@@ -11,6 +9,14 @@ persist.vendor.sys.provision.status u:object_r:mlipay_prop:s0
 persist.sys.thermal.  u:object_r:thermal_engine_prop:s0
 sys.thermal.          u:object_r:thermal_engine_prop:s0
 
+# Camera
+camera.                             u:object_r:camera_prop:s0
+cameradaemon.SaveMemAtBoot          u:object_r:camera_prop:s0
+cpp.set.clock                       u:object_r:camera_prop:s0
+disable.cpp.power.collapse          u:object_r:camera_prop:s0
+persist.camera.                     u:object_r:camera_prop:s0
+persist.vendor.camera.              u:object_r:vendor_camera_prop:s0
+
 # Fingerprint
 gf.debug.dump_data                  u:object_r:vendor_fp_prop:s0
 persist.sys.fp.                     u:object_r:vendor_fp_prop:s0
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 9f602b15..9d672812 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -11,3 +11,5 @@ allow vendor_init persist_debug_prop:property_service set;
 allow vendor_init persist_dpm_prop:property_service set;
 allow vendor_init qcom_ims_prop:property_service set;
 allow vendor_init rootfs:lnk_file setattr;
+set_prop(vendor_init, camera_prop)
+set_prop(vendor_init, vendor_camera_prop)