1 type camera, domain; 2 type camera_exec, exec_type, vendor_file_type, file_type; 3 4 # Started by init 5 init_daemon_domain(camera) 6 7 allow camera self:capability sys_nice; 8 9 binder_call(camera, system_server) 10 binder_call(camera, cameraserver) 11 allow camera system_server:unix_stream_socket { read write }; 12 13 allow camera ion_device:chr_file rw_file_perms; 14 allow camera sysfs_msm_subsys:file r_file_perms; 15 allow camera camera_device:chr_file rw_file_perms; 16 allow camera gpu_device:chr_file rw_file_perms; 17 allow camera graphics_device:chr_file rw_file_perms; 18 allow camera video_device:chr_file rw_file_perms; 19 allow camera sysfs_camera:dir search; 20 allow camera sysfs_camera:file rw_file_perms; 21 allow camera sysfs_video:dir search; 22 allow camera sysfs_video:file r_file_perms; 23 allow camera system_file:dir r_dir_perms; 24 25 set_prop(camera, camera_prop) 26 27 allow camera surfaceflinger:fd use; 28 allow camera hal_graphics_allocator:fd use; 29 allow camera cameraserver:fd use; 30 31 # TODO(b/36663461): Remove once camera no longer accesses data outside 32 # /data/vendor 33 typeattribute camera socket_between_core_and_vendor_violators; 34 allow camera camera_data_file:dir rw_dir_perms; 35 allow camera camera_data_file:sock_file { create unlink }; 36 37 allow camera input_device:dir r_dir_perms; 38 allow camera input_device:chr_file r_file_perms; 39
