From 2ab3cf3c1f469b57d140be39f10c018013078712 Mon Sep 17 00:00:00 2001
From: bohu <bohu@google.com>
Date: Wed, 23 Aug 2017 23:42:33 -0700
Subject: [PATCH] emulator: fix selinux issues

with cas/camera/drm hals

BUG: 64726466

Test: build aosp_x86-eng, boot emulator
without cas/camera/drm hals killed by
selinux avc denials; camera can take
pictures

Change-Id: I8a154fdb5d7aa7763aab2b912976eb9e1d329cdb
---
 target/board/generic/sepolicy/hal_camera_default.te | 3 +++
 target/board/generic/sepolicy/hal_cas_default.te    | 1 +
 target/board/generic/sepolicy/hal_drm_default.te    | 2 ++
 3 files changed, 6 insertions(+)
 create mode 100644 target/board/generic/sepolicy/hal_camera_default.te
 create mode 100644 target/board/generic/sepolicy/hal_cas_default.te
 create mode 100644 target/board/generic/sepolicy/hal_drm_default.te

diff --git a/target/board/generic/sepolicy/hal_camera_default.te b/target/board/generic/sepolicy/hal_camera_default.te
new file mode 100644
index 000000000..eb88c36f0
--- /dev/null
+++ b/target/board/generic/sepolicy/hal_camera_default.te
@@ -0,0 +1,3 @@
+vndbinder_use(hal_camera_default);
+allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
+hal_client_domain(hal_camera_default, hal_graphics_composer)
diff --git a/target/board/generic/sepolicy/hal_cas_default.te b/target/board/generic/sepolicy/hal_cas_default.te
new file mode 100644
index 000000000..3ed3bee86
--- /dev/null
+++ b/target/board/generic/sepolicy/hal_cas_default.te
@@ -0,0 +1 @@
+vndbinder_use(hal_cas_default);
diff --git a/target/board/generic/sepolicy/hal_drm_default.te b/target/board/generic/sepolicy/hal_drm_default.te
new file mode 100644
index 000000000..5a07433c8
--- /dev/null
+++ b/target/board/generic/sepolicy/hal_drm_default.te
@@ -0,0 +1,2 @@
+vndbinder_use(hal_drm_default);
+hal_client_domain(hal_drm_default, hal_graphics_composer)