From 9c91ba1a2f1d70eb2d6f2a899525340c84da8abf Mon Sep 17 00:00:00 2001 From: Andy Hsu Date: Thu, 23 Mar 2023 03:06:15 +0000 Subject: [PATCH] Add SELinux policy to allow GCARelease and GCADogfood to access PowerHAL. Note that this only adds permission to GCARelease and GCADogfood, while GCANext and GCAEng are still untrusted app on zuma now and after this change GCANext and GCAEng will still be denied. Bug: 264490031 Test: Portrait processing in GCARelease didn't get denial message when accessing PowerHAL after this change (https://cnsviewer-static.corp.google.com/cns/md-d/home/pixel-camera-data-readers/acat/hwandy/ag/22215364?user=pixel-camera-data-readers). Change-Id: Ia4a4c2f24215b9da9db7985cf67112997df355fa --- vendor/google_camera_app.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index a87b37c4..b4ba6c11 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -3,3 +3,6 @@ app_domain(google_camera_app) # Allows camera app to access the GXP device. allow google_camera_app gxp_device:chr_file rw_file_perms; + +# Allows camera app to access the PowerHAL. +hal_client_domain(google_camera_app, hal_power)