camera_device: remove type and add typealias
camera_device didn't really offer much in terms of control considering that most domains that need camera_device, also need video_device and vice versa. Thus, drop camera_device from the policy and add a temporary typealias. Change-Id: I144c0bb49a9a68ab1bdf636c64abe656f3e677b4 Signed-off-by: William Roberts <william.c.roberts@intel.com>
This commit is contained in:
parent
f89847a9cd
commit
b7aace2db0
2
app.te
2
app.te
@ -243,7 +243,7 @@ neverallow appdomain dev_type:blk_file { read write };
|
||||
# Access to any of the following character devices.
|
||||
neverallow appdomain {
|
||||
audio_device
|
||||
camera_device
|
||||
video_device
|
||||
dm_device
|
||||
radio_device
|
||||
gps_device
|
||||
|
@ -6,7 +6,6 @@ type ashmem_device, dev_type, mlstrustedobject;
|
||||
type audio_device, dev_type;
|
||||
type binder_device, dev_type, mlstrustedobject;
|
||||
type block_device, dev_type;
|
||||
type camera_device, dev_type;
|
||||
type dm_device, dev_type;
|
||||
type loop_device, dev_type;
|
||||
type pmsg_device, dev_type, mlstrustedobject;
|
||||
@ -101,3 +100,6 @@ type misc_block_device, dev_type;
|
||||
|
||||
# Bootctrl block device used by A/B update (update_engine, update_verifier).
|
||||
type bootctrl_block_device, dev_type;
|
||||
|
||||
# XXX: Temporarily alias camera_device for its removal
|
||||
typealias video_device alias camera_device;
|
||||
|
@ -60,7 +60,7 @@
|
||||
/dev/block/ram[0-9]* u:object_r:ram_device:s0
|
||||
/dev/block/zram[0-9]* u:object_r:ram_device:s0
|
||||
/dev/bus/usb(.*)? u:object_r:usb_device:s0
|
||||
/dev/cam u:object_r:camera_device:s0
|
||||
/dev/cam u:object_r:video_device:s0
|
||||
/dev/console u:object_r:console_device:s0
|
||||
/dev/cpuctl(/.*)? u:object_r:cpuctl_device:s0
|
||||
/dev/device-mapper u:object_r:dm_device:s0
|
||||
|
@ -47,8 +47,6 @@ allow mediaserver radio_data_file:file { read getattr };
|
||||
# Use pipes passed over Binder from app domains.
|
||||
allow mediaserver appdomain:fifo_file { getattr read write };
|
||||
|
||||
# Access camera device.
|
||||
allow mediaserver camera_device:chr_file rw_file_perms;
|
||||
allow mediaserver rpmsg_device:chr_file rw_file_perms;
|
||||
|
||||
# Inter System processes communicate over named pipe (FIFO)
|
||||
|
Loading…
Reference in New Issue
Block a user