From df68b9bc589a3a0af59155a442ad019be2b5ae2b Mon Sep 17 00:00:00 2001
From: timmyli <timmyli@google.com>
Date: Mon, 7 Oct 2024 09:40:24 +0000
Subject: [PATCH] Add permission for mediacodec to bindercall camera hal

Bug: 370903762
Test: local test to check permissions
Flag: EXEMPT bug fix

10-07 01:54:59.328000  1046   768   768 I auditd  : type=1400 audit(0.0:1920): avc:  denied  { call } for  comm="binder:768_A" scontext=u:r:mediacodec_google:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=0
10-07 01:54:59.328000  1046   768   768 W binder:768_A: type=1400 audit(0.0:1920): avc:  denied  { call } for  scontext=u:r:mediacodec_google:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=0

Change-Id: I437df92d99f0c31c0b5a1bdebc63f6bc7360ca90
---
 mediacodec/vpu/sepolicy/mediacodec_google.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te
index 8022675..99a3c8d 100644
--- a/mediacodec/vpu/sepolicy/mediacodec_google.te
+++ b/mediacodec/vpu/sepolicy/mediacodec_google.te
@@ -1,3 +1,4 @@
+# Google Mediacodec
 type mediacodec_google, domain;
 type mediacodec_google_exec, exec_type, vendor_file_type, file_type;
 
@@ -8,6 +9,7 @@ hal_server_domain(mediacodec_google, hal_codec2)
 hal_client_domain(mediacodec_google, hal_graphics_allocator)
 
 add_service(mediacodec_google, eco_service)
+binder_call(mediacodec_google, hal_camera_default)
 
 allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
 allow mediacodec_google video_device:chr_file { read write open ioctl map };