From 6798f7c717b30c470717121ab55ffca19f78ed00 Mon Sep 17 00:00:00 2001 From: shivasku82 Date: Thu, 1 Feb 2024 19:57:46 +0530 Subject: [PATCH] sepolicy permission for ivi camera sepolicy permission missing for base aaos ivi camera service added sepolicy permission to run ivi camera service on base aaos Tests Done : checked ivi camera service running and aosp camera preview Tracked-On: OAM-115513 Signed-off-by: shivasku82 --- camera-ext/ivi/file_contexts | 1 + camera-ext/ivi/hal_camera_default.te | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/camera-ext/ivi/file_contexts b/camera-ext/ivi/file_contexts index 4c93e388..b045863d 100644 --- a/camera-ext/ivi/file_contexts +++ b/camera-ext/ivi/file_contexts @@ -1,2 +1,3 @@ /dev/media[0-9]+ u:object_r:video_device:s0 /(vendor|system/vendor)/bin/android\.hardware\.automotive\.evs@1\.[0-9]-sample u:object_r:hal_evs_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.vendor\.hardware\.camera\.provider@2\.[0-9]+-ivi-service u:object_r:hal_camera_default_exec:s0 diff --git a/camera-ext/ivi/hal_camera_default.te b/camera-ext/ivi/hal_camera_default.te index aca20510..83eeb564 100644 --- a/camera-ext/ivi/hal_camera_default.te +++ b/camera-ext/ivi/hal_camera_default.te @@ -7,4 +7,8 @@ allow hal_camera_default hal_graphics_allocator_default_tmpfs:file { map read wr allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find; allow hal_camera_default hal_graphics_composer_default:fd use; allow hal_camera_default self:{ socket vsock_socket } { create read write listen accept bind }; +allow hal_camera_default self:netlink_socket create_socket_perms_no_ioctl; +allow hal_camera_default sysfs_video:dir r_dir_perms; +allow hal_camera_default sysfs_video:file rw_file_perms; +allow hal_camera_default hal_camera_default:capability net_admin; set_prop(hal_camera_default, vendor_camera_default_prop)