5b472c664c
Bug: 299315760 Test: Tested with SEPolicy enforcement on and verified PCS could perform socket operations. Merged-In: Idd9048da4bb3856666698bc0589dbc68aa74fd1a Change-Id: Idd9048da4bb3856666698bc0589dbc68aa74fd1a
33 lines
1.2 KiB
Plaintext
33 lines
1.2 KiB
Plaintext
type vendor_pcs_app, domain, coredomain;
|
|
|
|
app_domain(vendor_pcs_app);
|
|
|
|
allow vendor_pcs_app {
|
|
app_api_service
|
|
audioserver_service
|
|
cameraserver_service
|
|
mediametrics_service
|
|
mediaserver_service
|
|
radio_service
|
|
}:service_manager find;
|
|
|
|
# Allow PCS to find the LyricConfigProvider service through ServiceManager.
|
|
allow vendor_pcs_app vendor_camera_lyricconfigprovider_service:service_manager find;
|
|
# Allow PCS to find the CameraIdRemapper service through ServiceManager.
|
|
allow vendor_pcs_app vendor_camera_cameraidremapper_service:service_manager find;
|
|
|
|
allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
|
|
|
|
binder_call(vendor_pcs_app, hal_camera_default);
|
|
|
|
binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);
|
|
|
|
# Allow PCS to open socket connections for HTTP streaming support.
|
|
allow vendor_pcs_app vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
|
|
allow vendor_pcs_app fwmarkd_socket:sock_file write;
|
|
allow vendor_pcs_app port:tcp_socket name_connect;
|
|
allow vendor_pcs_app netd:unix_stream_socket connectto;
|
|
|
|
allow netd vendor_pcs_app:unpriv_socket_class_set create_socket_perms_no_ioctl;
|
|
allow netd vendor_pcs_app:fd use;
|