From 2daad9a814b1678747d1b322252613e3418ece46 Mon Sep 17 00:00:00 2001 From: Eliot Wong Date: Mon, 31 Jul 2023 16:07:01 -0400 Subject: [PATCH] Add SEPolicy for vendor_camera_isp_service Allows the Camera HAL to start a new ISP Service. avc message: 07-31 17:08:46.990 536 536 E SELinux : avc: denied { add } for pid=8308 uid=1000 name=com.google.pixel.camera.isp.IIspService/default scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0 Bug: 293447476 Test: verify no avc errors and ISP Service starts Test: atest liblyric.services_isp_service_test Change-Id: Icbd07820d3323c09868d0249c1ef9d7f2952751e --- camera/sepolicy/hal_camera_default.te | 3 +++ camera/sepolicy/service.te | 2 ++ camera/sepolicy/service_contexts | 3 +++ 3 files changed, 8 insertions(+) diff --git a/camera/sepolicy/hal_camera_default.te b/camera/sepolicy/hal_camera_default.te index 62eef4a..dd00cc3 100644 --- a/camera/sepolicy/hal_camera_default.te +++ b/camera/sepolicy/hal_camera_default.te @@ -7,3 +7,6 @@ allow hal_camera_default hal_pixel_remote_camera_service:service_manager find; binder_call(hal_camera_default, vendor_pbcs_app); binder_call(hal_camera_default, vendor_pcs_app); + +# Allow Lyric HAL to start ISP Service +add_service(hal_camera_default, vendor_camera_isp_service) diff --git a/camera/sepolicy/service.te b/camera/sepolicy/service.te index 330c7ff..1f1ac79 100644 --- a/camera/sepolicy/service.te +++ b/camera/sepolicy/service.te @@ -3,3 +3,5 @@ type vendor_camera_binder_service, hal_service_type, protected_service, service_ type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type; type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type; + +type vendor_camera_isp_service, hal_service_type, protected_service, service_manager_type; diff --git a/camera/sepolicy/service_contexts b/camera/sepolicy/service_contexts index bec3402..50b89df 100644 --- a/camera/sepolicy/service_contexts +++ b/camera/sepolicy/service_contexts @@ -3,3 +3,6 @@ com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:vendor com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0 com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:vendor_camera_lyricconfigprovider_service:s0 + +com.google.pixel.camera.isp.IIspService/default u:object_r:vendor_camera_isp_service:s0 +