type hal_camera_default_tmpfs, file_type;

allow hal_camera_default self:global_capability_class_set sys_nice;

binder_use(hal_camera_default);
vndbinder_use(hal_camera_default);

allow hal_camera_default lwis_device:chr_file rw_file_perms;
allow hal_camera_default gpu_device:chr_file rw_file_perms;
allow hal_camera_default sysfs_chip_id:file r_file_perms;

# Tuscany (face auth) code that is part of the camera HAL needs to allocate
# dma_bufs and access the Trusted Execution Environment device node
allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
allow hal_camera_default tee_device:chr_file rw_file_perms;

# Allow the camera hal to access the EdgeTPU service and the
# Android shared memory allocated by the EdgeTPU service for
# on-device compilation.
allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
allow hal_camera_default sysfs_edgetpu:dir r_dir_perms;
allow hal_camera_default sysfs_edgetpu:file r_file_perms;
allow hal_camera_default edgetpu_vendor_service:service_manager find;
binder_call(hal_camera_default, edgetpu_vendor_server)

# Allow access to data files used by the camera HAL
allow hal_camera_default mnt_vendor_file:dir search;
allow hal_camera_default persist_file:dir search;
allow hal_camera_default persist_camera_file:dir search;
allow hal_camera_default persist_camera_file:file r_file_perms;
allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
allow hal_camera_default vendor_camera_data_file:file create_file_perms;
allow hal_camera_default vendor_camera_tuning_file:dir r_dir_perms;
allow hal_camera_default vendor_camera_tuning_file:file r_file_perms;

# Allow creating dump files for debugging in non-release builds
userdebug_or_eng(`
  allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;
  allow hal_camera_default vendor_camera_data_file:file create_file_perms;
')

# tmpfs is used by google3 prebuilts linked by the HAL to unpack data files
# compiled into the shared libraries with cc_embed_data rules
tmpfs_domain(hal_camera_default);

# Allow access to camera-related system properties
get_prop(hal_camera_default, vendor_camera_prop);
get_prop(hal_camera_default, vendor_camera_debug_prop);
userdebug_or_eng(`
  set_prop(hal_camera_default, vendor_camera_fatp_prop);
  set_prop(hal_camera_default, vendor_camera_debug_prop);
')


# For camera hal to talk with rlsservice
allow hal_camera_default rls_service:service_manager find;
binder_call(hal_camera_default, rlsservice)

hal_client_domain(hal_camera_default, hal_graphics_allocator);
hal_client_domain(hal_camera_default, hal_graphics_composer)
hal_client_domain(hal_camera_default, hal_power);
hal_client_domain(hal_camera_default, hal_thermal);

# Allow access to sensor service for sensor_listener
binder_call(hal_camera_default, system_server);

# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering
allow hal_camera_default eco_service:service_manager find;
binder_call(hal_camera_default, mediacodec);

# Allow camera HAL to query preferred camera frequencies from the radio HAL
# extensions to avoid interference with cellular antennas.
allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
binder_call(hal_camera_default, hal_radioext_default);

# Allow camera HAL to connect to the stats service.
allow hal_camera_default fwk_stats_service:service_manager find;