msm8937-common: sepolicy: Address camera daemon denial

Signed-off-by: Isaac Chen <isaacchen@isaacchen.cn>
This commit is contained in:
Isaac Chen 2018-06-05 05:30:41 +02:00
parent 724868de36
commit 1a6dae3d38
2 changed files with 10 additions and 2 deletions

View file

@ -1,5 +1,5 @@
include device/qcom/sepolicy/sepolicy.mk
# SELinux # SELinux
BOARD_SEPOLICY_DIRS += \ BOARD_SEPOLICY_DIRS += \
$(VENDOR_PATH)/sepolicy $(VENDOR_PATH)/sepolicy
include device/qcom/sepolicy/sepolicy.mk

View file

@ -1 +1,9 @@
typeattribute mm-qcamerad binder_in_vendor_violators;
type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket1";
type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket2";
allow mm-qcamerad { sysfs sysfs_graphics }:file r_file_perms; allow mm-qcamerad { sysfs sysfs_graphics }:file r_file_perms;
allow mm-qcamerad camera_socket:sock_file { create unlink };
allow mm-qcamerad binder_device:chr_file rw_file_perms;
allow mm-qcamerad sensorservice_service:service_manager find;
allow mm-qcamerad system_server:unix_stream_socket { read write };
binder_use(mm-qcamerad)