e0929241a1
DeviceAsWebcam is a new service that turns an android device into a
webcam. It requires access to all services that a
regular app needs access to, and it requires read/write permission to
/dev/video* nodes which is how the linux kernel mounts the UVC gadget.
Bug: 242344221
Bug: 242344229
Test: Manually tested that the service can access all the nodes it
needs, and no selinux exceptions are reported for the service
when running.
Change-Id: I45c5df105f5b0c31dd6a733f50eb764479d18e9f
21 lines
831 B
Text
21 lines
831 B
Text
# Domain for DeviceAsWebcam Service
|
|
type device_as_webcam, domain, coredomain, mlstrustedsubject;
|
|
|
|
app_domain(device_as_webcam)
|
|
|
|
allow device_as_webcam system_app_data_file:dir create_dir_perms;
|
|
allow device_as_webcam system_app_data_file:file create_file_perms;
|
|
|
|
allow device_as_webcam { app_api_service cameraserver_service }:service_manager find;
|
|
|
|
# Allow DeviceAsWebcam Service needs to access ro.usb.uvc.enabled property to
|
|
# enale/disable itself
|
|
get_prop(device_as_webcam, usb_uvc_enabled_prop)
|
|
|
|
# need to access /dev to list all devices
|
|
allow device_as_webcam device:dir r_dir_perms;
|
|
|
|
# UVC nodes are mounted as V4L2 nodes (/dev/video*) on the device. These need to
|
|
# be accessed by the DeviceAsWebcam Service.
|
|
allow device_as_webcam video_device:dir r_dir_perms;
|
|
allow device_as_webcam video_device:chr_file rw_file_perms;
|