Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 07:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow camera to notify traced of a notable event (walleye/taimen)

Browse Source 
Most apps already have the permission to act as full producers
(isolated_app, ephemeral_app, priv_app, untrusted_app_all), but
the camera doesn't inherit that as it runs in its own domain.

Granting only the socket (i.e. ipc) permission, as:
* only that is needed at the moment.
* granting the shmem/fd permissions would require a broader change, as traced_tmpfs is declared in private/.

Specific denial:
05-20 13:56:20.303  7751  7751 W trigger_perfett: type=1400 audit(0.0:19): avc: denied { write } for name="traced_producer" dev="tmpfs" ino=7061 scontext=u:r:google_camera_app:s0:c181,c256,c512,c768 tcontext=u:object_r:traced_producer_socket:s0 tclass=sock_file permissive=0 app=com.google.android.GoogleCamera

Bug: 130543265
Tested: extrapolating from the same fix on crosshatch, tested manually on blueline-userdebug.
Merged-In: I53dc08a28d167f566b759d8f91d00a4828f4847f
Change-Id: I53dc08a28d167f566b759d8f91d00a4828f4847f
(cherry picked from commit 12b6414919)
This commit is contained in:
Ryan Savitski
2019-05-20 11:51:35 +01:00
parent f42815ed26
commit b71af1ed7c
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sepolicy/vendor/google_camera_app.te vendored
View File

@@ -43,4 +43,7 @@ allow google_camera_app system_app_data_file:file { read write getattr };
typeattribute google_camera_app system_executes_vendor_violators;
allow google_camera_app hexagon_halide_file:file { execute read open getattr };
# Allow notifying Perfetto traced daemon that a notable event has occurred.
unix_socket_connect(google_camera_app, traced_producer, traced)
dontaudit google_camera_app easel_device:chr_file r_file_perms;