From 45f1ecee7a75370a12837efe8e127c9bb9857ee1 Mon Sep 17 00:00:00 2001 From: Vadim Caen Date: Mon, 30 Oct 2023 22:39:57 +0100 Subject: [PATCH] Allow system_server to communicate with virtual_camera and consitently name service and process as "virtual_camera" (with underscore) Test: Cts VirtalCameraTest Bug: 270352264 Change-Id: I2c6c0c03aab47aa1795cbda19af25e6661a0bf4a --- build/soong/service_fuzzer_bindings.go | 2 +- private/seapp_contexts | 1 - private/service_contexts | 1 + private/system_server.te | 1 + private/virtual_camera.te | 2 ++ 5 files changed, 5 insertions(+), 2 deletions(-) diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go index f33692422..b84c5fa8b 100644 --- a/build/soong/service_fuzzer_bindings.go +++ b/build/soong/service_fuzzer_bindings.go @@ -464,7 +464,7 @@ var ( "vibrator_manager": EXCEPTION_NO_FUZZER, "virtualdevice": EXCEPTION_NO_FUZZER, "virtualdevice_native": EXCEPTION_NO_FUZZER, - "virtual_camera_service": EXCEPTION_NO_FUZZER, + "virtual_camera": EXCEPTION_NO_FUZZER, "virtual_touchpad": EXCEPTION_NO_FUZZER, "voiceinteraction": EXCEPTION_NO_FUZZER, "vold": []string{"vold_native_service_fuzzer"}, diff --git a/private/seapp_contexts b/private/seapp_contexts index 74701df7d..26cff1f88 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -172,7 +172,6 @@ neverallow user=_sdksandbox domain=((?!sdk_sandbox).)* user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all user=system seinfo=platform domain=system_app type=system_app_data_file user=system seinfo=platform isPrivApp=true name=com.android.DeviceAsWebcam domain=device_as_webcam type=system_app_data_file levelFrom=all -user=system seinfo=platform isPrivApp=true name=com.android.virtualcamera domain=virtual_camera type=app_data_file levelFrom=all user=bluetooth seinfo=bluetooth domain=bluetooth type=bluetooth_data_file user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file user=nfc seinfo=platform domain=nfc type=nfc_data_file diff --git a/private/service_contexts b/private/service_contexts index 898cb1431..a803d515c 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -438,6 +438,7 @@ vcn_management u:object_r:vcn_management_service:s0 vibrator u:object_r:vibrator_service:s0 vibrator_control u:object_r:vibrator_control_service:s0 vibrator_manager u:object_r:vibrator_manager_service:s0 +virtual_camera u:object_r:virtual_camera_service:s0 virtualdevice u:object_r:virtual_device_service:s0 virtualdevice_native u:object_r:virtual_device_native_service:s0 virtual_touchpad u:object_r:virtual_touchpad_service:s0 diff --git a/private/system_server.te b/private/system_server.te index 97e64af1b..2a9da1153 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -298,6 +298,7 @@ userdebug_or_eng(`binder_call(system_server, profcollectd)') binder_call(system_server, statsd) binder_call(system_server, storaged) binder_call(system_server, update_engine) +binder_call(system_server, virtual_camera) binder_call(system_server, vold) binder_call(system_server, logd) binder_call(system_server, wificond) diff --git a/private/virtual_camera.te b/private/virtual_camera.te index 765a59fca..c6a1abbbe 100644 --- a/private/virtual_camera.te +++ b/private/virtual_camera.te @@ -9,6 +9,8 @@ init_daemon_domain(virtual_camera) # hal_server_domain(virtual_camera, hal_camera) macro but only the rules that # we actually need from halserverdomain and hal_camera_server: binder_use(virtual_camera) +binder_call(virtual_camera, cameraserver) +binder_call(virtual_camera, system_server) # Allow virtual_camera to use fd from apps allow virtual_camera { appdomain -isolated_app }:fd use;