Sepolicy for qemu.sf.back_camera_caps and qemu.sf.front_camera_caps

avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs"
ino=1226 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
...
E libc    : Access denied finding property "qemu.sf.back_camera_caps"
...
E libc    : Access denied finding property "qemu.sf.front_camera_caps"

These props are empty and non-functional. Label them to resolve denials.

Bug: 129497117
Test: boot cuttlefish without above denials
Change-Id: I729ced96b7da6e41bfdcb741010a99f827b8a742
Merged-In: I729ced96b7da6e41bfdcb741010a99f827b8a742
(cherry picked from commit 16fc7d0cc4fd1283abe06f0275d077c117e097d0)

2 files changed, 6 insertions, 0 deletions

diff --git a/shared/sepolicy/hal_camera_default.te b/shared/sepolicy/hal_camera_default.te
index 02fb9623c..79bed2681 100644
--- a/shared/sepolicy/hal_camera_default.te
+++ b/shared/sepolicy/hal_camera_default.te
@@ -1,3 +1,7 @@
+type hal_camera_prop, property_type;
+
 vndbinder_use(hal_camera_default)
 
 hal_client_domain(hal_camera_default, hal_graphics_allocator)
+
+get_prop(hal_camera_default, hal_camera_prop)
diff --git a/shared/sepolicy/property_contexts b/shared/sepolicy/property_contexts
index 2b09527cd..b7ac336a7 100644
--- a/shared/sepolicy/property_contexts
+++ b/shared/sepolicy/property_contexts
@@ -8,3 +8,5 @@ ro.boot.vsock_logcat_port  u:object_r:vsock_logcat_port_prop:s0
 ro.cdma.home.operator.alpha  u:object_r:vendor_init_radio_prop:s0
 ro.cdma.home.operator.numeric  u:object_r:vendor_init_radio_prop:s0
 vendor.vsock_logcat_status  u:object_r:vsock_logcat_status_prop:s0
+qemu.sf.back_camera_caps  u:object_r:hal_camera_prop:s0
+qemu.sf.front_camera_caps  u:object_r:hal_camera_prop:s0