On 01/07/2016 04:17 PM, Roberts, William C wrote:
I'm proposing two items:
1. Adding a neverallow on appdomain to video_device
2. Killing camera_device
Where item 2 is a dependency of item 1, but item 1 can stand alone.
Camera device:
Looking at this, it appears that it would open up a device off limits to
surfaceflinger in the base policy currently.
external/sepolicy$ grep -rn camera_device *
app.te:243: camera_device
device.te:9:type camera_device, dev_type;
file_contexts:63:/dev/cam u:object_r:camera_device:s0
mediaserver.te:51:allow mediaserver camera_device:chr_file rw_file_perms;
external/sepolicy$ grep -rn video_device *
device.te:41:type video_device, dev_type;
file_contexts:92:/dev/nvhdcp1 u:object_r:video_device:s0
file_contexts:125:/dev/tegra.* u:object_r:video_device:s0
file_contexts:137:/dev/video[0-9]* u:object_r:video_device:s0
mediaserver.te:27:allow mediaserver video_device:dir r_dir_perms;
mediaserver.te:28:allow mediaserver video_device:chr_file rw_file_perms;
surfaceflinger.te:30:allow surfaceflinger video_device:dir r_dir_perms;
surfaceflinger.te:31:allow surfaceflinger video_device:chr_file rw_file_perms;
system_server.te:172:allow system_server video_device:dir r_dir_perms;
system_server.te:173:allow system_server video_device:chr_file rw_file_perms;
This could also simplify policy for:
./lge/hammerhead/sepolicy/file_contexts:76:/dev/video([0-9])+
u:object_r:camera_device:s0
./asus/flo/sepolicy/file_contexts:78:/dev/video([0-9])+
u:object_r:camera_device:s0
Also, I noticed that Angler is doing some weird override:
./huawei/angler/sepolicy/file_contexts:32:/dev/video([0-9])+
u:object_r:video_device:s0
I don't know what they intended since file_contexts in base policy covers that.
Appdomain neverallow on video_device:
Additionally, there is a neverallow in app.te restricting application access to
the camera_device,
this could be changed to video_device. I am not super familiar with how video
devices should
be brought up for image processing, etc within the Android system, but it
appears that mediaserver
would be the right spot: https://source.android.com/devices.
SGTM. If it needs to be staged, you could put a change that switches
type camera_device in external/sepolicy to a typealias of video_device
while rewriting all references in external/sepolicy to video_device,
then later drop the typealias once all device policies have been updated.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
