diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2017-11-10 14:18:45 -0800 |
---|---|---|
committer | Jeff Vander Stoep <jeffv@google.com> | 2017-11-10 14:35:37 -0800 |
commit | cbcac785eb9e62d818898afd6d91a4a8bd5cd80b (patch) | |
tree | 70f07635642cb862d594f55f88c4196a3363d52b | |
parent | 43b991ba9b764303d041af371d730c22dd91bb2f (diff) | |
download | angler-cbcac785eb9e62d818898afd6d91a4a8bd5cd80b.tar.gz |
Move camera HAL rules to device specific policy
Access to /data/misc/camera only applies to Angler/Bullhead. Remove
access from core policy to device specific policy.
Bug: 36601397
Test: build
Change-Id: I998842431f45b5dea5639398034e9238a5bbb094
-rw-r--r-- | sepolicy/hal_camera.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/hal_camera.te b/sepolicy/hal_camera.te index 3aae732..5c37715 100644 --- a/sepolicy/hal_camera.te +++ b/sepolicy/hal_camera.te @@ -6,3 +6,7 @@ allow hal_camera camera_data_file:sock_file write; allow hal_camera perfd_data_file:dir search; allow hal_camera perfd:unix_stream_socket connectto; allow hal_camera perfd_data_file:sock_file write; + +# access /data/misc/camera +allow hal_camera camera_data_file:dir create_dir_perms; +allow hal_camera camera_data_file:file create_file_perms; |