From 5b472c664cf81d5015c936a6bf72bc31f861844a Mon Sep 17 00:00:00 2001 From: Aaron Ramirez Date: Wed, 6 Sep 2023 14:56:07 -0700 Subject: [PATCH] Configure SEPolicy to allow PCS to open and use socket connections. Bug: 299315760 Test: Tested with SEPolicy enforcement on and verified PCS could perform socket operations. Merged-In: Idd9048da4bb3856666698bc0589dbc68aa74fd1a Change-Id: Idd9048da4bb3856666698bc0589dbc68aa74fd1a --- camera/sepolicy/vendor_pcs_app.te | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/camera/sepolicy/vendor_pcs_app.te b/camera/sepolicy/vendor_pcs_app.te index c179255..853ba15 100644 --- a/camera/sepolicy/vendor_pcs_app.te +++ b/camera/sepolicy/vendor_pcs_app.te @@ -21,3 +21,12 @@ allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add; binder_call(vendor_pcs_app, hal_camera_default); binder_call(vendor_pcs_app, hal_pixel_remote_camera_service); + +# Allow PCS to open socket connections for HTTP streaming support. +allow vendor_pcs_app vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl; +allow vendor_pcs_app fwmarkd_socket:sock_file write; +allow vendor_pcs_app port:tcp_socket name_connect; +allow vendor_pcs_app netd:unix_stream_socket connectto; + +allow netd vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl; +allow netd vendor_pcs_app:fd use;