Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Consolidate gca permissions inside gs-common

Browse source 
SeLinux team is making an effort to have a general set of permissions
inside gs-common for GCA as oppose to having a new google_camera_app.te
for each device generation. Move the next gen permissions to the gs-common.

Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions

11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:665): avc:  denied  { read write } for  name="gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:666): avc:  denied  { open } for  path="/dev/gxp" dev="tmpfs" ino=1545 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera
11-05 16:28:30.048  5720  5720 I FinishThread: type=1400 audit(0.0:667): avc:  denied  { ioctl } for  path="/dev/gxp" dev="tmpfs" ino=1545 ioctlcmd=0xee06 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:gxp_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera

11-05 16:15:05.062   332   332 E SELinux : avc:  denied  { find } for pid=5586 uid=10155 name=com.google.edgetpu.IEdgeTpuAppService/default scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_app_service:s0 tclass=service_manager permissive=1
11-05 16:15:06.356  5586  5586 I frame-quality-s: type=1400 audit(0.0:554): avc:  denied  { ioctl } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 ioctlcmd=0xed23 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=1 app=com.google.android.GoogleCamera

Change-Id: Ie38edbf7e2fecf6bc45605a947ad6fc63d4f4378
This commit is contained in:
timmyli 2024-11-05 21:39:34 +00:00
parent 91ee7dae60
commit cb2c9c91c1
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
gcam_app/sepolicy/vendor/google_camera_app.te vendored
View file

@ -1,12 +1,12 @@
# GCARelease and GCADogfood.
# Allows GCA to acccess the GXP device & properties.
#allow google_camera_app gxp_device:chr_file rw_file_perms;
allow google_camera_app gxp_device:chr_file rw_file_perms;
get_prop(google_camera_app, vendor_gxp_prop)
# Allows GCA to find and access the EdgeTPU.
#allow google_camera_app edgetpu_app_service:service_manager find;
#allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
allow google_camera_app edgetpu_app_service:service_manager find;
allow google_camera_app edgetpu_device:chr_file { ioctl };
# Allows GCA to access the hw_jpeg /dev/video12.
#allow google_camera_app hw_jpg_device:chr_file rw_file_perms;