camera_detect/sepolicy/camera_detect.te

type camera_detect, domain, mlstrustedsubject;
type camera_detect_exec, exec_type, file_type;

# Allow for transition from init domain to camera_detect
init_daemon_domain(camera_detect)

# Allow executing a shell script
allow camera_detect shell_exec:file { rx_file_perms entrypoint };
allow camera_detect toolbox_exec:file { rx_file_perms };

# Allow reading name of camera driver from /sys/class/video4linux
r_dir_file(camera_detect, sysfs)
r_dir_file(camera_detect, sysfs_graphics)

# Allow wiping of cached resolutions in shared_prefs of GoogleCamera
allow camera_detect rootfs:dir { r_dir_perms };
allow camera_detect system_data_file:dir { r_dir_perms };
allow camera_detect app_data_file:dir { rw_dir_perms };
allow camera_detect self:capability { fowner chown fsetid  };

# Allow executing /system/etc/init.fp.camera_*.sh scripts
allow camera_detect system_file:file execute_no_trans;

# Allow access to camera_detect properties
set_prop(camera_detect, camera_detect_prop)
get_prop(system_app, camera_detect_prop)
get_prop(priv_app, camera_detect_prop)
get_prop(shell, camera_detect_prop)