drgreen/android_device_google_gs-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Move camera's coredomain sepolicy to product" into main

Browse Source
This commit is contained in:
Treehugger Robot 2023-09-05 23:39:25 +00:00 committed by Android (Google) Code Review
commit cea6104161
17 changed files with 30 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
camera/dump.mk
View File

@ -1,4 +1,6 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/camera/sepolicy/ BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/camera/sepolicy/vendor
PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/camera/sepolicy/product/public
PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/camera/sepolicy/product/private
PRODUCT_PACKAGES_DEBUG += dump_camera PRODUCT_PACKAGES_DEBUG += dump_camera

0
camera/sepolicy/seapp_contexts → camera/sepolicy/product/private/seapp_contexts
View File

9
camera/sepolicy/product/private/vendor_pbcs_app.te Normal file
View File

@ -0,0 +1,9 @@
typeattribute vendor_pbcs_app coredomain;
app_domain(vendor_pbcs_app);
dontaudit vendor_pbcs_app system_app_data_file:dir *;
allow vendor_pbcs_app app_api_service:service_manager find;
# Allow PBCS to find Camera Service.
allow vendor_pbcs_app cameraserver_service:service_manager find;

12
camera/sepolicy/product/private/vendor_pcs_app.te Normal file
View File

@ -0,0 +1,12 @@
typeattribute vendor_pcs_app coredomain;
app_domain(vendor_pcs_app);
allow vendor_pcs_app {
app_api_service
audioserver_service
cameraserver_service
mediametrics_service
mediaserver_service
radio_service
}:service_manager find;

1
camera/sepolicy/product/public/vendor_pbcs_app.te Normal file
View File

@ -0,0 +1 @@
type vendor_pbcs_app, domain;

1
camera/sepolicy/product/public/vendor_pcs_app.te Normal file
View File

@ -0,0 +1 @@
type vendor_pcs_app, domain;

0
camera/sepolicy/dump_camera.te → camera/sepolicy/vendor/dump_camera.te vendored
View File

0
camera/sepolicy/file.te → camera/sepolicy/vendor/file.te vendored
View File

0
camera/sepolicy/file_contexts → camera/sepolicy/vendor/file_contexts vendored
View File

0
camera/sepolicy/hal_camera_default.te → camera/sepolicy/vendor/hal_camera_default.te vendored
View File

0
camera/sepolicy/init.camera.set-interrupts-ownership.te → camera/sepolicy/vendor/init.camera.set-interrupts-ownership.te vendored
View File

0
camera/sepolicy/property.te → camera/sepolicy/vendor/property.te vendored
View File

0
camera/sepolicy/property_contexts → camera/sepolicy/vendor/property_contexts vendored
View File

0
camera/sepolicy/service.te → camera/sepolicy/vendor/service.te vendored
View File

0
camera/sepolicy/service_contexts → camera/sepolicy/vendor/service_contexts vendored
View File

17
camera/sepolicy/vendor_pbcs_app.te → camera/sepolicy/vendor/vendor_pbcs_app.te vendored
View File

@ -1,16 +1,3 @@
type vendor_pbcs_app, domain, coredomain;
# TODO(b/296512192): move vendor_pbcs_app out of vendor sepolicy
typeattribute vendor_pbcs_app vendor_seapp_assigns_coredomain_violators;
app_domain(vendor_pbcs_app);
dontaudit vendor_pbcs_app system_app_data_file:dir *;
allow vendor_pbcs_app app_api_service:service_manager find;
# Allow PBCS to find Camera Service.
allow vendor_pbcs_app cameraserver_service:service_manager find;
# Allow PBCS to add the ServiceBinder service to ServiceManager. # Allow PBCS to add the ServiceBinder service to ServiceManager.
add_service(vendor_pbcs_app, vendor_camera_binder_service); add_service(vendor_pbcs_app, vendor_camera_binder_service);
# Allow PBCS to add the LyricConfigProvider service to ServiceManager. # Allow PBCS to add the LyricConfigProvider service to ServiceManager.
@ -18,8 +5,8 @@ add_service(vendor_pbcs_app, vendor_camera_lyricconfigprovider_service);
# Allow PBCS to add the CameraIdRemapper service to ServiceManager. # Allow PBCS to add the CameraIdRemapper service to ServiceManager.
add_service(vendor_pbcs_app, vendor_camera_cameraidremapper_service); add_service(vendor_pbcs_app, vendor_camera_cameraidremapper_service);
binder_call(vendor_pbcs_app, hal_camera_default);
# Allow PBCS to read debug system properties of the form vendor.camera.pbcs.debug.* # Allow PBCS to read debug system properties of the form vendor.camera.pbcs.debug.*
# and persist.vendor.camera.pbcs.debug.* # and persist.vendor.camera.pbcs.debug.*
get_prop(vendor_pbcs_app, vendor_camera_pbcs_debug_prop); get_prop(vendor_pbcs_app, vendor_camera_pbcs_debug_prop);
binder_call(vendor_pbcs_app, hal_camera_default);

20
camera/sepolicy/vendor_pcs_app.te → camera/sepolicy/vendor/vendor_pcs_app.te vendored
View File

@ -1,19 +1,3 @@
type vendor_pcs_app, domain, coredomain;
# TODO(b/296512192): move vendor_pcs_app out of vendor sepolicy
typeattribute vendor_pcs_app vendor_seapp_assigns_coredomain_violators;
app_domain(vendor_pcs_app);
allow vendor_pcs_app {
app_api_service
audioserver_service
cameraserver_service
mediametrics_service
mediaserver_service
radio_service
}:service_manager find;
# Allow PCS to find the LyricConfigProvider service through ServiceManager. # Allow PCS to find the LyricConfigProvider service through ServiceManager.
allow vendor_pcs_app vendor_camera_lyricconfigprovider_service:service_manager find; allow vendor_pcs_app vendor_camera_lyricconfigprovider_service:service_manager find;
# Allow PCS to find the CameraIdRemapper service through ServiceManager. # Allow PCS to find the CameraIdRemapper service through ServiceManager.
@ -21,6 +5,6 @@ allow vendor_pcs_app vendor_camera_cameraidremapper_service:service_manager find
allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add; allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
binder_call(vendor_pcs_app, hal_camera_default);
binder_call(vendor_pcs_app, hal_pixel_remote_camera_service); binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);
binder_call(vendor_pcs_app, hal_camera_default);