1get_prop(domain, camera_prop) 2 3dontaudit domain self:capability sys_module; 4dontaudit domain kernel:system module_request; 5 6# b/29072816 7# Triggered by kernel code which calls request_firmware(), which 8# eventually calls filp_open(), which attempts to look in /firmware 9# for the firmware file itself using the context of the calling 10# domain. 11# This does not occur on other Android builds because the marlin 12# kernel has various references to /firmware paths in the following 13# code: 14# 15# /* direct firmware loading support */ 16# static char fw_path_para[256]; 17# static const char * const fw_path[] = { 18# fw_path_para, 19# "/lib/firmware/updates/" UTS_RELEASE, 20# "/lib/firmware/updates", 21# "/lib/firmware/" UTS_RELEASE, 22# "/lib/firmware", 23# "/firmware/image", 24# "/firmware/radio", 25# "/firmware/adsp" //HTC_AUD 26# }; 27# 28# As described at http://www.makelinux.net/ldd3/chp-14-sect-8 , 29# the userspace helper (in our case, ueventd) should always be loading 30# these files, not the requesting process itself. It is only due to a 31# hack added by Linus Torvalds that the kernel even attempt to load 32# firmware files directly from the filesystem 33# (https://github.com/torvalds/linux/commit/abb139e75c2cdbb955e840d6331cb5863e409d0e). 34# 35# Suppress these denials for most domains, since ueventd should be doing the 36# opening of the firmware. 37dontaudit domain firmware_file:dir search; 38 39allow domain debugfs_ion:dir search; 40allow domain debugfs_kgsl:dir search; 41