diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te index be9279b8..0793bab9 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -4,7 +4,6 @@ type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; type fingerprint_device, dev_type; -type gxp_device, dev_type, mlstrustedobject; type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; type faceauth_heap_device, dmabuf_heap_device_type, dev_type; type vframe_heap_device, dmabuf_heap_device_type, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index af8f0b6c..70e36b46 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -44,47 +44,10 @@ /dev/goodix_fp u:object_r:fingerprint_device:s0 /dev/stmvl53l1_ranging u:object_r:rls_device:s0 /dev/watchdog0 u:object_r:watchdog_device:s0 -/dev/mali0 u:object_r:gpu_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 -/dev/lwis-csi u:object_r:lwis_device:s0 -/dev/lwis-dpm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 -/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 -/dev/lwis-g3aa u:object_r:lwis_device:s0 -/dev/lwis-gdc0 u:object_r:lwis_device:s0 -/dev/lwis-gdc1 u:object_r:lwis_device:s0 -/dev/lwis-gtnr-align u:object_r:lwis_device:s0 -/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 -/dev/lwis-ipp u:object_r:lwis_device:s0 -/dev/lwis-itp u:object_r:lwis_device:s0 -/dev/lwis-mcsc u:object_r:lwis_device:s0 -/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-pdp u:object_r:lwis_device:s0 -/dev/lwis-scsc u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 -/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 -/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 -/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 -/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 -/dev/lwis-slc u:object_r:lwis_device:s0 -/dev/lwis-top u:object_r:lwis_device:s0 -/dev/lwis-tof-vl53l8 u:object_r:lwis_device:s0 -/dev/lwis-votf u:object_r:lwis_device:s0 /dev/dri/card0 u:object_r:graphics_device:s0 /dev/fimg2d u:object_r:graphics_device:s0 /dev/g2d u:object_r:graphics_device:s0 -/dev/gxp u:object_r:gxp_device:s0 /dev/dit2 u:object_r:vendor_toe_device:s0 -/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 /dev/sg1 u:object_r:sg_device:s0 /dev/st21nfc u:object_r:nfc_device:s0 /dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 @@ -98,7 +61,6 @@ /data/nfc(/.*)? u:object_r:nfc_data_file:s0 /data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 /data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 -/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0 /data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 @@ -109,7 +71,6 @@ # Persist /mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 -/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 /mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 /mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 diff --git a/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts index f9cdcf10..05618bc5 100644 --- a/legacy/whitechapel_pro/genfs_contexts +++ b/legacy/whitechapel_pro/genfs_contexts @@ -65,16 +65,6 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mp genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -# Devfreq current frequency -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 - # OTA genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 diff --git a/legacy/whitechapel_pro/property_contexts b/legacy/whitechapel_pro/property_contexts index 8945ca6e..1a42d9b8 100644 --- a/legacy/whitechapel_pro/property_contexts +++ b/legacy/whitechapel_pro/property_contexts @@ -22,12 +22,6 @@ persist.vendor.se. u:object_r:vendor_secure_element_prop ro.vendor.hwc.drm.device u:object_r:vendor_display_prop:s0 persist.vendor.display. u:object_r:vendor_display_prop:s0 -# Camera -persist.vendor.camera. u:object_r:vendor_camera_prop:s0 -vendor.camera. u:object_r:vendor_camera_prop:s0 -vendor.camera.debug. u:object_r:vendor_camera_debug_prop:s0 -vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 - # for logger app vendor.pixellogger. u:object_r:vendor_logger_prop:s0 persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0 diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te deleted file mode 100644 index d2c3e45a..00000000 --- a/tracking_denials/hal_camera_default.te +++ /dev/null @@ -1,64 +0,0 @@ -# b/260366029 -dontaudit hal_camera_default device:chr_file { ioctl }; -dontaudit hal_camera_default device:chr_file { open }; -dontaudit hal_camera_default device:chr_file { read }; -# b/261651093 -dontaudit hal_camera_default apex_info_file:file { getattr }; -dontaudit hal_camera_default apex_info_file:file { open }; -dontaudit hal_camera_default apex_info_file:file { read }; -dontaudit hal_camera_default apex_info_file:file { watch }; -dontaudit hal_camera_default edgetpu_device:chr_file { ioctl }; -dontaudit hal_camera_default edgetpu_device:chr_file { map }; -dontaudit hal_camera_default edgetpu_device:chr_file { open }; -dontaudit hal_camera_default edgetpu_device:chr_file { read write }; -dontaudit hal_camera_default edgetpu_vendor_server:binder { call }; -dontaudit hal_camera_default edgetpu_vendor_server:fd { use }; -dontaudit hal_camera_default edgetpu_vendor_service:service_manager { find }; -dontaudit hal_camera_default fwk_stats_service:service_manager { find }; -dontaudit hal_camera_default hal_camera_default:capability { sys_nice }; -dontaudit hal_camera_default hal_power_default:binder { call }; -dontaudit hal_camera_default hal_power_service:service_manager { find }; -dontaudit hal_camera_default hal_radioext_default:binder { call }; -dontaudit hal_camera_default init:unix_stream_socket { connectto }; -dontaudit hal_camera_default kernel:process { setsched }; -dontaudit hal_camera_default lwis_device:chr_file { ioctl }; -dontaudit hal_camera_default lwis_device:chr_file { open }; -dontaudit hal_camera_default lwis_device:chr_file { read }; -dontaudit hal_camera_default lwis_device:chr_file { write }; -dontaudit hal_camera_default mnt_vendor_file:dir { search }; -dontaudit hal_camera_default persist_camera_file:dir { search }; -dontaudit hal_camera_default persist_camera_file:file { getattr }; -dontaudit hal_camera_default persist_camera_file:file { open }; -dontaudit hal_camera_default persist_camera_file:file { read }; -dontaudit hal_camera_default persist_file:dir { search }; -dontaudit hal_camera_default property_socket:sock_file { write }; -dontaudit hal_camera_default rls_service:service_manager { find }; -dontaudit hal_camera_default rlsservice:binder { call }; -dontaudit hal_camera_default system_data_file:dir { search }; -dontaudit hal_camera_default system_server:binder { call }; -dontaudit hal_camera_default traced:unix_stream_socket { connectto }; -dontaudit hal_camera_default traced_producer_socket:sock_file { write }; -dontaudit hal_camera_default vendor_camera_data_file:dir { getattr }; -dontaudit hal_camera_default vendor_camera_data_file:dir { open }; -dontaudit hal_camera_default vendor_camera_data_file:dir { read }; -dontaudit hal_camera_default vendor_camera_data_file:dir { search }; -dontaudit hal_camera_default vendor_camera_data_file:file { getattr }; -dontaudit hal_camera_default vendor_camera_data_file:file { open }; -dontaudit hal_camera_default vendor_camera_data_file:file { read }; -dontaudit hal_camera_default vendor_camera_debug_prop:file { getattr }; -dontaudit hal_camera_default vendor_camera_debug_prop:file { map }; -dontaudit hal_camera_default vendor_camera_debug_prop:file { open }; -dontaudit hal_camera_default vendor_camera_debug_prop:file { read }; -dontaudit hal_camera_default vendor_camera_prop:file { getattr }; -dontaudit hal_camera_default vendor_camera_prop:file { map }; -dontaudit hal_camera_default vendor_camera_prop:file { open }; -dontaudit hal_camera_default vendor_camera_prop:file { read }; -dontaudit hal_camera_default vendor_camera_prop:property_service { set }; -dontaudit hal_camera_default vndbinder_device:chr_file { ioctl }; -dontaudit hal_camera_default vndbinder_device:chr_file { map }; -dontaudit hal_camera_default vndbinder_device:chr_file { open }; -dontaudit hal_camera_default vndbinder_device:chr_file { read }; -dontaudit hal_camera_default vndbinder_device:chr_file { write }; -dontaudit hal_camera_default vndservicemanager:binder { call }; -# b/263185135 -dontaudit hal_camera_default system_server:binder { transfer }; diff --git a/vendor/device.te b/vendor/device.te index 2e4cc203..b94ed73b 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -3,6 +3,7 @@ type custom_ab_block_device, dev_type; type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; type logbuffer_device, dev_type; +type gxp_device, dev_type; # SecureElement SPI device type st54spi_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index eae7b623..324bf6c9 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -26,6 +26,7 @@ /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 # persist +/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 /mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 # Devices @@ -62,6 +63,8 @@ /dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/gxp u:object_r:gxp_device:s0 +/dev/mali0 u:object_r:gpu_device:s0 /dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 /dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 /dev/logbuffer_wireless u:object_r:logbuffer_device:s0 @@ -78,4 +81,55 @@ /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 +/dev/lwis-be-core u:object_r:lwis_device:s0 +/dev/lwis-csi u:object_r:lwis_device:s0 +/dev/lwis-dpm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 +/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 +/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 +/dev/lwis-g3aa u:object_r:lwis_device:s0 +/dev/lwis-gdc0 u:object_r:lwis_device:s0 +/dev/lwis-gdc1 u:object_r:lwis_device:s0 +/dev/lwis-gse u:object_r:lwis_device:s0 +/dev/lwis-gtnr-align u:object_r:lwis_device:s0 +/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 +/dev/lwis-ipp u:object_r:lwis_device:s0 +/dev/lwis-itp u:object_r:lwis_device:s0 +/dev/lwis-isp-fe u:object_r:lwis_device:s0 +/dev/lwis-lme u:object_r:lwis_device:s0 +/dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 +/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 +/dev/lwis-pdp u:object_r:lwis_device:s0 +/dev/lwis-scsc u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 +/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 +/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 +/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 +/dev/lwis-slc u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 +/dev/lwis-top u:object_r:lwis_device:s0 +/dev/lwis-tof-vl53l8 u:object_r:lwis_device:s0 +/dev/lwis-votf u:object_r:lwis_device:s0 /dev/st54spi u:object_r:st54spi_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 + +# Data +/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 48b8e1b1..c4848724 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,3 +1,13 @@ +# Devfreq current frequency +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 + # EdgeTPU genfscon sysfs /devices/platform/1ce00000.rio u:object_r:sysfs_edgetpu:s0 diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te new file mode 100644 index 00000000..8c6418f1 --- /dev/null +++ b/vendor/hal_camera_default.te @@ -0,0 +1,78 @@ +allow hal_camera_default self:global_capability_class_set sys_nice; +allow hal_camera_default kernel:process setsched; + +vndbinder_use(hal_camera_default); + +allow hal_camera_default lwis_device:chr_file rw_file_perms; + +# Face authentication code that is part of the camera HAL needs to allocate +# dma_bufs and access the Trusted Execution Environment device node + +# Allow the camera hal to access the EdgeTPU service and the +# Android shared memory allocated by the EdgeTPU service for +# on-device compilation. +allow hal_camera_default edgetpu_device:chr_file rw_file_perms; +allow hal_camera_default edgetpu_vendor_service:service_manager find; +binder_call(hal_camera_default, edgetpu_vendor_server) + +# Allow access to data files used by the camera HAL +allow hal_camera_default mnt_vendor_file:dir search; +allow hal_camera_default persist_file:dir search; +allow hal_camera_default persist_camera_file:dir rw_dir_perms; +allow hal_camera_default persist_camera_file:file create_file_perms; +allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; +allow hal_camera_default vendor_camera_data_file:file create_file_perms; + +# Allow creating dump files for debugging in non-release builds +userdebug_or_eng(` + allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; + allow hal_camera_default vendor_camera_data_file:file create_file_perms; +') + +# Allow access to camera-related system properties +set_prop(hal_camera_default, vendor_camera_prop); +get_prop(hal_camera_default, vendor_camera_debug_prop); +userdebug_or_eng(` + set_prop(hal_camera_default, vendor_camera_fatp_prop); + set_prop(hal_camera_default, vendor_camera_debug_prop); +') + +# For camera hal to talk with rlsservice +allow hal_camera_default rls_service:service_manager find; +binder_call(hal_camera_default, rlsservice) + +hal_client_domain(hal_camera_default, hal_graphics_allocator); +hal_client_domain(hal_camera_default, hal_graphics_composer) +hal_client_domain(hal_camera_default, hal_power); +hal_client_domain(hal_camera_default, hal_thermal); + +# Allow access to sensor service for sensor_listener +binder_call(hal_camera_default, system_server); + +# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering +allow hal_camera_default eco_service:service_manager find; +binder_call(hal_camera_default, mediacodec_samsung); + +# Allow camera HAL to connect to the stats service. +allow hal_camera_default fwk_stats_service:service_manager find; + +# For observing apex file changes +allow hal_camera_default apex_info_file:file r_file_perms; + +# Allow camera HAL to query current device clock frequencies. +allow hal_camera_default sysfs_devfreq_cur:file r_file_perms; + +# Allow camera HAL to read backlight of display +allow hal_camera_default sysfs_leds:dir r_dir_perms; +allow hal_camera_default sysfs_leds:file r_file_perms; + +# Allow camera HAL to send trace packets to Perfetto +userdebug_or_eng(`perfetto_producer(hal_camera_default)') + +# Some file searches attempt to access system data and are denied. +# This is benign and can be ignored. +dontaudit hal_camera_default system_data_file:dir { search }; + +# google3 prebuilts attempt to connect to the wrong trace socket, ignore them. +dontaudit hal_camera_default traced:unix_stream_socket { connectto }; +dontaudit hal_camera_default traced_producer_socket:sock_file { write }; diff --git a/vendor/property_contexts b/vendor/property_contexts new file mode 100644 index 00000000..a619af72 --- /dev/null +++ b/vendor/property_contexts @@ -0,0 +1,5 @@ +# Camera +persist.vendor.camera. u:object_r:vendor_camera_prop:s0 +vendor.camera. u:object_r:vendor_camera_prop:s0 +vendor.camera.debug. u:object_r:vendor_camera_debug_prop:s0 +vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0