1# surfaceflinger - display compositor service 2 3typeattribute surfaceflinger coredomain; 4 5type surfaceflinger_exec, exec_type, file_type; 6init_daemon_domain(surfaceflinger) 7 8typeattribute surfaceflinger mlstrustedsubject; 9typeattribute surfaceflinger display_service_server; 10 11read_runtime_log_tags(surfaceflinger) 12 13# Perform HwBinder IPC. 14hal_client_domain(surfaceflinger, hal_graphics_allocator) 15hal_client_domain(surfaceflinger, hal_graphics_composer) 16hal_client_domain(surfaceflinger, hal_configstore) 17allow surfaceflinger hidl_token_hwservice:hwservice_manager find; 18 19# Perform Binder IPC. 20binder_use(surfaceflinger) 21binder_call(surfaceflinger, binderservicedomain) 22binder_call(surfaceflinger, appdomain) 23binder_call(surfaceflinger, bootanim) 24binder_service(surfaceflinger) 25 26# Binder IPC to bu, presently runs in adbd domain. 27binder_call(surfaceflinger, adbd) 28 29# Read /proc/pid files for Binder clients. 30r_dir_file(surfaceflinger, binderservicedomain) 31r_dir_file(surfaceflinger, appdomain) 32 33# Access the GPU. 34allow surfaceflinger gpu_device:chr_file rw_file_perms; 35 36# Access /dev/graphics/fb0. 37allow surfaceflinger graphics_device:dir search; 38allow surfaceflinger graphics_device:chr_file rw_file_perms; 39 40# Access /dev/video1. 41allow surfaceflinger video_device:dir r_dir_perms; 42allow surfaceflinger video_device:chr_file rw_file_perms; 43 44# Create and use netlink kobject uevent sockets. 45allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 46 47# Set properties. 48set_prop(surfaceflinger, system_prop) 49set_prop(surfaceflinger, ctl_bootanim_prop) 50 51# Use open files supplied by an app. 52allow surfaceflinger appdomain:fd use; 53allow surfaceflinger app_data_file:file { read write }; 54 55# Use socket supplied by adbd, for cmd gpu vkjson etc. 56allow surfaceflinger adbd:unix_stream_socket { read write getattr }; 57 58# Allow a dumpstate triggered screenshot 59binder_call(surfaceflinger, dumpstate) 60binder_call(surfaceflinger, shell) 61r_dir_file(surfaceflinger, dumpstate) 62 63# Needed on some devices for playing DRM protected content, 64# but seems expected and appropriate for all devices. 65allow surfaceflinger tee_device:chr_file rw_file_perms; 66 67 68# media.player service 69add_service(surfaceflinger, gpu_service) 70 71# do not use add_service() as hal_graphics_composer_default may be the 72# provider as well 73#add_service(surfaceflinger, surfaceflinger_service) 74allow surfaceflinger surfaceflinger_service:service_manager { add find }; 75 76allow surfaceflinger mediaserver_service:service_manager find; 77allow surfaceflinger permission_service:service_manager find; 78allow surfaceflinger power_service:service_manager find; 79allow surfaceflinger vr_manager_service:service_manager find; 80allow surfaceflinger window_service:service_manager find; 81 82 83# allow self to set SCHED_FIFO 84allow surfaceflinger self:capability sys_nice; 85allow surfaceflinger proc_meminfo:file r_file_perms; 86r_dir_file(surfaceflinger, cgroup) 87r_dir_file(surfaceflinger, sysfs_type) 88r_dir_file(surfaceflinger, system_file) 89allow surfaceflinger tmpfs:dir r_dir_perms; 90allow surfaceflinger system_server:fd use; 91allow surfaceflinger ion_device:chr_file r_file_perms; 92 93# pdx IPC 94pdx_server(surfaceflinger, display_client) 95pdx_server(surfaceflinger, display_manager) 96pdx_server(surfaceflinger, display_screenshot) 97pdx_server(surfaceflinger, display_vsync) 98 99pdx_client(surfaceflinger, bufferhub_client) 100pdx_client(surfaceflinger, performance_client) 101 102### 103### Neverallow rules 104### 105### surfaceflinger should NEVER do any of this 106 107# Do not allow accessing SDcard files as unsafe ejection could 108# cause the kernel to kill the process. 109neverallow surfaceflinger sdcard_type:file rw_file_perms; 110