hal_camera.te revision d7f901b58dd1ea1eb370c1a0f41f3834a87dc6f1
1# communicate with perfd 2dontaudit hal_camera perfd:unix_stream_socket connectto; 3dontaudit hal_camera perfd_socket:sock_file write; 4dontaudit hal_camera perfd_socket:sock_file w_file_perms; 5 6allow hal_camera self:capability sys_nice; 7 8allow hal_camera gpu_device:chr_file rw_file_perms; 9 10# access to /dev/input/event{5,10} 11allow hal_camera input_device:dir r_dir_perms; 12allow hal_camera input_device:chr_file r_file_perms; 13 14set_prop(hal_camera, camera_prop) 15 16#allow hal_camera sysfs_enable_ps_sensor:file w_file_perms; 17r_dir_file(hal_camera, sysfs_type) 18# find libraries 19allow hal_camera system_file:dir r_dir_perms; 20 21allow hal_camera qdisplay_service:service_manager find; 22 23# talk to system_server 24 25allow hal_camera system_server:unix_stream_socket { read write }; 26 27allow hal_camera self:socket { create ioctl read write }; 28 29# Grant access to Qualcomm MSM Interface (QMI) radio sockets 30# qmux_socket(hal_camera) 31 32# allow hal_camera to call some socket ioctls 33allowxperm hal_camera self:socket ioctl { IPC_ROUTER_IOCTL_LOOKUP_SERVER IPC_ROUTER_IOCTL_BIND_CONTROL_PORT }; 34 35# ignore spurious denial 36dontaudit hal_camera graphics_device:dir search; 37 38userdebug_or_eng(` 39 allow hal_camera diag_device:chr_file rw_file_perms; 40') 41 42# access easel dev nodes 43allow hal_camera easel_device:chr_file { read write ioctl open getattr }; 44allow hal_camera sysfs_easel:file rw_file_perms; 45 46# access hexagon 47allow hal_camera qdsp_device:chr_file r_file_perms; 48