From acc34fa03793fe7c98cf33f39b9b63d7e624b15e Mon Sep 17 00:00:00 2001 From: Kiyoung Kim Date: Tue, 14 Nov 2023 16:43:05 +0900 Subject: [PATCH] Move definition for vendor_camera_binder_service into product vendor_camera_binder_service is defined in vendor image, but this property is required and used from the system image. This causes Cuttlefish Hybrid Device to fail from sepolicy error. This change is to move system-required property from vendor to product so it can be used when vendor image is changed into generic one. Bug: 309469924 Test: Build and boot succeeded with cheetah Change-Id: Iea3e5be110498f759e268df8b7e5126b65b06a67 --- camera/sepolicy/product/private/service_contexts | 1 + camera/sepolicy/product/private/vendor_pbcs_app.te | 3 +++ camera/sepolicy/product/public/service.te | 1 + camera/sepolicy/vendor/hal_camera_default.te | 2 +- camera/sepolicy/vendor/service.te | 2 -- camera/sepolicy/vendor/service_contexts | 2 -- camera/sepolicy/vendor/vendor_pbcs_app.te | 2 +- 7 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 camera/sepolicy/product/private/service_contexts create mode 100644 camera/sepolicy/product/public/service.te diff --git a/camera/sepolicy/product/private/service_contexts b/camera/sepolicy/product/private/service_contexts new file mode 100644 index 0000000..fed03af --- /dev/null +++ b/camera/sepolicy/product/private/service_contexts @@ -0,0 +1 @@ +com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:camera_binder_service:s0 \ No newline at end of file diff --git a/camera/sepolicy/product/private/vendor_pbcs_app.te b/camera/sepolicy/product/private/vendor_pbcs_app.te index d77162e..54bc0c0 100644 --- a/camera/sepolicy/product/private/vendor_pbcs_app.te +++ b/camera/sepolicy/product/private/vendor_pbcs_app.te @@ -7,3 +7,6 @@ dontaudit vendor_pbcs_app system_app_data_file:dir *; allow vendor_pbcs_app app_api_service:service_manager find; # Allow PBCS to find Camera Service. allow vendor_pbcs_app cameraserver_service:service_manager find; + +# Allow PBCS to add the ServiceBinder service to ServiceManager. +add_service(vendor_pbcs_app, camera_binder_service); \ No newline at end of file diff --git a/camera/sepolicy/product/public/service.te b/camera/sepolicy/product/public/service.te new file mode 100644 index 0000000..f94fd9f --- /dev/null +++ b/camera/sepolicy/product/public/service.te @@ -0,0 +1 @@ +type camera_binder_service, hal_service_type, protected_service, service_manager_type; \ No newline at end of file diff --git a/camera/sepolicy/vendor/hal_camera_default.te b/camera/sepolicy/vendor/hal_camera_default.te index dd00cc3..4c9aa05 100644 --- a/camera/sepolicy/vendor/hal_camera_default.te +++ b/camera/sepolicy/vendor/hal_camera_default.te @@ -1,4 +1,4 @@ -allow hal_camera_default vendor_camera_binder_service:service_manager find; +allow hal_camera_default camera_binder_service:service_manager find; # Allow Lyric Hal to find the LyricConfigProvider service through ServiceManager. allow hal_camera_default vendor_camera_lyricconfigprovider_service:service_manager find; diff --git a/camera/sepolicy/vendor/service.te b/camera/sepolicy/vendor/service.te index 877dbc1..87a1d93 100644 --- a/camera/sepolicy/vendor/service.te +++ b/camera/sepolicy/vendor/service.te @@ -1,5 +1,3 @@ -type vendor_camera_binder_service, hal_service_type, protected_service, service_manager_type; - type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type; type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type; diff --git a/camera/sepolicy/vendor/service_contexts b/camera/sepolicy/vendor/service_contexts index e6eaa64..1bcaab8 100644 --- a/camera/sepolicy/vendor/service_contexts +++ b/camera/sepolicy/vendor/service_contexts @@ -1,5 +1,3 @@ -com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:vendor_camera_binder_service:s0 - com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0 com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:vendor_camera_lyricconfigprovider_service:s0 diff --git a/camera/sepolicy/vendor/vendor_pbcs_app.te b/camera/sepolicy/vendor/vendor_pbcs_app.te index 7b9c5e2..b25c9a2 100644 --- a/camera/sepolicy/vendor/vendor_pbcs_app.te +++ b/camera/sepolicy/vendor/vendor_pbcs_app.te @@ -1,5 +1,5 @@ # Allow PBCS to add the ServiceBinder service to ServiceManager. -add_service(vendor_pbcs_app, vendor_camera_binder_service); +add_service(vendor_pbcs_app, camera_binder_service); # Allow PBCS to add the LyricConfigProvider service to ServiceManager. add_service(vendor_pbcs_app, vendor_camera_lyricconfigprovider_service); # Allow PBCS to add the CameraIdRemapper service to ServiceManager.