1# mediaserver - multimedia daemon 2type mediaserver, domain; 3type mediaserver_exec, exec_type, file_type; 4 5typeattribute mediaserver mlstrustedsubject; 6 7# TODO(b/36375899): replace with hal_client_domain macro on hal_omx 8typeattribute mediaserver halclientdomain; 9 10net_domain(mediaserver) 11 12r_dir_file(mediaserver, sdcard_type) 13r_dir_file(mediaserver, cgroup) 14 15# stat /proc/self 16allow mediaserver proc:lnk_file getattr; 17 18# open /vendor/lib/mediadrm 19allow mediaserver system_file:dir r_dir_perms; 20 21userdebug_or_eng(` 22 # ptrace to processes in the same domain for memory leak detection 23 allow mediaserver self:process ptrace; 24') 25 26binder_use(mediaserver) 27binder_call(mediaserver, binderservicedomain) 28binder_call(mediaserver, appdomain) 29binder_service(mediaserver) 30 31allow mediaserver media_data_file:dir create_dir_perms; 32allow mediaserver media_data_file:file create_file_perms; 33allow mediaserver app_data_file:dir search; 34allow mediaserver app_data_file:file rw_file_perms; 35allow mediaserver sdcard_type:file write; 36allow mediaserver gpu_device:chr_file rw_file_perms; 37allow mediaserver video_device:dir r_dir_perms; 38allow mediaserver video_device:chr_file rw_file_perms; 39 40set_prop(mediaserver, audio_prop) 41 42# XXX Label with a specific type? 43allow mediaserver sysfs:file r_file_perms; 44 45# Read resources from open apk files passed over Binder. 46allow mediaserver apk_data_file:file { read getattr }; 47allow mediaserver asec_apk_file:file { read getattr }; 48allow mediaserver ringtone_file:file { read getattr }; 49 50# Read /data/data/com.android.providers.telephony files passed over Binder. 51allow mediaserver radio_data_file:file { read getattr }; 52 53# Use pipes passed over Binder from app domains. 54allow mediaserver appdomain:fifo_file { getattr read write }; 55 56allow mediaserver rpmsg_device:chr_file rw_file_perms; 57 58# Inter System processes communicate over named pipe (FIFO) 59allow mediaserver system_server:fifo_file r_file_perms; 60 61r_dir_file(mediaserver, media_rw_data_file) 62 63# Grant access to read files on appfuse. 64allow mediaserver app_fuse_file:file { read getattr }; 65 66# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid 67allow mediaserver qtaguid_proc:file rw_file_perms; 68allow mediaserver qtaguid_device:chr_file r_file_perms; 69 70# Needed on some devices for playing DRM protected content, 71# but seems expected and appropriate for all devices. 72unix_socket_connect(mediaserver, drmserver, drmserver) 73 74# Needed on some devices for playing audio on paired BT device, 75# but seems appropriate for all devices. 76unix_socket_connect(mediaserver, bluetooth, bluetooth) 77 78add_service(mediaserver, mediaserver_service) 79allow mediaserver activity_service:service_manager find; 80allow mediaserver appops_service:service_manager find; 81allow mediaserver audioserver_service:service_manager find; 82allow mediaserver cameraserver_service:service_manager find; 83allow mediaserver batterystats_service:service_manager find; 84allow mediaserver drmserver_service:service_manager find; 85allow mediaserver mediaextractor_service:service_manager find; 86allow mediaserver mediacodec_service:service_manager find; 87allow mediaserver mediametrics_service:service_manager find; 88allow mediaserver media_session_service:service_manager find; 89allow mediaserver permission_service:service_manager find; 90allow mediaserver power_service:service_manager find; 91allow mediaserver processinfo_service:service_manager find; 92allow mediaserver scheduling_policy_service:service_manager find; 93allow mediaserver surfaceflinger_service:service_manager find; 94 95# for ModDrm/MediaPlayer 96allow mediaserver mediadrmserver_service:service_manager find; 97 98# For interfacing with OMX HAL 99allow mediaserver hidl_token_hwservice:hwservice_manager find; 100 101# /oem access 102allow mediaserver oemfs:dir search; 103allow mediaserver oemfs:file r_file_perms; 104 105use_drmservice(mediaserver) 106allow mediaserver drmserver:drmservice { 107 consumeRights 108 setPlaybackStatus 109 openDecryptSession 110 closeDecryptSession 111 initializeDecryptUnit 112 decrypt 113 finalizeDecryptUnit 114 pread 115}; 116 117# only allow unprivileged socket ioctl commands 118allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket } 119 ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; 120 121# Access to /data/media. 122# This should be removed if sdcardfs is modified to alter the secontext for its 123# accesses to the underlying FS. 124allow mediaserver media_rw_data_file:dir create_dir_perms; 125allow mediaserver media_rw_data_file:file create_file_perms; 126 127# Access to media in /data/preloads 128allow mediaserver preloads_media_file:file { getattr read ioctl }; 129 130allow mediaserver ion_device:chr_file r_file_perms; 131allow mediaserver hal_graphics_allocator:fd use; 132allow mediaserver hal_graphics_composer:fd use; 133allow mediaserver hal_camera:fd use; 134 135allow mediaserver system_server:fd use; 136 137hal_client_domain(mediaserver, hal_allocator) 138 139binder_call(mediaserver, mediacodec) 140 141### 142### neverallow rules 143### 144 145# mediaserver should never execute any executable without a 146# domain transition 147neverallow mediaserver { file_type fs_type }:file execute_no_trans; 148 149# do not allow privileged socket ioctl commands 150neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 151