From c387a9b7aca680ccc196baa0ef0086d8099346ce Mon Sep 17 00:00:00 2001
From: Eliot Wong <eliotw@google.com>
Date: Fri, 15 Mar 2024 17:41:10 -0400
Subject: [PATCH] Add SEPolicy for vendor_camera_image_processing_hal_service

avc message:
03-15 17:48:21.744   440   440 E SELinux : avc:  denied  { add } for pid=863 uid=1000 name=com.google.android.imageprocessing.IImageProcessingHal scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_image_processing_hal_service:s0 tclass=service_manager permissive=1

Bug: 323402267
Test: atest liblyric.services_image_processing_hal_test
Test: demo app
Change-Id: Idc9752a1a3f4b18de5f720a384fae97f0f160e98
---
 camera/sepolicy/vendor/hal_camera_default.te | 3 ++-
 camera/sepolicy/vendor/service.te            | 2 ++
 camera/sepolicy/vendor/service_contexts      | 2 ++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/camera/sepolicy/vendor/hal_camera_default.te b/camera/sepolicy/vendor/hal_camera_default.te
index 4c9aa05..9e7b105 100644
--- a/camera/sepolicy/vendor/hal_camera_default.te
+++ b/camera/sepolicy/vendor/hal_camera_default.te
@@ -8,5 +8,6 @@ binder_call(hal_camera_default, vendor_pbcs_app);
 
 binder_call(hal_camera_default, vendor_pcs_app);
 
-# Allow Lyric HAL to start ISP Service
+# Allow Lyric HAL to start ISP Service and Image Processing HAL
 add_service(hal_camera_default, vendor_camera_isp_service)
+add_service(hal_camera_default, vendor_image_processing_hal_service)
diff --git a/camera/sepolicy/vendor/service.te b/camera/sepolicy/vendor/service.te
index 87a1d93..35887ba 100644
--- a/camera/sepolicy/vendor/service.te
+++ b/camera/sepolicy/vendor/service.te
@@ -5,3 +5,5 @@ type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_serv
 type vendor_camera_isp_service, hal_service_type, protected_service, service_manager_type;
 
 type vendor_camera_cameraidremapper_service, hal_service_type, protected_service, service_manager_type;
+
+type vendor_image_processing_hal_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/vendor/service_contexts b/camera/sepolicy/vendor/service_contexts
index 1bcaab8..9f5e335 100644
--- a/camera/sepolicy/vendor/service_contexts
+++ b/camera/sepolicy/vendor/service_contexts
@@ -5,3 +5,5 @@ com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/defaul
 com.google.pixel.camera.isp.IIspService/default u:object_r:vendor_camera_isp_service:s0
 
 com.google.pixel.camera.services.cameraidremapper.ICameraIdRemapper/default u:object_r:vendor_camera_cameraidremapper_service:s0
+
+com.google.android.imageprocessing.IImageProcessingHal u:object_r:vendor_image_processing_hal_service:s0