diff --git a/opluscamera.mk b/opluscamera.mk index 9c806ab..4abc604 100644 --- a/opluscamera.mk +++ b/opluscamera.mk @@ -32,5 +32,8 @@ TARGET_USES_OPLUS_CAMERA := true # Video TARGET_CAMERA_OVERRIDE_FORMAT_FROM_RESERVED := true +# SEpolicy +include vendor/oplus/camera/sepolicy/SEPolicy.mk + # Inherit from camera-vendor.mk $(call inherit-product, vendor/oplus/camera/camera-vendor.mk) diff --git a/sepolicy/SEPolicy.mk b/sepolicy/SEPolicy.mk new file mode 100644 index 0000000..251271c --- /dev/null +++ b/sepolicy/SEPolicy.mk @@ -0,0 +1,14 @@ +# +# Copyright (C) 2024 The Nameless-AOSP Project +# +# SPDX-License-Identifier: Apache-2.0 +# + +BOARD_VENDOR_SEPOLICY_DIRS += \ + vendor/oplus/camera/sepolicy/vendor + +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \ + vendor/oplus/camera/sepolicy/private + +SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += \ + vendor/oplus/camera/sepolicy/public diff --git a/sepolicy/private/compat/32.0/32.0.ignore.cil b/sepolicy/private/compat/32.0/32.0.ignore.cil new file mode 100644 index 0000000..e6955eb --- /dev/null +++ b/sepolicy/private/compat/32.0/32.0.ignore.cil @@ -0,0 +1,8 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + opluscamera_app)) diff --git a/sepolicy/private/property_contexts b/sepolicy/private/property_contexts new file mode 100644 index 0000000..8254793 --- /dev/null +++ b/sepolicy/private/property_contexts @@ -0,0 +1,12 @@ +# Camera +ro.camera. u:object_r:exported_system_prop:s0 +oppo.switch.video.beauty u:object_r:exported_system_prop:s0 +persist.assert.panic.camera u:object_r:exported_system_prop:s0 +persist.camera. u:object_r:exported_system_prop:s0 +persist.sys.camera. u:object_r:exported_system_prop:s0 +persist.ipe.debug u:object_r:exported_system_prop:s0 +oplus.camera.packname u:object_r:exported_system_prop:s0 +oplus.camera.orms u:object_r:exported_system_prop:s0 + +# Region +persist.sys.oppo.region u:object_r:exported_system_prop:s0 diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts new file mode 100644 index 0000000..2e8a505 --- /dev/null +++ b/sepolicy/private/seapp_contexts @@ -0,0 +1,2 @@ +# Camera +user=_app seinfo=oplus_app name=com.oplus.camera domain=opluscamera_app type=app_data_file diff --git a/sepolicy/private/service.te b/sepolicy/private/service.te new file mode 100644 index 0000000..d6aa611 --- /dev/null +++ b/sepolicy/private/service.te @@ -0,0 +1,2 @@ +# Camera +type oplusoiface_service, system_api_service, service_manager_type; diff --git a/sepolicy/private/service_contexts b/sepolicy/private/service_contexts new file mode 100644 index 0000000..bdb7801 --- /dev/null +++ b/sepolicy/private/service_contexts @@ -0,0 +1,2 @@ +# Camera +oplusoiface u:object_r:oplusoiface_service:s0 diff --git a/sepolicy/public/opluscamera_app.te b/sepolicy/public/opluscamera_app.te new file mode 100644 index 0000000..160f3e5 --- /dev/null +++ b/sepolicy/public/opluscamera_app.te @@ -0,0 +1 @@ +type opluscamera_app, domain, mlstrustedsubject; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts new file mode 100644 index 0000000..caed2e7 --- /dev/null +++ b/sepolicy/vendor/file_contexts @@ -0,0 +1,127 @@ +# Camera +/(odm|vendor|vendor/odm)/lib64/vendor\.oplus\.hardware\.osense\.client-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/(odm|vendor|vendor/odm)/lib64/vendor\.oplus\.hardware\.osense\.client-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0 +/(vendor|odm)/lib/rfsa/adsp(/.*)? u:object_r:same_process_hal_file:s0 +/(vendor|odm)/lib64/libarcsoft_(.*)?\.so u:object_r:same_process_hal_file:s0 +/(vendor|odm)/lib64/vendor\.qti\.hardware\.camera\.offlinecamera-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/(vendor|odm)/lib64/vendor\.qti\.hardware\.camera\.postproc@1\.0\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/qnn/libQnn(.*)?\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/lib2DSlender\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/lib3d_photo.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAF\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAlgoInterface\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAlgoProcess\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncFilter\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncHumBokehPost\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncHumBokeh\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncHumVideoBasePost\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncHumVideoBase\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncHumanRetain\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncHumanSegFigureFusion\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncSegBaseJni\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncSegBaseSdk\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncSegMultiSdk\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libAncSegmentSdk\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libBokehPre\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libCNamaSDK_vendor\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libCS\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libCaptureBokeh\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libCipo_awb\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libDeVIS\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libEIS\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libFDClite\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libFaceBeautyCap\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libFaceBeautyJni\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libFaceBeautyPICap\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libFaceBeautyPre\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libFaceDistortionCorrection\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libFaceWhiten\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libFilterWrapper\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libImageWarpMask\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libNamaWrapper\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libOGLManager\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libOPAlgoCam(.*)?\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libOPLUS_SCPortrait\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libPerfectColor\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libPolarrRender\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libPreviewDecisionOld\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libQnn(.*)?\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libRedeyeReduce\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libSNPE\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libSnpeHtpV68Stub\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libSnpeHtpV69Stub\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libStarMode\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libSuperRaw\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libSuperSensorCPU\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libSuperSensorFallback\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libSuperSensorProcessor\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libSuperSensor\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libSuperTextWrapper\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libVD(.*)?\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libWaterMark\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libXDocProcessSDK\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libYTCommon\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/lib_rectify\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libaiboost(.*)?\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libaideblur\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libaisd\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libaiseg\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libalCFR\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libalgoFisheye\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libancbase_rt_bokeh\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libancbase_rt_fusion\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libancbase_rt_retain\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libancbase_segbase\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libancbase_segment\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libancbase_segmulti\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libaps\.interface\.log\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libaps_frame_registration\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libapsdarksight\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libapsexif\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libapsjpeg\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libapspng\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libapsultrahdr\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libapsyuv\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libarc.ion\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libc\+\+_shared\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libcvface_api\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libdualcam_(.*)?\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libexif-jpeg-aps\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libextensionlayer\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libhybridraw\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libhyperlapse\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libimgClarityEvaluate\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libisp_pre\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libmotionblur\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libmpbase\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libop-ai-beauty-body-detection\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libop-ai-beauty-faceretouch-cn\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libop-ai-beauty-faceretouch-in\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libop-bokeh\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/liboplusblur_capture_api\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libormshalclient\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libosenseaidlhalclient\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libosensehalclient\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libportrait_repair_(.*)?\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libsdk_sr\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libsnpe_dsp_domains_v3\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libsnpe_loader\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libstblur_api\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libstblur_capture_api\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libstdc\+\+\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libstface_datas\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libstface_fd_api\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libstfd_mobile_api\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libtrace\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libtriplecam_(.*)?\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libui\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libwatermark_photo\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libwrapper_te\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/libyuvwrapper\.so u:object_r:same_process_hal_file:s0 +/odm/lib64/vendor\.oplus\.hardware\.osense\.client@1\.0\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/android\.hardware\.camera\.common-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/android\.hardware\.camera\.device-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/android\.hardware\.camera\.metadata-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/android\.hardware\.graphics\.allocator@[2-4]\.0\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/android\.hardware\.graphics\.common-V[1-2]-ndk_platform\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/android\.hardware\.graphics\.common-V[1-3]-ndk\.so u:object_r:same_process_hal_file:s0 diff --git a/sepolicy/vendor/opluscamera_app.te b/sepolicy/vendor/opluscamera_app.te new file mode 100644 index 0000000..d23ed4a --- /dev/null +++ b/sepolicy/vendor/opluscamera_app.te @@ -0,0 +1,13 @@ +app_domain(opluscamera_app) +hal_client_domain(opluscamera_app, vendor_hal_dspmanager) +net_domain(opluscamera_app) + +allow opluscamera_app vendor_hal_orms_hwservice:hwservice_manager find; + +allow opluscamera_app adsprpcd_file:dir r_dir_perms; +allow opluscamera_app vendor_qdsp_device:chr_file rw_file_perms; +allow opluscamera_app vendor_xdsp_device:chr_file r_file_perms; + +allow opluscamera_app vendor_camera_data_file:dir create_dir_perms; +allow opluscamera_app vendor_camera_data_file:file create_file_perms; +r_dir_file(opluscamera_app, vendor_persist_camera_file) diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts new file mode 100644 index 0000000..72d4cd8 --- /dev/null +++ b/sepolicy/vendor/property_contexts @@ -0,0 +1,7 @@ +# Camera +persist.vendor.aps u:object_r:vendor_camera_prop:s0 +ro.vendor.oplus.market.watermark u:object_r:vendor_camera_prop:s0 +vendor.aps. u:object_r:vendor_camera_prop:s0 +vendor.camera. u:object_r:vendor_camera_prop:s0 +vendor.oplus.aps. u:object_r:vendor_camera_prop:s0 +vendor.oplus.enable.dump.flag u:object_r:vendor_camera_prop:s0