From b7aace2db079731327bad4ff84fcc7d9f520d6eb Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Fri, 8 Jan 2016 13:29:22 -0800
Subject: [PATCH] camera_device: remove type and add typealias

camera_device didn't really offer much in terms of control considering
that most domains that need camera_device, also need video_device and
vice versa.

Thus, drop camera_device from the policy and add a temporary typealias.

Change-Id: I144c0bb49a9a68ab1bdf636c64abe656f3e677b4
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 app.te         | 2 +-
 device.te      | 4 +++-
 file_contexts  | 2 +-
 mediaserver.te | 2 --
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app.te b/app.te
index 45225b54d..324039238 100644
--- a/app.te
+++ b/app.te
@@ -243,7 +243,7 @@ neverallow appdomain dev_type:blk_file { read write };
 # Access to any of the following character devices.
 neverallow appdomain {
     audio_device
-    camera_device
+    video_device
     dm_device
     radio_device
     gps_device
diff --git a/device.te b/device.te
index 06006b26d..51750348a 100644
--- a/device.te
+++ b/device.te
@@ -6,7 +6,6 @@ type ashmem_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;
 type block_device, dev_type;
-type camera_device, dev_type;
 type dm_device, dev_type;
 type loop_device, dev_type;
 type pmsg_device, dev_type, mlstrustedobject;
@@ -101,3 +100,6 @@ type misc_block_device, dev_type;
 
 # Bootctrl block device used by A/B update (update_engine, update_verifier).
 type bootctrl_block_device, dev_type;
+
+# XXX: Temporarily alias camera_device for its removal
+typealias video_device alias camera_device;
diff --git a/file_contexts b/file_contexts
index a1fa8042e..1cd5fbaf5 100644
--- a/file_contexts
+++ b/file_contexts
@@ -60,7 +60,7 @@
 /dev/block/ram[0-9]*	u:object_r:ram_device:s0
 /dev/block/zram[0-9]*	u:object_r:ram_device:s0
 /dev/bus/usb(.*)?       u:object_r:usb_device:s0
-/dev/cam		u:object_r:camera_device:s0
+/dev/cam		u:object_r:video_device:s0
 /dev/console		u:object_r:console_device:s0
 /dev/cpuctl(/.*)?	u:object_r:cpuctl_device:s0
 /dev/device-mapper	u:object_r:dm_device:s0
diff --git a/mediaserver.te b/mediaserver.te
index e1c9a54e4..84ceec86b 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -47,8 +47,6 @@ allow mediaserver radio_data_file:file { read getattr };
 # Use pipes passed over Binder from app domains.
 allow mediaserver appdomain:fifo_file { getattr read write };
 
-# Access camera device.
-allow mediaserver camera_device:chr_file rw_file_perms;
 allow mediaserver rpmsg_device:chr_file rw_file_perms;
 
 # Inter System processes communicate over named pipe (FIFO)
-- 
GitLab