sepolicy/camera.te - device/google/marlin - Git at Google

 type camera, domain;
 type camera_exec, exec_type, vendor_file_type, file_type;

 # Started by init
 init_daemon_domain(camera)

 allow camera self:capability sys_nice;

 # TODO(b/36569525): Remove this once camera no longer uses Binder
 typeattribute camera binder_in_vendor_violators;
 binder_use(camera)
 binder_call(camera, system_server)
 binder_call(camera, cameraserver)
 allow camera system_server:unix_stream_socket { read write };

 allow camera ion_device:chr_file rw_file_perms;
 allow camera sysfs_msm_subsys:file r_file_perms;
 allow camera camera_device:chr_file rw_file_perms;
 allow camera gpu_device:chr_file rw_file_perms;
 allow camera graphics_device:chr_file rw_file_perms;
 allow camera video_device:chr_file rw_file_perms;
 allow camera sysfs_camera:dir search;
 allow camera sysfs_camera:file rw_file_perms;
 allow camera sysfs_video:dir search;
 allow camera sysfs_video:file r_file_perms;
 allow camera system_file:dir r_dir_perms;
 allow camera sensorservice_service:service_manager find;

 set_prop(camera, camera_prop)

 allow camera surfaceflinger:fd use;
 allow camera hal_graphics_allocator:fd use;
 allow camera cameraserver:fd use;

 # TODO(b/36663461): Remove once camera no longer accesses data outside
 # /data/vendor
 typeattribute camera coredata_in_vendor_violators;
 allow camera camera_data_file:dir rw_dir_perms;
 allow camera camera_data_file:sock_file { create unlink };

 allow camera input_device:dir r_dir_perms;
 allow camera input_device:chr_file r_file_perms;

 # TODO(b/34274385): Remove this once Camera HAL is guaranteed to not be run in passthrough mode
 # What's going on here is that Camera HAL os talking over sockets to camera daemon, which is
 # permitted. However, those rules target hal_camera rather than hal_camera_server and thus are also
 # granted to all clients of Camera HAL (e.g., cameraserver) which are core components, and
 # socket communications between system components and vendor components are not permted.
 # Once we switch full Treble devices to binderized only mode, this issue will disappear.
 typeattribute camera socket_between_core_and_vendor_violators;
	type camera, domain;
	type camera_exec, exec_type, vendor_file_type, file_type;

	# Started by init
	init_daemon_domain(camera)

	allow camera self:capability sys_nice;

	# TODO(b/36569525): Remove this once camera no longer uses Binder
	typeattribute camera binder_in_vendor_violators;
	binder_use(camera)
	binder_call(camera, system_server)
	binder_call(camera, cameraserver)
	allow camera system_server:unix_stream_socket { read write };

	allow camera ion_device:chr_file rw_file_perms;
	allow camera sysfs_msm_subsys:file r_file_perms;
	allow camera camera_device:chr_file rw_file_perms;
	allow camera gpu_device:chr_file rw_file_perms;
	allow camera graphics_device:chr_file rw_file_perms;
	allow camera video_device:chr_file rw_file_perms;
	allow camera sysfs_camera:dir search;
	allow camera sysfs_camera:file rw_file_perms;
	allow camera sysfs_video:dir search;
	allow camera sysfs_video:file r_file_perms;
	allow camera system_file:dir r_dir_perms;
	allow camera sensorservice_service:service_manager find;

	set_prop(camera, camera_prop)

	allow camera surfaceflinger:fd use;
	allow camera hal_graphics_allocator:fd use;
	allow camera cameraserver:fd use;

	# TODO(b/36663461): Remove once camera no longer accesses data outside
	# /data/vendor
	typeattribute camera coredata_in_vendor_violators;
	allow camera camera_data_file:dir rw_dir_perms;
	allow camera camera_data_file:sock_file { create unlink };

	allow camera input_device:dir r_dir_perms;
	allow camera input_device:chr_file r_file_perms;

	# TODO(b/34274385): Remove this once Camera HAL is guaranteed to not be run in passthrough mode
	# What's going on here is that Camera HAL os talking over sockets to camera daemon, which is
	# permitted. However, those rules target hal_camera rather than hal_camera_server and thus are also
	# granted to all clients of Camera HAL (e.g., cameraserver) which are core components, and
	# socket communications between system components and vendor components are not permted.
	# Once we switch full Treble devices to binderized only mode, this issue will disappear.
	typeattribute camera socket_between_core_and_vendor_violators;