1# surfaceflinger - display compositor service 2type surfaceflinger, domain; 3type surfaceflinger_exec, exec_type, file_type; 4 5init_daemon_domain(surfaceflinger) 6typeattribute surfaceflinger mlstrustedsubject; 7 8# Perform Binder IPC. 9binder_use(surfaceflinger) 10binder_call(surfaceflinger, binderservicedomain) 11binder_call(surfaceflinger, appdomain) 12binder_call(surfaceflinger, bootanim) 13binder_service(surfaceflinger) 14 15# Binder IPC to bu, presently runs in adbd domain. 16binder_call(surfaceflinger, adbd) 17 18# Read /proc/pid files for Binder clients. 19r_dir_file(surfaceflinger, binderservicedomain) 20r_dir_file(surfaceflinger, appdomain) 21 22# Access the GPU. 23allow surfaceflinger gpu_device:chr_file rw_file_perms; 24 25# Access /dev/graphics/fb0. 26allow surfaceflinger graphics_device:dir search; 27allow surfaceflinger graphics_device:chr_file rw_file_perms; 28 29# Access /dev/video1. 30allow surfaceflinger video_device:dir r_dir_perms; 31allow surfaceflinger video_device:chr_file rw_file_perms; 32 33# Create and use netlink kobject uevent sockets. 34allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms; 35 36# Set properties. 37set_prop(surfaceflinger, system_prop) 38set_prop(surfaceflinger, ctl_bootanim_prop) 39 40# Use open files supplied by an app. 41allow surfaceflinger appdomain:fd use; 42allow surfaceflinger app_data_file:file { read write }; 43 44# Use open file provided by bootanim. 45allow surfaceflinger bootanim:fd use; 46 47# Allow a dumpstate triggered screenshot 48binder_call(surfaceflinger, dumpstate) 49binder_call(surfaceflinger, shell) 50r_dir_file(surfaceflinger, dumpstate) 51 52# Needed on some devices for playing DRM protected content, 53# but seems expected and appropriate for all devices. 54allow surfaceflinger tee:unix_stream_socket connectto; 55allow surfaceflinger tee_device:chr_file rw_file_perms; 56 57 58# media.player service 59allow surfaceflinger mediaserver_service:service_manager find; 60allow surfaceflinger permission_service:service_manager find; 61allow surfaceflinger power_service:service_manager find; 62allow surfaceflinger surfaceflinger_service:service_manager { add find }; 63allow surfaceflinger window_service:service_manager find; 64 65### 66### Neverallow rules 67### 68### surfaceflinger should NEVER do any of this 69 70# Do not allow accessing SDcard files as unsafe ejection could 71# cause the kernel to kill the process. 72neverallow surfaceflinger sdcard_type:file rw_file_perms; 73