From a25607c7ed56c862cdb62511b75bc89c5ecfff19 Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Fri, 5 May 2017 19:41:27 -0700
Subject: [PATCH] Fixing the following permissions for userdebug/eng builds

denied { add_name } for name="eis_log_012916_640563.txt"
scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { create } for name="eis_log_012916_640563.txt"
scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:system_data_file:s0 tclass=file

denied { write open } for path="/data/eis/eis_log_012916_640563.txt"
dev="dm-0" ino=2195458 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:system_data_file:s0 tclass=file

denied { getattr } for path="/data/eis/gyro_log_012916_640563.txt"
dev="dm-0" ino=2195459 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:system_data_file:s0 tclass=file

Bug: 38048356
Test: Camera debug information is properly written out
Change-Id: I0066d745ac4598905e6b23e2b958d71a4d53e9fe
---
 sepolicy/file.te               | 1 +
 sepolicy/file_contexts         | 1 +
 sepolicy/hal_camera_default.te | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/sepolicy/file.te b/sepolicy/file.te
index 0150587d..fc9a841d 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -39,6 +39,7 @@ type persist_sensors_file, file_type;
 
 type netmgr_data_file, file_type, data_file_type;
 
+type camera_vendor_data_file, file_type, data_file_type;
 type nfc_vendor_data_file, file_type, data_file_type;
 type radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
 type cnss_vendor_data_file, file_type, data_file_type, mlstrustedobject;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 1b502a8c..1862c315 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -267,6 +267,7 @@
 /data/misc/location(/.*)?              u:object_r:location_data_file:s0
 /data/ramdump(/.*)?                    u:object_r:ramdump_data_file:s0
 /data/nfc(/.*)?                        u:object_r:nfc_data_file:s0
+/data/vendor/camera(/.*)?              u:object_r:camera_vendor_data_file:s0
 /data/vendor/nfc(/.*)?                 u:object_r:nfc_vendor_data_file:s0
 /data/vendor/radio(/.*)?               u:object_r:radio_vendor_data_file:s0
 /data/vendor/wifi(/.*)?                u:object_r:cnss_vendor_data_file:s0
diff --git a/sepolicy/hal_camera_default.te b/sepolicy/hal_camera_default.te
index 9aa8df64..df5516bb 100644
--- a/sepolicy/hal_camera_default.te
+++ b/sepolicy/hal_camera_default.te
@@ -6,3 +6,9 @@ allow hal_camera_default qdisplay_service:service_manager { find };
 
 binder_call(hal_camera_default, hal_graphics_composer)
 binder_call(hal_camera_default, system_server)
+
+# For camera team debugging
+userdebug_or_eng(`
+  allow hal_camera_default camera_vendor_data_file:dir create_dir_perms;
+  allow hal_camera_default camera_vendor_data_file:file create_file_perms;
+')