From 19d8a296fa6e544be83daeeb212d695a0f51a73e Mon Sep 17 00:00:00 2001
From: Victor Bo <bvoid@yandex.ru>
Date: Sat, 16 Jan 2021 14:58:59 -0500
Subject: [PATCH 1/2] sepolicy/treble_app: add rule fix cam2api option

  logs:
      17 00:47:48.796     1     1 W /system/bin/init: type=1107
      audit(0.0:357): uid=0 auid=4294967295 ses=4294967295
      subj=u:r:init:s0 msg='avc: denied { set } for
      property=persist.vendor.camera.eis.enable pid=4411 uid=1000
      gid=1000 scontext=u:r:system_app:s0
      tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service
      permissive=0'

      01-17 00:47:48.796     1     1 W /system/bin/init: type=1107
      audit(0.0:356): uid=0 auid=4294967295 ses=4294967295
      subj=u:r:init:s0 msg='avc: denied { set } for
      property=persist.vendor.camera.HAL3.enabled pid=4411 uid=1000
      gid=1000 scontext=u:r:system_app:s0
      tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service
      permissive=0'
---
 sepolicy/treble_app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sepolicy/treble_app.te b/sepolicy/treble_app.te
index ef3ea1d..41e6c7d 100644
--- a/sepolicy/treble_app.te
+++ b/sepolicy/treble_app.te
@@ -24,6 +24,8 @@ allow system_app default_hisi_hwservice:hwservice_manager { find };
 type hal_tp_default, domain;
 allow system_app hal_tp_default:binder { call };
 
+#cam2api
+allow system_app vendor_default_prop:property_service { set };
 
 set_prop(system_app, default_prop);
 set_prop(system_app, exported3_default_prop);

From d6aed01c482b0a27172b620e7baa9bd97d6b2f36 Mon Sep 17 00:00:00 2001
From: Victor Bo <bvoid@yandex.ru>
Date: Sun, 7 Feb 2021 22:28:02 -0500
Subject: [PATCH 2/2] sepolicy/init: fix adb in some cases

  logs:
  02-06 17:28:44.560     1     1 I auditd  : type=1400
  audit(0.0:11): avc: denied { read } for comm="init"
  name="adbd" dev="mmcblk0p31" ino=11 scontext=u:r:init:s0
  tcontext=u:object_r:adbd_exec:s0 tclass=lnk_file permissive=0

  thanks HamiDo for hotfix
---
 sepolicy/init.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sepolicy/init.te b/sepolicy/init.te
index 7fb7079..42f5bf5 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -8,3 +8,6 @@ allow init userdata_block_device:lnk_file relabelto;
 allow vendor_init vendor_init:capability { sys_module };
 
 allow init system_file:lnk_file create_file_perms;
+
+#fix adb in some cases
+allow init adbd_exec:lnk_file read;