7a0a7ea6a5
Camera data files are store in /data/vendor/camera/ by camera hal on
treble devices. Label and allow mtk_hal_camera to manage it.
Denial observed without this change:
[ 17.686535] .(4)[399:logd.auditd]type=1400 audit(1609114842.280:303): avc: denied { getattr } for comm="camerahalserver" path="/data/vendor/camera/back_dual_camera_caldata_wt.bin" dev="sdc46" ino=2490446 scontext=u:r:mtk_hal_camera:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1
Test: Boot and notice denial has disappeared
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I98d0ddcce95cccdb9e86c4d36cb692e1f1ff41cb
SELinux policy for MediaTek devices
Don't recurse into the platform makefiles. We don't care about them, and we
don't want to force a reset of BOARD_SEPOLICY_DIRS.
If you want to use these policies, add a
include device/mediatek/sepolicy/sepolicy.mk
to your device's BoardConfig. It is highly recommended that in case you have
your own BOARD_SEPOLICY_DIRS declaration, the inclusion happens before
those lines
Repository Details
This repository uses device/mediatek/wembley-sepolicy as base till 4769fb0d973bf079934054c6c5423ca06d67010a.
After that Google's device-specific changes starts.
Till 4769fb0d973bf079934054c6c5423ca06d67010a, this repository is similar to
the basic sepolicy repository provided by MediaTek to the OEMs.