From da40640ef319fc5cac100754e375606e4977c6e3 Mon Sep 17 00:00:00 2001
From: LuK1337 <priv.luk@gmail.com>
Date: Sun, 7 Jul 2019 23:35:11 +0200
Subject: [PATCH] sm8150-common: sepolicy: Label camera helper app

Change-Id: I733ace8aa5a3c78322265e8f91ac6c3d522b0ef8
---
 BoardConfigCommon.mk                  |  1 +
 sepolicy/private/camera_helper_app.te | 10 ++++++++++
 sepolicy/private/seapp_contexts       |  1 +
 3 files changed, 12 insertions(+)
 create mode 100644 sepolicy/private/camera_helper_app.te
 create mode 100644 sepolicy/private/seapp_contexts

diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index b2068451..a1f213a9 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -163,6 +163,7 @@ VENDOR_SECURITY_PATCH := 2018-08-05
 # SELinux
 include device/qcom/sepolicy/sepolicy.mk
 
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(VENDOR_PATH)/sepolicy/private
 BOARD_SEPOLICY_DIRS += $(VENDOR_PATH)/sepolicy/vendor
 
 # Soong namespaces
diff --git a/sepolicy/private/camera_helper_app.te b/sepolicy/private/camera_helper_app.te
new file mode 100644
index 00000000..ba63629c
--- /dev/null
+++ b/sepolicy/private/camera_helper_app.te
@@ -0,0 +1,10 @@
+type camera_helper_app, domain;
+
+app_domain(camera_helper_app)
+
+# Allow camera_helper_app to find app_api_service
+allow camera_helper_app app_api_service:service_manager find;
+
+# Allow camera_helper_app read and write /data/data subdirectory
+allow camera_helper_app system_app_data_file:dir create_dir_perms;
+allow camera_helper_app system_app_data_file:{ file lnk_file } create_file_perms;
diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts
new file mode 100644
index 00000000..89adbd41
--- /dev/null
+++ b/sepolicy/private/seapp_contexts
@@ -0,0 +1 @@
+user=system seinfo=platform name=org.lineageos.camera_helper domain=camera_helper_app type=system_app_data_file