diff options
author | Treehugger Robot <treehugger-gerrit@google.com> | 2022-11-22 02:53:03 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-11-22 02:53:03 +0000 |
commit | 4eb406d6bac0a95efc1fd0fdcd3e49111a7b374b (patch) | |
tree | eb84d3bb8415a3e89e8cacdeb0d0a521b72fd2f2 /shared/camera | |
parent | 1477db8ab2816723416658f4c746923000e9bb2f (diff) | |
parent | b7a46bc83f12023c203582aff7a37550bdcbc411 (diff) | |
download | cuttlefish-4eb406d6bac0a95efc1fd0fdcd3e49111a7b374b.tar.gz |
Merge changes I18a65898,I1401442d,I80b2cc0a,I22b4af53,Ifa8b47bc am: 98ff2c1f54 am: 74875cbcee am: b7a46bc83f
Original change: https://android-review.googlesource.com/c/device/google/cuttlefish/+/2309649
Change-Id: Iee75becd03bd3a8ea02d10396b65604078626789
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat (limited to 'shared/camera')
-rw-r--r-- | shared/camera/BoardConfig.mk | 17 | ||||
-rw-r--r-- | shared/camera/sepolicy/OWNERS | 4 | ||||
-rw-r--r-- | shared/camera/sepolicy/bug_map | 1 | ||||
-rw-r--r-- | shared/camera/sepolicy/file_contexts | 4 | ||||
-rw-r--r-- | shared/camera/sepolicy/hal_camera_default.te | 19 | ||||
-rw-r--r-- | shared/camera/sepolicy/property.te | 1 | ||||
-rw-r--r-- | shared/camera/sepolicy/property_contexts | 2 |
7 files changed, 48 insertions, 0 deletions
diff --git a/shared/camera/BoardConfig.mk b/shared/camera/BoardConfig.mk new file mode 100644 index 000000000..5a80f77c4 --- /dev/null +++ b/shared/camera/BoardConfig.mk @@ -0,0 +1,17 @@ +# +# Copyright 2022 The Android Open-Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +BOARD_VENDOR_SEPOLICY_DIRS += device/google/cuttlefish/shared/camera/sepolicy diff --git a/shared/camera/sepolicy/OWNERS b/shared/camera/sepolicy/OWNERS new file mode 100644 index 000000000..9b37b0ee9 --- /dev/null +++ b/shared/camera/sepolicy/OWNERS @@ -0,0 +1,4 @@ +include platform/system/sepolicy:/OWNERS + +adelva@google.com +rurumihong@google.com diff --git a/shared/camera/sepolicy/bug_map b/shared/camera/sepolicy/bug_map new file mode 100644 index 000000000..8e2906886 --- /dev/null +++ b/shared/camera/sepolicy/bug_map @@ -0,0 +1 @@ +gmscore_app hal_camera_prop file b/156287758 diff --git a/shared/camera/sepolicy/file_contexts b/shared/camera/sepolicy/file_contexts new file mode 100644 index 000000000..6e7490ac8 --- /dev/null +++ b/shared/camera/sepolicy/file_contexts @@ -0,0 +1,4 @@ +/vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-external-vsock-service u:object_r:hal_camera_default_exec:s0 +/vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google u:object_r:hal_camera_default_exec:s0 +/vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google-lazy u:object_r:hal_camera_default_exec:s0 + diff --git a/shared/camera/sepolicy/hal_camera_default.te b/shared/camera/sepolicy/hal_camera_default.te new file mode 100644 index 000000000..de1e370f2 --- /dev/null +++ b/shared/camera/sepolicy/hal_camera_default.te @@ -0,0 +1,19 @@ +vndbinder_use(hal_camera_default) + +hal_client_domain(hal_camera_default, hal_graphics_allocator) + +# For camera hal to talk with sensor service +binder_call(hal_camera_default, sensor_service_server) +binder_call(sensor_service_server, hal_camera_default) + +# Allow the Camera HAL to communicate with the thermal HAL. +hal_client_domain(hal_camera_default, hal_thermal) + +# Vsocket camera +allow hal_camera_default self:vsock_socket { accept bind create getopt listen read write }; + +set_prop(hal_camera_default, vendor_camera_prop) + +# The camera HAL can respond to APEX updates (see ApexUpdateListener), but this +# is not used by the emulated camera HAL APEX. Ignore these denials. +dontaudit hal_camera_default apex_info_file:file { read }; diff --git a/shared/camera/sepolicy/property.te b/shared/camera/sepolicy/property.te new file mode 100644 index 000000000..bb7a5b110 --- /dev/null +++ b/shared/camera/sepolicy/property.te @@ -0,0 +1 @@ +vendor_internal_prop(vendor_camera_prop) diff --git a/shared/camera/sepolicy/property_contexts b/shared/camera/sepolicy/property_contexts new file mode 100644 index 000000000..3d6ebfb27 --- /dev/null +++ b/shared/camera/sepolicy/property_contexts @@ -0,0 +1,2 @@ +persist.vendor.camera. u:object_r:vendor_camera_prop:s0 +vendor.camera. u:object_r:vendor_camera_prop:s0 |