2022-11-04 13:51:18 +01:00
|
|
|
# virtual_camera - virtual camera daemon
|
|
|
|
|
|
|
|
|
|
type virtual_camera, domain, coredomain;
|
2023-09-29 16:15:23 +02:00
|
|
|
type virtual_camera_exec, system_file_type, exec_type, file_type;
|
2022-11-04 13:51:18 +01:00
|
|
|
|
2023-09-29 16:15:23 +02:00
|
|
|
init_daemon_domain(virtual_camera)
|
2022-11-04 13:51:18 +01:00
|
|
|
|
2023-09-29 16:15:23 +02:00
|
|
|
# Since virtual_camera is not a real HAL we don't set the
|
|
|
|
|
# hal_server_domain(virtual_camera, hal_camera) macro but only the rules that
|
|
|
|
|
# we actually need from halserverdomain and hal_camera_server:
|
|
|
|
|
binder_use(virtual_camera)
|
2023-11-20 10:39:22 +01:00
|
|
|
binder_call(virtual_camera, cameraserver)
|
|
|
|
|
binder_call(virtual_camera, system_server)
|
2022-11-04 13:51:18 +01:00
|
|
|
|
2023-12-06 09:31:17 +01:00
|
|
|
|
|
|
|
|
# Allow virtualCamera to call apps via binder.
|
|
|
|
|
binder_call(virtual_camera, appdomain)
|
|
|
|
|
|
2023-09-29 16:15:23 +02:00
|
|
|
# Allow virtual_camera to use fd from apps
|
|
|
|
|
allow virtual_camera { appdomain -isolated_app }:fd use;
|
2022-11-04 13:51:18 +01:00
|
|
|
|
2023-09-29 16:15:23 +02:00
|
|
|
# Only allow virtual_camera to add a virtual_camera_service and no one else.
|
|
|
|
|
add_service(virtual_camera, virtual_camera_service);
|
|
|
|
|
|
|
|
|
|
# Allow virtual_camera to map graphic buffers
|
|
|
|
|
hal_client_domain(virtual_camera, hal_graphics_allocator)
|
2023-11-17 10:08:16 +01:00
|
|
|
|
|
|
|
|
# Allow virtual_camera to use GPU
|
|
|
|
|
allow virtual_camera gpu_device:chr_file rw_file_perms;
|
|
|
|
|
allow virtual_camera gpu_device:dir r_dir_perms;
|
2023-11-30 10:57:16 +01:00
|
|
|
|
|
|
|
|
# For collecting bugreports.
|
|
|
|
|
allow virtual_camera dumpstate:fd use;
|
|
|
|
|
allow virtual_camera dumpstate:fifo_file write;
|
2023-12-05 14:17:07 +01:00
|
|
|
|
|
|
|
|
# Needed for permission checks.
|
|
|
|
|
allow virtual_camera permission_service:service_manager find;
|
