type camera, domain;
type camera_exec, exec_type, vendor_file_type, file_type;

# Started by init
init_daemon_domain(camera)

allow camera self:capability sys_nice;

binder_call(camera, system_server)
binder_call(camera, cameraserver)
allow camera system_server:unix_stream_socket { read write };

allow camera ion_device:chr_file rw_file_perms;
allow camera sysfs_msm_subsys:file r_file_perms;
allow camera camera_device:chr_file rw_file_perms;
allow camera gpu_device:chr_file rw_file_perms;
allow camera graphics_device:chr_file rw_file_perms;
allow camera video_device:chr_file rw_file_perms;
allow camera sysfs_camera:dir search;
allow camera sysfs_camera:file rw_file_perms;
allow camera sysfs_video:dir search;
allow camera sysfs_video:file r_file_perms;
allow camera system_file:dir r_dir_perms;

set_prop(camera, camera_prop)

allow camera surfaceflinger:fd use;
allow camera hal_graphics_allocator:fd use;
allow camera cameraserver:fd use;

# TODO(b/36663461): Remove once camera no longer accesses data outside
# /data/vendor
typeattribute camera socket_between_core_and_vendor_violators;
allow camera camera_data_file:dir rw_dir_perms;
allow camera camera_data_file:sock_file { create unlink };

allow camera input_device:dir r_dir_perms;
allow camera input_device:chr_file r_file_perms;