1# surfaceflinger - display compositor service 2 3typeattribute surfaceflinger coredomain; 4 5type surfaceflinger_exec, system_file_type, exec_type, file_type; 6init_daemon_domain(surfaceflinger) 7tmpfs_domain(surfaceflinger) 8 9typeattribute surfaceflinger mlstrustedsubject; 10typeattribute surfaceflinger display_service_server; 11 12read_runtime_log_tags(surfaceflinger) 13 14# Perform HwBinder IPC. 15hal_client_domain(surfaceflinger, hal_graphics_allocator) 16hal_client_domain(surfaceflinger, hal_graphics_composer) 17typeattribute surfaceflinger_tmpfs hal_graphics_composer_client_tmpfs; 18hal_client_domain(surfaceflinger, hal_codec2) 19hal_client_domain(surfaceflinger, hal_omx) 20hal_client_domain(surfaceflinger, hal_configstore) 21hal_client_domain(surfaceflinger, hal_power) 22hal_client_domain(surfaceflinger, hal_bufferhub) 23allow surfaceflinger hidl_token_hwservice:hwservice_manager find; 24 25# Perform Binder IPC. 26binder_use(surfaceflinger) 27binder_call(surfaceflinger, binderservicedomain) 28binder_call(surfaceflinger, appdomain) 29binder_call(surfaceflinger, bootanim) 30binder_call(surfaceflinger, system_server); 31binder_service(surfaceflinger) 32 33# Binder IPC to bu, presently runs in adbd domain. 34binder_call(surfaceflinger, adbd) 35 36# Read /proc/pid files for Binder clients. 37r_dir_file(surfaceflinger, binderservicedomain) 38r_dir_file(surfaceflinger, appdomain) 39 40# Access the GPU. 41allow surfaceflinger gpu_device:chr_file rw_file_perms; 42 43# Access /dev/graphics/fb0. 44allow surfaceflinger graphics_device:dir search; 45allow surfaceflinger graphics_device:chr_file rw_file_perms; 46 47# Access /dev/video1. 48allow surfaceflinger video_device:dir r_dir_perms; 49allow surfaceflinger video_device:chr_file rw_file_perms; 50 51# Create and use netlink kobject uevent sockets. 52allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 53 54# Set properties. 55set_prop(surfaceflinger, system_prop) 56set_prop(surfaceflinger, bootanim_system_prop) 57set_prop(surfaceflinger, exported_system_prop) 58set_prop(surfaceflinger, exported3_system_prop) 59set_prop(surfaceflinger, ctl_bootanim_prop) 60set_prop(surfaceflinger, surfaceflinger_display_prop) 61 62# Get properties. 63get_prop(surfaceflinger, qemu_sf_lcd_density_prop) 64 65# Use open files supplied by an app. 66allow surfaceflinger appdomain:fd use; 67allow surfaceflinger { app_data_file privapp_data_file }:file { read write }; 68 69# Allow writing surface traces to /data/misc/wmtrace. 70userdebug_or_eng(` 71 allow surfaceflinger wm_trace_data_file:dir rw_dir_perms; 72 allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms }; 73') 74 75# Needed to register as a Perfetto producer. 76perfetto_producer(surfaceflinger) 77 78# Use socket supplied by adbd, for cmd gpu vkjson etc. 79allow surfaceflinger adbd:unix_stream_socket { read write getattr }; 80 81# Allow a dumpstate triggered screenshot 82binder_call(surfaceflinger, dumpstate) 83binder_call(surfaceflinger, shell) 84r_dir_file(surfaceflinger, dumpstate) 85 86# media.player service 87 88# do not use add_service() as hal_graphics_composer_default may be the 89# provider as well 90#add_service(surfaceflinger, surfaceflinger_service) 91allow surfaceflinger surfaceflinger_service:service_manager { add find }; 92 93add_service(surfaceflinger, vrflinger_vsync_service) 94 95allow surfaceflinger mediaserver_service:service_manager find; 96allow surfaceflinger permission_service:service_manager find; 97allow surfaceflinger power_service:service_manager find; 98allow surfaceflinger vr_manager_service:service_manager find; 99allow surfaceflinger window_service:service_manager find; 100allow surfaceflinger inputflinger_service:service_manager find; 101 102 103# allow self to set SCHED_FIFO 104allow surfaceflinger self:global_capability_class_set sys_nice; 105allow surfaceflinger proc_meminfo:file r_file_perms; 106r_dir_file(surfaceflinger, cgroup) 107r_dir_file(surfaceflinger, cgroup_v2) 108r_dir_file(surfaceflinger, system_file) 109allow surfaceflinger tmpfs:dir r_dir_perms; 110allow surfaceflinger system_server:fd use; 111allow surfaceflinger system_server:unix_stream_socket { read write }; 112allow surfaceflinger ion_device:chr_file r_file_perms; 113allow surfaceflinger dmabuf_system_heap_device:chr_file r_file_perms; 114 115# pdx IPC 116pdx_server(surfaceflinger, display_client) 117pdx_server(surfaceflinger, display_manager) 118pdx_server(surfaceflinger, display_screenshot) 119pdx_server(surfaceflinger, display_vsync) 120 121pdx_client(surfaceflinger, bufferhub_client) 122pdx_client(surfaceflinger, performance_client) 123 124# Allow supplying timestats statistics to statsd 125allow surfaceflinger stats_service:service_manager find; 126allow surfaceflinger statsmanager_service:service_manager find; 127# TODO(146461633): remove this once native pullers talk to StatsManagerService 128binder_call(surfaceflinger, statsd); 129 130# Allow pushing jank event atoms to statsd 131userdebug_or_eng(` 132 unix_socket_send(surfaceflinger, statsdw, statsd) 133') 134 135# Surfaceflinger should not be reading default vendor-defined properties. 136dontaudit surfaceflinger vendor_default_prop:file read; 137 138### 139### Neverallow rules 140### 141### surfaceflinger should NEVER do any of this 142 143# Do not allow accessing SDcard files as unsafe ejection could 144# cause the kernel to kill the process. 145neverallow surfaceflinger sdcard_type:file rw_file_perms; 146 147# b/68864350 148dontaudit surfaceflinger unlabeled:dir search; 149