Skip to content
Snippets Groups Projects
Commit c26dd18a authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

hal_camera: remove video_device restriction 

Disallowing other HALs access to video_device does not appear to be
enforceable.

Bug: 37669506
Test: build policy. Neverallow rules are build time test and do not
      impact the policy binary.
Change-Id: Iea401de08a63f3261a461f67b85113a9d838e88a
parent 8fed11ad
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 2 deletions
public/hal_camera.te
+ 1
2
View file @ c26dd18a
...@@ -32,6 +32,5 @@ neverallow hal_camera { file_type fs_type }:file execute_no_trans; ...@@ -32,6 +32,5 @@ neverallow hal_camera { file_type fs_type }:file execute_no_trans;
# hal_camera should never need network access. Disallow network sockets. # hal_camera should never need network access. Disallow network sockets.
neverallow hal_camera domain:{ tcp_socket udp_socket rawip_socket } *; neverallow hal_camera domain:{ tcp_socket udp_socket rawip_socket } *;
# Only camera HAL may directly access the camera and video hardware # Only camera HAL may directly access the camera hardware
neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *; neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *;
neverallow { halserverdomain -coredomain -hal_camera_server } video_device:chr_file *;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment