gs101-sepolicy: Allow binder call rlsservice from camera

This is to fix below avc denial: E SELinux : avc: denied { find } for pid=28954 uid=1000 name=rlsservice scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:rls_service:s0 tclass=service_manager permissive=0 The solution is similar to ag/7253836 (coral) and ag/10232101 (redbull). Fix: 183620858 Test: adb shell setprop persist.vendor.camera.dump_range_data 1 && adb shell pkill -f camera, then retest camera Change-Id: I6bb743c15ee64e3c4ecb8359126b238554aa649e
2021-04-01 10:47:20 -07:00 · 2021-04-01 10:47:20 -07:00 · 765e8e2374
commit 765e8e2374
parent 122849026f
1 changed files with 4 additions and 0 deletions
--- a/whitechapel/vendor/google/hal_camera_default.te
+++ b/whitechapel/vendor/google/hal_camera_default.te
@ -28,6 +28,10 @@ allow hal_camera_default persist_camera_file:file r_file_perms;
 get_prop(hal_camera_default, vendor_camera_prop);
 get_prop(hal_camera_default, vendor_camera_debug_prop);

+# For camera hal to talk with rlsservice
+allow hal_camera_default rls_service:service_manager find;
+binder_call(hal_camera_default, rlsservice)
+
 hal_client_domain(hal_camera_default, hal_graphics_allocator);
 hal_client_domain(hal_camera_default, hal_power);
 hal_client_domain(hal_camera_default, hal_thermal);