From 30bd5e8ed68adc7f5f1f6149dfb763bc43c01a4e Mon Sep 17 00:00:00 2001
From: Michael Eastwood <mweastwood@google.com>
Date: Tue, 27 Jul 2021 17:17:17 -0700
Subject: [PATCH] Allow hal_dumpstate_default to access
 vendor_camera_debug_prop

Bug: 193365129
Test: atest com.google.android.selinux.pts.SELinuxTest#scanBugreport
Change-Id: I43e389d46e8116844bb9ca4259e5ea28e86c50f4
---
 tracking_denials/hal_dumpstate_default.te          | 2 --
 whitechapel/vendor/google/hal_dumpstate_default.te | 3 +++
 2 files changed, 3 insertions(+), 2 deletions(-)
 delete mode 100644 tracking_denials/hal_dumpstate_default.te

diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te
deleted file mode 100644
index d175c643..00000000
--- a/tracking_denials/hal_dumpstate_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/193365129
-dontaudit hal_dumpstate_default vendor_camera_debug_prop:file read;
diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te
index 5c61bf46..b5608c16 100644
--- a/whitechapel/vendor/google/hal_dumpstate_default.te
+++ b/whitechapel/vendor/google/hal_dumpstate_default.te
@@ -27,6 +27,9 @@ allow hal_dumpstate_default vendor_rfsd_log_file:file r_file_perms;
 allow hal_dumpstate_default vendor_camera_data_file:dir r_dir_perms;
 allow hal_dumpstate_default vendor_camera_data_file:file r_file_perms;
 
+# camera prop access
+get_prop(hal_dumpstate_default, vendor_camera_debug_prop);
+
 allow hal_dumpstate_default vendor_log_file:dir search;
 
 allow hal_dumpstate_default vendor_usf_stats:file execute_no_trans;