From 481c2a0799971ffb1b8656448036c5fd2e17f820 Mon Sep 17 00:00:00 2001
From: Aaron Ramirez <aaramirez@google.com>
Date: Mon, 18 Sep 2023 10:31:34 -0700
Subject: [PATCH] Add missing node_bind permission to SEPolicy.

Bug: 299315760
Test: Tested with SEPolicy enforcement on and verified PCS could open
requested video stream.

Merged-In: I41af99531feb968015c46cdf67d8c2d03b243a93
Change-Id: I41af99531feb968015c46cdf67d8c2d03b243a93
---
 camera/sepolicy/vendor_pcs_app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/camera/sepolicy/vendor_pcs_app.te b/camera/sepolicy/vendor_pcs_app.te
index 853ba15..d6a52bd 100644
--- a/camera/sepolicy/vendor_pcs_app.te
+++ b/camera/sepolicy/vendor_pcs_app.te
@@ -26,7 +26,9 @@ binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);
 allow vendor_pcs_app vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
 allow vendor_pcs_app fwmarkd_socket:sock_file write;
 allow vendor_pcs_app port:tcp_socket name_connect;
+allow vendor_pcs_app port:udp_socket name_bind;
 allow vendor_pcs_app netd:unix_stream_socket connectto;
+allow vendor_pcs_app node:udp_socket node_bind;
 
 allow netd vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
 allow netd vendor_pcs_app:fd use;