1 # Qualcomm MSM camera 2 type camera, domain; 3 type camera_exec, exec_type, file_type; 4 5 # Started by init 6 init_daemon_domain(camera) 7 8 allow camera self:process execmem; 9 10 # Interact with other media devices 11 allow camera camera_device:dir search; 12 allow camera { gpu_device video_device camera_device }:chr_file rw_file_perms; 13 allow camera { surfaceflinger mediaserver }:fd use; 14 15 # Connect to sensor socket (/dev/sensor/sensor_ctl_socket) 16 unix_socket_connect(camera, sensors, sensors) 17 allow camera sensors_socket:sock_file read; 18 19 allow camera sensors_device:chr_file rw_file_perms; 20 21 # Create front and back camera sockets (/data/cam_socket[23]) 22 # TODO: create these sockets elsewhere, apps shouldn't be putting sockets 23 # directly under /data. 24 type_transition camera system_data_file:sock_file camera_socket "cam_socket2"; 25 type_transition camera system_data_file:sock_file camera_socket "cam_socket3"; 26 allow camera camera_socket:sock_file { create unlink }; 27 allow camera system_data_file:dir w_dir_perms; 28 allow camera system_data_file:sock_file unlink; 29 30 # TODO b/17015082 31 allow camera shell_data_file:dir search; 32
