sdm660-common: sepolicy: Address some camera denials

Signed-off-by: clarencelol <clarencekuiek@icloud.com> Co-authored-by: pix106 <sbordenave@gmail.com> Signed-off-by: pix106 <sbordenave@gmail.com>
2022-02-13 20:21:02 +08:00 · 2022-02-13 20:21:02 +08:00 · ee42318baf
commit ee42318baf
parent b6f2052cd7
2 changed files with 28 additions and 21 deletions
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@ -2,8 +2,17 @@ hal_client_domain(hal_camera_default, hal_configstore)
 hal_client_domain(hal_camera_default, hal_graphics_allocator)
 get_prop(hal_camera_default, bootanim_system_prop)
 get_prop(hal_camera_default, vendor_camera_prop)
 get_prop(hal_camera_default, vendor_system_prop)
 get_prop(hal_camera_default, vendor_video_prop)
 get_prop(hal_camera_default, persist_camera_prop)
 set_prop(hal_camera_default, persist_camera_prop)
 allow hal_camera_default sysfs_kgsl:file r_file_perms;
 allow hal_camera_default diag_device:chr_file rw_file_perms;
 allow hal_camera_default mnt_vendor_file:dir search;
 allow hal_camera_default sysfs:file { getattr open read };
 allow hal_camera_default self:socket { read write };
 r_dir_file(hal_camera_default, sysfs_kgsl)
 dontaudit hal_camera_default default_prop:file read;
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@ -6,27 +6,25 @@ audio_hal.period_multiplier             u:object_r:vendor_default_prop:s0
 persist.audio.fluence.voicecomm         u:object_r:vendor_default_prop:s0
 # Camera
-camera.clientname                       u:object_r:camera_prop:s0
+camera.clientname                           u:object_r:vendor_camera_prop:s0
-camera.cpp.dumpvideopayload             u:object_r:camera_prop:s0
+camera.cpp.dumpvideopayload                 u:object_r:vendor_camera_prop:s0
-camera.debug.                           u:object_r:camera_prop:s0
+camera.sensor.                              u:object_r:vendor_camera_prop:s0
-camera.facebeauty.version               u:object_r:camera_prop:s0
+cameradaemon.SaveMemAtBoot                  u:object_r:vendor_camera_prop:s0
-camera.llvd.preview.disable             u:object_r:camera_prop:s0
+cpp.set.clock                               u:object_r:vendor_camera_prop:s0
-camera.sensor.                          u:object_r:camera_prop:s0
+disable.cpp.power.collapse                  u:object_r:vendor_camera_prop:s0
-camera.test.novtsgsi                    u:object_r:camera_prop:s0
+persist.cam.pp.feat.mask                    u:object_r:vendor_camera_prop:s0
-cameradaemon.SaveMemAtBoot              u:object_r:vendor_default_prop:s0
+persist.camera.                             u:object_r:vendor_camera_prop:s0
-cpp.set.clock                           u:object_r:vendor_default_prop:s0
+persist.debug.sf.showfps                    u:object_r:vendor_camera_prop:s0
-disable.cpp.power.collapse              u:object_r:vendor_default_prop:s0
+persist.partial.skip                        u:object_r:vendor_camera_prop:s0
-persist.camera.                         u:object_r:vendor_default_prop:s0
+persist.vendor.camera.                      u:object_r:vendor_camera_prop:s0
-persist.camera.debug.logfile            u:object_r:persist_camera_prop:s0
+ro.camera.req.fmq.size                      u:object_r:vendor_camera_prop:s0
-persist.vendor.camera.                  u:object_r:camera_prop:s0
+ro.camera.res.fmq.size                      u:object_r:vendor_camera_prop:s0
-persist.camera.debug.                   u:object_r:persist_camera_prop:s0
+ubwc.no.compression                         u:object_r:vendor_camera_prop:s0
-persist.camera.enable.log               u:object_r:persist_camera_prop:s0
+vendor.camera.                              u:object_r:vendor_camera_prop:s0
-sys.camera.                             u:object_r:camera_prop:s0
+vendor.camera.eis.gyro_name                 u:object_r:vendor_camera_prop:s0
-ubwc.no.compression                     u:object_r:vendor_camera_prop:s0
+vendor.camera.skip_unconfigure.packagelist  u:object_r:vendor_camera_prop:s0
-vendor.camera.eis.gyro_name             u:object_r:camera_prop:s0
+vidc.enc.dcvs.extra-buff-count              u:object_r:vendor_camera_prop:s0
-vidc.enc.dcvs.extra-buff-count          u:object_r:vendor_default_prop:s0
+video.disable.ubwc                          u:object_r:vendor_camera_prop:s0
 vendor.camera.cpuperf.en                u:object_r:vendor_default_prop:s0
 video.disable.ubwc                      u:object_r:vendor_default_prop:s0
 # Dirac
 persist.audio.dirac.                    u:object_r:dirac_prop:s0