selinux: Add policy for cameraserver Bug: 24511454 Change-Id: I0cca8ecaeb9114464810401aa4a9f5b2d3b55b23

commit: ea18918955eaa40e19fb9bf986427fc524314a70 [log] [tgz]
author: Chien-Yu Chen <cychen@google.com> Tue Jan 05 11:20:30 2016 -0800
committer: Chien-Yu Chen <cychen@google.com> Mon Jan 25 13:13:30 2016 -0800
tree: 9211e7f65d27eb9fb237ea7378f6c9f0781e484d
parent: e74a3d51107e82a246100531a509a358156825cd [diff]
diff --git a/sepolicy/camera.te b/sepolicy/camera.te
index 8186ec4..45bde7f 100644
--- a/sepolicy/camera.te
+++ b/sepolicy/camera.te

@@ -11,7 +11,7 @@
 
 # Interact with other media devices
 allow camera { gpu_device video_device }:chr_file rw_file_perms;
-allow camera { audioserver mediaserver surfaceflinger }:fd use;
+allow camera { audioserver cameraserver mediaserver surfaceflinger }:fd use;
 
 # Create camera socket
 allow camera camera_data_file:sock_file { create unlink };

diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te
new file mode 100644
index 0000000..a078819
--- /dev/null
+++ b/sepolicy/cameraserver.te

@@ -0,0 +1,11 @@
+unix_socket_connect(cameraserver, thermal, thermal-engine)
+allow cameraserver thermal_socket:sock_file w_file_perms;
+
+allow cameraserver camera:unix_dgram_socket sendto;
+allow cameraserver camera_data_file:sock_file write;
+
+# allow communication w/perfd
+allow cameraserver perfd_data_file:dir search;
+allow cameraserver perfd_data_file:sock_file write;
+allow cameraserver perfd:unix_dgram_socket sendto;
+allow cameraserver perfd:unix_stream_socket connectto;
commit	ea18918955eaa40e19fb9bf986427fc524314a70	[log] [tgz]
author	Chien-Yu Chen <cychen@google.com>	Tue Jan 05 11:20:30 2016 -0800
committer	Chien-Yu Chen <cychen@google.com>	Mon Jan 25 13:13:30 2016 -0800
tree	9211e7f65d27eb9fb237ea7378f6c9f0781e484d
parent	e74a3d51107e82a246100531a509a358156825cd [diff]