device_google_zuma/vendor/google_camera_app.te

type google_camera_app, domain, coredomain;
app_domain(google_camera_app)
net_domain(google_camera_app)

allow google_camera_app app_api_service:service_manager find;
allow google_camera_app audioserver_service:service_manager find;
allow google_camera_app cameraserver_service:service_manager find;
allow google_camera_app mediaextractor_service:service_manager find;
allow google_camera_app mediametrics_service:service_manager find;
allow google_camera_app mediaserver_service:service_manager find;

# Allows GCA to acccess the GXP device.
allow google_camera_app gxp_device:chr_file rw_file_perms;

# Allow GCA to access the GXP properies.
get_prop(google_camera_app, vendor_gxp_prop)

# Allows GCA to access the PowerHAL.
hal_client_domain(google_camera_app, hal_power)

# Allows GCA to find and access the EdgeTPU.
allow google_camera_app edgetpu_app_service:service_manager find;
allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };

# Library code may try to access vendor properties, but should be denied
dontaudit google_camera_app vendor_default_prop:file { getattr map open };