hal_camera.te revision d7f901b58dd1ea1eb370c1a0f41f3834a87dc6f1 
1# communicate with perfd
2dontaudit hal_camera perfd:unix_stream_socket connectto;
3dontaudit hal_camera perfd_socket:sock_file write;
4dontaudit hal_camera perfd_socket:sock_file w_file_perms;
5
6allow hal_camera self:capability sys_nice;
7
8allow hal_camera gpu_device:chr_file rw_file_perms;
9
10# access to /dev/input/event{5,10}
11allow hal_camera input_device:dir r_dir_perms;
12allow hal_camera input_device:chr_file r_file_perms;
13
14set_prop(hal_camera, camera_prop)
15
16#allow hal_camera sysfs_enable_ps_sensor:file w_file_perms;
17r_dir_file(hal_camera, sysfs_type)
18# find libraries
19allow hal_camera system_file:dir r_dir_perms;
20
21allow hal_camera qdisplay_service:service_manager find;
22
23# talk to system_server
24
25allow hal_camera system_server:unix_stream_socket { read write };
26
27allow hal_camera self:socket { create ioctl read write };
28
29# Grant access to Qualcomm MSM Interface (QMI) radio sockets
30# qmux_socket(hal_camera)
31
32# allow hal_camera to call some socket ioctls
33allowxperm hal_camera self:socket ioctl { IPC_ROUTER_IOCTL_LOOKUP_SERVER IPC_ROUTER_IOCTL_BIND_CONTROL_PORT };
34
35# ignore spurious denial
36dontaudit hal_camera graphics_device:dir search;
37
38userdebug_or_eng(`
39  allow hal_camera diag_device:chr_file rw_file_perms;
40')
41
42# access easel dev nodes
43allow hal_camera easel_device:chr_file { read write ioctl open getattr };
44allow hal_camera sysfs_easel:file rw_file_perms;
45
46# access hexagon
47allow hal_camera qdsp_device:chr_file r_file_perms;
48