Camera team needs to talk to aoc device in order to use libusf.
It will do this instead of talking to rlsservice. Soon, we can
remove rlsservice from the se policy for camera hal.
Bug: 277959222
Test: manual test, logs provided in comments
Change-Id: I7453fd94891dcc0c1c587bccb3bb6cff80f46e8b
This is to enable face authentication on P23 devices.
Bug: 278898746
Test: Build, face authentication
Change-Id: I75311770a9780e0d97a9240b589e4e4cd9e2dc56
Today the EdgeTpu metrics logging library (used by EdgeTpu library used by camera HAL) has a dependency on edgetpu_app_service, in order to call its UserIsAuthorized API to know whether to log the metrics (We don't want to log metrics for 3P apps), see b/275016466.
This is not ideal, because strictly speaking, camera HAL doesn't need such dependency.
Still, this is fine and there is no security risk, because today even untrusted apps can call edgetpu_app_service: http://cs/android-internal/device/google/gs-common/edgetpu/sepolicy/untrusted_app_all.te;l=2;rcl=f4b62d12c171d4e294d8251e34197ab555c40673
Bug: 266084950
Test: Just mm
Change-Id: I6c0e4411370e4b300b9ceb3ad804688d873371cd
The camera HAL and Google Camera App
need selinux permission to run workloads on Aurora DSP. This
change adds the selinux rules too allow these clients to
access the GXP device in order to execute workloads on DSP.
Bug: 264321380
Test: Verified that the camera HAL service and GCA app is able to access the GXP device.
Change-Id: I125650b4841b4cbdc50077a0d80b113b02699de8
Add hal_camera_default.te for zuma. Move referenced contexts and
settings to new zuma-sepolicy folders. Add hal_camera_default type declaration
to file.te
Bug: 261651093, 260366029, 263185135
Test: Build and test for hal_camera_default denials
Change-Id: Id0246f9ca8fd399853894e9e41548976ab44ccd0
