sanders: address camera denials
This commit is contained in:
12
sepolicy/hal_camera_default.te
Normal file
12
sepolicy/hal_camera_default.te
Normal file
@@ -0,0 +1,12 @@
|
||||
allow hal_camera_default gpu_device:dir r_dir_perms;
|
||||
allow hal_camera_default gpu_device:file r_file_perms;
|
||||
allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
|
||||
allow hal_camera_default hal_configstore_default:binder call;
|
||||
allow hal_camera_default unlabeled:file {open getattr read };
|
||||
allow hal_camera_default camera_data_file:sock_file write;
|
||||
allow hal_camera_default persist_file:file { rw_file_perms setattr };
|
||||
allow hal_camera_default hal_graphics_allocator_hwservice:hwservice_manager { find };
|
||||
allow hal_camera_default system_server:unix_stream_socket { read write };
|
||||
|
||||
binder_call(hal_camera_default, hal_configstore_default)
|
||||
binder_call(hal_camera_default, hal_graphics_allocator_default)
|
||||
Reference in New Issue
Block a user