Snap for 11464157 from ec7b492ebd to 24Q2-release
Change-Id: Icefb5821949e8875b5ea9c98fbe47068c432c83f
This commit is contained in:
Android Build Coastguard Worker
commit
dc689fcb8a
2 changed files with 28 additions and 5 deletions
|
|
@ -1,12 +1,32 @@
|
||||||
typeattribute vendor_pcs_app coredomain;
|
typeattribute vendor_pcs_app coredomain;
|
||||||
|
|
||||||
app_domain(vendor_pcs_app);
|
app_domain(vendor_pcs_app);
|
||||||
|
net_domain(vendor_pcs_app);
|
||||||
|
bluetooth_domain(vendor_pcs_app);
|
||||||
|
|
||||||
allow vendor_pcs_app {
|
allow vendor_pcs_app {
|
||||||
app_api_service
|
app_api_service
|
||||||
audioserver_service
|
audioserver_service
|
||||||
cameraserver_service
|
cameraserver_service
|
||||||
|
drmserver_service
|
||||||
mediametrics_service
|
mediametrics_service
|
||||||
mediaserver_service
|
mediaserver_service
|
||||||
|
nfc_service
|
||||||
radio_service
|
radio_service
|
||||||
}:service_manager find;
|
}:service_manager find;
|
||||||
|
|
||||||
|
# Following allowances were replicated from priv_app
|
||||||
|
# Write to /cache.
|
||||||
|
allow vendor_pcs_app { cache_file cache_recovery_file }:dir create_dir_perms;
|
||||||
|
allow vendor_pcs_app { cache_file cache_recovery_file }:file create_file_perms;
|
||||||
|
# /cache is a symlink to /data/cache on some devices. Allow reading the link.
|
||||||
|
allow vendor_pcs_app cache_file:lnk_file r_file_perms;
|
||||||
|
|
||||||
|
# Access to /data/media.
|
||||||
|
allow vendor_pcs_app media_rw_data_file:dir create_dir_perms;
|
||||||
|
allow vendor_pcs_app media_rw_data_file:file create_file_perms;
|
||||||
|
|
||||||
|
# Access to /data/preloads
|
||||||
|
r_dir_file(vendor_pcs_app, preloads_data_file)
|
||||||
|
r_dir_file(vendor_pcs_app, preloads_media_file)
|
||||||
|
|
||||||
|
|
|
||||||
13
camera/sepolicy/vendor/vendor_pcs_app.te
vendored
13
camera/sepolicy/vendor/vendor_pcs_app.te
vendored
|
|
@ -1,14 +1,17 @@
|
||||||
# Allow PCS to find the LyricConfigProvider service through ServiceManager.
|
allow vendor_pcs_app {
|
||||||
allow vendor_pcs_app vendor_camera_lyricconfigprovider_service:service_manager find;
|
vendor_camera_lyricconfigprovider_service
|
||||||
# Allow PCS to find the CameraIdRemapper service through ServiceManager.
|
vendor_camera_cameraidremapper_service
|
||||||
allow vendor_pcs_app vendor_camera_cameraidremapper_service:service_manager find;
|
edgetpu_app_service
|
||||||
|
}:service_manager find;
|
||||||
|
|
||||||
allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
|
allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
|
||||||
|
|
||||||
binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);
|
binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);
|
||||||
|
|
||||||
binder_call(vendor_pcs_app, hal_camera_default);
|
binder_call(vendor_pcs_app, hal_camera_default);
|
||||||
|
|
||||||
|
# Allow interacting with EdgeTpu.
|
||||||
|
allow vendor_pcs_app edgetpu_device:chr_file { getattr read write ioctl map };
|
||||||
|
|
||||||
# Allow PCS to open socket connections for HTTP streaming support.
|
# Allow PCS to open socket connections for HTTP streaming support.
|
||||||
allow vendor_pcs_app vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
|
allow vendor_pcs_app vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
|
||||||
allow vendor_pcs_app fwmarkd_socket:sock_file write;
|
allow vendor_pcs_app fwmarkd_socket:sock_file write;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue