Camera: allow various FD usage for hal_camera The camera HAL1 will need to pass/receive FD from various related processes (app/surfaceflinger/medaiserver) Change-Id: Ia6a6efdddc6e3e92c71211bd28a83eaf2ebd1948

commit: 2dc4d1cc1c99f9dbcec7c4870ccbf6cd1090a8c8 [log] [tgz]
author: Yin-Chia Yeh <yinchiayeh@google.com> Thu Feb 23 17:48:50 2017 -0800
committer: Yin-Chia Yeh <yinchiayeh@google.com> Thu Feb 23 18:14:31 2017 -0800
tree: 56644abd8e08a9ac8034a96eea91b64ad357e580
parent: ebbbe6dd36c69e366fb8fabaff272c2863d4b3dd [diff] [blame]
diff --git a/public/hal_camera.te b/public/hal_camera.te
index d9386fd..e40a39b 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te

@@ -13,8 +13,11 @@
 # Both the client and the server need to use the graphics allocator
 allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;
 
-# Allow hal_camera to use fence FD from surface owned by application
-allow hal_camera appdomain:fd use;
+# Allow fd to be passed between hal_camera related processes
+allow hal_camera { appdomain -isolated_app }:fd use;
+allow { appdomain -isolated_app } hal_camera:fd use;
+allow hal_camera surfaceflinger:fd use;
+allow mediaserver hal_camera:fd use;
 
 ###
 ### neverallow rules
commit	2dc4d1cc1c99f9dbcec7c4870ccbf6cd1090a8c8	[log] [tgz]
author	Yin-Chia Yeh <yinchiayeh@google.com>	Thu Feb 23 17:48:50 2017 -0800
committer	Yin-Chia Yeh <yinchiayeh@google.com>	Thu Feb 23 18:14:31 2017 -0800
tree	56644abd8e08a9ac8034a96eea91b64ad357e580
parent	ebbbe6dd36c69e366fb8fabaff272c2863d4b3dd [diff] [blame]