1# surfaceflinger - display compositor service 2type surfaceflinger, domain, domain_deprecated; 3type surfaceflinger_exec, exec_type, file_type; 4 5init_daemon_domain(surfaceflinger) 6typeattribute surfaceflinger mlstrustedsubject; 7 8# Perform Binder IPC. 9binder_use(surfaceflinger) 10binder_call(surfaceflinger, binderservicedomain) 11binder_call(surfaceflinger, { appdomain autoplay_app }) 12binder_call(surfaceflinger, bootanim) 13binder_service(surfaceflinger) 14 15# Binder IPC to bu, presently runs in adbd domain. 16binder_call(surfaceflinger, adbd) 17 18# Read /proc/pid files for Binder clients. 19r_dir_file(surfaceflinger, binderservicedomain) 20r_dir_file(surfaceflinger, { appdomain autoplay_app }) 21 22# Access the GPU. 23allow surfaceflinger gpu_device:chr_file rw_file_perms; 24 25# Access /dev/graphics/fb0. 26allow surfaceflinger graphics_device:dir search; 27allow surfaceflinger graphics_device:chr_file rw_file_perms; 28 29# Access /dev/video1. 30allow surfaceflinger video_device:dir r_dir_perms; 31allow surfaceflinger video_device:chr_file rw_file_perms; 32 33# Create and use netlink kobject uevent sockets. 34allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms; 35 36# Set properties. 37set_prop(surfaceflinger, system_prop) 38set_prop(surfaceflinger, ctl_bootanim_prop) 39 40# Use open files supplied by an app. 41allow surfaceflinger { appdomain autoplay_app }:fd use; 42allow surfaceflinger app_data_file:file { read write }; 43 44# Allow a dumpstate triggered screenshot 45binder_call(surfaceflinger, dumpstate) 46binder_call(surfaceflinger, shell) 47r_dir_file(surfaceflinger, dumpstate) 48 49# Needed on some devices for playing DRM protected content, 50# but seems expected and appropriate for all devices. 51allow surfaceflinger tee:unix_stream_socket connectto; 52allow surfaceflinger tee_device:chr_file rw_file_perms; 53 54 55# media.player service 56allow surfaceflinger mediaserver_service:service_manager find; 57allow surfaceflinger permission_service:service_manager find; 58allow surfaceflinger power_service:service_manager find; 59allow surfaceflinger gpu_service:service_manager { add find }; 60allow surfaceflinger surfaceflinger_service:service_manager { add find }; 61allow surfaceflinger window_service:service_manager find; 62 63### 64### Neverallow rules 65### 66### surfaceflinger should NEVER do any of this 67 68# Do not allow accessing SDcard files as unsafe ejection could 69# cause the kernel to kill the process. 70neverallow surfaceflinger sdcard_type:file rw_file_perms; 71