mirror of
https://github.com/Evolution-X-Devices/device_google_gs201
synced 2026-01-27 18:37:19 +00:00
cedb4b1232
Android 15.0.0 Release 6 (AP4A.241205.013) # -----BEGIN PGP SIGNATURE----- # # iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IssQAKCRDorT+BmrEO # eDIZAJwMTYIKjIAnt4/EG98sVijowfb+9ACeO1gMsXc1bg4Dls3HunIrfCM+sOM= # =ctpR # -----END PGP SIGNATURE----- # gpg: Signature made Fri Dec 6 00:44:01 2024 EET # gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78 # gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal] # gpg: initial-contribution@android.com: Verified 2483 signatures in the past # 3 years. Encrypted 4 messages in the past 2 years. # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78 # By Wilson Sung (7) and others # Via Android Build Coastguard Worker (27) and others * tag 'android-15.0.0_r6': (27 commits) sepolicy: allow dumpstate to execute dump_power Make android.framework.stats-v2-ndk app reachable Change vendor_fingerprint_prop to vendor_restricted_prop Update SELinux error [BT] Define vendor_bluetooth_prop storage: move storage related device type to common folder Storage: label ufs firmware upgrade script Label sysfs node power_mode as sysfs_display. sepolicy: gs201: fix bm selinux sepolicy: remove dump_power_gs201.sh Update SELinux error Revert "Revert "gs201: update shared_modem_platform sepolicy for..." Revert "gs201: update shared_modem_platform sepolicy for UMI" Update SELinux error Update SELinux error Update SELinux error gs201: update shared_modem_platform sepolicy for UMI Update SELinux error Allow camera HAL to access power_state sysfs Add kernel vendor_fw_file dir read permission ... Change-Id: Id50470e50ccd1afb2550f89eff242a99cbbb386b
109 lines
4.6 KiB
Plaintext
109 lines
4.6 KiB
Plaintext
type hal_camera_default_tmpfs, file_type;
|
|
|
|
allow hal_camera_default self:global_capability_class_set sys_nice;
|
|
allow hal_camera_default kernel:process setsched;
|
|
|
|
binder_use(hal_camera_default);
|
|
vndbinder_use(hal_camera_default);
|
|
|
|
allow hal_camera_default lwis_device:chr_file rw_file_perms;
|
|
allow hal_camera_default gpu_device:chr_file rw_file_perms;
|
|
allow hal_camera_default sysfs_chip_id:file r_file_perms;
|
|
|
|
# Face authentication code that is part of the camera HAL needs to allocate
|
|
# dma_bufs and access the Trusted Execution Environment device node
|
|
allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
|
|
allow hal_camera_default tee_device:chr_file rw_file_perms;
|
|
|
|
# Allow the camera hal to access the EdgeTPU service and the
|
|
# Android shared memory allocated by the EdgeTPU service for
|
|
# on-device compilation.
|
|
allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
|
|
allow hal_camera_default sysfs_edgetpu:dir r_dir_perms;
|
|
allow hal_camera_default sysfs_edgetpu:file r_file_perms;
|
|
allow hal_camera_default edgetpu_vendor_service:service_manager find;
|
|
binder_call(hal_camera_default, edgetpu_vendor_server)
|
|
# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging
|
|
# library has a dependency on edgetpu_app_service, see b/275016466.
|
|
allow hal_camera_default edgetpu_app_service:service_manager find;
|
|
binder_call(hal_camera_default, edgetpu_app_server)
|
|
|
|
# Allow access to data files used by the camera HAL
|
|
allow hal_camera_default mnt_vendor_file:dir search;
|
|
allow hal_camera_default persist_file:dir search;
|
|
allow hal_camera_default persist_camera_file:dir rw_dir_perms;
|
|
allow hal_camera_default persist_camera_file:file create_file_perms;
|
|
allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
|
|
allow hal_camera_default vendor_camera_data_file:file create_file_perms;
|
|
|
|
# Allow creating dump files for debugging in non-release builds
|
|
userdebug_or_eng(`
|
|
allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;
|
|
allow hal_camera_default vendor_camera_data_file:file create_file_perms;
|
|
')
|
|
|
|
# tmpfs is used by google3 prebuilts linked by the HAL to unpack data files
|
|
# compiled into the shared libraries with cc_embed_data rules
|
|
tmpfs_domain(hal_camera_default);
|
|
|
|
# Allow access to camera-related system properties
|
|
set_prop(hal_camera_default, vendor_camera_prop);
|
|
set_prop(hal_camera_default, log_tag_prop);
|
|
get_prop(hal_camera_default, vendor_camera_debug_prop);
|
|
userdebug_or_eng(`
|
|
set_prop(hal_camera_default, vendor_camera_fatp_prop);
|
|
set_prop(hal_camera_default, vendor_camera_debug_prop);
|
|
')
|
|
|
|
# For camera hal to talk with rlsservice
|
|
allow hal_camera_default rls_service:service_manager find;
|
|
binder_call(hal_camera_default, rlsservice)
|
|
|
|
hal_client_domain(hal_camera_default, hal_graphics_allocator);
|
|
hal_client_domain(hal_camera_default, hal_graphics_composer)
|
|
hal_client_domain(hal_camera_default, hal_power);
|
|
hal_client_domain(hal_camera_default, hal_thermal);
|
|
|
|
# Allow access to sensor service for sensor_listener
|
|
binder_call(hal_camera_default, system_server);
|
|
|
|
# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering
|
|
allow hal_camera_default eco_service:service_manager find;
|
|
binder_call(hal_camera_default, mediacodec_samsung);
|
|
|
|
# Allow camera HAL to query preferred camera frequencies from the radio HAL
|
|
# extensions to avoid interference with cellular antennas.
|
|
allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
|
|
binder_call(hal_camera_default, hal_radioext_default);
|
|
|
|
# Allow camera HAL to connect to the stats service.
|
|
allow hal_camera_default fwk_stats_service:service_manager find;
|
|
|
|
# For observing apex file changes
|
|
allow hal_camera_default apex_info_file:file r_file_perms;
|
|
|
|
# Allow camera HAL to query current device clock frequencies.
|
|
allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;
|
|
|
|
# Allow camera HAL to read backlight of display
|
|
allow hal_camera_default sysfs_leds:dir r_dir_perms;
|
|
allow hal_camera_default sysfs_leds:file r_file_perms;
|
|
allow hal_camera_default sysfs_display:file r_file_perms;
|
|
|
|
# Allow camera HAL to send trace packets to Perfetto
|
|
userdebug_or_eng(`perfetto_producer(hal_camera_default)')
|
|
|
|
# Some file searches attempt to access system data and are denied.
|
|
# This is benign and can be ignored.
|
|
dontaudit hal_camera_default system_data_file:dir { search };
|
|
|
|
# google3 prebuilts attempt to connect to the wrong trace socket, ignore them.
|
|
dontaudit hal_camera_default traced:unix_stream_socket { connectto };
|
|
dontaudit hal_camera_default traced_producer_socket:sock_file { write };
|
|
|
|
# Allow access to always-on compute device node
|
|
allow hal_camera_default aoc_device:chr_file rw_file_perms;
|
|
|
|
# Allow the Camera HAL to acquire wakelocks
|
|
wakelock_use(hal_camera_default)
|