device_google_wahoo/sepolicy/vendor/google_camera_app.te

type google_camera_app, domain, coredomain;

app_domain(google_camera_app)

# Access standard system services
allow google_camera_app app_api_service:service_manager find;
allow google_camera_app audioserver_service:service_manager find;
allow google_camera_app cameraserver_service:service_manager find;
allow google_camera_app drmserver_service:service_manager find;
allow google_camera_app mediacodec_service:service_manager find;
allow google_camera_app mediaextractor_service:service_manager find;
allow google_camera_app mediaserver_service:service_manager find;
allow google_camera_app mediametrics_service:service_manager find;
allow google_camera_app nfc_service:service_manager find;
allow google_camera_app surfaceflinger_service:service_manager find;

allow google_camera_app hidl_token_hwservice:hwservice_manager find;

# Execute libraries from RenderScript cache
allow google_camera_app app_data_file:file { rx_file_perms };

# Read memory info
allow google_camera_app proc_meminfo:file r_file_perms;

# gdbserver / stack traces
allow google_camera_app self:process ptrace;

# Access to Hexagon DSP kernel device
allow google_camera_app qdsp_device:chr_file { r_file_perms };

# Read and write system app data files passed over Binder.
# Motivating case was /data/data/com.android.settings/cache/*.jpg for
# cropping or taking user photos.
allow google_camera_app system_app_data_file:file { read write getattr };

# Allow GoogleCamera access to necessary vendor libraries to execute
# Halide code
allow google_camera_app hexagon_halide_file:file { execute read open getattr };

# Access to persist.camera.* system properties
get_prop(google_camera_app, camera_prop)