1# surfaceflinger - display compositor service 2 3typeattribute surfaceflinger coredomain; 4 5type surfaceflinger_exec, system_file_type, exec_type, file_type; 6init_daemon_domain(surfaceflinger) 7tmpfs_domain(surfaceflinger) 8 9typeattribute surfaceflinger mlstrustedsubject; 10typeattribute surfaceflinger display_service_server; 11 12read_runtime_log_tags(surfaceflinger) 13 14# Perform HwBinder IPC. 15hal_client_domain(surfaceflinger, hal_graphics_allocator) 16hal_client_domain(surfaceflinger, hal_graphics_composer) 17typeattribute surfaceflinger_tmpfs hal_graphics_composer_client_tmpfs; 18hal_client_domain(surfaceflinger, hal_codec2) 19hal_client_domain(surfaceflinger, hal_omx) 20hal_client_domain(surfaceflinger, hal_configstore) 21hal_client_domain(surfaceflinger, hal_power) 22allow surfaceflinger hidl_token_hwservice:hwservice_manager find; 23 24# Perform Binder IPC. 25binder_use(surfaceflinger) 26binder_call(surfaceflinger, binderservicedomain) 27binder_call(surfaceflinger, appdomain) 28binder_call(surfaceflinger, bootanim) 29binder_service(surfaceflinger) 30 31# Binder IPC to bu, presently runs in adbd domain. 32binder_call(surfaceflinger, adbd) 33 34# Read /proc/pid files for Binder clients. 35r_dir_file(surfaceflinger, binderservicedomain) 36r_dir_file(surfaceflinger, appdomain) 37 38# Access the GPU. 39allow surfaceflinger gpu_device:chr_file rw_file_perms; 40 41# Access /dev/graphics/fb0. 42allow surfaceflinger graphics_device:dir search; 43allow surfaceflinger graphics_device:chr_file rw_file_perms; 44 45# Access /dev/video1. 46allow surfaceflinger video_device:dir r_dir_perms; 47allow surfaceflinger video_device:chr_file rw_file_perms; 48 49# Create and use netlink kobject uevent sockets. 50allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 51 52# Set properties. 53set_prop(surfaceflinger, system_prop) 54set_prop(surfaceflinger, exported_system_prop) 55set_prop(surfaceflinger, exported2_system_prop) 56set_prop(surfaceflinger, exported3_system_prop) 57set_prop(surfaceflinger, ctl_bootanim_prop) 58 59# Use open files supplied by an app. 60allow surfaceflinger appdomain:fd use; 61allow surfaceflinger { app_data_file privapp_data_file }:file { read write }; 62 63# Allow writing surface traces to /data/misc/wmtrace. 64userdebug_or_eng(` 65 allow surfaceflinger wm_trace_data_file:dir rw_dir_perms; 66 allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms }; 67') 68 69# Use socket supplied by adbd, for cmd gpu vkjson etc. 70allow surfaceflinger adbd:unix_stream_socket { read write getattr }; 71 72# Allow a dumpstate triggered screenshot 73binder_call(surfaceflinger, dumpstate) 74binder_call(surfaceflinger, shell) 75r_dir_file(surfaceflinger, dumpstate) 76 77# media.player service 78 79# do not use add_service() as hal_graphics_composer_default may be the 80# provider as well 81#add_service(surfaceflinger, surfaceflinger_service) 82allow surfaceflinger surfaceflinger_service:service_manager { add find }; 83 84add_service(surfaceflinger, vrflinger_vsync_service) 85 86allow surfaceflinger mediaserver_service:service_manager find; 87allow surfaceflinger permission_service:service_manager find; 88allow surfaceflinger power_service:service_manager find; 89allow surfaceflinger vr_manager_service:service_manager find; 90allow surfaceflinger window_service:service_manager find; 91allow surfaceflinger inputflinger_service:service_manager find; 92 93 94# allow self to set SCHED_FIFO 95allow surfaceflinger self:global_capability_class_set sys_nice; 96allow surfaceflinger proc_meminfo:file r_file_perms; 97r_dir_file(surfaceflinger, cgroup) 98r_dir_file(surfaceflinger, system_file) 99allow surfaceflinger tmpfs:dir r_dir_perms; 100allow surfaceflinger system_server:fd use; 101allow surfaceflinger system_server:unix_stream_socket { read write }; 102allow surfaceflinger ion_device:chr_file r_file_perms; 103 104# pdx IPC 105pdx_server(surfaceflinger, display_client) 106pdx_server(surfaceflinger, display_manager) 107pdx_server(surfaceflinger, display_screenshot) 108pdx_server(surfaceflinger, display_vsync) 109 110pdx_client(surfaceflinger, bufferhub_client) 111pdx_client(surfaceflinger, performance_client) 112 113### 114### Neverallow rules 115### 116### surfaceflinger should NEVER do any of this 117 118# Do not allow accessing SDcard files as unsafe ejection could 119# cause the kernel to kill the process. 120neverallow surfaceflinger sdcard_type:file rw_file_perms; 121 122# b/68864350 123dontaudit surfaceflinger unlabeled:dir search; 124