Configure SEPolicy to allow PCS to open and use socket connections. Bug: 299315760 Test: Tested with SEPolicy enforcement on and verified PCS could perform socket operations. Merged-In: Idd9048da4bb3856666698bc0589dbc68aa74fd1a Change-Id: Idd9048da4bb3856666698bc0589dbc68aa74fd1a

commit: 5b472c664cf81d5015c936a6bf72bc31f861844a [log] [tgz]
author: Aaron Ramirez <aaramirez@google.com> Wed Sep 06 14:56:07 2023 -0700
committer: Aaron Ramirez <aaramirez@google.com> Tue Sep 12 16:40:39 2023 -0700
tree: f7cca24e023d1cf8a4549bae984b57ca3a291faa
parent: 66592f61571424b93428a5dd88653edfbfd2ddc2 [diff]
diff --git a/camera/sepolicy/vendor_pcs_app.te b/camera/sepolicy/vendor_pcs_app.te
index c179255..853ba15 100644
--- a/camera/sepolicy/vendor_pcs_app.te
+++ b/camera/sepolicy/vendor_pcs_app.te

@@ -21,3 +21,12 @@
 binder_call(vendor_pcs_app, hal_camera_default);
 
 binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);
+
+# Allow PCS to open socket connections for HTTP streaming support.
+allow vendor_pcs_app vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
+allow vendor_pcs_app fwmarkd_socket:sock_file write;
+allow vendor_pcs_app port:tcp_socket name_connect;
+allow vendor_pcs_app netd:unix_stream_socket connectto;
+
+allow netd vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
+allow netd vendor_pcs_app:fd use;
commit	5b472c664cf81d5015c936a6bf72bc31f861844a	[log] [tgz]
author	Aaron Ramirez <aaramirez@google.com>	Wed Sep 06 14:56:07 2023 -0700
committer	Aaron Ramirez <aaramirez@google.com>	Tue Sep 12 16:40:39 2023 -0700
tree	f7cca24e023d1cf8a4549bae984b57ca3a291faa
parent	66592f61571424b93428a5dd88653edfbfd2ddc2 [diff]