FP6: sepolicy: Import camera related rules from device/qcom/sepolicy_vndr (3498ad1c) · Commits · e / devices / android_device_fairphone_FP6

sepolicy/vendor/algoservice.te

0 → 100644

+56 −0

Original line number	Diff line number	Diff line
		type hal_algoservice_default, domain;
		type hal_algoservice_default_exec, exec_type, vendor_file_type, file_type;

		add_service(hal_algoservice_default, vendor_tct_camera_algo_service)
		init_daemon_domain(hal_algoservice_default)
		binder_use(hal_algoservice_default)

		allow hal_algoservice_default hwservicemanager_prop:file {read open getattr map};
		allow hal_algoservice_default priv_app:binder { call transfer };
		allow hal_algoservice_default platform_app:binder { call transfer };
		allow hal_algoservice_default fwk_camera_hwservice:hwservice_manager find;
		allow hal_algoservice_default fwk_sensor_hwservice:hwservice_manager find;
		allow hal_algoservice_default cameraserver_service:service_manager find;
		allow hal_algoservice_default fwk_camera_service:service_manager find;
		#allow hal_algoservice_default hal_graphics_mapper_hwservice:hwservice_manager find;
		hal_client_domain(hal_algoservice_default, hal_graphics_allocator)

		allow hal_algoservice_default gpu_device:dir search;
		allow hal_algoservice_default gpu_device:chr_file rw_file_perms;
		allow hal_algoservice_default ion_device:chr_file r_file_perms;
		allow hal_algoservice_default dmabuf_system_heap_device:chr_file r_file_perms;

		allow hal_algoservice_default vendor_camera_dump_file:dir create_dir_perms;
		allow hal_algoservice_default vendor_camera_dump_file:file create_file_perms;

		allow hal_algoservice_default vendor_camera_data_file:dir create_dir_perms;
		allow hal_algoservice_default vendor_camera_data_file:file create_file_perms;
		allow hal_algoservice_default vendor_camera_data_file:dir search;

		#allow hal_algoservice_default proc_ged:file r_file_perms;
		#allowxperm hal_algoservice_default proc_ged:file ioctl { proc_ged_ioctls };
		#allow hal_algoservice_default debugfs_ion:dir search;

		get_prop(hal_algoservice_default, vendor_default_prop)
		get_prop(hal_algoservice_default, camera_config_prop)
		get_prop(hal_algoservice_default, vendor_camera_prop)
		get_prop(hal_algoservice_default, vendor_fp_prop)
		set_prop(hal_algoservice_default, vendor_camera_prop)

		binder_call(hal_algoservice_default, system_server)
		binder_call(hal_algoservice_default, cameraserver)

		# SOCAOSP13-7770, -m CtsSecurityHostTestCases -t android.security.cts.SELinuxHostTest#testNoBugreportDenials
		allow dumpstate hal_algoservice_default:binder call;

		# camerapostproc service
		hal_client_domain(hal_algoservice_default, hal_ispenc);

		# ADSP access
		allow hal_algoservice_default vendor_xdsp_device:chr_file { r_file_perms };
		r_dir_file(hal_algoservice_default, adsprpcd_file);
		get_prop(hal_algoservice_default, vendor_adsprpc_prop)
		allow hal_algoservice_default vendor_hal_dspmanager_hwservice:hwservice_manager find;
		hal_client_domain(hal_algoservice_default, vendor_hal_dspmanager)
		allow hal_algoservice_default vendor_hal_qspmhal_service:service_manager find;
		hal_client_domain(hal_algoservice_default, vendor_hal_qspmhal)

sepolicy/vendor/attributes

0 → 100644

+4 −0

Original line number	Diff line number	Diff line
		# camerapostproc service
		attribute hal_ispenc;
		attribute hal_ispenc_client;
		attribute hal_ispenc_server;

sepolicy/vendor/cameraserver.te

0 → 100644

+2 −0

Original line number	Diff line number	Diff line
		allow cameraserver vendor_tct_camera_algo_service:service_manager find;
		binder_call(cameraserver, hal_algoservice_default)

sepolicy/vendor/file.te

+1 −0

Original line number	Diff line number	Diff line
		# Camera
		type persist_camera_file, file_type;
		type vendor_camera_dump_file, file_type, data_file_type;
		type fp_mmitest_sysfs, fs_type, sysfs_type;

		# Emkit
		type vendor_sysfs_emkit, fs_type, sysfs_type;

sepolicy/vendor/file_contexts

+21 −0

Original line number	Diff line number	Diff line
		@@ -8,6 +8,27 @@
		/sys/devices/virtual/deviceinfo/device_info/CamOTPB u:object_r:vendor_sysfs_camera:s0
		/sys/devices/virtual/deviceinfo/device_info/CamOTPF u:object_r:vendor_sysfs_camera:s0
		/sys/devices/virtual/deviceinfo/device_info/CamOTPB2 u:object_r:vendor_sysfs_camera:s0
		/sys/devices/virtual/deviceinfo/device_info/CamNameB u:object_r:fp_mmitest_sysfs:s0
		/sys/devices/virtual/deviceinfo/device_info/CamNameB2 u:object_r:fp_mmitest_sysfs:s0
		/sys/devices/virtual/deviceinfo/device_info/CamNameF u:object_r:fp_mmitest_sysfs:s0
		/sys/class/debug_ois/accgain u:object_r:fp_mmitest_sysfs:s0
		/sys/class/debug_ois/afdrift u:object_r:fp_mmitest_sysfs:s0
		/sys/class/debug_ois/oisops u:object_r:fp_mmitest_sysfs:s0
		/sys/class/debug_ois/oisreg u:object_r:fp_mmitest_sysfs:s0
		/(vendor\|system/vendor)/bin/hw/cameraalgoservice u:object_r:hal_algoservice_default_exec:s0
		/vendor/lib(64)?/libTclImage_ImageEngine\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libc\+\+_shared\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libtcl_dualcam_calibration\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libtcl_dualcam_salecalibration\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libgesture_interface\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libtcl(.*)\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libTcl(.*)\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libTctWaterMark\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libfacepose\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libmace\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libopencv_(.*)\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/libMNN\.so u:object_r:same_process_hal_file:s0
		/vendor/lib(64)?/vendor.qti.hardware.camera.postproc@1.0\.so u:object_r:same_process_hal_file:s0

		# Fingerprint
		/data/vendor/focaltech(/.*)? u:object_r:fingerprint_data_file:s0