Move camera HAL rules to device specific policy

Access to /data/misc/camera only applies to Angler/Bullhead. Remove access from core policy to device specific policy. Bug: 36601397 Test: build Change-Id: If950bff0c478c9bdadba5c44cf54cb21e9f244c4
author: Jeff Vander Stoep <jeffv@google.com> 2017-11-10 14:18:45 -0800
committer: Jeff Vander Stoep <jeffv@google.com> 2017-11-10 14:18:45 -0800
commit: d3a0bdb7e2f6e5356de29a4311a21c00d294e379 (patch)
tree: 53c111e9540f66bb1186d0682441abae056bffda
parent: 456f6eadd7d85db2cc232dc38e21018ce240484d (diff)
download: bullhead-d3a0bdb7e2f6e5356de29a4311a21c00d294e379.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/hal_camera.te b/sepolicy/hal_camera.te
index 0811092..3e6d94f 100644
--- a/sepolicy/hal_camera.te
+++ b/sepolicy/hal_camera.te
@@ -4,3 +4,7 @@ allow hal_camera perfd_data_file:dir search;
 allow hal_camera perfd_data_file:sock_file write;
 allow hal_camera perfd:unix_stream_socket connectto;
 allow hal_camera scheduling_policy_service:service_manager find;
+
+# access /data/misc/camera
+allow hal_camera camera_data_file:dir create_dir_perms;
+allow hal_camera camera_data_file:file create_file_perms;
author	Jeff Vander Stoep <jeffv@google.com>	2017-11-10 14:18:45 -0800
committer	Jeff Vander Stoep <jeffv@google.com>	2017-11-10 14:18:45 -0800
commit	d3a0bdb7e2f6e5356de29a4311a21c00d294e379 (patch)
tree	53c111e9540f66bb1186d0682441abae056bffda
parent	456f6eadd7d85db2cc232dc38e21018ce240484d (diff)
download	bullhead-d3a0bdb7e2f6e5356de29a4311a21c00d294e379.tar.gz