Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 5d6b66c8eaa042b596d1b4276cde142bdea355e7^! / . / private
commit5d6b66c8eaa042b596d1b4276cde142bdea355e7[log] [tgz]
authorJán Sebechlebský <jsebechlebsky@google.com>Mon Nov 20 09:39:22 2023 +0000
committerJan Sebechlebsky <jsebechlebsky@google.com>Mon Nov 20 10:42:11 2023 +0100
treea8bbd3ee08625e895480dbd30af7581f1dc6bd0f
parent9449a6f2efe81aa7535eb8f3660e0aa7076ecd0f [diff]
Revert^2 "Allow system_server to communicate with virtual_camera"

This reverts commit 76a62dfb3ec6108e53e3a1a84a4d228911114017.

Reason for revert: Relanding with virtual_camera flag disabled to prevent test failures before rc entry is added for the service (which needs to be done after this cl is submitted to prevent boot test failing due to selinux denials).

Test: https://android-build.corp.google.com/builds/abtd/run/L11500030000350228
Change-Id: Ie621f89610b173918bb4c0b6eb1f35547f56f6b7

diff --git a/private/seapp_contexts b/private/seapp_contexts
index 9a76f69..957d005 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts

@@ -182,7 +182,6 @@
 user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
 user=system seinfo=platform domain=system_app type=system_app_data_file
 user=system seinfo=platform isPrivApp=true name=com.android.DeviceAsWebcam domain=device_as_webcam type=system_app_data_file levelFrom=all
-user=system seinfo=platform isPrivApp=true name=com.android.virtualcamera domain=virtual_camera type=app_data_file levelFrom=all
 user=bluetooth seinfo=bluetooth domain=bluetooth type=bluetooth_data_file
 user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
 user=nfc seinfo=platform domain=nfc type=nfc_data_file

diff --git a/private/service_contexts b/private/service_contexts
index 898cb14..a803d51 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -438,6 +438,7 @@
 vibrator                                  u:object_r:vibrator_service:s0
 vibrator_control               	  	  u:object_r:vibrator_control_service:s0
 vibrator_manager                          u:object_r:vibrator_manager_service:s0
+virtual_camera                            u:object_r:virtual_camera_service:s0
 virtualdevice                             u:object_r:virtual_device_service:s0
 virtualdevice_native                      u:object_r:virtual_device_native_service:s0
 virtual_touchpad                          u:object_r:virtual_touchpad_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index 97e64af..2a9da11 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -298,6 +298,7 @@
 binder_call(system_server, statsd)
 binder_call(system_server, storaged)
 binder_call(system_server, update_engine)
+binder_call(system_server, virtual_camera)
 binder_call(system_server, vold)
 binder_call(system_server, logd)
 binder_call(system_server, wificond)

diff --git a/private/virtual_camera.te b/private/virtual_camera.te
index 765a59f..c6a1abb 100644
--- a/private/virtual_camera.te
+++ b/private/virtual_camera.te

@@ -9,6 +9,8 @@
 # hal_server_domain(virtual_camera, hal_camera) macro but only the rules that
 # we actually need from halserverdomain and hal_camera_server:
 binder_use(virtual_camera)
+binder_call(virtual_camera, cameraserver)
+binder_call(virtual_camera, system_server)
 
 # Allow virtual_camera to use fd from apps
 allow virtual_camera { appdomain -isolated_app }:fd use;