sepolicy: address cameraserver denials

author Stricted <info@stricted.net>

Tue, 1 May 2018 00:01:19 +0000 (02:01 +0200)

committer Stricted <info@stricted.net>

Tue, 1 May 2018 00:01:19 +0000 (02:01 +0200)
author Stricted <info@stricted.net>
Tue, 1 May 2018 00:01:19 +0000 (02:01 +0200)
committer Stricted <info@stricted.net>
Tue, 1 May 2018 00:01:19 +0000 (02:01 +0200)
diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te

new file mode 100644 (file)

index 0000000..8419abb
--- /dev/null
+++ b/sepolicy/cameraserver.te
@@ -0,0 +1,21 @@
+# nvram
+allow cameraserver nvdata_file:dir rw_dir_perms;
+allow cameraserver nvdata_file:file create_file_perms;
+allow cameraserver ccci_device:chr_file rw_file_perms;
+
+# camera
+allow cameraserver sensorservice_service:service_manager find;
+allow cameraserver system_server:unix_stream_socket { read write };
+allow cameraserver camera_device:chr_file rw_file_perms;
+allow cameraserver mtk_smi_device:chr_file rw_file_perms;
+allow cameraserver proc:file { read ioctl open };
+allow cameraserver devmap_device:chr_file r_file_perms;
+allow cameraserver devmap_device:chr_file { ioctl };
+allow cameraserver sysfs_devinfo:file rw_file_perms;
+allow cameraserver sysfs_membw:file rw_file_perms;
+allow cameraserver proc_meminfo:file { open read getattr };
+allow cameraserver sysfs_boot_mode:file r_file_perms;
+allow cameraserver sysfs_ddr_type:file r_file_perms;
+
+# PQ
+allow cameraserver pq_service:service_manager find;
author	Stricted <info@stricted.net>
	Tue, 1 May 2018 00:01:19 +0000 (02:01 +0200)
committer	Stricted <info@stricted.net>
	Tue, 1 May 2018 00:01:19 +0000 (02:01 +0200)