1# surfaceflinger - display compositor service 2 3typeattribute surfaceflinger coredomain; 4 5type surfaceflinger_exec, exec_type, file_type; 6init_daemon_domain(surfaceflinger) 7 8typeattribute surfaceflinger mlstrustedsubject; 9typeattribute surfaceflinger display_service_server; 10 11read_runtime_log_tags(surfaceflinger) 12 13# Perform HwBinder IPC. 14hal_client_domain(surfaceflinger, hal_graphics_allocator) 15hal_client_domain(surfaceflinger, hal_graphics_composer) 16hal_client_domain(surfaceflinger, hal_configstore) 17hal_client_domain(surfaceflinger, hal_power) 18allow surfaceflinger hidl_token_hwservice:hwservice_manager find; 19 20# Perform Binder IPC. 21binder_use(surfaceflinger) 22binder_call(surfaceflinger, binderservicedomain) 23binder_call(surfaceflinger, appdomain) 24binder_call(surfaceflinger, bootanim) 25binder_service(surfaceflinger) 26 27# Binder IPC to bu, presently runs in adbd domain. 28binder_call(surfaceflinger, adbd) 29 30# Read /proc/pid files for Binder clients. 31r_dir_file(surfaceflinger, binderservicedomain) 32r_dir_file(surfaceflinger, appdomain) 33 34# Access the GPU. 35allow surfaceflinger gpu_device:chr_file rw_file_perms; 36 37# Access /dev/graphics/fb0. 38allow surfaceflinger graphics_device:dir search; 39allow surfaceflinger graphics_device:chr_file rw_file_perms; 40 41# Access /dev/video1. 42allow surfaceflinger video_device:dir r_dir_perms; 43allow surfaceflinger video_device:chr_file rw_file_perms; 44 45# Create and use netlink kobject uevent sockets. 46allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 47 48# Set properties. 49set_prop(surfaceflinger, system_prop) 50set_prop(surfaceflinger, exported_system_prop) 51set_prop(surfaceflinger, exported2_system_prop) 52set_prop(surfaceflinger, exported3_system_prop) 53set_prop(surfaceflinger, ctl_bootanim_prop) 54 55# Use open files supplied by an app. 56allow surfaceflinger appdomain:fd use; 57allow surfaceflinger app_data_file:file { read write }; 58 59# Allow writing surface traces to /data/misc/wmtrace. 60userdebug_or_eng(` 61 allow surfaceflinger wm_trace_data_file:dir rw_dir_perms; 62 allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms }; 63') 64 65# Use socket supplied by adbd, for cmd gpu vkjson etc. 66allow surfaceflinger adbd:unix_stream_socket { read write getattr }; 67 68# Allow a dumpstate triggered screenshot 69binder_call(surfaceflinger, dumpstate) 70binder_call(surfaceflinger, shell) 71r_dir_file(surfaceflinger, dumpstate) 72 73# Needed on some devices for playing DRM protected content, 74# but seems expected and appropriate for all devices. 75allow surfaceflinger tee_device:chr_file rw_file_perms; 76 77 78# media.player service 79add_service(surfaceflinger, gpu_service) 80 81# do not use add_service() as hal_graphics_composer_default may be the 82# provider as well 83#add_service(surfaceflinger, surfaceflinger_service) 84allow surfaceflinger surfaceflinger_service:service_manager { add find }; 85 86allow surfaceflinger mediaserver_service:service_manager find; 87allow surfaceflinger permission_service:service_manager find; 88allow surfaceflinger power_service:service_manager find; 89allow surfaceflinger vr_manager_service:service_manager find; 90allow surfaceflinger window_service:service_manager find; 91 92 93# allow self to set SCHED_FIFO 94allow surfaceflinger self:global_capability_class_set sys_nice; 95allow surfaceflinger proc_meminfo:file r_file_perms; 96r_dir_file(surfaceflinger, cgroup) 97r_dir_file(surfaceflinger, system_file) 98allow surfaceflinger tmpfs:dir r_dir_perms; 99allow surfaceflinger system_server:fd use; 100allow surfaceflinger ion_device:chr_file r_file_perms; 101 102# pdx IPC 103pdx_server(surfaceflinger, display_client) 104pdx_server(surfaceflinger, display_manager) 105pdx_server(surfaceflinger, display_screenshot) 106pdx_server(surfaceflinger, display_vsync) 107 108pdx_client(surfaceflinger, bufferhub_client) 109pdx_client(surfaceflinger, performance_client) 110 111### 112### Neverallow rules 113### 114### surfaceflinger should NEVER do any of this 115 116# Do not allow accessing SDcard files as unsafe ejection could 117# cause the kernel to kill the process. 118neverallow surfaceflinger sdcard_type:file rw_file_perms; 119 120# b/68864350 121dontaudit surfaceflinger unlabeled:dir search; 122