1## Custom security policy for Google Camera App, the default camera application on Pixel devices. 2## 3## Google Camera App is a standard app for the most part, but on Pixel devices 4## it has access to hardware accelerators such as Hexagon and Airbrush. 5## 6## This policy defines the extra rules necessary for that access. 7 8## Untrusted_app_domain disallows access to new HW services, and since 9## GCA needs to talk to airbrush, this doesn't work. So the following 10## rules duplicate untrusted_app_domain to the extent needed by GCA, 11## by copying from core/sepolicy/private/untrusted_app_all.te and 12## other .te files that refer to untrusted_app_all. 13 14# Some apps ship with shared libraries and binaries that they write out 15# to their sandbox directory and then execute. 16allow google_camera_app privapp_data_file:file { r_file_perms execute }; 17allow google_camera_app app_data_file:file { r_file_perms execute }; 18auditallow google_camera_app app_data_file:file execute; 19 20# Allow handling of less common filesystem objects 21allow google_camera_app app_data_file:{ lnk_file sock_file fifo_file } create_file_perms; 22 23# Read and write system app data files passed over Binder. 24# Motivating case was /data/data/com.android.settings/cache/*.jpg for 25# cropping or taking user photos. 26allow google_camera_app system_app_data_file:file { read write getattr }; 27 28allow google_camera_app app_api_service:service_manager find; 29allow google_camera_app audioserver_service:service_manager find; 30allow google_camera_app cameraserver_service:service_manager find; 31allow google_camera_app drmserver_service:service_manager find; 32allow google_camera_app mediaserver_service:service_manager find; 33allow google_camera_app mediaextractor_service:service_manager find; 34allow google_camera_app mediametrics_service:service_manager find; 35allow google_camera_app mediadrmserver_service:service_manager find; 36allow google_camera_app nfc_service:service_manager find; 37allow google_camera_app radio_service:service_manager find; 38 39# gdbserver for ndk-gdb ptrace attaches to app process. 40allow google_camera_app self:process ptrace; 41 42# Android Studio Instant Run has the application connect to a 43# runas_app socket listening in the abstract namespace. 44# https://developer.android.com/studio/run/ 45allow google_camera_app runas_app:unix_stream_socket connectto; 46 47# Untrusted apps need to be able to send a SIGCHLD to runas_app 48# when running under a debugger 49allow google_camera_app runas_app:process sigchld; 50 51# allow untrusted apps to use UDP sockets provided by the system server but not 52# modify them other than to connect 53allow google_camera_app system_server:udp_socket { 54 connect getattr read recvfrom sendto write getopt setopt }; 55 56# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes. 57allow runas_app google_camera_app:process { ptrace signal sigstop }; 58allow runas_app google_camera_app:unix_stream_socket connectto; 59 60# simpleperf_app_runner switches to the app security context. 61allow simpleperf_app_runner google_camera_app:process dyntransition; # setcon 62 63## Extra capabilities for Google Camera App 64 65## Access to Hexagon DSP kernel device 66allow google_camera_app qdsp_device:chr_file r_file_perms; 67 68# Read adsp files, for Hexagon access 69allow google_camera_app adsprpcd_file:lnk_file r_file_perms; 70 71# Allow read camera prop 72get_prop(google_camera_app, vendor_camera_prop) 73get_prop(google_camera_app, vendor_camera_ro_prop) 74 75# Allow read vendor display prop 76get_prop(google_camera_app, vendor_display_prop) 77 78# Allow read sysfs soc 79allow google_camera_app sysfs_soc:dir search; 80allow google_camera_app sysfs_soc:file r_file_perms; 81