blob: 86174b15401c3b52faa5868b78d120ec15fdb7b7 [file] [log] [blame]
Vadim Caend64cf752022-11-04 12:51:18 +00001# virtual_camera - virtual camera daemon
2
Vadim Caenf8424992024-12-03 14:54:07 +01003# The types are moved to public starting at 202502
4until_board_api(202504, `
5 type virtual_camera, domain, coredomain;
6 type virtual_camera_exec, system_file_type, exec_type, file_type;
7')
Vadim Caend64cf752022-11-04 12:51:18 +00008
Vadim Caenf6e88ec2023-09-29 16:15:23 +02009init_daemon_domain(virtual_camera)
Vadim Caend64cf752022-11-04 12:51:18 +000010
Vadim Caenf6e88ec2023-09-29 16:15:23 +020011# Since virtual_camera is not a real HAL we don't set the
12# hal_server_domain(virtual_camera, hal_camera) macro but only the rules that
13# we actually need from halserverdomain and hal_camera_server:
14binder_use(virtual_camera)
Ján Sebechlebský5d6b66c2023-11-20 09:39:22 +000015binder_call(virtual_camera, cameraserver)
16binder_call(virtual_camera, system_server)
Vadim Caend64cf752022-11-04 12:51:18 +000017
Jan Sebechlebsky0fd6d1b2023-12-27 17:26:52 +010018# Allow virtual_camera to communicate with
19# mediaserver (required for using Surface originating
20# from virtual camera in mediaserver).
21binder_call(virtual_camera, mediaserver)
22
23# Required for the codecs to be able to decode
24# video into surface provided by virtual camera.
25hal_client_domain(virtual_camera, hal_codec2)
26hal_client_domain(virtual_camera, hal_omx)
Jan Sebechlebsky6e1795c2023-12-06 09:31:17 +010027
28# Allow virtualCamera to call apps via binder.
29binder_call(virtual_camera, appdomain)
30
Vadim Caenf6e88ec2023-09-29 16:15:23 +020031# Allow virtual_camera to use fd from apps
32allow virtual_camera { appdomain -isolated_app }:fd use;
Vadim Caend64cf752022-11-04 12:51:18 +000033
Rohitd5f1d0d2024-09-27 01:54:49 -070034binder_call(virtual_camera, surfaceflinger);
Vadim Caen68dc59d2024-03-15 17:12:37 +010035
Vadim Caenf6e88ec2023-09-29 16:15:23 +020036# Only allow virtual_camera to add a virtual_camera_service and no one else.
37add_service(virtual_camera, virtual_camera_service);
38
39# Allow virtual_camera to map graphic buffers
40hal_client_domain(virtual_camera, hal_graphics_allocator)
Jan Sebechlebsky267b6a92023-11-17 10:08:16 +010041
42# Allow virtual_camera to use GPU
43allow virtual_camera gpu_device:chr_file rw_file_perms;
44allow virtual_camera gpu_device:dir r_dir_perms;
Inseob Kimfe3a27a2024-09-10 15:11:45 +090045r_dir_file(virtual_camera, sysfs_gpu)
Jan Sebechlebskyde644172023-11-30 10:57:16 +010046
Vadim Caen2c13d8e2024-12-03 15:03:58 +010047# ION And DMABUF are used by vendor to allocate graphic buffers needed by virtual_camera
48allow cameraserver ion_device:chr_file rw_file_perms;
49allow cameraserver dmabuf_system_heap_device:chr_file r_file_perms;
50
Jan Sebechlebskyfd7e2852024-02-26 11:55:16 +010051# Allow virtual camera to use graphics composer fd-s (fences).
52allow virtual_camera hal_graphics_composer:fd use;
53
Jan Sebechlebskyde644172023-11-30 10:57:16 +010054# For collecting bugreports.
55allow virtual_camera dumpstate:fd use;
56allow virtual_camera dumpstate:fifo_file write;
Jan Sebechlebsky0959bef2023-12-05 14:17:07 +010057
58# Needed for permission checks.
59allow virtual_camera permission_service:service_manager find;
Jan Sebechlebsky7f271ce2024-04-15 08:25:19 +000060
61# Allow 'adb shell cmd' to configure test instances of camera.
62allow virtual_camera adbd:fd use;
63allow virtual_camera adbd:unix_stream_socket { getattr read write };
64allow virtual_camera shell:fifo_file { getattr read write };
Sachin Kumar Tiwarif9cba802024-12-10 18:32:44 +053065
66# Allow virtual_camera to access dmabuf_system_heap_device
67allow virtual_camera dmabuf_system_heap_device:chr_file { read open };