Add sepolicy configs for LyricConfigProvider Service am: 8a5b714f8d
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/24111088
Change-Id: Iccb9b29c69187af254642bedeebd6da295f23b5f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/camera/sepolicy/hal_camera_default.te b/camera/sepolicy/hal_camera_default.te
index 35eea3c..62eef4a 100644
--- a/camera/sepolicy/hal_camera_default.te
+++ b/camera/sepolicy/hal_camera_default.te
@@ -1,4 +1,6 @@
allow hal_camera_default vendor_camera_binder_service:service_manager find;
+# Allow Lyric Hal to find the LyricConfigProvider service through ServiceManager.
+allow hal_camera_default vendor_camera_lyricconfigprovider_service:service_manager find;
allow hal_camera_default hal_pixel_remote_camera_service:service_manager find;
diff --git a/camera/sepolicy/seapp_contexts b/camera/sepolicy/seapp_contexts
index 9059600..f956929 100644
--- a/camera/sepolicy/seapp_contexts
+++ b/camera/sepolicy/seapp_contexts
@@ -1,5 +1,7 @@
# Pixel PeristentBackgroundCameraServices
user=system seinfo=platform name=com.google.pixel.camera.services domain=vendor_pbcs_app type=system_app_data_file levelFrom=all
+# The :* will allow all services, which run in their own processes, to use the same vendor_pbcs_app domain.
+user=system seinfo=platform name=com.google.pixel.camera.services:* domain=vendor_pbcs_app type=system_app_data_file levelFrom=all
# Pixel Camera Services
user=_app seinfo=CameraServices name=com.google.android.apps.camera.services domain=vendor_pcs_app type=app_data_file levelFrom=all
diff --git a/camera/sepolicy/service.te b/camera/sepolicy/service.te
index 4a2dcbb..330c7ff 100644
--- a/camera/sepolicy/service.te
+++ b/camera/sepolicy/service.te
@@ -1,3 +1,5 @@
type vendor_camera_binder_service, hal_service_type, protected_service, service_manager_type;
type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type;
+
+type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/service_contexts b/camera/sepolicy/service_contexts
index 5ea067f..bec3402 100644
--- a/camera/sepolicy/service_contexts
+++ b/camera/sepolicy/service_contexts
@@ -1,3 +1,5 @@
com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:vendor_camera_binder_service:s0
com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0
+
+com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:vendor_camera_lyricconfigprovider_service:s0
diff --git a/camera/sepolicy/vendor_pbcs_app.te b/camera/sepolicy/vendor_pbcs_app.te
index 1ee663f..1a3a0ef 100644
--- a/camera/sepolicy/vendor_pbcs_app.te
+++ b/camera/sepolicy/vendor_pbcs_app.te
@@ -6,6 +6,9 @@
allow vendor_pbcs_app app_api_service:service_manager find;
-allow vendor_pbcs_app vendor_camera_binder_service:service_manager add;
+# Allow PBCS to add the ServiceBinder service to ServiceManager.
+add_service(vendor_pbcs_app, vendor_camera_binder_service);
+# Allow PBCS to add the LyricConfigProvider service to ServiceManager.
+add_service(vendor_pbcs_app, vendor_camera_lyricconfigprovider_service);
binder_call(vendor_pbcs_app, hal_camera_default);