From 3a44b17897f9fb5096a9f007414335160b11a5af Mon Sep 17 00:00:00 2001 From: Matthias Kramm Date: Mon, 10 Jun 2019 15:10:41 -0700 Subject: [PATCH] Allow hal_face to write to /data/vendor/camera_calibration/*. Also, allow hal_camera to read from there. Bug: 133792720 Change-Id: Iedec8d7325b4424d166f8e4d09182e1f29808ef2 Test: Running presubmit. --- private/compat/29.0/29.0.ignore.cil | 1 + private/file_contexts | 3 +++ public/file.te | 2 ++ public/hal_face.te | 4 ++++ vendor/hal_camera_default.te | 4 ++++ 5 files changed, 14 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 8fc3155d8..ac46969d3 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -5,6 +5,7 @@ (typeattribute new_objects) (typeattributeset new_objects ( new_objects + camera_calibration_vendor_data_file ctl_apexd_prop device_config_sys_traced_prop runtime_apex_dir diff --git a/private/file_contexts b/private/file_contexts index 8150fa633..c1ed338e5 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -539,6 +539,9 @@ # Face vendor data file /data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0 +# Directory for (auto)calibration file(s) +/data/vendor/camera_calibration(/.*)? u:object_r:camera_calibration_vendor_data_file:s0 + # Iris vendor data file /data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0 diff --git a/public/file.te b/public/file.te index c78ddd5b9..9e0101ade 100644 --- a/public/file.te +++ b/public/file.te @@ -406,6 +406,8 @@ type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedob type face_vendor_data_file, file_type, data_file_type; # Type for iris template file type iris_vendor_data_file, file_type, data_file_type; +# Type for calibration template file +type camera_calibration_vendor_data_file, file_type, data_file_type; # Socket types type adbd_socket, file_type, coredomain_socket; diff --git a/public/hal_face.te b/public/hal_face.te index b25058642..4e3644f2f 100644 --- a/public/hal_face.te +++ b/public/hal_face.te @@ -10,3 +10,7 @@ allow hal_face ion_device:chr_file r_file_perms; # Allow read/write access to the face template directory. allow hal_face face_vendor_data_file:file create_file_perms; allow hal_face face_vendor_data_file:dir rw_dir_perms; + +# Allow writing new camera calibrations +allow hal_face camera_calibration_vendor_data_file:dir rw_dir_perms; +allow hal_face camera_calibration_vendor_data_file:file create_file_perms; diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te index 5bc4a6191..06c1d9cad 100644 --- a/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -9,3 +9,7 @@ allow hal_camera_default fwk_sensor_hwservice:hwservice_manager find; # For collecting bugreports. allow hal_camera_default dumpstate:fd use; allow hal_camera_default dumpstate:fifo_file write; + +# Allow reading camera calibrations +allow hal_camera_default camera_calibration_vendor_data_file:dir search; +allow hal_camera_default camera_calibration_vendor_data_file:file r_file_perms;