1 type google_camera_app, domain; 2 3 app_domain(google_camera_app) 4 5 # Access standard system services 6 allow google_camera_app app_api_service:service_manager find; 7 allow google_camera_app audioserver_service:service_manager find; 8 allow google_camera_app cameraserver_service:service_manager find; 9 allow google_camera_app drmserver_service:service_manager find; 10 allow google_camera_app mediacodec_service:service_manager find; 11 allow google_camera_app mediaextractor_service:service_manager find; 12 allow google_camera_app mediaserver_service:service_manager find; 13 allow google_camera_app nfc_service:service_manager find; 14 allow google_camera_app surfaceflinger_service:service_manager find; 15 16 # Execute libraries from RenderScript cache 17 allow google_camera_app app_data_file:file { rx_file_perms }; 18 19 # Read memory info 20 allow google_camera_app proc_meminfo:file r_file_perms; 21 22 # gdbserver / stack traces 23 allow google_camera_app self:process ptrace; 24 25 # Access to Hexagon DSP kernel device 26 allow google_camera_app adsprpcd_device:chr_file { r_file_perms }; 27 28 # Read and write system app data files passed over Binder. 29 # Motivating case was /data/data/com.android.settings/cache/*.jpg for 30 # cropping or taking user photos. 31 allow google_camera_app system_app_data_file:file { read write getattr }; 32
