1# surfaceflinger - display compositor service 2type surfaceflinger, domain; 3type surfaceflinger_exec, exec_type, file_type; 4 5init_daemon_domain(surfaceflinger) 6typeattribute surfaceflinger mlstrustedsubject; 7 8# Talk to init over the property socket. 9unix_socket_connect(surfaceflinger, property, init) 10 11# Perform Binder IPC. 12binder_use(surfaceflinger) 13binder_call(surfaceflinger, binderservicedomain) 14binder_call(surfaceflinger, appdomain) 15binder_call(surfaceflinger, bootanim) 16binder_service(surfaceflinger) 17 18# Binder IPC to bu, presently runs in adbd domain. 19binder_call(surfaceflinger, adbd) 20 21# Read /proc/pid files for Binder clients. 22r_dir_file(surfaceflinger, binderservicedomain) 23r_dir_file(surfaceflinger, appdomain) 24 25# Access the GPU. 26allow surfaceflinger gpu_device:chr_file rw_file_perms; 27 28# Access /dev/graphics/fb0. 29allow surfaceflinger graphics_device:dir search; 30allow surfaceflinger graphics_device:chr_file rw_file_perms; 31 32# Access /dev/video1. 33allow surfaceflinger video_device:dir r_dir_perms; 34allow surfaceflinger video_device:chr_file rw_file_perms; 35 36# Create and use netlink kobject uevent sockets. 37allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms; 38 39# Set properties. 40allow surfaceflinger system_prop:property_service set; 41allow surfaceflinger ctl_bootanim_prop:property_service set; 42 43# Use open files supplied by an app. 44allow surfaceflinger appdomain:fd use; 45allow surfaceflinger app_data_file:file { read write }; 46 47# Use open file provided by bootanim. 48allow surfaceflinger bootanim:fd use; 49 50# Allow a dumpstate triggered screenshot 51binder_call(surfaceflinger, dumpstate) 52binder_call(surfaceflinger, shell) 53r_dir_file(surfaceflinger, dumpstate) 54 55# Needed on some devices for playing DRM protected content, 56# but seems expected and appropriate for all devices. 57allow surfaceflinger tee:unix_stream_socket connectto; 58allow surfaceflinger tee_device:chr_file rw_file_perms; 59 60allow surfaceflinger surfaceflinger_service:service_manager add; 61 62### 63### Neverallow rules 64### 65### surfaceflinger should NEVER do any of this 66 67# Do not allow accessing SDcard files as unsafe ejection could 68# cause the kernel to kill the process. 69neverallow surfaceflinger sdcard_type:file rw_file_perms; 70