MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660-common: sepolicy: Address some camera denials

Browse source 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Co-authored-by: pix106 <sbordenave@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
This commit is contained in:
clarencelol 2022-02-13 20:21:02 +08:00 committed by pix106
parent b6f2052cd7
commit ee42318baf
2 changed files with 28 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
sepolicy/vendor/hal_camera_default.te vendored
View file

@ -2,8 +2,17 @@ hal_client_domain(hal_camera_default, hal_configstore)
hal_client_domain(hal_camera_default, hal_graphics_allocator)
get_prop(hal_camera_default, bootanim_system_prop)
get_prop(hal_camera_default, vendor_camera_prop)
get_prop(hal_camera_default, vendor_system_prop)
get_prop(hal_camera_default, vendor_video_prop)
get_prop(hal_camera_default, persist_camera_prop)
set_prop(hal_camera_default, persist_camera_prop)
allow hal_camera_default sysfs_kgsl:file r_file_perms;
allow hal_camera_default diag_device:chr_file rw_file_perms;
allow hal_camera_default mnt_vendor_file:dir search;
allow hal_camera_default sysfs:file { getattr open read };
allow hal_camera_default self:socket { read write };
r_dir_file(hal_camera_default, sysfs_kgsl)
dontaudit hal_camera_default default_prop:file read;

38
sepolicy/vendor/property_contexts vendored
View file

@ -6,27 +6,25 @@ audio_hal.period_multiplier u:object_r:vendor_default_prop:s0
persist.audio.fluence.voicecomm u:object_r:vendor_default_prop:s0
# Camera
camera.clientname u:object_r:camera_prop:s0
camera.cpp.dumpvideopayload u:object_r:camera_prop:s0
camera.debug. u:object_r:camera_prop:s0
camera.facebeauty.version u:object_r:camera_prop:s0
camera.llvd.preview.disable u:object_r:camera_prop:s0
camera.sensor. u:object_r:camera_prop:s0
camera.test.novtsgsi u:object_r:camera_prop:s0
cameradaemon.SaveMemAtBoot u:object_r:vendor_default_prop:s0
cpp.set.clock u:object_r:vendor_default_prop:s0
disable.cpp.power.collapse u:object_r:vendor_default_prop:s0
persist.camera. u:object_r:vendor_default_prop:s0
persist.camera.debug.logfile u:object_r:persist_camera_prop:s0
persist.vendor.camera. u:object_r:camera_prop:s0
persist.camera.debug. u:object_r:persist_camera_prop:s0
persist.camera.enable.log u:object_r:persist_camera_prop:s0
sys.camera. u:object_r:camera_prop:s0
camera.clientname u:object_r:vendor_camera_prop:s0
camera.cpp.dumpvideopayload u:object_r:vendor_camera_prop:s0
camera.sensor. u:object_r:vendor_camera_prop:s0
cameradaemon.SaveMemAtBoot u:object_r:vendor_camera_prop:s0
cpp.set.clock u:object_r:vendor_camera_prop:s0
disable.cpp.power.collapse u:object_r:vendor_camera_prop:s0
persist.cam.pp.feat.mask u:object_r:vendor_camera_prop:s0
persist.camera. u:object_r:vendor_camera_prop:s0
persist.debug.sf.showfps u:object_r:vendor_camera_prop:s0
persist.partial.skip u:object_r:vendor_camera_prop:s0
persist.vendor.camera. u:object_r:vendor_camera_prop:s0
ro.camera.req.fmq.size u:object_r:vendor_camera_prop:s0
ro.camera.res.fmq.size u:object_r:vendor_camera_prop:s0
ubwc.no.compression u:object_r:vendor_camera_prop:s0
vendor.camera.eis.gyro_name u:object_r:camera_prop:s0
vidc.enc.dcvs.extra-buff-count u:object_r:vendor_default_prop:s0
vendor.camera.cpuperf.en u:object_r:vendor_default_prop:s0
video.disable.ubwc u:object_r:vendor_default_prop:s0
vendor.camera. u:object_r:vendor_camera_prop:s0
vendor.camera.eis.gyro_name u:object_r:vendor_camera_prop:s0
vendor.camera.skip_unconfigure.packagelist u:object_r:vendor_camera_prop:s0
vidc.enc.dcvs.extra-buff-count u:object_r:vendor_camera_prop:s0
video.disable.ubwc u:object_r:vendor_camera_prop:s0
# Dirac
persist.audio.dirac. u:object_r:dirac_prop:s0