commit 88d728d28bc32884b19e024c0ef4822a94528cce
author Jooyung Han <jooyung@google.com> Tue May 17 18:42:47 2022 +0900
committer Jooyung Han <jooyung@google.com> Tue May 17 18:42:47 2022 +0900
tree 4de1eaf426c874279a93de3f50c0c7b33bdf0d53
parent c47e091eb3236df2a94a11342833a133dc348cf0

Allow hal_camera_default to set vendor_camera_prop

android.hardware.pixel.camera.provider@2.7-service tries to set props
like vendor.camera.hal.{start.count, version, build_id} but fails due to
"connection error".

  Unable to set property "vendor.camera.hal.start.count" to "1":
    connection failed; errno=13 (Permission denied)

It's because the binary doesn't have a permission to open
property_socket.

Introducing vendor_camera_prop and allowing the binary to set
properties.

Bug: 232903183
Test: launch_cvd
Test: adb logcat | grep vendor.camera  # no errors
Change-Id: Ib2159783d1e1bda8d824f2f97ca747b7f60268d9

shared/sepolicy/vendor/hal_camera_default.te

diff --git a/shared/sepolicy/vendor/hal_camera_default.te b/shared/sepolicy/vendor/hal_camera_default.te
index 718faa8..de1e370 100644
--- a/shared/sepolicy/vendor/hal_camera_default.te
+++ b/shared/sepolicy/vendor/hal_camera_default.te
@@ -12,7 +12,8 @@
 # Vsocket camera
 allow hal_camera_default self:vsock_socket { accept bind create getopt listen read write };
 
+set_prop(hal_camera_default, vendor_camera_prop)
+
 # The camera HAL can respond to APEX updates (see ApexUpdateListener), but this
 # is not used by the emulated camera HAL APEX. Ignore these denials.
-dontaudit hal_camera_default property_socket:sock_file { write };
 dontaudit hal_camera_default apex_info_file:file { read };

shared/sepolicy/vendor/property.te

diff --git a/shared/sepolicy/vendor/property.te b/shared/sepolicy/vendor/property.te
index 91b30fc..b4db264 100644
--- a/shared/sepolicy/vendor/property.te
+++ b/shared/sepolicy/vendor/property.te
@@ -1,4 +1,5 @@
 vendor_restricted_prop(vendor_cuttlefish_config_server_port_prop)
+vendor_internal_prop(vendor_camera_prop)
 vendor_internal_prop(vendor_modem_simulator_ports_prop)
 vendor_internal_prop(vendor_boot_security_patch_level_prop)
 vendor_internal_prop(vendor_hwcomposer_prop)

shared/sepolicy/vendor/property_contexts

diff --git a/shared/sepolicy/vendor/property_contexts b/shared/sepolicy/vendor/property_contexts
index 9b98ed1..784938a 100644
--- a/shared/sepolicy/vendor/property_contexts
+++ b/shared/sepolicy/vendor/property_contexts
@@ -18,3 +18,7 @@
 ro.vendor.hwcomposer.pmem  u:object_r:vendor_hwcomposer_prop:s0 exact string
 vendor.wlan.firmware.version   u:object_r:vendor_wlan_versions_prop:s0 exact string
 vendor.wlan.driver.version     u:object_r:vendor_wlan_versions_prop:s0 exact string
+
+# Camera
+persist.vendor.camera.                     u:object_r:vendor_camera_prop:s0
+vendor.camera.                             u:object_r:vendor_camera_prop:s0