Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move coredomain seapp contexts to system_ext

Browse source 
Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.

Bug: 280547417
Test: TH
Change-Id: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
Merged-In: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
(cherry picked from commit 63200470b8)
This commit is contained in:
Inseob Kim 2023-08-10 17:00:56 +09:00
parent 08dbe5a438
commit d9a89215f4
16 changed files with 82 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

17
vendor/google_camera_app.te vendored
View file

@ -1,24 +1,7 @@
type google_camera_app, domain, coredomain;
app_domain(google_camera_app)
net_domain(google_camera_app)
allow google_camera_app app_api_service:service_manager find;
allow google_camera_app audioserver_service:service_manager find;
allow google_camera_app cameraserver_service:service_manager find;
allow google_camera_app mediaextractor_service:service_manager find;
allow google_camera_app mediametrics_service:service_manager find;
allow google_camera_app mediaserver_service:service_manager find;
# Allows GCA to acccess the GXP device and search for the firmware file.
allow google_camera_app gxp_device:chr_file rw_file_perms;
allow google_camera_app vendor_fw_file:dir search;
# Allows GCA to access the PowerHAL.
hal_client_domain(google_camera_app, hal_power)
# Allows GCA to find and access the EdgeTPU.
allow google_camera_app edgetpu_app_service:service_manager find;
allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
# Library code may try to access vendor properties, but should be denied
dontaudit google_camera_app vendor_default_prop:file { getattr map open };