From 0db3e1389039cfd6306e471b6ba79a8ea27c0ef9 Mon Sep 17 00:00:00 2001 From: mtk10721 Date: Sat, 18 Jan 2020 09:46:04 +0800 Subject: [PATCH] [ALPS03911067] Fix sepolicy rules [Detail] As title [Solution] As title MTK-Commit-Id: 97369eddd804591eaa5678ce60ab2c72e0f1393d Change-Id: Iae55b41b436943d772ee8e4af9d5506c796132a1 CR-Id:ALPS03911067 Feature: Camera Application --- non_plat/mtk_hal_camera.te | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/non_plat/mtk_hal_camera.te b/non_plat/mtk_hal_camera.te index 633044f..0dcd5be 100644 --- a/non_plat/mtk_hal_camera.te +++ b/non_plat/mtk_hal_camera.te @@ -176,8 +176,8 @@ allow mtk_hal_camera dumpstate:fifo_file write; # Purpose: avc: denied { write } for path="/data/vendor/mtklog/aee_exp/temp/db.fXpwOm/SYS_DEBUG_MTKCAM" # dev="dm-0" ino=82287 scontext=u:r:mtk_hal_camera:s0 tcontext=u:object_r:aee_exp_data_file:s0 # tclass=file permissive=0 -allow mtk_hal_camera aee_exp_data_file:dir { w_dir_perms }; -allow mtk_hal_camera aee_exp_data_file:file { create_file_perms }; +#allow mtk_hal_camera aee_exp_data_file:dir { w_dir_perms }; +#allow mtk_hal_camera aee_exp_data_file:file { create_file_perms }; # ----------------------------------- # Android O @@ -212,12 +212,11 @@ allow mtk_hal_camera untrusted_app:dir search; allow mtk_hal_camera offloadservice_device:chr_file rw_file_perms; ## Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump -typeattribute mtk_hal_camera data_between_core_and_vendor_violators; -allow mtk_hal_camera system_data_file:dir write; +#allow mtk_hal_camera system_data_file:dir write; allow mtk_hal_camera storage_file:lnk_file {read write}; allow mtk_hal_camera mnt_user_file:dir {write read search}; allow mtk_hal_camera mnt_user_file:lnk_file {read write}; -allow mtk_hal_camera media_rw_data_file:dir {getattr create}; +#allow mtk_hal_camera media_rw_data_file:dir {getattr create}; ## Purpose: Allow mtk_hal_camera to read binder from surfaceflinger allow mtk_hal_camera surfaceflinger:fifo_file {read write};