From 4939e59c41928729d4521d351f2205b718c268da Mon Sep 17 00:00:00 2001
From: iusmac <iusico.maxim@libero.it>
Date: Tue, 29 Mar 2022 16:54:27 +0200
Subject: [PATCH] NLA: Sepolicy: Address gmscore_app denials

03-29 15:56:21.007 13786 13786 I auditd  : type=1400 audit(0.0:345): avc: denied { getopt } for comm="FinalizerDaemon" path="/dev/socket/usap_pool_primary" scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0 app=com.google.android.gms
03-29 15:56:21.007 13786 13786 W FinalizerDaemon: type=1400 audit(0.0:345): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0 app=com.google.android.gms

Signed-off-by: iusmac <iusico.maxim@libero.it>
---
 sepolicy/vendor/gmscore_app.te | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 sepolicy/vendor/gmscore_app.te

diff --git a/sepolicy/vendor/gmscore_app.te b/sepolicy/vendor/gmscore_app.te
new file mode 100644
index 000000000..2d24dac05
--- /dev/null
+++ b/sepolicy/vendor/gmscore_app.te
@@ -0,0 +1,5 @@
+allow gmscore_app exported_camera_prop:file { read };
+
+get_prop(gmscore_app, vendor_camera_prop)
+
+allow gmscore_app zygote:unix_stream_socket { getopt };