PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
de51e7dece
android_system_sepolicy/prebuilts/api/26.0/public/cameraserver.te
Dan Cashman fff3fe2f08 Commit oc-dev sepolicy to prebuilts. 
Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.

(cherry-pick of commit: 5c6a227ebb)

Bug: 37896931
Bug: 37916906
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
2017-09-08 15:19:30 -07:00

50 lines
1.9 KiB
Plaintext
Raw Blame History

# cameraserver - camera daemon
type cameraserver, domain;
type cameraserver_exec, exec_type, file_type;
binder_use(cameraserver)
binder_call(cameraserver, binderservicedomain)
binder_call(cameraserver, appdomain)
binder_service(cameraserver)
hal_client_domain(cameraserver, hal_camera)
hal_client_domain(cameraserver, hal_graphics_allocator)
allow cameraserver ion_device:chr_file rw_file_perms;
# Talk with graphics composer fences
allow cameraserver hal_graphics_composer:fd use;
add_service(cameraserver, cameraserver_service)
allow cameraserver appops_service:service_manager find;
allow cameraserver audioserver_service:service_manager find;
allow cameraserver batterystats_service:service_manager find;
allow cameraserver cameraproxy_service:service_manager find;
allow cameraserver mediaserver_service:service_manager find;
allow cameraserver processinfo_service:service_manager find;
allow cameraserver scheduling_policy_service:service_manager find;
allow cameraserver surfaceflinger_service:service_manager find;
allow cameraserver hidl_token_hwservice:hwservice_manager find;
###
### neverallow rules
###
# cameraserver should never execute any executable without a
# domain transition
neverallow cameraserver { file_type fs_type }:file execute_no_trans;
# The goal of the mediaserver split is to place media processing code into
# restrictive sandboxes with limited responsibilities and thus limited
# permissions. Example: Audioserver is only responsible for controlling audio
# hardware and processing audio content. Cameraserver does the same for camera
# hardware/content. Etc.
#
# Media processing code is inherently risky and thus should have limited
# permissions and be isolated from the rest of the system and network.
# Lengthier explanation here:
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
neverallow cameraserver domain:{ tcp_socket udp_socket rawip_socket } *;
Reference in New Issue View Git Blame Copy Permalink