From 88284b922a0cddecd29de871cbcfe80904c5ab1d Mon Sep 17 00:00:00 2001
From: Utku Utkan <utkan@google.com>
Date: Wed, 14 Jun 2023 21:29:35 -0700
Subject: [PATCH] Add SEPolicy for hal_pixel_remote_camera_service

Bug: 287069860
Test: Manual developer testing with 'setenforce 1'
Change-Id: Iffe22dae7485bd433abdb60249ce8900a1996291
---
 camera/sepolicy/hal_camera_default.te | 4 ++++
 camera/sepolicy/service.te            | 2 ++
 camera/sepolicy/service_contexts      | 2 ++
 camera/sepolicy/vendor_pcs_app.te     | 4 ++++
 4 files changed, 12 insertions(+)

diff --git a/camera/sepolicy/hal_camera_default.te b/camera/sepolicy/hal_camera_default.te
index 9b92a2e..35eea3c 100644
--- a/camera/sepolicy/hal_camera_default.te
+++ b/camera/sepolicy/hal_camera_default.te
@@ -1,3 +1,7 @@
 allow hal_camera_default vendor_camera_binder_service:service_manager find;
 
+allow hal_camera_default hal_pixel_remote_camera_service:service_manager find;
+
 binder_call(hal_camera_default, vendor_pbcs_app);
+
+binder_call(hal_camera_default, vendor_pcs_app);
diff --git a/camera/sepolicy/service.te b/camera/sepolicy/service.te
index b931b40..4a2dcbb 100644
--- a/camera/sepolicy/service.te
+++ b/camera/sepolicy/service.te
@@ -1 +1,3 @@
 type vendor_camera_binder_service, hal_service_type, protected_service, service_manager_type;
+
+type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/service_contexts b/camera/sepolicy/service_contexts
index dfebcbb..5ea067f 100644
--- a/camera/sepolicy/service_contexts
+++ b/camera/sepolicy/service_contexts
@@ -1 +1,3 @@
 com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:vendor_camera_binder_service:s0
+
+com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0
diff --git a/camera/sepolicy/vendor_pcs_app.te b/camera/sepolicy/vendor_pcs_app.te
index 5dc25eb..112355d 100644
--- a/camera/sepolicy/vendor_pcs_app.te
+++ b/camera/sepolicy/vendor_pcs_app.te
@@ -5,3 +5,7 @@ app_domain(vendor_pcs_app);
 allow vendor_pcs_app app_api_service:service_manager find;
 
 allow vendor_pcs_app cameraserver_service:service_manager find;
+
+allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
+
+binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);