sanders: address camera denials

2018-06-07 13:13:14 +02:00
parent ca47b272ab
commit 5541f10f9b
6 changed files with 162 additions and 6 deletions
--- a/sepolicy/hal_camera_default.te
+++ b/sepolicy/hal_camera_default.te
@@ -0,0 +1,12 @@
+allow hal_camera_default gpu_device:dir r_dir_perms;
+allow hal_camera_default gpu_device:file r_file_perms;
+allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
+allow hal_camera_default hal_configstore_default:binder call;
+allow hal_camera_default unlabeled:file {open getattr read };
+allow hal_camera_default camera_data_file:sock_file write;
+allow hal_camera_default persist_file:file { rw_file_perms setattr };
+allow hal_camera_default hal_graphics_allocator_hwservice:hwservice_manager { find };
+allow hal_camera_default system_server:unix_stream_socket { read write };
+
+binder_call(hal_camera_default, hal_configstore_default)
+binder_call(hal_camera_default, hal_graphics_allocator_default)