Add SEPolicy for vendor_camera_isp_service
Allows the Camera HAL to start a new ISP Service.
avc message:
07-31 17:08:46.990 536 536 E SELinux : avc: denied { add } for
pid=8308 uid=1000 name=com.google.pixel.camera.isp.IIspService/default
scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=0
Bug: 293447476
Test: verify no avc errors and ISP Service starts
Test: atest liblyric.services_isp_service_test
Change-Id: Icbd07820d3323c09868d0249c1ef9d7f2952751e
diff --git a/camera/sepolicy/hal_camera_default.te b/camera/sepolicy/hal_camera_default.te
index 62eef4a..dd00cc3 100644
--- a/camera/sepolicy/hal_camera_default.te
+++ b/camera/sepolicy/hal_camera_default.te
@@ -7,3 +7,6 @@
binder_call(hal_camera_default, vendor_pbcs_app);
binder_call(hal_camera_default, vendor_pcs_app);
+
+# Allow Lyric HAL to start ISP Service
+add_service(hal_camera_default, vendor_camera_isp_service)
diff --git a/camera/sepolicy/service.te b/camera/sepolicy/service.te
index 330c7ff..1f1ac79 100644
--- a/camera/sepolicy/service.te
+++ b/camera/sepolicy/service.te
@@ -3,3 +3,5 @@
type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type;
type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type;
+
+type vendor_camera_isp_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/service_contexts b/camera/sepolicy/service_contexts
index bec3402..50b89df 100644
--- a/camera/sepolicy/service_contexts
+++ b/camera/sepolicy/service_contexts
@@ -3,3 +3,6 @@
com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0
com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:vendor_camera_lyricconfigprovider_service:s0
+
+com.google.pixel.camera.isp.IIspService/default u:object_r:vendor_camera_isp_service:s0
+