Set up binderized camera HAL on marlin
- Add necessary packages to marlin. Leave
commented out until ready to enable for all
- Add marlin-specific binderized camera HAL policies.
These include several Binder channels that will need to
be migrated to HIDL.
Test: Camera app works
Change-Id: Ic4cdf71df1b08b9756ba45050b1f96ffd2c219f2
diff --git a/common/base.mk b/common/base.mk
index 3c8c971..604ab72 100644
--- a/common/base.mk
+++ b/common/base.mk
@@ -333,6 +333,10 @@
LIBCAMERA += camera_test
LIBCAMERA += org.codeaurora.camera
+# Enable binderized camera HAL
+#LIBCAMERA += android.hardware.camera.provider@2.4-service
+#LIBCAMERA += android.hardware.camera.device@3.2-impl-binderized
+
#LIBCOPYBIT
LIBCOPYBIT := copybit.msm8660
LIBCOPYBIT += copybit.msm8960
diff --git a/sepolicy/hal_camera.te b/sepolicy/hal_camera.te
new file mode 100644
index 0000000..3d45f7a
--- /dev/null
+++ b/sepolicy/hal_camera.te
@@ -0,0 +1,45 @@
+# communicate with perfd
+allow hal_camera perfd_data_file:dir search;
+allow hal_camera perfd:unix_stream_socket connectto;
+allow hal_camera perfd_data_file:sock_file write;
+
+allow hal_camera self:capability sys_nice;
+
+# communicate with camera
+allow hal_camera camera:unix_dgram_socket sendto;
+allow hal_camera camera_data_file:sock_file write;
+allow hal_camera camera_device:chr_file rw_file_perms;
+
+allow hal_camera gpu_device:chr_file rw_file_perms;
+
+# access to /dev/input/event{5,10}
+allow hal_camera input_device:dir r_dir_perms;
+allow hal_camera input_device:chr_file r_file_perms;
+
+set_prop(hal_camera, camera_prop)
+
+allow hal_camera sysfs_enable_ps_sensor:file w_file_perms;
+r_dir_file(hal_camera, sysfs_type)
+# find libraries
+allow hal_camera system_file:dir r_dir_perms;
+
+# talk over binder to some binder services
+# TODO: Must be moved to HIDL
+binder_use(hal_camera)
+binder_call(hal_camera, binderservicedomain)
+
+allow hal_camera surfaceflinger_service:service_manager find;
+allow hal_camera sensorservice_service:service_manager find;
+allow hal_camera scheduling_policy_service:service_manager find;
+
+# talk to system_server
+
+allow hal_camera system_server:unix_stream_socket { read write };
+
+allow hal_camera self:socket { create ioctl read write };
+
+# Grant access to Qualcomm MSM Interface (QMI) radio sockets
+qmux_socket(hal_camera)
+
+# allow hal_camera to call some socket ioctls
+allowxperm hal_camera self:socket ioctl { IPC_ROUTER_IOCTL_LOOKUP_SERVER IPC_ROUTER_IOCTL_BIND_CONTROL_PORT };
