sm8350-common: Bring up camera with enforcing SELinux

SELinux is more and more annoying nowadays, we all know that... After spending hours to figure out why camera wasn't working while on enforcing mode, the audits finally showed up after booting into permissive mode. :S 05-31 01:19:55.133 877 877 I provider@2.4-se: type=1400 audit(0.0:456): avc: denied { read write } for name="capture" dev="sysfs" ino=116259 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 05-31 01:19:55.133 877 877 I provider@2.4-se: type=1400 audit(0.0:457): avc: denied { open } for path="/sys/kernel/tof_control/app0/capture" dev="sysfs" ino=116259 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 Change-Id: I1727b1a299a02f15b75dce9a4d5c72201f6632c3
2021-05-31 01:44:58 +01:00 · 2021-05-31 01:44:58 +01:00 · 4cd2c8b6e5
commit 4cd2c8b6e5
parent dae9ae569e
3 changed files with 10 additions and 0 deletions
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@ -18,7 +18,9 @@ type sysfs_fod, fs_type, sysfs_type;
 type sysfs_fsc, fs_type, sysfs_type;
 type sysfs_fuse, fs_type, sysfs_type;
 type sysfs_memplus, fs_type, sysfs_type;
 type sysfs_ois_control, fs_type, sysfs_type;
 type sysfs_project_info, fs_type, sysfs_type;
 type sysfs_tof_control, fs_type, sysfs_type;
 type sysfs_tpd, fs_type, sysfs_type;
 type sysfs_tri_state_key, sysfs_type, fs_type;
 type sysfs_vl53l1, fs_type, sysfs_type;
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@ -32,6 +32,8 @@ genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1
 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm                                   u:object_r:sysfs_livedisplay_tuneable:s0
 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_dim                            u:object_r:sysfs_fod:s0
 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_fppress                        u:object_r:sysfs_fod:s0
 genfscon sysfs /kernel/ois_control                                                                                     u:object_r:sysfs_ois_control:s0
 genfscon sysfs /kernel/tof_control                                                                                     u:object_r:sysfs_tof_control:s0
 genfscon sysfs /module/memplus_core/parameters                                                                         u:object_r:sysfs_memplus:s0
 genfscon sysfs /module/qpnp_smb5/parameters/call_on                                                                    u:object_r:sysfs_dash_charger:s0
 genfscon sysfs /module/qpnp_smb5/parameters/video_call_on                                                              u:object_r:vendor_sysfs_video_call_on:s0
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@ -17,6 +17,12 @@ allow hal_camera_default vl53l1_device:chr_file rw_file_perms;
 allow hal_camera_default proc_meminfo:file r_file_perms;
 allow hal_camera_default vendor_sysfs_video_call_on:file rw_file_perms;
 allow hal_camera_default sysfs_ois_control:dir r_dir_perms;
 allow hal_camera_default sysfs_ois_control:file rw_file_perms;
 allow hal_camera_default sysfs_tof_control:dir r_dir_perms;
 allow hal_camera_default sysfs_tof_control:file rw_file_perms;
 get_prop(hal_camera_default, ctl_default_prop)
 get_prop(hal_camera_default, vendor_db_security_prop)
 get_prop(hal_camera_default, vendor_mmi_prop)