| type camera, domain; |
| type camera_exec, exec_type, file_type; |
| |
| # Started by init |
| init_daemon_domain(camera) |
| |
| allow camera self:capability sys_nice; |
| |
| binder_use(camera) |
| binder_call(camera, system_server) |
| binder_call(camera, cameraserver) |
| allow camera system_server:unix_stream_socket { read write }; |
| |
| allow camera ion_device:chr_file rw_file_perms; |
| allow camera sysfs_msm_subsys:file r_file_perms; |
| allow camera camera_device:chr_file rw_file_perms; |
| allow camera gpu_device:chr_file rw_file_perms; |
| allow camera graphics_device:chr_file rw_file_perms; |
| allow camera video_device:chr_file rw_file_perms; |
| allow camera sysfs_camera:dir search; |
| allow camera sysfs_camera:file rw_file_perms; |
| allow camera sysfs_video:dir search; |
| allow camera sysfs_video:file r_file_perms; |
| allow camera system_file:dir r_dir_perms; |
| allow camera sensorservice_service:service_manager find; |
| |
| set_prop(camera, camera_prop) |
| |
| allow camera surfaceflinger:fd use; |
| allow camera cameraserver:fd use; |
| |
| allow camera camera_data_file:dir rw_dir_perms; |
| allow camera camera_data_file:sock_file { create unlink }; |
| |
| allow camera input_device:dir r_dir_perms; |
| allow camera input_device:chr_file r_file_perms; |