| type hal_camera_default_tmpfs, file_type; |
| |
| allow hal_camera_default self:global_capability_class_set sys_nice; |
| allow hal_camera_default kernel:process setsched; |
| |
| binder_use(hal_camera_default); |
| vndbinder_use(hal_camera_default); |
| |
| allow hal_camera_default lwis_device:chr_file rw_file_perms; |
| allow hal_camera_default gpu_device:chr_file rw_file_perms; |
| allow hal_camera_default sysfs_chip_id:file r_file_perms; |
| |
| # Allow the camera hal to access the EdgeTPU service and the |
| # Android shared memory allocated by the EdgeTPU service for |
| # on-device compilation. |
| allow hal_camera_default edgetpu_device:chr_file rw_file_perms; |
| allow hal_camera_default sysfs_edgetpu:dir r_dir_perms; |
| allow hal_camera_default sysfs_edgetpu:file r_file_perms; |
| allow hal_camera_default edgetpu_vendor_service:service_manager find; |
| binder_call(hal_camera_default, edgetpu_vendor_server) |
| |
| # Allow access to data files used by the camera HAL |
| allow hal_camera_default mnt_vendor_file:dir search; |
| allow hal_camera_default persist_file:dir search; |
| allow hal_camera_default persist_camera_file:dir rw_dir_perms; |
| allow hal_camera_default persist_camera_file:file create_file_perms; |
| allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; |
| allow hal_camera_default vendor_camera_data_file:file create_file_perms; |
| |
| # Allow creating dump files for debugging in non-release builds |
| userdebug_or_eng(` |
| allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; |
| allow hal_camera_default vendor_camera_data_file:file create_file_perms; |
| ') |
| |
| # tmpfs is used by google3 prebuilts linked by the HAL to unpack data files |
| # compiled into the shared libraries with cc_embed_data rules |
| tmpfs_domain(hal_camera_default); |
| |
| # Allow access to camera-related system properties |
| set_prop(hal_camera_default, vendor_camera_prop); |
| set_prop(hal_camera_default, log_tag_prop); |
| get_prop(hal_camera_default, vendor_camera_debug_prop); |
| userdebug_or_eng(` |
| set_prop(hal_camera_default, vendor_camera_fatp_prop); |
| set_prop(hal_camera_default, vendor_camera_debug_prop); |
| ') |
| |
| # For camera hal to talk with rlsservice |
| allow hal_camera_default rls_service:service_manager find; |
| binder_call(hal_camera_default, rlsservice) |
| |
| hal_client_domain(hal_camera_default, hal_graphics_allocator); |
| hal_client_domain(hal_camera_default, hal_graphics_composer) |
| hal_client_domain(hal_camera_default, hal_power); |
| hal_client_domain(hal_camera_default, hal_thermal); |
| |
| # Allow access to sensor service for sensor_listener |
| binder_call(hal_camera_default, system_server); |
| |
| # Allow Binder calls to ECO service, needed by Entropy-Aware Filtering |
| allow hal_camera_default eco_service:service_manager find; |
| binder_call(hal_camera_default, mediacodec); |
| binder_call(hal_camera_default, mediacodec_samsung); |
| |
| # Allow camera HAL to query preferred camera frequencies from the radio HAL |
| # extensions to avoid interference with cellular antennas. |
| allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; |
| binder_call(hal_camera_default, hal_radioext_default); |
| |
| # Allow camera HAL to connect to the stats service. |
| allow hal_camera_default fwk_stats_service:service_manager find; |
| |
| # For observing apex file changes |
| allow hal_camera_default apex_info_file:file r_file_perms; |
| |
| # Allow camera HAL to query current device clock frequencies. |
| allow hal_camera_default sysfs_devfreq_cur:file r_file_perms; |
| |
| # allow camera HAL to read backlight of display |
| allow hal_camera_default sysfs_leds:dir r_dir_perms; |
| allow hal_camera_default sysfs_leds:file r_file_perms; |
