| # virtual_camera - virtual camera daemon |
| |
| type virtual_camera, domain, coredomain; |
| type virtual_camera_exec, system_file_type, exec_type, file_type; |
| |
| init_daemon_domain(virtual_camera) |
| |
| # Since virtual_camera is not a real HAL we don't set the |
| # hal_server_domain(virtual_camera, hal_camera) macro but only the rules that |
| # we actually need from halserverdomain and hal_camera_server: |
| binder_use(virtual_camera) |
| binder_call(virtual_camera, cameraserver) |
| binder_call(virtual_camera, system_server) |
| |
| |
| # Allow virtualCamera to call apps via binder. |
| binder_call(virtual_camera, appdomain) |
| |
| # Allow virtual_camera to use fd from apps |
| allow virtual_camera { appdomain -isolated_app }:fd use; |
| |
| # Only allow virtual_camera to add a virtual_camera_service and no one else. |
| add_service(virtual_camera, virtual_camera_service); |
| |
| # Allow virtual_camera to map graphic buffers |
| hal_client_domain(virtual_camera, hal_graphics_allocator) |
| |
| # Allow virtual_camera to use GPU |
| allow virtual_camera gpu_device:chr_file rw_file_perms; |
| allow virtual_camera gpu_device:dir r_dir_perms; |
| |
| # For collecting bugreports. |
| allow virtual_camera dumpstate:fd use; |
| allow virtual_camera dumpstate:fifo_file write; |
| |
| # Needed for permission checks. |
| allow virtual_camera permission_service:service_manager find; |