From 1779f36fec241e985f326c60e782df086c8e3bca Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Tue, 27 Jun 2023 06:20:45 +0300
Subject: [PATCH] sm6375-common: sepolicy: Address camera prop denials E libc  
  : Access denied finding property "vendor.camera.aux.packagelist" E libc    :
 Access denied finding property "vendor.camera.aux.packageblacklist"

---
 sepolicy/vendor/app.te            | 3 +++
 sepolicy/vendor/property_contexts | 1 +
 sepolicy/vendor/system_server.te  | 5 +++++
 sepolicy/vendor/vendor_init.te    | 2 ++
 4 files changed, 11 insertions(+)

diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
index 23e2e3d..460d460 100644
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -2,3 +2,6 @@ allow { appdomain -isolated_app } vendor_xdsp_device:chr_file r_file_perms;
 
 get_prop({ appdomain -isolated_app }, vendor_fingerprint_prop)
 get_prop({ appdomain -isolated_app }, vendor_tee_listener_prop)
+
+# Allow appdomain to get vendor_persist_camera_prop
+get_prop(appdomain, vendor_camera_prop)
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 9dd531a..76a656b 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -7,6 +7,7 @@ persist.camera.                         u:object_r:vendor_camera_prop:s0
 ro.boot.camera.config                   u:object_r:vendor_camera_prop:s0
 ro.camera.                              u:object_r:vendor_camera_prop:s0
 ro.vendor.camera.                       u:object_r:vendor_camera_prop:s0
+vendor.camera.aux.packageblacklist      u:object_r:vendor_camera_prop:s0
 vendor.camera.config.                   u:object_r:vendor_camera_prop:s0
 vendor.camera.sensor.                   u:object_r:vendor_camera_prop:s0
 sys.boot.hwc                            u:object_r:vendor_camera_prop:s0
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index c0de81d..668ec24 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -1,3 +1,4 @@
+allow system_server app_zygote:process { getattr getpgid };
 allow system_server hal_camera_default:binder { call transfer };
 allow system_server hal_camera_default:fd *;
 
@@ -5,3 +6,7 @@ allow system_server hal_camera_default:fd *;
 allow system_server proc_last_kmsg:file r_file_perms;
 
 allow system_server system_file:file r_file_perms;
+
+# Allow system_server to set vendor_persist_camera_prop
+get_prop(system_server, vendor_camera_prop)
+get_prop(system_server,vendor_persist_camera_prop)
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 833d052..f52d7d6 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -1,2 +1,4 @@
 allow vendor_init proc_dirty:file rw_file_perms;
 allow vendor_init block_device:lnk_file setattr;
+
+set_prop(vendor_init, vendor_camera_prop)