From c91027dc05cef8aef5e4aab144cc6fa875af18f4 Mon Sep 17 00:00:00 2001
From: LuK1337 <priv.luk@gmail.com>
Date: Mon, 3 Oct 2022 20:33:47 +0200
Subject: [PATCH] sepolicy: qti: Label
 vendor.oplus.hardware.cameraMDM@2.0-service

As seen on SM8150.

Change-Id: I92217d6a588bc8920aa2de048a3dca085cf7f1fe
---
 sepolicy/qti/vendor/attributes                |  1 +
 sepolicy/qti/vendor/file_contexts             |  7 ++++---
 sepolicy/qti/vendor/hal_camera_default.te     |  2 ++
 sepolicy/qti/vendor/hwservice.te              |  1 +
 sepolicy/qti/vendor/hwservice_contexts        |  1 +
 .../vendor/vendor_hal_cameraMDM_default.te    | 20 +++++++++++++++++++
 6 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 sepolicy/qti/vendor/vendor_hal_cameraMDM_default.te

diff --git a/sepolicy/qti/vendor/attributes b/sepolicy/qti/vendor/attributes
index 01774f4..90e69b0 100644
--- a/sepolicy/qti/vendor/attributes
+++ b/sepolicy/qti/vendor/attributes
@@ -1 +1,2 @@
+vendor_hal_attribute(cameraMDM)
 vendor_hal_attribute(oplusSensor)
diff --git a/sepolicy/qti/vendor/file_contexts b/sepolicy/qti/vendor/file_contexts
index dd52f85..fd150f9 100644
--- a/sepolicy/qti/vendor/file_contexts
+++ b/sepolicy/qti/vendor/file_contexts
@@ -2,9 +2,10 @@
 /(vendor|system/vendor)/bin/tri-state-key-calibrate    u:object_r:tri-state-key-calibrate_exec:s0
 
 # Camera
-/mnt/vendor/persist/camera(/.*)?                       u:object_r:vendor_persist_camera_file:s0
-/mnt/vendor/persist/dual_camera_calibration(/.*)?      u:object_r:vendor_persist_camera_file:s0
-/(vendor|system/vendor)/lib64/libipebpsstriping\.so    u:object_r:same_process_hal_file:s0
+/mnt/vendor/persist/camera(/.*)?                                                  u:object_r:vendor_persist_camera_file:s0
+/mnt/vendor/persist/dual_camera_calibration(/.*)?                                 u:object_r:vendor_persist_camera_file:s0
+/(vendor|system/vendor)/bin/hw/vendor\.oplus\.hardware\.cameraMDM@2\.0-service    u:object_r:vendor_hal_cameraMDM_default_exec:s0
+/(vendor|system/vendor)/lib64/libipebpsstriping\.so                               u:object_r:same_process_hal_file:s0
 
 # Charging
 /(vendor|system/vendor)/bin/hw/vendor\.lineage\.powershare@1\.0-service\.oplus    u:object_r:hal_lineage_powershare_default_exec:s0
diff --git a/sepolicy/qti/vendor/hal_camera_default.te b/sepolicy/qti/vendor/hal_camera_default.te
index 35a6770..43c0a6e 100644
--- a/sepolicy/qti/vendor/hal_camera_default.te
+++ b/sepolicy/qti/vendor/hal_camera_default.te
@@ -1,5 +1,7 @@
 hal_attribute_hwservice(hal_camera, vendor_hal_camera_extension_hwservice)
 
+hal_client_domain(hal_camera_default, vendor_hal_cameraMDM)
+
 allow hal_camera_default vendor_hal_orms_hwservice:hwservice_manager find;
 
 allow hal_camera_default mnt_vendor_file:dir search;
diff --git a/sepolicy/qti/vendor/hwservice.te b/sepolicy/qti/vendor/hwservice.te
index 0d09943..5840df1 100644
--- a/sepolicy/qti/vendor/hwservice.te
+++ b/sepolicy/qti/vendor/hwservice.te
@@ -1,5 +1,6 @@
 # Camera
 type vendor_hal_camera_extension_hwservice, hwservice_manager_type, protected_hwservice;
+type vendor_hal_cameraMDM_hwservice, hwservice_manager_type, protected_hwservice;
 
 # ORMS
 type vendor_hal_orms_hwservice, hwservice_manager_type, protected_hwservice;
diff --git a/sepolicy/qti/vendor/hwservice_contexts b/sepolicy/qti/vendor/hwservice_contexts
index 1bc9f24..70fbf01 100644
--- a/sepolicy/qti/vendor/hwservice_contexts
+++ b/sepolicy/qti/vendor/hwservice_contexts
@@ -1,4 +1,5 @@
 # Camera
+vendor.oplus.hardware.cameraMDM::IOPlusCameraMDM                       u:object_r:vendor_hal_cameraMDM_hwservice:s0
 vendor.oplus.hardware.cammidasservice::IMIDASService                   u:object_r:hal_camera_hwservice:s0
 vendor.qti.hardware.camera.cameraextension::ICameraExtensionService    u:object_r:vendor_hal_camera_extension_hwservice:s0
 
diff --git a/sepolicy/qti/vendor/vendor_hal_cameraMDM_default.te b/sepolicy/qti/vendor/vendor_hal_cameraMDM_default.te
new file mode 100644
index 0000000..18af02e
--- /dev/null
+++ b/sepolicy/qti/vendor/vendor_hal_cameraMDM_default.te
@@ -0,0 +1,20 @@
+type vendor_hal_cameraMDM_default, domain;
+hal_server_domain(vendor_hal_cameraMDM_default, vendor_hal_cameraMDM)
+
+type vendor_hal_cameraMDM_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(vendor_hal_cameraMDM_default)
+
+binder_call(vendor_hal_cameraMDM_client, vendor_hal_cameraMDM_server)
+binder_call(vendor_hal_cameraMDM_server, vendor_hal_cameraMDM_client)
+
+hal_attribute_hwservice(vendor_hal_cameraMDM, vendor_hal_cameraMDM_hwservice)
+
+allow vendor_hal_cameraMDM_default vendor_hal_perf_hwservice:hwservice_manager find;
+
+allow vendor_hal_cameraMDM_default tee_device:chr_file rw_file_perms;
+allow vendor_hal_cameraMDM_default ion_device:chr_file rw_file_perms;
+
+allow vendor_hal_cameraMDM_default vendor_camera_data_file:dir create_dir_perms;
+allow vendor_hal_cameraMDM_default vendor_camera_data_file:file create_file_perms;
+
+r_dir_file(vendor_hal_cameraMDM_default, firmware_file)