From 46ec476bbc61bd8490a6ef9d0bc8c38b6dbb8c16 Mon Sep 17 00:00:00 2001
From: timmyli <timmyli@google.com>
Date: Tue, 29 Nov 2022 04:00:46 +0000
Subject: [PATCH] Fix rlsservice selinux denial

Allow rlsservice to access vendor_camera_prop

Bug: 260366344
Test: Compiles. Removing rlsservice.te and running specified unit test
does not reproduce bug.

Change-Id: I5b79c2c86ff3f35d1123e5e1b2a1a942f825af5e
---
 legacy/whitechapel_pro/rlsservice.te | 2 ++
 tracking_denials/rlsservice.te       | 5 -----
 2 files changed, 2 insertions(+), 5 deletions(-)
 delete mode 100644 tracking_denials/rlsservice.te

diff --git a/legacy/whitechapel_pro/rlsservice.te b/legacy/whitechapel_pro/rlsservice.te
index 2297900c..7a964fb9 100644
--- a/legacy/whitechapel_pro/rlsservice.te
+++ b/legacy/whitechapel_pro/rlsservice.te
@@ -28,3 +28,5 @@ allow rlsservice aoc_device:chr_file rw_file_perms;
 # For observing apex file changes
 allow rlsservice apex_info_file:file r_file_perms;
 
+# Allow read camera property
+get_prop(rlsservice, vendor_camera_prop);
\ No newline at end of file
diff --git a/tracking_denials/rlsservice.te b/tracking_denials/rlsservice.te
deleted file mode 100644
index a7fcc4b2..00000000
--- a/tracking_denials/rlsservice.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/260366344
-dontaudit rlsservice vendor_camera_prop:file { getattr };
-dontaudit rlsservice vendor_camera_prop:file { map };
-dontaudit rlsservice vendor_camera_prop:file { open };
-dontaudit rlsservice vendor_camera_prop:file { read };