darkkirb/android_device_lenovo_msm8937-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

msm8937-common: sepolicy: Address camera daemon denial

Browse source 
Signed-off-by: Isaac Chen <isaacchen@isaacchen.cn>
This commit is contained in:
Isaac Chen 2018-06-05 05:30:41 +02:00
parent 724868de36
commit 1a6dae3d38
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
board/sepolicy.mk
View file

@ -1,5 +1,5 @@
include device/qcom/sepolicy/sepolicy.mk
# SELinux
BOARD_SEPOLICY_DIRS += \
$(VENDOR_PATH)/sepolicy
include device/qcom/sepolicy/sepolicy.mk

8
sepolicy/camera.te
View file

@ -1 +1,9 @@
typeattribute mm-qcamerad binder_in_vendor_violators;
type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket1";
type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket2";
allow mm-qcamerad { sysfs sysfs_graphics }:file r_file_perms;
allow mm-qcamerad camera_socket:sock_file { create unlink };
allow mm-qcamerad binder_device:chr_file rw_file_perms;
allow mm-qcamerad sensorservice_service:service_manager find;
allow mm-qcamerad system_server:unix_stream_socket { read write };
binder_use(mm-qcamerad)