commit bc474943a59c67fc5f4f370be4e6f2e7eb73a405
author Jeffrey Vander Stoep <jeffv@google.com> Wed Apr 06 23:41:06 2016 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Apr 06 23:41:06 2016 +0000
tree 7562f81078eb12dafdbc7535130b9bbe1567dcc4
parent fd4bced48fc99f8275c930cf1d36a814c1cc435f
parent 0d98d4fc9a465ac8eaef910cd0f2f703405cc30d

Merge "whitelist additional gpu ioctls" into nyc-dev

android_filesystem_config.h

diff --git a/android_filesystem_config.h b/android_filesystem_config.h
index b21ad10..6dfee70 100644
--- a/android_filesystem_config.h
+++ b/android_filesystem_config.h
@@ -32,6 +32,7 @@
 */
 static const struct fs_path_config android_device_files[] = {
     { 00700, AID_RADIO,     AID_SHELL,     (1ULL << CAP_BLOCK_SUSPEND), "system/bin/qmuxd" },
+    { 00700, AID_CAMERA,    AID_SHELL,     (1ULL << CAP_SYS_NICE), "system/bin/mm-qcamera-daemon" },
 #ifdef NO_ANDROID_FILESYSTEM_CONFIG_DEVICE_DIRS
     { 00000, AID_ROOT,      AID_ROOT,      0, "system/etc/fs_config_dirs" },
 #endif

sepolicy/camera.te

diff --git a/sepolicy/camera.te b/sepolicy/camera.te
index 552cca4..89c1afe 100644
--- a/sepolicy/camera.te
+++ b/sepolicy/camera.te
@@ -16,6 +16,8 @@
 
 allow camera sensors_device:chr_file rw_file_perms;
 
+allow camera self:capability { sys_nice };
+
 # Create front and back camera sockets (/data/cam_socket[23])
 # TODO: create these sockets elsewhere, apps shouldn't be putting sockets
 # directly under /data.