get_prop(domain, camera_prop) | |
dontaudit domain self:capability sys_module; | |
# Do not allow access to the serial number of the camera's sensor except for a | |
# few whitelisted domains. | |
neverallow { | |
domain | |
-dumpstate | |
-cameraserver | |
-init | |
-shell | |
} camera_serialno_prop:file r_file_perms; |