NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

non_plat: Label /data/vendor/camera/ and allow mtk_hal_camera create perms

Browse Source 
Camera data files are store in /data/vendor/camera/ by camera hal on
treble devices. Label and allow mtk_hal_camera to manage it.

Denial observed without this change:
[   17.686535] .(4)[399:logd.auditd]type=1400 audit(1609114842.280:303): avc: denied { getattr } for comm="camerahalserver" path="/data/vendor/camera/back_dual_camera_caldata_wt.bin" dev="sdc46" ino=2490446 scontext=u:r:mtk_hal_camera:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1

Test: Boot and notice denial has disappeared

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I98d0ddcce95cccdb9e86c4d36cb692e1f1ff41cb
This commit is contained in:
Aayush Gupta 2020-12-28 13:04:46 +05:30
parent 590a77d53d
commit 7a0a7ea6a5
3 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
non_plat/file.te
View File

@ -440,3 +440,6 @@ type sysfs_chipid, fs_type, sysfs_type;
# Date : 2019/12/12
# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/*
type sysfs_concurrency_scenario, fs_type, sysfs_type;
# Camera file types
type camera_vendor_data_file, file_type, data_file_type;

2
non_plat/file_contexts
View File

@ -686,3 +686,5 @@
/(system\/vendor|vendor)/bin/aee_aedv64 u:object_r:aee_aedv_exec:s0
/vendor/bin/aeev u:object_r:aee_aedv_exec:s0
# Camera data files
/data/vendor/camera(/.*)? u:object_r:camera_vendor_data_file:s0

4
non_plat/mtk_hal_camera.te
View File

@ -359,3 +359,7 @@ allowxperm mtk_hal_camera mtk_hal_camera:unix_stream_socket ioctl IIOCNETAIF;
# MTK camera property
set_prop(mtk_hal_camera, mtk_camera_prop)
# Camera data files
allow mtk_hal_camera camera_vendor_data_file:dir create_dir_perms;
allow mtk_hal_camera camera_vendor_data_file:file create_file_perms;