Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 24d52ac42ae775ea98e276c73d8f84fc987ad968 / . / private / virtual_camera.te
blob: 4c4ac7a80c33c65eefbf24a3b5aac84717d7fa17 [file] [log] [blame]
Vadim Caend64cf752022-11-04 12:51:18 +0000[diff] [blame]1# virtual_camera - virtual camera daemon
2
3type virtual_camera, domain, coredomain;
Vadim Caenf6e88ec2023-09-29 16:15:23 +0200[diff] [blame]4type virtual_camera_exec, system_file_type, exec_type, file_type;
Vadim Caend64cf752022-11-04 12:51:18 +0000[diff] [blame]5
Vadim Caenf6e88ec2023-09-29 16:15:23 +0200[diff] [blame]6init_daemon_domain(virtual_camera)
Vadim Caend64cf752022-11-04 12:51:18 +0000[diff] [blame]7
Vadim Caenf6e88ec2023-09-29 16:15:23 +0200[diff] [blame]8# Since virtual_camera is not a real HAL we don't set the
9# hal_server_domain(virtual_camera, hal_camera) macro but only the rules that
10# we actually need from halserverdomain and hal_camera_server:
11binder_use(virtual_camera)
Ján Sebechlebský5d6b66c2023-11-20 09:39:22 +0000[diff] [blame]12binder_call(virtual_camera, cameraserver)
13binder_call(virtual_camera, system_server)
Vadim Caend64cf752022-11-04 12:51:18 +0000[diff] [blame]14
Jan Sebechlebsky6e1795c2023-12-06 09:31:17 +0100[diff] [blame]15
16# Allow virtualCamera to call apps via binder.
17binder_call(virtual_camera, appdomain)
18
Vadim Caenf6e88ec2023-09-29 16:15:23 +0200[diff] [blame]19# Allow virtual_camera to use fd from apps
20allow virtual_camera { appdomain -isolated_app }:fd use;
Vadim Caend64cf752022-11-04 12:51:18 +0000[diff] [blame]21
Vadim Caenf6e88ec2023-09-29 16:15:23 +0200[diff] [blame]22# Only allow virtual_camera to add a virtual_camera_service and no one else.
23add_service(virtual_camera, virtual_camera_service);
24
25# Allow virtual_camera to map graphic buffers
26hal_client_domain(virtual_camera, hal_graphics_allocator)
Jan Sebechlebsky267b6a92023-11-17 10:08:16 +0100[diff] [blame]27
28# Allow virtual_camera to use GPU
29allow virtual_camera gpu_device:chr_file rw_file_perms;
30allow virtual_camera gpu_device:dir r_dir_perms;
Jan Sebechlebskyde644172023-11-30 10:57:16 +0100[diff] [blame]31
32# For collecting bugreports.
33allow virtual_camera dumpstate:fd use;
34allow virtual_camera dumpstate:fifo_file write;
Jan Sebechlebsky0959bef2023-12-05 14:17:07 +0100[diff] [blame]35
36# Needed for permission checks.
37allow virtual_camera permission_service:service_manager find;