1## Custom security policy for Google Camera App, the default camera application on Pixel devices. 2## 3## Google Camera App is a standard app for the most part, but on Pixel devices 4## it has access to hardware accelerators such as Hexagon. 5## 6## This policy defines the extra rules necessary for that access, 7## that reference private core sepolicy 8 9# Duplicate all access that normal untrusted_app has, except for untrusted_app_domain 10app_domain(google_camera_app) 11net_domain(google_camera_app) 12bluetooth_domain(google_camera_app) 13 14# Write app-specific trace data to the Perfetto traced damon. This requires 15# connecting to its producer socket and obtaining a (per-process) tmpfs fd. 16allow google_camera_app traced:fd use; 17allow google_camera_app traced_tmpfs:file { read write getattr map }; 18unix_socket_connect(google_camera_app, traced_producer, traced) 19 20# Allow heap profiling if the app opts in by being marked 21# profileable/debuggable. 22can_profile_heap(google_camera_app) 23