Add SEPolicy for hal_pixel_remote_camera_service
Bug: 287069860
Test: Manual developer testing with 'setenforce 1'
Change-Id: Iffe22dae7485bd433abdb60249ce8900a1996291
diff --git a/camera/sepolicy/hal_camera_default.te b/camera/sepolicy/hal_camera_default.te
index 9b92a2e..35eea3c 100644
--- a/camera/sepolicy/hal_camera_default.te
+++ b/camera/sepolicy/hal_camera_default.te
@@ -1,3 +1,7 @@
allow hal_camera_default vendor_camera_binder_service:service_manager find;
+allow hal_camera_default hal_pixel_remote_camera_service:service_manager find;
+
binder_call(hal_camera_default, vendor_pbcs_app);
+
+binder_call(hal_camera_default, vendor_pcs_app);
diff --git a/camera/sepolicy/service.te b/camera/sepolicy/service.te
index b931b40..4a2dcbb 100644
--- a/camera/sepolicy/service.te
+++ b/camera/sepolicy/service.te
@@ -1 +1,3 @@
type vendor_camera_binder_service, hal_service_type, protected_service, service_manager_type;
+
+type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/service_contexts b/camera/sepolicy/service_contexts
index dfebcbb..5ea067f 100644
--- a/camera/sepolicy/service_contexts
+++ b/camera/sepolicy/service_contexts
@@ -1 +1,3 @@
com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:vendor_camera_binder_service:s0
+
+com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0
diff --git a/camera/sepolicy/vendor_pcs_app.te b/camera/sepolicy/vendor_pcs_app.te
index 5dc25eb..112355d 100644
--- a/camera/sepolicy/vendor_pcs_app.te
+++ b/camera/sepolicy/vendor_pcs_app.te
@@ -5,3 +5,7 @@
allow vendor_pcs_app app_api_service:service_manager find;
allow vendor_pcs_app cameraserver_service:service_manager find;
+
+allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
+
+binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);