1# mediatuner - mediatuner daemon 2type mediatuner, domain; 3type mediatuner_exec, system_file_type, exec_type, file_type; 4 5typeattribute mediatuner coredomain; 6 7init_daemon_domain(mediatuner) 8hal_client_domain(mediatuner, hal_tv_tuner) 9 10binder_use(mediatuner) 11binder_call(mediatuner, appdomain) 12binder_service(mediatuner) 13 14add_service(mediatuner, mediatuner_service) 15allow mediatuner system_server:fd use; 16allow mediatuner tv_tuner_resource_mgr_service:service_manager find; 17allow mediatuner package_native_service:service_manager find; 18binder_call(mediatuner, system_server) 19 20### 21### neverallow rules 22### 23 24# mediatuner should never execute any executable without a 25# domain transition 26neverallow mediatuner { file_type fs_type }:file execute_no_trans; 27 28# do not allow privileged socket ioctl commands 29neverallowxperm mediatuner domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 30 31