From aceb7cf5db60bed916c977de153674b54a3c5d27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cosme=20Dom=C3=ADnguez=20D=C3=ADaz?= <cosme.ddiaz@gmail.com>
Date: Thu, 29 Mar 2018 22:45:48 +0200
Subject: msm8996-common: sepolicy: Fix mm-qcamerad SELinux denials.

  * avc: denied { read } for pid=694 comm="mm-qcamera-daem" name="name" dev="sysfs" ino=39334 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
  * avc: denied { open } for pid=686 comm="mm-qcamera-daem" path="/sys/devices/soc/aa4000.qcom,fd/video4linux/video1/name" dev="sysfs" ino=39334 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=
  * avc: denied { read } for pid=694 comm="mm-qcamera-daem" name="name" dev="sysfs" ino=45837 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs_graphics:s0 tclass=file permissive=0
---
 sepolicy/mm-qcamerad.te | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 sepolicy/mm-qcamerad.te

diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te
new file mode 100644
index 0000000..12a50e4
--- /dev/null
+++ b/sepolicy/mm-qcamerad.te
@@ -0,0 +1,2 @@
+allow mm-qcamerad sysfs:file { read open };
+allow mm-qcamerad sysfs_graphics:file read;
-- 
cgit v1.2.3