sanders: address camera denials
This commit is contained in:
@@ -1,4 +1,33 @@
|
||||
type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket1";
|
||||
type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket2";
|
||||
allow mm-qcamerad camera_socket:sock_file { create unlink write };
|
||||
|
||||
binder_call(mm-qcamerad, servicemanager);
|
||||
binder_use(mm-qcamerad);
|
||||
binder_call(mm-qcamerad, binderservicedomain);
|
||||
binder_call(mm-qcamerad, appdomain);
|
||||
binder_call(mm-qcamerad, hal_sensors_default);
|
||||
set_prop(mm-qcamerad, camera_prop);
|
||||
|
||||
allow servicemanager mm-qcamerad:dir { search };
|
||||
allow servicemanager mm-qcamerad:file { read open };
|
||||
allow servicemanager mm-qcamerad:process { getattr };
|
||||
|
||||
allow mm-qcamerad camera_data_file:sock_file { create unlink write };
|
||||
allow mm-qcamerad system_server:unix_stream_socket rw_socket_perms;
|
||||
allow mm-qcamerad sensorservice_service:service_manager find;
|
||||
allow mm-qcamerad vendor_camera_data_file:file rw_file_perms;
|
||||
allow mm-qcamerad permission_service:service_manager find;
|
||||
allow mm-qcamerad debug_prop:property_service set;
|
||||
allow mm-qcamerad persist_file:dir search;
|
||||
allow mm-qcamerad persist_file:file { read getattr open };
|
||||
allow mm-qcamerad system_data_file:dir read;
|
||||
|
||||
allow mm-qcamerad init:unix_stream_socket { read write };
|
||||
allow mm-qcamerad sysfs_graphics:file r_file_perms;
|
||||
|
||||
allow mm-qcamerad hal_sensors_default:unix_stream_socket { read write };
|
||||
|
||||
allow mm-qcamerad hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
|
||||
allow mm-qcamerad hal_configstore_default:binder call;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user