mirror of
https://github.com/S3NEO/android_device_samsung_msm8226-common.git
synced 2024-11-06 21:55:45 +00:00
added new sepolicy for camera
This commit is contained in:
Leonardo Meitz
PythonLimited
parent
d5ceb98a11
commit
c61e923d6e
3 changed files with 98 additions and 0 deletions
37
sepolicy/camera.te
Normal file
37
sepolicy/camera.te
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
# Qualcomm MSM camera
|
||||
type camera, domain;
|
||||
type camera_exec, exec_type, file_type;
|
||||
|
||||
# Started by init
|
||||
init_daemon_domain(camera)
|
||||
|
||||
allow camera self:process execmem;
|
||||
|
||||
allow camera camera_device:dir search;
|
||||
allow camera { video_device camera_device }:chr_file rw_file_perms;
|
||||
allow camera { surfaceflinger mediaserver }:fd use;
|
||||
|
||||
# Create /data/cam_socket0 as camera_socket
|
||||
type_transition camera system_data_file:sock_file camera_socket "cam_socket0";
|
||||
type_transition camera system_data_file:sock_file camera_socket "cam_socket1";
|
||||
allow camera camera_socket:sock_file { create unlink };
|
||||
allow camera system_data_file:dir remove_name;
|
||||
allow camera system_data_file:sock_file unlink;
|
||||
|
||||
# All others under /data get camera_data_file
|
||||
file_type_auto_trans(camera, system_data_file, camera_data_file);
|
||||
allow camera camera_data_file:dir { write add_name };
|
||||
allow camera camera_data_file:file create_file_perms;
|
||||
|
||||
# Connect to /data/app/sensor_ctl_socket
|
||||
unix_socket_connect(camera, sensors, sensors)
|
||||
allow camera sensors_socket:sock_file read;
|
||||
|
||||
allow camera devpts:chr_file { read write getattr };
|
||||
allow camera device:chr_file { read write ioctl open };
|
||||
allow camera mpdecision:unix_stream_socket connectto;
|
||||
allow camera servicemanager:binder call;
|
||||
allow camera socket_device:sock_file write;
|
||||
allow camera system:binder call;
|
||||
allow camera system:unix_stream_socket { read write setopt };
|
||||
allow camera system_data_file:file { open write };
|
||||
6
sepolicy/libqc-opt.te
Normal file
6
sepolicy/libqc-opt.te
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
type libqc-opt, domain;
|
||||
|
||||
# Set sys.media.vdec.sw value
|
||||
allow init_shell performance_prop:property_service set;
|
||||
allow libqc-opt performance_prop:property_service set;
|
||||
allow zygote performance_prop:property_service set;
|
||||
55
sepolicy/qcom.te
Normal file
55
sepolicy/qcom.te
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
# Qcom init scripts
|
||||
|
||||
allow rootfs shell_exec:file rx_file_perms;
|
||||
allow init_shell ctl_default_prop:property_service set;
|
||||
allow init_shell default_prop:property_service set;
|
||||
allow init_shell graphics_device:dir w_dir_perms;
|
||||
allow init_shell graphics_device:lnk_file create_file_perms;
|
||||
allow init_shell radio_efs_file:dir r_dir_perms;
|
||||
allow init_shell radio_efs_file:file x_file_perms;
|
||||
allow init_shell rootfs:file r_file_perms;
|
||||
allow init_shell self:capability { fowner chown fsetid };
|
||||
allow init_shell sysfs:file create_file_perms;
|
||||
allow init_shell system_prop:property_service set;
|
||||
allow init_shell tmpfs:chr_file r_file_perms;
|
||||
allow init_shell system_file:lnk_file getattr;
|
||||
allow init_shell tmpfs:chr_file w_file_perms;
|
||||
allow init_shell kernel:process setsched;
|
||||
allow init_shell labeledfs:filesystem remount;
|
||||
allow init_shell system_file:file { write create };
|
||||
allow init_shell system_file:lnk_file create;
|
||||
allow init_shell system_file:dir w_dir_perms;
|
||||
allow init_shell cache_file:file { write lock open setattr };
|
||||
allow init_shell dhcp_data_file:dir { read write open remove_name };
|
||||
allow init_shell dhcp_data_file:file unlink;
|
||||
allow init_shell proc:file write;
|
||||
allow init_shell self:capability { net_admin dac_override };
|
||||
allow init_shell sensors_data_file:dir { getattr setattr };
|
||||
allow init_shell sensors_data_file:file { write getattr setattr };
|
||||
allow init_shell system_data_file:dir setattr;
|
||||
allow init_shell tmpfs:file execute;
|
||||
allow init_shell wifi_data_file:file { read getattr open };
|
||||
|
||||
# pds backup and restorecon
|
||||
allow shell camera_data_file:dir getattr;
|
||||
allow shell pds_file:dir { read search open getattr };
|
||||
allow shell pds_file:file getattr;
|
||||
allow init_shell pds_file:file { read open };
|
||||
allow init_shell pds_file:dir getattr;
|
||||
allow pds_file rootfs:filesystem associate;
|
||||
|
||||
allow init_shell block_device:blk_file { read open };
|
||||
allow init_shell device:chr_file { getattr setattr write open };
|
||||
allow init_shell device:dir { write read open add_name };
|
||||
allow init_shell device:lnk_file create;
|
||||
allow init_shell self:capability sys_module;
|
||||
allow init_shell sensors_device:chr_file getattr;
|
||||
allow init_shell kernel:system syslog_mod;
|
||||
allow init_shell self:capability2 syslog;
|
||||
allow persist_file rootfs:filesystem associate;
|
||||
allow init_shell persist_file:dir { getattr write remove_name read add_name open };
|
||||
allow init_shell persist_file:lnk_file { read create getattr unlink };
|
||||
allow init_shell persist_wifi_file:file getattr;
|
||||
allow init_shell persist_wifi_file:lnk_file unlink;
|
||||
allow init_shell diagnostic_device:chr_file { read write };
|
||||
allow init_shell init:fifo_file { read ioctl getattr };
|
||||
Loading…
Reference in a new issue