diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te index a4661e61..72796c22 100644 --- a/tracking_denials/google_camera_app.te +++ b/tracking_denials/google_camera_app.te @@ -1,10 +1,8 @@ # b/209889068 -dontaudit google_camera_app cameraserver_service:service_manager { find }; dontaudit google_camera_app edgetpu_app_service:service_manager { find }; dontaudit google_camera_app edgetpu_device:chr_file { ioctl }; dontaudit google_camera_app edgetpu_device:chr_file { map }; dontaudit google_camera_app edgetpu_device:chr_file { read write }; -dontaudit google_camera_app mediaserver_service:service_manager { find }; dontaudit google_camera_app vendor_default_prop:file { getattr }; dontaudit google_camera_app vendor_default_prop:file { map }; dontaudit google_camera_app vendor_default_prop:file { open }; diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te index 3b498495..971e4657 100644 --- a/whitechapel_pro/file.te +++ b/whitechapel_pro/file.te @@ -44,6 +44,7 @@ type sysfs_mfc, sysfs_type, fs_type; type sysfs_cpu, sysfs_type, fs_type; type sysfs_odpm, sysfs_type, fs_type; type sysfs_soc, sysfs_type, fs_type; +type sysfs_camera, sysfs_type, fs_type; # debugfs type debugfs_f2fs, debugfs_type, fs_type; diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index 71edacdb..6c5f59e5 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -48,6 +48,7 @@ genfscon sysfs /devices/platform/28000000.mali/hint_min_freq u # Fabric genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/min_freq u:object_r:sysfs_fabric:s0 # sscoredump (per device) genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 @@ -203,3 +204,7 @@ genfscon sysfs /devices/platform/100a0000.BIG u:obje genfscon sysfs /devices/platform/100a0000.ISP u:object_r:sysfs_thermal:s0 genfscon sysfs /devices/platform/100b0000.G3D u:object_r:sysfs_thermal:s0 genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0 + +# Camera +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0 diff --git a/whitechapel_pro/google_camera_app.te b/whitechapel_pro/google_camera_app.te index df2e4699..43ea14e3 100644 --- a/whitechapel_pro/google_camera_app.te +++ b/whitechapel_pro/google_camera_app.te @@ -2,3 +2,8 @@ type google_camera_app, domain, coredomain; app_domain(google_camera_app) allow google_camera_app app_api_service:service_manager find; +allow google_camera_app audioserver_service:service_manager find; +allow google_camera_app cameraserver_service:service_manager find; +allow google_camera_app mediaextractor_service:service_manager find; +allow google_camera_app mediametrics_service:service_manager find; +allow google_camera_app mediaserver_service:service_manager find; diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te index 048368a8..3c90bf32 100644 --- a/whitechapel_pro/hal_camera_default.te +++ b/whitechapel_pro/hal_camera_default.te @@ -60,6 +60,7 @@ binder_call(hal_camera_default, system_server); # Allow Binder calls to ECO service, needed by Entropy-Aware Filtering allow hal_camera_default eco_service:service_manager find; binder_call(hal_camera_default, mediacodec); +binder_call(hal_camera_default, mediacodec_samsung); # Allow camera HAL to query preferred camera frequencies from the radio HAL # extensions to avoid interference with cellular antennas. diff --git a/whitechapel_pro/hal_graphics_allocator_default.te b/whitechapel_pro/hal_graphics_allocator_default.te new file mode 100644 index 00000000..05f9508d --- /dev/null +++ b/whitechapel_pro/hal_graphics_allocator_default.te @@ -0,0 +1 @@ +allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; diff --git a/whitechapel_pro/hal_graphics_composer_default.te b/whitechapel_pro/hal_graphics_composer_default.te index 84faa9dc..44c01530 100644 --- a/whitechapel_pro/hal_graphics_composer_default.te +++ b/whitechapel_pro/hal_graphics_composer_default.te @@ -1,6 +1,8 @@ # allow HWC to access power hal hal_client_domain(hal_graphics_composer_default, hal_power) +hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator) + # allow HWC to access vendor_displaycolor_service add_service(hal_graphics_composer_default, vendor_displaycolor_service) diff --git a/whitechapel_pro/hal_power_default.te b/whitechapel_pro/hal_power_default.te index 8bbaa70d..eaaf8009 100644 --- a/whitechapel_pro/hal_power_default.te +++ b/whitechapel_pro/hal_power_default.te @@ -5,4 +5,5 @@ allow hal_power_default sysfs_display:file rw_file_perms; allow hal_power_default sysfs_vendor_sched:file r_file_perms; allow hal_power_default sysfs_gpu:file rw_file_perms; allow hal_power_default sysfs_fabric:file rw_file_perms; -set_prop(hal_power_default, vendor_camera_prop) \ No newline at end of file +allow hal_power_default sysfs_camera:file rw_file_perms; +set_prop(hal_power_default, vendor_camera_prop) diff --git a/whitechapel_pro/mediacodec_samsung.te b/whitechapel_pro/mediacodec_samsung.te index b1e09f50..6ac0ca35 100644 --- a/whitechapel_pro/mediacodec_samsung.te +++ b/whitechapel_pro/mediacodec_samsung.te @@ -17,6 +17,8 @@ allow mediacodec_samsung sysfs_mfc:dir r_dir_perms; # can use graphics allocator hal_client_domain(mediacodec_samsung, hal_graphics_allocator) +binder_call(mediacodec_samsung, hal_camera_default) + crash_dump_fallback(mediacodec_samsung) # mediacodec_samsung should never execute any executable without a domain transition diff --git a/whitechapel_pro/system_server.te b/whitechapel_pro/system_server.te new file mode 100644 index 00000000..0e0a159b --- /dev/null +++ b/whitechapel_pro/system_server.te @@ -0,0 +1 @@ +binder_call(system_server, hal_camera_default);