diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2017-11-10 14:18:45 -0800 |
---|---|---|
committer | Jeff Vander Stoep <jeffv@google.com> | 2017-11-10 14:18:45 -0800 |
commit | d3a0bdb7e2f6e5356de29a4311a21c00d294e379 (patch) | |
tree | 53c111e9540f66bb1186d0682441abae056bffda | |
parent | 456f6eadd7d85db2cc232dc38e21018ce240484d (diff) | |
download | bullhead-d3a0bdb7e2f6e5356de29a4311a21c00d294e379.tar.gz |
Move camera HAL rules to device specific policy
Access to /data/misc/camera only applies to Angler/Bullhead. Remove
access from core policy to device specific policy.
Bug: 36601397
Test: build
Change-Id: If950bff0c478c9bdadba5c44cf54cb21e9f244c4
-rw-r--r-- | sepolicy/hal_camera.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/hal_camera.te b/sepolicy/hal_camera.te index 0811092..3e6d94f 100644 --- a/sepolicy/hal_camera.te +++ b/sepolicy/hal_camera.te @@ -4,3 +4,7 @@ allow hal_camera perfd_data_file:dir search; allow hal_camera perfd_data_file:sock_file write; allow hal_camera perfd:unix_stream_socket connectto; allow hal_camera scheduling_policy_service:service_manager find; + +# access /data/misc/camera +allow hal_camera camera_data_file:dir create_dir_perms; +allow hal_camera camera_data_file:file create_file_perms; |