sepolicy permission for ivi camera

sepolicy permission missing for base aaos ivi camera service added sepolicy permission to run ivi camera service on base aaos Tests Done : checked ivi camera service running and aosp camera preview Tracked-On: OAM-115513 Signed-off-by: shivasku82 <[email protected]>
projectceladon · Feb 5, 2024 · 6798f7c · 6798f7c
1 parent 1909420
commit 6798f7c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/camera-ext/ivi/file_contexts b/camera-ext/ivi/file_contexts
@@ -1,2 +1,3 @@
 /dev/media[0-9]+          u:object_r:video_device:s0
 /(vendor|system/vendor)/bin/android\.hardware\.automotive\.evs@1\.[0-9]-sample  u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.vendor\.hardware\.camera\.provider@2\.[0-9]+-ivi-service       u:object_r:hal_camera_default_exec:s0
diff --git a/camera-ext/ivi/hal_camera_default.te b/camera-ext/ivi/hal_camera_default.te
@@ -7,4 +7,8 @@ allow hal_camera_default hal_graphics_allocator_default_tmpfs:file { map read wr
 allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
 allow hal_camera_default hal_graphics_composer_default:fd use;
 allow hal_camera_default self:{ socket vsock_socket } { create read write listen accept bind };
+allow hal_camera_default self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_camera_default sysfs_video:dir r_dir_perms;
+allow hal_camera_default sysfs_video:file rw_file_perms;
+allow hal_camera_default hal_camera_default:capability net_admin;
 set_prop(hal_camera_default, vendor_camera_default_prop)