1# surfaceflinger - display compositor service
2
3typeattribute surfaceflinger coredomain;
4
5type surfaceflinger_exec, exec_type, file_type;
6init_daemon_domain(surfaceflinger)
7
8typeattribute surfaceflinger mlstrustedsubject;
9typeattribute surfaceflinger display_service_server;
10
11read_runtime_log_tags(surfaceflinger)
12
13# Perform HwBinder IPC.
14hal_client_domain(surfaceflinger, hal_graphics_allocator)
15hal_client_domain(surfaceflinger, hal_graphics_composer)
16hal_client_domain(surfaceflinger, hal_configstore)
17hal_client_domain(surfaceflinger, hal_power)
18allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
19
20# Perform Binder IPC.
21binder_use(surfaceflinger)
22binder_call(surfaceflinger, binderservicedomain)
23binder_call(surfaceflinger, appdomain)
24binder_call(surfaceflinger, bootanim)
25binder_service(surfaceflinger)
26
27# Binder IPC to bu, presently runs in adbd domain.
28binder_call(surfaceflinger, adbd)
29
30# Read /proc/pid files for Binder clients.
31r_dir_file(surfaceflinger, binderservicedomain)
32r_dir_file(surfaceflinger, appdomain)
33
34# Access the GPU.
35allow surfaceflinger gpu_device:chr_file rw_file_perms;
36
37# Access /dev/graphics/fb0.
38allow surfaceflinger graphics_device:dir search;
39allow surfaceflinger graphics_device:chr_file rw_file_perms;
40
41# Access /dev/video1.
42allow surfaceflinger video_device:dir r_dir_perms;
43allow surfaceflinger video_device:chr_file rw_file_perms;
44
45# Create and use netlink kobject uevent sockets.
46allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
47
48# Set properties.
49set_prop(surfaceflinger, system_prop)
50set_prop(surfaceflinger, exported_system_prop)
51set_prop(surfaceflinger, exported2_system_prop)
52set_prop(surfaceflinger, exported3_system_prop)
53set_prop(surfaceflinger, ctl_bootanim_prop)
54
55# Use open files supplied by an app.
56allow surfaceflinger appdomain:fd use;
57allow surfaceflinger app_data_file:file { read write };
58
59# Allow writing surface traces to /data/misc/wmtrace.
60userdebug_or_eng(`
61  allow surfaceflinger wm_trace_data_file:dir rw_dir_perms;
62  allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
63')
64
65# Use socket supplied by adbd, for cmd gpu vkjson etc.
66allow surfaceflinger adbd:unix_stream_socket { read write getattr };
67
68# Allow a dumpstate triggered screenshot
69binder_call(surfaceflinger, dumpstate)
70binder_call(surfaceflinger, shell)
71r_dir_file(surfaceflinger, dumpstate)
72
73# Needed on some devices for playing DRM protected content,
74# but seems expected and appropriate for all devices.
75allow surfaceflinger tee_device:chr_file rw_file_perms;
76
77
78# media.player service
79add_service(surfaceflinger, gpu_service)
80
81# do not use add_service() as hal_graphics_composer_default may be the
82# provider as well
83#add_service(surfaceflinger, surfaceflinger_service)
84allow surfaceflinger surfaceflinger_service:service_manager { add find };
85
86allow surfaceflinger mediaserver_service:service_manager find;
87allow surfaceflinger permission_service:service_manager find;
88allow surfaceflinger power_service:service_manager find;
89allow surfaceflinger vr_manager_service:service_manager find;
90allow surfaceflinger window_service:service_manager find;
91
92
93# allow self to set SCHED_FIFO
94allow surfaceflinger self:global_capability_class_set sys_nice;
95allow surfaceflinger proc_meminfo:file r_file_perms;
96r_dir_file(surfaceflinger, cgroup)
97r_dir_file(surfaceflinger, system_file)
98allow surfaceflinger tmpfs:dir r_dir_perms;
99allow surfaceflinger system_server:fd use;
100allow surfaceflinger ion_device:chr_file r_file_perms;
101
102# pdx IPC
103pdx_server(surfaceflinger, display_client)
104pdx_server(surfaceflinger, display_manager)
105pdx_server(surfaceflinger, display_screenshot)
106pdx_server(surfaceflinger, display_vsync)
107
108pdx_client(surfaceflinger, bufferhub_client)
109pdx_client(surfaceflinger, performance_client)
110
111###
112### Neverallow rules
113###
114### surfaceflinger should NEVER do any of this
115
116# Do not allow accessing SDcard files as unsafe ejection could
117# cause the kernel to kill the process.
118neverallow surfaceflinger sdcard_type:file rw_file_perms;
119
120# b/68864350
121dontaudit surfaceflinger unlabeled:dir search;
122