Merge "No camera for idle uids - selinux"
am: 43ef5f21f1
Change-Id: I5f26c178f8ba80d88036f599f77a1aadfce9991f
This commit is contained in:
commit
46358bcc26
1 changed files with 13 additions and 0 deletions
|
@ -17,6 +17,8 @@ allow cameraserver ion_device:chr_file rw_file_perms;
|
||||||
allow cameraserver hal_graphics_composer:fd use;
|
allow cameraserver hal_graphics_composer:fd use;
|
||||||
|
|
||||||
add_service(cameraserver, cameraserver_service)
|
add_service(cameraserver, cameraserver_service)
|
||||||
|
|
||||||
|
allow cameraserver activity_service:service_manager find;
|
||||||
allow cameraserver appops_service:service_manager find;
|
allow cameraserver appops_service:service_manager find;
|
||||||
allow cameraserver audioserver_service:service_manager find;
|
allow cameraserver audioserver_service:service_manager find;
|
||||||
allow cameraserver batterystats_service:service_manager find;
|
allow cameraserver batterystats_service:service_manager find;
|
||||||
|
@ -47,3 +49,14 @@ neverallow cameraserver { file_type fs_type }:file execute_no_trans;
|
||||||
# Lengthier explanation here:
|
# Lengthier explanation here:
|
||||||
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
|
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
|
||||||
neverallow cameraserver domain:{ tcp_socket udp_socket rawip_socket } *;
|
neverallow cameraserver domain:{ tcp_socket udp_socket rawip_socket } *;
|
||||||
|
|
||||||
|
# Allow shell commands from ADB for CTS testing/dumping
|
||||||
|
allow cameraserver adbd:fd use;
|
||||||
|
allow cameraserver adbd:unix_stream_socket { read write };
|
||||||
|
|
||||||
|
# Allow shell commands from ADB for CTS testing/dumping
|
||||||
|
userdebug_or_eng(`
|
||||||
|
allow cameraserver su:fd use;
|
||||||
|
allow cameraserver su:fifo_file { read write };
|
||||||
|
allow cameraserver su:unix_stream_socket { read write };
|
||||||
|
')
|
||||||
|
|
Loading…
Reference in a new issue