From 449fe1c49d07744097f931fccdb74cdad423fd71 Mon Sep 17 00:00:00 2001
From: Daniel Jacob Chittoor <djchittoor47@gmail.com>
Date: Mon, 7 Oct 2024 08:34:09 +0530
Subject: [PATCH] [DNM] sepolicy: Label FPCamera and make it permissive

 * Processing libraries within the camera app request access to
   vendor_file, let's make it permissive for now until we figure out a
   better solution than a permissive domain or allowing neverallows.
---
 sepolicy/vendor/fairphone_camera_app.te | 15 +++++++++++++++
 sepolicy/vendor/seapp_contexts          |  2 ++
 2 files changed, 17 insertions(+)
 create mode 100644 sepolicy/vendor/fairphone_camera_app.te
 create mode 100644 sepolicy/vendor/seapp_contexts

diff --git a/sepolicy/vendor/fairphone_camera_app.te b/sepolicy/vendor/fairphone_camera_app.te
new file mode 100644
index 0000000..6fd3c35
--- /dev/null
+++ b/sepolicy/vendor/fairphone_camera_app.te
@@ -0,0 +1,15 @@
+type fairphone_camera_app, domain;
+
+typeattribute fairphone_camera_app coredomain;
+app_domain(fairphone_camera_app)
+
+userdebug_or_eng(`
+  permissive fairphone_camera_app;
+')
+
+allow fairphone_camera_app app_api_service:service_manager find;
+allow fairphone_camera_app audioserver_service:service_manager find;
+allow fairphone_camera_app cameraserver_service:service_manager find;
+allow fairphone_camera_app mediaextractor_service:service_manager find;
+allow fairphone_camera_app mediametrics_service:service_manager find;
+allow fairphone_camera_app mediaserver_service:service_manager find;
diff --git a/sepolicy/vendor/seapp_contexts b/sepolicy/vendor/seapp_contexts
new file mode 100644
index 0000000..b768cf1
--- /dev/null
+++ b/sepolicy/vendor/seapp_contexts
@@ -0,0 +1,2 @@
+# FPCamera
+user=_app isPrivApp=true seinfo=platform name=com.fp.camera domain=fairphone_camera_app type=app_data_file levelFrom=all
-- 
GitLab