Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy-legacy / refs/heads/rebase / . / common / mm-qcamerad.te
blob: f6dd5e51d5fb6120e4744c784bdc7fc34474373e [file] [log] [blame]
Biswajit Paul6786a922017-03-16 11:53:53 -0700[diff] [blame]1type mm-qcamerad, domain;
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]2type mm-qcamerad_exec, exec_type, vendor_file_type, file_type;
Avijit Kanti Das36fb2c12014-10-06 15:21:57 -0700[diff] [blame]3init_daemon_domain(mm-qcamerad)
4
Cullum Baldwin2b151492014-12-15 16:28:59 -0800[diff] [blame]5#added to support EZTune for camera
Avijit Kanti Das36fb2c12014-10-06 15:21:57 -0700[diff] [blame]6userdebug_or_eng(`
Ravi Kumar Siddojigari92eed182017-06-27 00:25:03 +0530[diff] [blame]7 allow mm-qcamerad qti_debugfs:dir r_dir_perms;
8 allow mm-qcamerad qti_debugfs:file read;
Cullum Baldwin2b151492014-12-15 16:28:59 -0800[diff] [blame]9 allow mm-qcamerad camera_data_file:file create_file_perms;
Biswajit Paul2d35d982017-02-01 17:40:10 -0800[diff] [blame]10 #allow mm-qcamerad self:tcp_socket create_stream_socket_perms;
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]11 allow mm-qcamerad node:tcp_socket node_bind;
12
13 # IMS use camera daemon to make VT call
14 allow mm-qcamerad port:tcp_socket name_bind;
Biswajit Paul28439f92015-07-15 13:28:27 -0700[diff] [blame]15 allow mm-qcamerad self:tcp_socket { accept listen };
16 allow mm-qcamerad camera_data_file:file create_file_perms;
Ravi Kumar Siddojigari4d5fc562015-11-17 18:11:01 +0530[diff] [blame]17
18 # mm-qcamerad needs to set persist.camera. property
sahil madekaa3608c92017-05-12 15:41:40 -0700[diff] [blame]19 set_prop(mm-qcamerad, camera_prop)
Avijit Kanti Das36fb2c12014-10-06 15:21:57 -0700[diff] [blame]20')
21
22#Communicate with user land process through domain socket
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]23#allow mm-qcamerad camera_socket:sock_file { create unlink write };
Avijit Kanti Das36fb2c12014-10-06 15:21:57 -0700[diff] [blame]24allow mm-qcamerad camera_socket:dir w_dir_perms;
25unix_socket_connect(mm-qcamerad, sensors, sensors)
26
Mukund Mittal87f504c2014-12-12 21:41:15 +0530[diff] [blame]27#Allow connections between sensor manager and mm-qcamerad
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]28#allow mm-qcamerad system_server:unix_stream_socket rw_socket_perms;
Mukund Mittal87f504c2014-12-12 21:41:15 +0530[diff] [blame]29binder_call(mm-qcamerad, system_server);
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]30#binder_use(mm-qcamerad);
Mukund Mittal87f504c2014-12-12 21:41:15 +0530[diff] [blame]31
Biswajit Paul2d35d982017-02-01 17:40:10 -0800[diff] [blame]32allow mm-qcamerad self:socket create_socket_perms_no_ioctl;
Ananda Kishore2cba0b02016-06-28 17:20:11 +0530[diff] [blame]33allow mm-qcamerad persist_file:dir r_dir_perms;
Ananda Kishore464bd032016-05-18 18:58:52 +0530[diff] [blame]34allow mm-qcamerad sensors_persist_file:dir r_dir_perms;
35allow mm-qcamerad sensors_persist_file:file r_file_perms;
36
Avijit Kanti Das36fb2c12014-10-06 15:21:57 -0700[diff] [blame]37allow mm-qcamerad self:process execmem;
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]38
Avijit Kanti Das36fb2c12014-10-06 15:21:57 -0700[diff] [blame]39# Interact with other media devices
David Ng14a42d62016-03-07 15:35:02 -0800[diff] [blame]40allow mm-qcamerad video_device:dir r_dir_perms;
41allow mm-qcamerad { gpu_device video_device sensors_device }:chr_file rw_file_perms;
Avijit Kanti Das36fb2c12014-10-06 15:21:57 -0700[diff] [blame]42
Michael Bestas4b1b27a2019-01-15 22:30:35 +0200[diff] [blame]43allow mm-qcamerad { surfaceflinger mediaserver cameraserver hal_camera appdomain }:fd use;
Biswajit Paul64f83f62014-10-13 14:36:16 -0700[diff] [blame]44
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]45allow mm-qcamerad camera_data_file:dir w_dir_perms;
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]46#allow mm-qcamerad camera_data_file:sock_file { create unlink };
Sunid Wilson3d4e6bb2015-04-30 19:06:39 -0700[diff] [blame]47
Suman Mukherjee2d2e6e92017-07-11 20:13:08 +0530[diff] [blame]48allow mm-qcamerad vendor_camera_data_file:dir w_dir_perms;
49allow mm-qcamerad vendor_camera_data_file:sock_file { create unlink };
50
Sunid Wilson3d4e6bb2015-04-30 19:06:39 -0700[diff] [blame]51#Allows camera to call ADSP QDSP6 functionality
Biswajit Paul28439f92015-07-15 13:28:27 -0700[diff] [blame]52allow mm-qcamerad qdsp_device:chr_file rw_file_perms;
Suman Mukherjee9346dc02015-08-03 12:19:41 +0530[diff] [blame]53
54#Allows sensor service(running in camera daemon) to invoke service manager API
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]55#allow mm-qcamerad sensorservice_service:service_manager find;
Senthil Kumar Rajagopal6fbe14d2015-08-13 18:58:06 -0700[diff] [blame]56
57#allow mm-qcamerad to access /dsp
58r_dir_file(mm-qcamerad, adsprpcd_file);
Avijit Kanti Dase5656e32015-09-09 16:53:28 -0700[diff] [blame]59
60r_dir_file(mm-qcamerad, firmware_file)
Ramesh V6b15fff2015-09-29 19:43:02 +0530[diff] [blame]61allow mm-qcamerad graphics_device:dir r_dir_perms;
62
63#Allow access to /dev/graphics/fb* for screen capture
64allow mm-qcamerad graphics_device:chr_file rw_file_perms;
taozhangaf844b82015-11-04 14:50:25 +0800[diff] [blame]65
66#Allow camera work normally in FFBM
David Ng14a42d62016-03-07 15:35:02 -0800[diff] [blame]67binder_call(mm-qcamerad, mmi);
Bikas Gurung1758abf2016-07-25 13:46:13 -0700[diff] [blame]68
69#Allow camera to access laser nodes
70allow mm-qcamerad input_device:dir r_dir_perms;
71allow mm-qcamerad input_device:chr_file r_file_perms;
Wei Ding1dab71a2017-09-01 13:10:53 +0800[diff] [blame]72allow mm-qcamerad sysfs_laser:file rw_file_perms;
Suman Mukherjee2d2e6e92017-07-11 20:13:08 +0530[diff] [blame]73
74hal_client_domain(mm-qcamerad, hal_graphics_allocator)
75allow mm-qcamerad ion_device:chr_file rw_file_perms;
Suman Mukherjee8d3d8072017-08-04 16:51:38 +0530[diff] [blame]76
Author Name95685412017-09-04 13:33:10 +0530[diff] [blame]77#allow camera to access Isensormanager
78allow mm-qcamerad fwk_sensor_hwservice:hwservice_manager find;
79binder_call(mm-qcamerad, system_server)
80
Santhosh Kumar Thimmanna Bhattar2f1f71a2017-12-26 20:33:03 +0530[diff] [blame]81#allow camera to access system file/dir for CAC3 functionality
82allow mm-qcamerad system_file:dir r_dir_perms;
83
Suman Mukherjee8d3d8072017-08-04 16:51:38 +0530[diff] [blame]84# from sensors team
85
86allow mm-qcamerad self:socket create_socket_perms;
87allowxperm mm-qcamerad self:socket ioctl msm_sock_ipc_ioctls;
88
89allow mm-qcamerad sysfs_data:file r_file_perms;
Bruno Martins2d7d4012018-06-04 21:11:32 +0100[diff] [blame]90
91#for v4L node "name" access
92allow mm-qcamerad sysfs_graphics:file rw_file_perms;