From 62034ce5ea0c08cbeb25ff9aefba0912d2f6f27e Mon Sep 17 00:00:00 2001
From: Stricted <info@stricted.net>
Date: Tue, 1 May 2018 02:01:19 +0200
Subject: [PATCH] sepolicy: address cameraserver denials

Change-Id: I45d58beea2570c8d5341bc3eef956150ed340247
---
 sepolicy/cameraserver.te | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 sepolicy/cameraserver.te

diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te
new file mode 100644
index 0000000..8419abb
--- /dev/null
+++ b/sepolicy/cameraserver.te
@@ -0,0 +1,21 @@
+# nvram
+allow cameraserver nvdata_file:dir rw_dir_perms;
+allow cameraserver nvdata_file:file create_file_perms;
+allow cameraserver ccci_device:chr_file rw_file_perms;
+
+# camera
+allow cameraserver sensorservice_service:service_manager find;
+allow cameraserver system_server:unix_stream_socket { read write };
+allow cameraserver camera_device:chr_file rw_file_perms;
+allow cameraserver mtk_smi_device:chr_file rw_file_perms;
+allow cameraserver proc:file { read ioctl open };
+allow cameraserver devmap_device:chr_file r_file_perms;
+allow cameraserver devmap_device:chr_file { ioctl };
+allow cameraserver sysfs_devinfo:file rw_file_perms;
+allow cameraserver sysfs_membw:file rw_file_perms;
+allow cameraserver proc_meminfo:file { open read getattr };
+allow cameraserver sysfs_boot_mode:file r_file_perms;
+allow cameraserver sysfs_ddr_type:file r_file_perms;
+
+# PQ
+allow cameraserver pq_service:service_manager find;
-- 
2.20.1