android_device_samsung_msm8.../sepolicy/common/mm-qcamerad.te

type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket3";

# Allow mm-qcamera-daemon to create and unlink the socket camera_socket
allow mm-qcamerad system_data_file:dir w_dir_perms;
allow mm-qcamerad system_data_file:sock_file unlink;

allow mm-qcamerad sysfs_camera:dir search;
allow mm-qcamerad sysfs_camera:file rw_file_perms;
allow mm-qcamerad vendor_file:file execmod;
msm8974-common: sepolicy: Import common sepolicy from klte-common * The bulk of the device family policy was common and applicable to all Samsung msm8974-devices. Move that common stuff here to ease maintenance. Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8 2018-02-03 22:04:39 +00:00			`type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket3";`

[SQUASH]: initial bringup of samsung msm8226-common repo from msm8974-common * Rename msm8974-common -> msm8226-common * Import the old msm8226-common camera wrapper and apply : - https://github.com/LineageOS/android_device_samsung_klte-common/commit/45e3438b260dba2d08ad9a83ea95fa27595c8f8a#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/737bd8c3960c43ab846a3320856d966a02dea898#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/a79e72b246801dbd8cf031361834965d17ab1a01#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/d4dadbaff0acc18a5482325e148f7581b0118845#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/c2eb30c314e45e7f244f131d5483148ee8f1e22d#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/9ac995b9019be031468f857e795b6bd0b6ae24b4#diff-dd6d2dcc679d12b9430a9787bab45b33 * Remove msm8974 keylayout in favour of msm8226 ones * Add wifi/prima relate configs for Qualcomm WIFI * Import libwncss from our old msm8226-common branch * Remove AvancedDisplay overlay as our panel does not support mDNIe * Import rootdir files from stock SM-G800H release, rework it taking as example klte one and import stock ondemand governor parameters * Adapt seccomp policy for msm8226 * Adapt sensor multihal for msm8226 * Adapt sepolicy for msm8226-common 2019-10-07 08:07:36 +00:00			`# Allow mm-qcamera-daemon to create and unlink the socket camera_socket`
msm8974-common: sepolicy: Import common sepolicy from klte-common * The bulk of the device family policy was common and applicable to all Samsung msm8974-devices. Move that common stuff here to ease maintenance. Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8 2018-02-03 22:04:39 +00:00			`allow mm-qcamerad system_data_file:dir w_dir_perms;`
[SQUASH]: initial bringup of samsung msm8226-common repo from msm8974-common * Rename msm8974-common -> msm8226-common * Import the old msm8226-common camera wrapper and apply : - https://github.com/LineageOS/android_device_samsung_klte-common/commit/45e3438b260dba2d08ad9a83ea95fa27595c8f8a#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/737bd8c3960c43ab846a3320856d966a02dea898#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/a79e72b246801dbd8cf031361834965d17ab1a01#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/d4dadbaff0acc18a5482325e148f7581b0118845#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/c2eb30c314e45e7f244f131d5483148ee8f1e22d#diff-dd6d2dcc679d12b9430a9787bab45b33 - https://github.com/LineageOS/android_device_samsung_klte-common/commit/9ac995b9019be031468f857e795b6bd0b6ae24b4#diff-dd6d2dcc679d12b9430a9787bab45b33 * Remove msm8974 keylayout in favour of msm8226 ones * Add wifi/prima relate configs for Qualcomm WIFI * Import libwncss from our old msm8226-common branch * Remove AvancedDisplay overlay as our panel does not support mDNIe * Import rootdir files from stock SM-G800H release, rework it taking as example klte one and import stock ondemand governor parameters * Adapt seccomp policy for msm8226 * Adapt sensor multihal for msm8226 * Adapt sepolicy for msm8226-common 2019-10-07 08:07:36 +00:00			`allow mm-qcamerad system_data_file:sock_file unlink;`
msm8974-common: sepolicy: Import common sepolicy from klte-common * The bulk of the device family policy was common and applicable to all Samsung msm8974-devices. Move that common stuff here to ease maintenance. Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8 2018-02-03 22:04:39 +00:00
msm8974-common: sepolicy: Resolve misc denials avc: denied { chown } for capability=0 scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0 avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider pid=1315 scontext=u:r:mediaserver:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager permissive=0 avc: denied { getattr } for pid=1940 comm="mount.ntfs" path="/dev/block/mmcblk0p23" dev="tmpfs" ino=6957 scontext=u:r:vold:s0 tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0 avc: denied { read write } for pid=1370 comm="mm-qcamera-daem" name="rear_corever" dev="sysfs" ino=24696 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 avc: denied { search } for pid=561 comm="mm-qcamera-daem" name="camera" dev="sysfs" ino=24680 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs_camera:s0 tclass=dir permissive=0 avc: denied { getattr } for pid=1950 comm="mount.ntfs" path="/dev/block/mmcblk0p24" dev="tmpfs" ino=8134 scontext=u:r:vold:s0 tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0 avc: denied { getattr } for pid=1926 comm="fsck.ntfs" path="/dev/block" dev="tmpfs" ino=6956 scontext=u:r:fsck_untrusted:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0 avc: denied { getattr } for pid=1948 comm="mount.ntfs" path="/dev/block/mmcblk0p12" dev="tmpfs" ino=8090 scontext=u:r:vold:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=0 avc: denied { read } for pid=339 comm="mediaserver" name="rear_camfw_load" dev="sysfs" ino=24694 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_camera:s0 tclass=file permissive=0 Change-Id: Ieb941d135d9f245f4a2bb9abb78e1b84bbef4b38 2018-03-26 12:37:07 +00:00			`allow mm-qcamerad sysfs_camera:dir search;`
			`allow mm-qcamerad sysfs_camera:file rw_file_perms;`
msm8974-common: sepolicy: Import common sepolicy from klte-common * The bulk of the device family policy was common and applicable to all Samsung msm8974-devices. Move that common stuff here to ease maintenance. Change-Id: I86516adfb1b9c55a6959a7faf4ee424a4b3385c8 2018-02-03 22:04:39 +00:00			`allow mm-qcamerad vendor_file:file execmod;`