From fb20bc80c4dba40f7c0557f368c6e352f2459b14 Mon Sep 17 00:00:00 2001
From: Utku Utkan <utkan@google.com>
Date: Wed, 21 Jun 2023 08:56:10 -0700
Subject: [PATCH] Add SEPolicy for vendor_camera_binder_service

Bug: 287069860
Test: lunch <device-type>-userdebug && m
Change-Id: Id993e137ebc041e583b4f6c5f6e1ab6e8cdae7b2
---
 camera/sepolicy/hal_camera_default.te | 3 +++
 camera/sepolicy/service.te            | 1 +
 camera/sepolicy/service_contexts      | 1 +
 camera/sepolicy/vendor_pbcs_app.te    | 4 ++++
 4 files changed, 9 insertions(+)
 create mode 100644 camera/sepolicy/hal_camera_default.te
 create mode 100644 camera/sepolicy/service.te
 create mode 100644 camera/sepolicy/service_contexts

diff --git a/camera/sepolicy/hal_camera_default.te b/camera/sepolicy/hal_camera_default.te
new file mode 100644
index 0000000..9b92a2e
--- /dev/null
+++ b/camera/sepolicy/hal_camera_default.te
@@ -0,0 +1,3 @@
+allow hal_camera_default vendor_camera_binder_service:service_manager find;
+
+binder_call(hal_camera_default, vendor_pbcs_app);
diff --git a/camera/sepolicy/service.te b/camera/sepolicy/service.te
new file mode 100644
index 0000000..b931b40
--- /dev/null
+++ b/camera/sepolicy/service.te
@@ -0,0 +1 @@
+type vendor_camera_binder_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/service_contexts b/camera/sepolicy/service_contexts
new file mode 100644
index 0000000..dfebcbb
--- /dev/null
+++ b/camera/sepolicy/service_contexts
@@ -0,0 +1 @@
+com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:vendor_camera_binder_service:s0
diff --git a/camera/sepolicy/vendor_pbcs_app.te b/camera/sepolicy/vendor_pbcs_app.te
index 085dbcf..cc04c60 100644
--- a/camera/sepolicy/vendor_pbcs_app.te
+++ b/camera/sepolicy/vendor_pbcs_app.te
@@ -5,3 +5,7 @@ app_domain(vendor_pbcs_app);
 allow vendor_pbcs_app system_app_data_file:dir search;
 
 allow vendor_pbcs_app app_api_service:service_manager find;
+
+allow vendor_pbcs_app vendor_camera_binder_service:service_manager add;
+
+binder_call(vendor_pbcs_app, hal_camera_default);