From 332714ffac860f46f389c6bedf8a7c1cc1cce98e Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Tue, 6 Feb 2024 08:36:39 +0000
Subject: [PATCH] Allow camera_app can access priv-app symlinks

Fix: 322417347
Test: make selinux_policy
Change-Id: I467667b3a824a2e8b93e47c61c28ed9015fd44c3
---
 private/debug_camera_app.te  | 2 ++
 private/google_camera_app.te | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/private/debug_camera_app.te b/private/debug_camera_app.te
index 8250e42a..69a804d9 100644
--- a/private/debug_camera_app.te
+++ b/private/debug_camera_app.te
@@ -13,4 +13,6 @@ userdebug_or_eng(`
 
 	# Allows GCA_Eng & GCA-Next to access the PowerHAL.
 	hal_client_domain(debug_camera_app, hal_power)
+	# Follow priv-app symlinks. This is used for dynamite functionality.
+	allow debug_camera_app privapp_data_file:lnk_file r_file_perms;
 ')
diff --git a/private/google_camera_app.te b/private/google_camera_app.te
index 4ce84afb..81e3527c 100644
--- a/private/google_camera_app.te
+++ b/private/google_camera_app.te
@@ -14,3 +14,6 @@ hal_client_domain(google_camera_app, hal_power)
 
 # Library code may try to access vendor properties, but should be denied
 dontaudit google_camera_app vendor_default_prop:file { getattr map open };
+
+# Follow priv-app symlinks. This is used for dynamite functionality.
+allow google_camera_app privapp_data_file:lnk_file r_file_perms;