From 05af13d2170f32e3dac125e484b9ed3c7de9e51a Mon Sep 17 00:00:00 2001
From: Henrique Silva <jhenrique09.mcz@hotmail.com>
Date: Mon, 7 May 2018 04:04:06 +0000
Subject: [PATCH] sanders: Address some denials

---
 sepolicy/hal_camera_default.te | 4 ++++
 sepolicy/mm-qcamerad.te        | 3 +++
 sepolicy/platform_app.te       | 1 +
 sepolicy/priv_app.te           | 3 ++-
 4 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 sepolicy/hal_camera_default.te

diff --git a/sepolicy/hal_camera_default.te b/sepolicy/hal_camera_default.te
new file mode 100644
index 0000000..0da1a7a
--- /dev/null
+++ b/sepolicy/hal_camera_default.te
@@ -0,0 +1,4 @@
+allow hal_camera_default gpu_device:dir r_dir_perms;
+allow hal_camera_default gpu_device:file r_file_perms;
+allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
+allow hal_camera_default hal_configstore_default:binder call;
\ No newline at end of file
diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te
index 3a827f5..a2ff65e 100644
--- a/sepolicy/mm-qcamerad.te
+++ b/sepolicy/mm-qcamerad.te
@@ -23,3 +23,6 @@ allow mm-qcamerad init:unix_stream_socket { read write };
 allow mm-qcamerad sysfs_graphics:file { open read };
 
 allow mm-qcamerad hal_sensors_default:unix_stream_socket { read write };
+
+allow mm-qcamerad hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
+allow mm-qcamerad hal_configstore_default:binder call;
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index ef471a2..c4e156c 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -1,4 +1,5 @@
 get_prop(platform_app, camera_prop);
+get_prop(platform_app, qemu_hw_mainkeys_prop);
 binder_call(platform_app, hal_sensors_default);
 
 allow platform_app rootfs:dir getattr;
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
index e66c45c..60b6084 100644
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@@ -2,4 +2,5 @@ allow priv_app device:dir r_dir_perms;
 allow priv_app persist_file:filesystem getattr;
 allow priv_app proc_interrupts:file { open read getattr };
 allow priv_app proc_modules:file { open read getattr };
-get_prop(priv_app, adspd_prop);
\ No newline at end of file
+get_prop(priv_app, adspd_prop);
+get_prop(priv_app, qemu_hw_mainkeys_prop);
\ No newline at end of file