From 8a9394f1d3cc6f934da9a6ae0bdf7f353e9a0303 Mon Sep 17 00:00:00 2001
From: LuK1337 <priv.luk@gmail.com>
Date: Fri, 19 Sep 2025 22:32:47 +0200
Subject: [PATCH] sepolicy: qti: Allow camera HAL to find osense_service

09-19 22:25:35.045   925   925 E SELinux : avc:  denied  { find } for pid=1634 uid=1047 name=osensemanager scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:osense_service:s0 tclass=service_manager permissive=0

Change-Id: I45f432e8378c726ef0026e5a1c9456b36b6929e1
---
 sepolicy/qti/private/compat/202404/202404.ignore.cil | 1 +
 sepolicy/qti/private/service.te                      | 3 ---
 sepolicy/qti/public/service.te                       | 2 ++
 sepolicy/qti/vendor/hal_camera_default.te            | 1 +
 4 files changed, 4 insertions(+), 3 deletions(-)
 create mode 100644 sepolicy/qti/public/service.te

diff --git a/sepolicy/qti/private/compat/202404/202404.ignore.cil b/sepolicy/qti/private/compat/202404/202404.ignore.cil
index 0648500..bf7b25d 100644
--- a/sepolicy/qti/private/compat/202404/202404.ignore.cil
+++ b/sepolicy/qti/private/compat/202404/202404.ignore.cil
@@ -6,6 +6,7 @@
 (typeattributeset new_objects
   ( new_objects
     horae
+    osense_service
     system_fingerprint_prop
     system_oplus_iris_prop
     system_oplus_project_prop
diff --git a/sepolicy/qti/private/service.te b/sepolicy/qti/private/service.te
index bc1f1db..9fd94b0 100644
--- a/sepolicy/qti/private/service.te
+++ b/sepolicy/qti/private/service.te
@@ -1,5 +1,2 @@
 # Horae
 type horae_service, system_api_service, service_manager_type;
-
-# OSENSE
-type osense_service, system_server_service, service_manager_type;
diff --git a/sepolicy/qti/public/service.te b/sepolicy/qti/public/service.te
new file mode 100644
index 0000000..4f5c849
--- /dev/null
+++ b/sepolicy/qti/public/service.te
@@ -0,0 +1,2 @@
+# OSENSE
+type osense_service, system_server_service, service_manager_type;
diff --git a/sepolicy/qti/vendor/hal_camera_default.te b/sepolicy/qti/vendor/hal_camera_default.te
index 8b3b357..358153e 100644
--- a/sepolicy/qti/vendor/hal_camera_default.te
+++ b/sepolicy/qti/vendor/hal_camera_default.te
@@ -16,6 +16,7 @@ allow hal_camera_default self:capability ipc_lock;
 allow hal_camera_default system_server:binder call;
 
 allow hal_camera_default hal_oplus_olc_aidl_service:service_manager find;
+allow hal_camera_default osense_service:service_manager find;
 
 allow hal_camera_default vendor_hal_orms_hwservice:hwservice_manager find;
 allow hal_camera_default vendor_hal_osense_hwservice:hwservice_manager find;