1# mediaserver - multimedia daemon 2type mediaserver, domain; 3type mediaserver_exec, exec_type, file_type; 4 5typeattribute mediaserver mlstrustedsubject; 6 7# TODO(b/36375899): replace with hal_client_domain macro on hal_omx 8typeattribute mediaserver halclientdomain; 9 10net_domain(mediaserver) 11 12r_dir_file(mediaserver, sdcard_type) 13r_dir_file(mediaserver, cgroup) 14 15# stat /proc/self 16allow mediaserver proc:lnk_file getattr; 17 18# open /vendor/lib/mediadrm 19allow mediaserver system_file:dir r_dir_perms; 20 21userdebug_or_eng(` 22 # ptrace to processes in the same domain for memory leak detection 23 allow mediaserver self:process ptrace; 24') 25 26binder_use(mediaserver) 27binder_call(mediaserver, binderservicedomain) 28binder_call(mediaserver, appdomain) 29binder_service(mediaserver) 30 31allow mediaserver media_data_file:dir create_dir_perms; 32allow mediaserver media_data_file:file create_file_perms; 33allow mediaserver app_data_file:dir search; 34allow mediaserver app_data_file:file rw_file_perms; 35allow mediaserver sdcard_type:file write; 36allow mediaserver gpu_device:chr_file rw_file_perms; 37allow mediaserver video_device:dir r_dir_perms; 38allow mediaserver video_device:chr_file rw_file_perms; 39 40set_prop(mediaserver, audio_prop) 41 42# Read resources from open apk files passed over Binder. 43allow mediaserver apk_data_file:file { read getattr }; 44allow mediaserver asec_apk_file:file { read getattr }; 45allow mediaserver ringtone_file:file { read getattr }; 46 47# Read /data/data/com.android.providers.telephony files passed over Binder. 48allow mediaserver radio_data_file:file { read getattr }; 49 50# Use pipes passed over Binder from app domains. 51allow mediaserver appdomain:fifo_file { getattr read write }; 52 53allow mediaserver rpmsg_device:chr_file rw_file_perms; 54 55# Inter System processes communicate over named pipe (FIFO) 56allow mediaserver system_server:fifo_file r_file_perms; 57 58r_dir_file(mediaserver, media_rw_data_file) 59 60# Grant access to read files on appfuse. 61allow mediaserver app_fuse_file:file { read getattr }; 62 63# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid 64allow mediaserver qtaguid_proc:file rw_file_perms; 65allow mediaserver qtaguid_device:chr_file r_file_perms; 66 67# Needed on some devices for playing DRM protected content, 68# but seems expected and appropriate for all devices. 69unix_socket_connect(mediaserver, drmserver, drmserver) 70 71# Needed on some devices for playing audio on paired BT device, 72# but seems appropriate for all devices. 73unix_socket_connect(mediaserver, bluetooth, bluetooth) 74 75add_service(mediaserver, mediaserver_service) 76allow mediaserver activity_service:service_manager find; 77allow mediaserver appops_service:service_manager find; 78allow mediaserver audioserver_service:service_manager find; 79allow mediaserver cameraserver_service:service_manager find; 80allow mediaserver batterystats_service:service_manager find; 81allow mediaserver drmserver_service:service_manager find; 82allow mediaserver mediaextractor_service:service_manager find; 83allow mediaserver mediacodec_service:service_manager find; 84allow mediaserver mediametrics_service:service_manager find; 85allow mediaserver media_session_service:service_manager find; 86allow mediaserver permission_service:service_manager find; 87allow mediaserver power_service:service_manager find; 88allow mediaserver processinfo_service:service_manager find; 89allow mediaserver scheduling_policy_service:service_manager find; 90allow mediaserver surfaceflinger_service:service_manager find; 91 92# for ModDrm/MediaPlayer 93allow mediaserver mediadrmserver_service:service_manager find; 94 95# For interfacing with OMX HAL 96allow mediaserver hidl_token_hwservice:hwservice_manager find; 97 98# /oem access 99allow mediaserver oemfs:dir search; 100allow mediaserver oemfs:file r_file_perms; 101 102use_drmservice(mediaserver) 103allow mediaserver drmserver:drmservice { 104 consumeRights 105 setPlaybackStatus 106 openDecryptSession 107 closeDecryptSession 108 initializeDecryptUnit 109 decrypt 110 finalizeDecryptUnit 111 pread 112}; 113 114# only allow unprivileged socket ioctl commands 115allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket } 116 ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; 117 118# Access to /data/media. 119# This should be removed if sdcardfs is modified to alter the secontext for its 120# accesses to the underlying FS. 121allow mediaserver media_rw_data_file:dir create_dir_perms; 122allow mediaserver media_rw_data_file:file create_file_perms; 123 124# Access to media in /data/preloads 125allow mediaserver preloads_media_file:file { getattr read ioctl }; 126 127allow mediaserver ion_device:chr_file r_file_perms; 128allow mediaserver hal_graphics_allocator:fd use; 129allow mediaserver hal_graphics_composer:fd use; 130allow mediaserver hal_camera:fd use; 131 132allow mediaserver system_server:fd use; 133 134hal_client_domain(mediaserver, hal_allocator) 135 136binder_call(mediaserver, mediacodec) 137 138### 139### neverallow rules 140### 141 142# mediaserver should never execute any executable without a 143# domain transition 144neverallow mediaserver { file_type fs_type }:file execute_no_trans; 145 146# do not allow privileged socket ioctl commands 147neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 148