From f648f3c989c0292147f30826b172b0365b4bee6c Mon Sep 17 00:00:00 2001
From: Michael Eastwood <mweastwood@google.com>
Date: Tue, 8 Mar 2022 13:54:34 -0800
Subject: [PATCH] Update SELinux policy to allow camera HAL to send Perfetto
 trace packets

Example denials:

03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr
aced:s0 tclass=fd permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext
=u:object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:
object_r:traced_tmpfs:s0 tclass=file permissive=1
03-04 04:25:37.524   823   823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1

Bug: 222684359
Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto.
Change-Id: I0180c6bccf8cb65f444b8fb687ab48422c211bac
---
 whitechapel/vendor/google/hal_camera_default.te | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/whitechapel/vendor/google/hal_camera_default.te b/whitechapel/vendor/google/hal_camera_default.te
index bb0e206f..24246d2f 100644
--- a/whitechapel/vendor/google/hal_camera_default.te
+++ b/whitechapel/vendor/google/hal_camera_default.te
@@ -83,12 +83,15 @@ allow hal_camera_default apex_info_file:file r_file_perms;
 # Allow camera HAL to query current device clock frequencies.
 allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;
 
-# allow camera HAL to read backlight of display
+# Allow camera HAL to read backlight of display
 allow hal_camera_default sysfs_leds:dir r_dir_perms;
 allow hal_camera_default sysfs_leds:file r_file_perms;
 
-# allow camera HAL to query interrupts and set interrupt affinity
+# Allow camera HAL to query interrupts and set interrupt affinity
 allow hal_camera_default proc_irq:dir r_dir_perms;
 allow hal_camera_default proc_irq:file rw_file_perms;
 allow hal_camera_default proc_interrupts:dir r_dir_perms;
 allow hal_camera_default proc_interrupts:file r_file_perms;
+
+# Allow camera HAL to send trace packets to Perfetto
+userdebug_or_eng(`perfetto_producer(hal_camera_default)')