# virtual_camera - virtual camera daemon type virtual_camera, domain, coredomain; type virtual_camera_exec, system_file_type, exec_type, file_type; init_daemon_domain(virtual_camera) # Since virtual_camera is not a real HAL we don't set the # hal_server_domain(virtual_camera, hal_camera) macro but only the rules that # we actually need from halserverdomain and hal_camera_server: binder_use(virtual_camera) binder_call(virtual_camera, cameraserver) binder_call(virtual_camera, system_server) # Allow virtual_camera to communicate with # mediaserver (required for using Surface originating # from virtual camera in mediaserver). binder_call(virtual_camera, mediaserver) # Required for the codecs to be able to decode # video into surface provided by virtual camera. hal_client_domain(virtual_camera, hal_codec2) hal_client_domain(virtual_camera, hal_omx) # Allow virtualCamera to call apps via binder. binder_call(virtual_camera, appdomain) # Allow virtual_camera to use fd from apps allow virtual_camera { appdomain -isolated_app }:fd use; # Allow virtual_camera to use fd from surface flinger allow virtual_camera surfaceflinger:fd use; # Only allow virtual_camera to add a virtual_camera_service and no one else. add_service(virtual_camera, virtual_camera_service); # Allow virtual_camera to map graphic buffers hal_client_domain(virtual_camera, hal_graphics_allocator) # Allow virtual_camera to use GPU allow virtual_camera gpu_device:chr_file rw_file_perms; allow virtual_camera gpu_device:dir r_dir_perms; # Allow virtual camera to use graphics composer fd-s (fences). allow virtual_camera hal_graphics_composer:fd use; # For collecting bugreports. allow virtual_camera dumpstate:fd use; allow virtual_camera dumpstate:fifo_file write; # Needed for permission checks. allow virtual_camera permission_service:service_manager find; # Allow 'adb shell cmd' to configure test instances of camera. allow virtual_camera adbd:fd use; allow virtual_camera adbd:unix_stream_socket { getattr read write }; allow virtual_camera shell:fifo_file { getattr read write };