| type camera_detect, domain, mlstrustedsubject; |
| type camera_detect_exec, exec_type, file_type; |
| |
| # Allow for transition from init domain to camera_detect |
| init_daemon_domain(camera_detect) |
| |
| # Allow executing a shell script |
| allow camera_detect shell_exec:file { rx_file_perms entrypoint }; |
| allow camera_detect toolbox_exec:file { rx_file_perms }; |
| |
| # Allow reading name of camera driver from /sys/class/video4linux |
| r_dir_file(camera_detect, sysfs) |
| r_dir_file(camera_detect, sysfs_graphics) |
| |
| # Allow wiping of cached resolutions in shared_prefs of GoogleCamera |
| allow camera_detect rootfs:dir { r_dir_perms }; |
| allow camera_detect system_data_file:dir { r_dir_perms }; |
| allow camera_detect app_data_file:dir { rw_dir_perms }; |
| allow camera_detect self:capability { fowner chown fsetid }; |
| |
| # Allow executing /system/etc/init.fp.camera_*.sh scripts |
| allow camera_detect system_file:file execute_no_trans; |
| |
| # Allow access to camera_detect properties |
| set_prop(camera_detect, camera_detect_prop) |
| get_prop(system_app, camera_detect_prop) |
| get_prop(priv_app, camera_detect_prop) |
| get_prop(shell, camera_detect_prop) |