3758cdb733
EdgeTPU access is already allowed. Vendor property access should be denied and is not an error (most likely from library code that tries to access nonexistent Mediatek-specific properties). Fix: 209889068 Test: presubmit, run GCA Change-Id: Id200da6627ceae1ca6315ea9b4473f61fdc285d0
26 lines
1.1 KiB
Text
26 lines
1.1 KiB
Text
type google_camera_app, domain, coredomain;
|
|
app_domain(google_camera_app)
|
|
net_domain(google_camera_app)
|
|
|
|
allow google_camera_app app_api_service:service_manager find;
|
|
allow google_camera_app audioserver_service:service_manager find;
|
|
allow google_camera_app cameraserver_service:service_manager find;
|
|
allow google_camera_app mediaextractor_service:service_manager find;
|
|
allow google_camera_app mediametrics_service:service_manager find;
|
|
allow google_camera_app mediaserver_service:service_manager find;
|
|
|
|
# Allows camera app to access the GXP device.
|
|
allow google_camera_app gxp_device:chr_file rw_file_perms;
|
|
|
|
# Allows camera app to search for GXP firmware file.
|
|
allow google_camera_app vendor_fw_file:dir search;
|
|
|
|
# Allows camera app to access the PowerHAL.
|
|
hal_client_domain(google_camera_app, hal_power)
|
|
|
|
# Allows GCA to find and access the EdgeTPU.
|
|
allow google_camera_app edgetpu_app_service:service_manager find;
|
|
allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
|
|
|
|
# Library code may try to access vendor properties, but should be denied
|
|
dontaudit google_camera_app vendor_default_prop:file { getattr map open };
|