tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow virtual camera to do binder calls to apps and vice versa." into main

Browse source
This commit is contained in:
Ján Sebechlebský 2023-12-06 10:23:15 +00:00 committed by Gerrit Code Review
commit 7b6c59ad81
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/app.te
View file

@ -149,6 +149,9 @@ allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } vendor_app
# Perform binder IPC to sdk sandbox.
binder_call(appdomain, sdk_sandbox_all)
# Allow apps to communicate via binder with virtual camera service.
binder_call(appdomain, virtual_camera)
# Allow access to external storage; we have several visible mount points under /storage
# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } storage_file:dir r_dir_perms;

4
private/virtual_camera.te
View file

@ -12,6 +12,10 @@ binder_use(virtual_camera)
binder_call(virtual_camera, cameraserver)
binder_call(virtual_camera, system_server)
# Allow virtualCamera to call apps via binder.
binder_call(virtual_camera, appdomain)
# Allow virtual_camera to use fd from apps
allow virtual_camera { appdomain -isolated_app }:fd use;