t0lte: allow mediaserver to rw /data/ISP_CV for camera and to access exynos-mem

Change-Id: I87def35cbe4ad60af66b5e6e374f7aebfd11742b

3 files changed, 8 insertions, 2 deletions

diff --git a/selinux/file.te b/selinux/file.te
index 89c3352..3f045f6 100644
--- a/selinux/file.te
+++ b/selinux/file.te
@@ -4,6 +4,7 @@ type firmware_mfc, file_type;
 type firmware_camera, file_type;
 
 type qmuxd_socket, file_type;
+type camera_data_file, file_type, data_file_type;
 type kickstart_data_file, file_type, data_file_type;
 type sensors_data_file, file_type, data_file_type;
-type volume_data_file, file_type, data_file_type;
\ No newline at end of file
+type volume_data_file, file_type, data_file_type;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index 839e068..b3aedb5 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -23,6 +23,10 @@
 /dev/akm8963                            u:object_r:sensors_device:s0
 /efs/gyro_cal_data                      u:object_r:sensors_data_file:s0
 
+# Camera
+/data/ISP_CV                            u:object_r:camera_data_file:s0
+/dev/exynos-mem                         u:object_r:video_device:s0
+
 # for wpa_supp
 /dev/rfkill                             u:object_r:rfkill_device:s0
 
diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te
index 7ad89ef..5e97189 100644
--- a/selinux/mediaserver.te
+++ b/selinux/mediaserver.te
@@ -1,5 +1,6 @@
 qmux_socket(mediaserver)
 allow mediaserver self:socket create_socket_perms;
 allow mediaserver { firmware_camera }:file r_file_perms;
+allow mediaserver camera_data_file:file rw_file_perms;
 allow mediaserver volume_data_file:file create_file_perms;
-allow mediaserver volume_data_file:dir create_dir_perms;
\ No newline at end of file
+allow mediaserver volume_data_file:dir create_dir_perms;