Allow system_server to communicate with virtual_camera
and consitently name service and process as "virtual_camera" (with
underscore)
Test: Cts VirtalCameraTest
Bug: 270352264
Change-Id: I2c6c0c03aab47aa1795cbda19af25e6661a0bf4a
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index f336924..b84c5fa 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -464,7 +464,7 @@
"vibrator_manager": EXCEPTION_NO_FUZZER,
"virtualdevice": EXCEPTION_NO_FUZZER,
"virtualdevice_native": EXCEPTION_NO_FUZZER,
- "virtual_camera_service": EXCEPTION_NO_FUZZER,
+ "virtual_camera": EXCEPTION_NO_FUZZER,
"virtual_touchpad": EXCEPTION_NO_FUZZER,
"voiceinteraction": EXCEPTION_NO_FUZZER,
"vold": []string{"vold_native_service_fuzzer"},
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 74701df..26cff1f 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -172,7 +172,6 @@
user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
user=system seinfo=platform domain=system_app type=system_app_data_file
user=system seinfo=platform isPrivApp=true name=com.android.DeviceAsWebcam domain=device_as_webcam type=system_app_data_file levelFrom=all
-user=system seinfo=platform isPrivApp=true name=com.android.virtualcamera domain=virtual_camera type=app_data_file levelFrom=all
user=bluetooth seinfo=bluetooth domain=bluetooth type=bluetooth_data_file
user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
user=nfc seinfo=platform domain=nfc type=nfc_data_file
diff --git a/private/service_contexts b/private/service_contexts
index 898cb14..a803d51 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -438,6 +438,7 @@
vibrator u:object_r:vibrator_service:s0
vibrator_control u:object_r:vibrator_control_service:s0
vibrator_manager u:object_r:vibrator_manager_service:s0
+virtual_camera u:object_r:virtual_camera_service:s0
virtualdevice u:object_r:virtual_device_service:s0
virtualdevice_native u:object_r:virtual_device_native_service:s0
virtual_touchpad u:object_r:virtual_touchpad_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index 97e64af..2a9da11 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -298,6 +298,7 @@
binder_call(system_server, statsd)
binder_call(system_server, storaged)
binder_call(system_server, update_engine)
+binder_call(system_server, virtual_camera)
binder_call(system_server, vold)
binder_call(system_server, logd)
binder_call(system_server, wificond)
diff --git a/private/virtual_camera.te b/private/virtual_camera.te
index 765a59f..c6a1abb 100644
--- a/private/virtual_camera.te
+++ b/private/virtual_camera.te
@@ -9,6 +9,8 @@
# hal_server_domain(virtual_camera, hal_camera) macro but only the rules that
# we actually need from halserverdomain and hal_camera_server:
binder_use(virtual_camera)
+binder_call(virtual_camera, cameraserver)
+binder_call(virtual_camera, system_server)
# Allow virtual_camera to use fd from apps
allow virtual_camera { appdomain -isolated_app }:fd use;