Added sysfs_camera file type and cameraserver allow rules.

Added allow rules to address the following denials: denied { open } for pid=754 comm="cameraserver" path="/sys/devices/soc/8c0000.qcom,msm-cam/video4linux/video0/name" dev="sysfs" ino=41699 scontext=u:r:cameraserver:s0 tcontext=u:object_r:sysfs:s0 tclass=file denied { read } for pid=754 comm="cameraserver" name="name" dev="sysfs" ino=41699 scontext=u:r:cameraserver:s0 tcontext=u:object_r:sysfs:s0 tclass=file denied { search } for pid=757 comm="cameraserver" name="8c0000.qcom,msm-cam" dev="sysfs" ino=19077 scontext=u:r:cameraserver:s0 tcontext=u:object_r:sysfs_camera:s0 tclass=dir Bug: 34784662 Test: The above denials are no longer present during bootup Change-Id: I967ee7c4147eb3328fcbcf524eb6c4759f70c59b
2026-02-01 07:33:36 +00:00 · 2017-02-14 17:51:11 -08:00
parent 1a10f39b90
commit c4bbe07c7a
3 changed files with 5 additions and 0 deletions
--- a/sepolicy/cameraserver.te
+++ b/sepolicy/cameraserver.te
@@ -1,3 +1,6 @@
 allow cameraserver gpu_device:chr_file rw_file_perms;

 set_prop(cameraserver, camera_prop)
+
+allow cameraserver sysfs_camera:file r_file_perms;
+allow cameraserver sysfs_camera:dir search;
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,4 +1,5 @@
 type sysfs_graphics, sysfs_type, fs_type;
+type sysfs_camera, sysfs_type, fs_type;
 type qmuxd_socket, file_type;
 type netmgrd_socket, file_type;
 type thermal_socket, file_type;
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -43,6 +43,7 @@
 /sys/devices/virtual/thermal(/.*)?                                  u:object_r:sysfs_thermal:s0
 /sys/module/msm_thermal(/.*)?                                       u:object_r:sysfs_thermal:s0
 /sys/devices/virtual/graphics/fb([0-2])+/idle_time                  u:object_r:sysfs_graphics:s0
+/sys/devices/soc/8c0000\.qcom,msm-cam(/.*)?                         u:object_r:sysfs_camera:s0

 # files in /system
 /system/bin/init\.power\.sh            u:object_r:init_power_exec:s0