1# mediatranscoding - daemon for transcoding video and image. 2type mediatranscoding, domain; 3type mediatranscoding_exec, system_file_type, exec_type, file_type; 4type mediatranscoding_tmpfs, file_type; 5typeattribute mediatranscoding coredomain; 6 7init_daemon_domain(mediatranscoding) 8tmpfs_domain(mediatranscoding) 9allow mediatranscoding appdomain_tmpfs:file { getattr map read write }; 10 11binder_use(mediatranscoding) 12binder_call(mediatranscoding, binderservicedomain) 13binder_call(mediatranscoding, appdomain) 14binder_service(mediatranscoding) 15 16add_service(mediatranscoding, mediatranscoding_service) 17 18hal_client_domain(mediatranscoding, hal_graphics_allocator) 19hal_client_domain(mediatranscoding, hal_configstore) 20hal_client_domain(mediatranscoding, hal_omx) 21hal_client_domain(mediatranscoding, hal_codec2) 22 23allow mediatranscoding mediaserver_service:service_manager find; 24allow mediatranscoding mediametrics_service:service_manager find; 25allow mediatranscoding mediaextractor_service:service_manager find; 26allow mediatranscoding package_native_service:service_manager find; 27allow mediatranscoding thermal_service:service_manager find; 28 29allow mediatranscoding system_server:fd use; 30allow mediatranscoding activity_service:service_manager find; 31 32# allow mediatranscoding service read/write permissions for file sources 33allow mediatranscoding sdcardfs:file { getattr read write }; 34allow mediatranscoding media_rw_data_file:file { getattr read write }; 35allow mediatranscoding apk_data_file:file { getattr read }; 36allow mediatranscoding app_data_file:file { getattr read write }; 37allow mediatranscoding shell_data_file:file { getattr read write }; 38 39# allow mediatranscoding service write permission to statsd socket 40unix_socket_send(mediatranscoding, statsdw, statsd) 41 42# Allow mediatranscoding to access the DMA-BUF system heap 43allow mediatranscoding dmabuf_system_heap_device:chr_file r_file_perms; 44 45allow mediatranscoding gpu_device:dir search; 46 47# Allow mediatranscoding service to access media-related system properties 48get_prop(mediatranscoding, media_config_prop) 49 50# mediatranscoding should never execute any executable without a 51# domain transition 52neverallow mediatranscoding { file_type fs_type }:file execute_no_trans; 53 54# The goal of the mediaserver split is to place media processing code into 55# restrictive sandboxes with limited responsibilities and thus limited 56# permissions. Example: Audioserver is only responsible for controlling audio 57# hardware and processing audio content. Cameraserver does the same for camera 58# hardware/content. Etc. 59# 60# Media processing code is inherently risky and thus should have limited 61# permissions and be isolated from the rest of the system and network. 62# Lengthier explanation here: 63# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html 64neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *; 65