Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-01-30 13:28:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c5cbcafe02b33b0cc067afd24a906b8f897cb7ea
device_google_wahoo/sepolicy/hal_camera.te
Alex Klyubin 2ae5745596 Add cameraserver and NFC HAL to socket comms violators list 
Being on this list does not change what these domains can do. It only
loosens neverallow rules.

Test: mmm system/sepolicy
Bug: 36577153
Change-Id: I376f08b1afd274376655679cd86bc6adeebf7c94
2017-03-30 18:00:38 -07:00

62 lines
2.1 KiB
Plaintext
Raw Blame History

# communicate with perfd
#allow hal_camera perfd_data_file:dir search;
#allow hal_camera perfd:unix_stream_socket connectto;
#allow hal_camera perfd_data_file:sock_file write;
allow hal_camera self:capability sys_nice;
# communicate with camera
#allow hal_camera camera:unix_dgram_socket sendto;
#allow hal_camera camera_data_file:sock_file write;
#allow hal_camera camera_device:chr_file rw_file_perms;
allow hal_camera gpu_device:chr_file rw_file_perms;
allow hal_camera perfd_socket:sock_file w_file_perms;
# TODO(b/34274385): Remove this once Camera HAL is guaranteed to be binderized on full Treble
# devices. Passthrough Camera HAL makes cameraserver use perfd socket which is a vendor socket.
# cameraserver, being a non-vendor component, is not permitted to use that socket.
typeattribute cameraserver socket_between_core_and_vendor_violators;
# access to /dev/input/event{5,10}
allow hal_camera input_device:dir r_dir_perms;
allow hal_camera input_device:chr_file r_file_perms;
set_prop(hal_camera, camera_prop)
#allow hal_camera sysfs_enable_ps_sensor:file w_file_perms;
r_dir_file(hal_camera, sysfs_type)
# find libraries
allow hal_camera system_file:dir r_dir_perms;
# talk over binder to some binder services
# TODO(b/36569385): Must be moved to HIDL
binder_use(hal_camera)
binder_call(hal_camera, binderservicedomain)
allow hal_camera surfaceflinger_service:service_manager find;
allow hal_camera sensorservice_service:service_manager find;
allow hal_camera scheduling_policy_service:service_manager find;
# talk to system_server
allow hal_camera system_server:unix_stream_socket { read write };
allow hal_camera self:socket { create ioctl read write };
# Grant access to Qualcomm MSM Interface (QMI) radio sockets
# qmux_socket(hal_camera)
# allow hal_camera to call some socket ioctls
allowxperm hal_camera self:socket ioctl { IPC_ROUTER_IOCTL_LOOKUP_SERVER IPC_ROUTER_IOCTL_BIND_CONTROL_PORT };
# ignore spurious denial
dontaudit hal_camera graphics_device:dir search;
userdebug_or_eng(`
allow hal_camera diag_device:chr_file rw_file_perms;
')
# access easel dev nodes
allow hal_camera easel_device:chr_file { read write ioctl open };
Reference in New Issue View Git Blame Copy Permalink