Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
device_google_zumapro/sepolicy/vendor/hal_camera_default.te
Michael Bestas 033f3a090a Android 15.0.0 Release 21 (BP1A.250305.020) 
-----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8fKCAAKCRDorT+BmrEO
 eKE3AJ4uFXxFPLY5WKfjV42Swr4BBy8a1ACcD53kvqqVMTUClsM4lrgXGQ82YKc=
 =5fRU
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgPpdpjxPACTIhnlvYz0GM4BR7FJ
 +rYv3jMbfxNKD3JvcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
 AAAAQD3Qc4A3bmG6C5UeJ72OX6KEYC9rOCtnIlT5iRxwxs/8+aoXRxpQTf78JyVn+Xsz2J
 TUbFUORg+gRtEXsx4ApwE=
 -----END SSH SIGNATURE-----

Merge tag 'android-15.0.0_r21' into staging/lineage-22.2_merge-android-15.0.0_r21

Android 15.0.0 Release 21 (BP1A.250305.020)

# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8fKCAAKCRDorT+BmrEO
# eKE3AJ4uFXxFPLY5WKfjV42Swr4BBy8a1ACcD53kvqqVMTUClsM4lrgXGQ82YKc=
# =5fRU
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed Mar  5 05:50:32 2025 EET
# gpg:                using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate]

# By Nina Chen (11) and others
# Via Android Build Coastguard Worker (32) and others
* tag 'android-15.0.0_r21': (41 commits)
  Update SELinux error
  modem_svc: move shared_modem_platform related sepolicy to gs-common
  Allow tachyon service to make binder calls to GCA
  Update SELinux error
  allow hal_bluetooth_btlinux write sysfs file
  port display sysfs access
  Add hal_shared_modem_platform to modem_diagnostic_app.te
  add permission for hl7132 sysfs
  Update SELinux error
  Update the PMS app seinfo for the certification change.
  Update SELinux error
  Revert "modem_svc: move shared_modem_platform related sepolicy t..."
  modem_svc: move shared_modem_platform related sepolicy to gs-common
  Support access to radioext service over AIDL
  Update SELinux error
  Update SELinux error
  correct frame_interval_ns and expected_present_time_ns naming
  shamp: remove fixed bug from bugmap
  sepolicy: add label for logbuffer
  Update SELinux error
  ...

 Conflicts:
	sepolicy/vendor/keys.conf
	sepolicy/zumapro-sepolicy.mk

Change-Id: I904f4d429cf34da67777654f6c373a66b105d128
2025-03-09 11:01:22 +02:00

97 lines
4.2 KiB
Text
Raw Blame History

# for hal_camera_default service
allow hal_camera_default self:global_capability_class_set sys_nice;
allow hal_camera_default kernel:process setsched;
vndbinder_use(hal_camera_default);
allow hal_camera_default lwis_device:chr_file rw_file_perms;
# Face authentication code that is part of the camera HAL needs to allocate
# dma_bufs and access the Trusted Execution Environment device node
allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
allow hal_camera_default tee_device:chr_file rw_file_perms;
# Allow the camera hal to access the EdgeTPU service and the
# Android shared memory allocated by the EdgeTPU service for
# on-device compilation.
allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
allow hal_camera_default edgetpu_vendor_service:service_manager find;
binder_call(hal_camera_default, edgetpu_vendor_server)
# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging
# library has a dependency on edgetpu_app_service, see b/275016466.
allow hal_camera_default edgetpu_app_service:service_manager find;
binder_call(hal_camera_default, edgetpu_app_server)
# Allow access to data files used by the camera HAL
allow hal_camera_default mnt_vendor_file:dir search;
allow hal_camera_default persist_file:dir search;
allow hal_camera_default persist_camera_file:dir rw_dir_perms;
allow hal_camera_default persist_camera_file:file create_file_perms;
allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
allow hal_camera_default vendor_camera_data_file:file create_file_perms;
# Allow creating dump files for debugging in non-release builds
userdebug_or_eng(`
allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;
allow hal_camera_default vendor_camera_data_file:file create_file_perms;
')
# Allow access to camera-related system properties
set_prop(hal_camera_default, vendor_camera_prop);
get_prop(hal_camera_default, vendor_camera_debug_prop);
userdebug_or_eng(`
set_prop(hal_camera_default, vendor_camera_fatp_prop);
set_prop(hal_camera_default, vendor_camera_debug_prop);
')
hal_client_domain(hal_camera_default, hal_graphics_allocator);
hal_client_domain(hal_camera_default, hal_graphics_composer)
hal_client_domain(hal_camera_default, hal_power);
hal_client_domain(hal_camera_default, hal_thermal);
# Allow access to sensor service for sensor_listener
binder_call(hal_camera_default, system_server);
# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering
allow hal_camera_default eco_service:service_manager find;
binder_call(hal_camera_default, mediacodec_samsung);
# Allow camera HAL to connect to the stats service.
allow hal_camera_default fwk_stats_service:service_manager find;
# For observing apex file changes
allow hal_camera_default apex_info_file:file r_file_perms;
# Allow camera HAL to query current device clock frequencies.
allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;
# Allow camera HAL to read display info, including backlight
allow hal_camera_default sysfs_leds:dir r_dir_perms;
allow hal_camera_default sysfs_leds:file r_file_perms;
allow hal_camera_default sysfs_display:file r_file_perms;
# Allow camera HAL to query preferred camera frequencies from the radio HAL
# extensions to avoid interference with cellular antennas.
allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
allow hal_camera_default hal_radio_ext_service:service_manager find;
# Allows camera HAL to access the hw_jpeg /dev/video12.
allow hal_camera_default hw_jpg_device:chr_file rw_file_perms;
# Allow access to always-on compute device node
allow hal_camera_default aoc_device:chr_file rw_file_perms;
# Allow camera HAL to send trace packets to Perfetto
userdebug_or_eng(`perfetto_producer(hal_camera_default)')
# Some file searches attempt to access system data and are denied.
# This is benign and can be ignored.
dontaudit hal_camera_default system_data_file:dir { search };
# google3 prebuilts attempt to connect to the wrong trace socket, ignore them.
dontaudit hal_camera_default traced:unix_stream_socket { connectto };
dontaudit hal_camera_default traced_producer_socket:sock_file { write };
# Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes
wakelock_use(hal_camera_default)
Reference in a new issue View git blame Copy permalink