vendor_init can set config.disable_cameraservice
This had been settable by vendors up to and including Q release by
making config_prop avendor_init writeable. We don't allow this any
more. This should be a real vendor settable property now.
Bug: 143755062
Test: adb logcat -b all | grep cameraservice
Test: atest CtsCameraTestCases
Change-Id: Id583e899a906da8a8e8d71391ff2159a9510a630
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index fe622bb..93e4f46 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -20,6 +20,7 @@
dataloader_manager_service
device_config_storage_native_boot_prop
device_config_sys_traced_prop
+ exported_camera_prop
file_integrity_service
gmscore_app
hal_can_bus_hwservice
diff --git a/private/domain.te b/private/domain.te
index 8a0a8e5..defe99d 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -76,6 +76,7 @@
get_prop({coredomain appdomain shell}, exported3_default_prop)
get_prop({coredomain appdomain shell}, exported3_radio_prop)
get_prop({coredomain appdomain shell}, exported3_system_prop)
+ get_prop({coredomain appdomain shell}, exported_camera_prop)
get_prop({coredomain shell}, userspace_reboot_exported_prop)
get_prop({coredomain shell}, userspace_reboot_prop)
get_prop({domain -coredomain -appdomain}, vendor_default_prop)
diff --git a/public/property.te b/public/property.te
index 188178a..bfb78c4 100644
--- a/public/property.te
+++ b/public/property.te
@@ -120,6 +120,7 @@
system_public_prop(exported3_radio_prop)
system_public_prop(exported_audio_prop)
system_public_prop(exported_bluetooth_prop)
+system_public_prop(exported_camera_prop)
system_public_prop(exported_config_prop)
system_public_prop(exported_dalvik_prop)
system_public_prop(exported_default_prop)
@@ -453,6 +454,16 @@
neverallow {
domain
-coredomain
+ -hal_camera_server
+ -cameraserver
+ -vendor_init
+ } {
+ exported_camera_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
-hal_wifi_server
-wificond
} {
diff --git a/public/property_contexts b/public/property_contexts
index 7e49e9c..e2b2c00 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -298,6 +298,7 @@
aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
+config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool
gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 8230957..0bdfc4a 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -238,6 +238,7 @@
set_prop(vendor_init, debug_prop)
set_prop(vendor_init, exported_audio_prop)
set_prop(vendor_init, exported_bluetooth_prop)
+set_prop(vendor_init, exported_camera_prop)
set_prop(vendor_init, exported_config_prop)
set_prop(vendor_init, exported_dalvik_prop)
set_prop(vendor_init, exported_default_prop)