Merge "Add SEPolicy for vendor_camera_binder_service" into udc-qpr-dev am: 2ced575632
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/23767305
Change-Id: I739f128e4794905bc119e0b572e178fbbba601b4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/camera/sepolicy/hal_camera_default.te b/camera/sepolicy/hal_camera_default.te
new file mode 100644
index 0000000..9b92a2e
--- /dev/null
+++ b/camera/sepolicy/hal_camera_default.te
@@ -0,0 +1,3 @@
+allow hal_camera_default vendor_camera_binder_service:service_manager find;
+
+binder_call(hal_camera_default, vendor_pbcs_app);
diff --git a/camera/sepolicy/service.te b/camera/sepolicy/service.te
new file mode 100644
index 0000000..b931b40
--- /dev/null
+++ b/camera/sepolicy/service.te
@@ -0,0 +1 @@
+type vendor_camera_binder_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/service_contexts b/camera/sepolicy/service_contexts
new file mode 100644
index 0000000..dfebcbb
--- /dev/null
+++ b/camera/sepolicy/service_contexts
@@ -0,0 +1 @@
+com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:vendor_camera_binder_service:s0
diff --git a/camera/sepolicy/vendor_pbcs_app.te b/camera/sepolicy/vendor_pbcs_app.te
index 085dbcf..cc04c60 100644
--- a/camera/sepolicy/vendor_pbcs_app.te
+++ b/camera/sepolicy/vendor_pbcs_app.te
@@ -5,3 +5,7 @@
allow vendor_pbcs_app system_app_data_file:dir search;
allow vendor_pbcs_app app_api_service:service_manager find;
+
+allow vendor_pbcs_app vendor_camera_binder_service:service_manager add;
+
+binder_call(vendor_pbcs_app, hal_camera_default);