81083ebf5c
Removed from system_sepolicy, but still needed by our old camera stack.
Solves the following denials.
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0
denied { search } for pid=717 comm="CAM_AECAWB" name="camera" dev="sda17" ino=3121215 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:camera_data_file:s0 tclass=dir permissive=0
Change-Id: I497bade68e6a5b2f60cd8ec90a97a81986d971af
Signed-off-by: Hadad <repo-sync@outlook.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
22 lines
999 B
Text
22 lines
999 B
Text
hal_client_domain(hal_camera_default, hal_configstore)
|
|
hal_client_domain(hal_camera_default, hal_graphics_allocator)
|
|
get_prop(hal_camera_default, bootanim_system_prop)
|
|
get_prop(hal_camera_default, hal_camera_prop)
|
|
get_prop(hal_camera_default, vendor_camera_prop)
|
|
set_prop(hal_camera_default, vendor_camera_prop)
|
|
get_prop(hal_camera_default, vendor_system_prop)
|
|
get_prop(hal_camera_default, vendor_video_prop)
|
|
|
|
allow hal_camera_default sysfs_kgsl:file r_file_perms;
|
|
allow hal_camera_default diag_device:chr_file rw_file_perms;
|
|
allow hal_camera_default mnt_vendor_file:dir search;
|
|
allow hal_camera_default sysfs:file { getattr open read };
|
|
allow hal_camera_default self:socket { read write };
|
|
|
|
r_dir_file(hal_camera_default, sysfs_kgsl)
|
|
|
|
typeattribute hal_camera_default data_between_core_and_vendor_violators;
|
|
|
|
allow hal_camera_default camera_data_file:sock_file write;
|
|
allow hal_camera_default camera_data_file:dir create_dir_perms;
|
|
allow hal_camera_default camera_data_file:file create_file_perms;
|