Expose virtual_camera types
virtual_camera uses GPU to render data into a surface and requries
access to some GPU sysfs node.
Since vendor defines their own sysfs node with a label different from
the one in AOSP, we need to expose the virtual_camera domain in the
public policy to allow vendor to extend the rules (similar to
cameraserver)
Bug: 356832676
Change-Id: I615f800cbd0d177d67780894d7835018387a4891
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 6874821..3706705 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -14,4 +14,6 @@
proc_compaction_proactiveness
proc_cgroups
sysfs_udc
+ virtual_camera
+ virtual_camera_exec
))
diff --git a/private/virtual_camera.te b/private/virtual_camera.te
index 0faf0c5..a0fb3d8 100644
--- a/private/virtual_camera.te
+++ b/private/virtual_camera.te
@@ -1,7 +1,6 @@
# virtual_camera - virtual camera daemon
-type virtual_camera, domain, coredomain;
-type virtual_camera_exec, system_file_type, exec_type, file_type;
+# types defined in system/sepolicy/public
init_daemon_domain(virtual_camera)
diff --git a/public/virtual_camera.te b/public/virtual_camera.te
new file mode 100644
index 0000000..7819210
--- /dev/null
+++ b/public/virtual_camera.te
@@ -0,0 +1,8 @@
+# virtual_camera - virtual camera daemon
+
+type virtual_camera, domain, coredomain;
+type virtual_camera_exec, system_file_type, exec_type, file_type;
+
+# system/sepolicy/public is for vendor-facing type and attribute definitions.
+# DO NOT ADD allow, neverallow, or dontaudit statements here.
+# Instead, add such policy rules to system/sepolicy/private/*.te.