1type camera, domain; 2type camera_exec, exec_type, vendor_file_type, file_type; 3 4# Started by init 5init_daemon_domain(camera) 6 7allow camera self:capability sys_nice; 8 9binder_call(camera, system_server) 10binder_call(camera, cameraserver) 11allow camera system_server:unix_stream_socket { read write }; 12 13allow camera ion_device:chr_file rw_file_perms; 14allow camera sysfs_msm_subsys:file r_file_perms; 15allow camera camera_device:chr_file rw_file_perms; 16allow camera gpu_device:chr_file rw_file_perms; 17allow camera graphics_device:chr_file rw_file_perms; 18allow camera video_device:chr_file rw_file_perms; 19allow camera sysfs_camera:dir search; 20allow camera sysfs_camera:file rw_file_perms; 21allow camera sysfs_video:dir search; 22allow camera sysfs_video:file r_file_perms; 23allow camera system_file:dir r_dir_perms; 24 25set_prop(camera, camera_prop) 26 27allow camera surfaceflinger:fd use; 28allow camera hal_graphics_allocator:fd use; 29allow camera cameraserver:fd use; 30 31# TODO(b/36663461): Remove once camera no longer accesses data outside 32# /data/vendor 33typeattribute camera socket_between_core_and_vendor_violators; 34allow camera camera_data_file:dir rw_dir_perms; 35allow camera camera_data_file:sock_file { create unlink }; 36 37allow camera input_device:dir r_dir_perms; 38allow camera input_device:chr_file r_file_perms; 39