1# audioserver - audio services daemon
2
3typeattribute audioserver coredomain;
4
5type audioserver_exec, exec_type, file_type;
6init_daemon_domain(audioserver)
7
8r_dir_file(audioserver, sdcard_type)
9
10binder_use(audioserver)
11binder_call(audioserver, binderservicedomain)
12binder_call(audioserver, appdomain)
13binder_service(audioserver)
14
15hal_client_domain(audioserver, hal_allocator)
16# /system/lib64/hw for always-passthrough Allocator HAL ashmem / mapper .so
17r_dir_file(audioserver, system_file)
18
19hal_client_domain(audioserver, hal_audio)
20
21userdebug_or_eng(`
22  # used for TEE sink - pcm capture for debug.
23  allow audioserver media_data_file:dir create_dir_perms;
24  allow audioserver audioserver_data_file:dir create_dir_perms;
25  allow audioserver audioserver_data_file:file create_file_perms;
26
27  # ptrace to processes in the same domain for memory leak detection
28  allow audioserver self:process ptrace;
29')
30
31add_service(audioserver, audioserver_service)
32allow audioserver appops_service:service_manager find;
33allow audioserver batterystats_service:service_manager find;
34allow audioserver permission_service:service_manager find;
35allow audioserver power_service:service_manager find;
36allow audioserver scheduling_policy_service:service_manager find;
37
38# Grant access to audio files to audioserver
39allow audioserver audio_data_file:dir ra_dir_perms;
40allow audioserver audio_data_file:file create_file_perms;
41
42# allow access to ALSA MMAP FDs for AAudio API
43allow audioserver audio_device:chr_file { read write };
44
45# For A2DP bridge which is loaded directly into audioserver
46unix_socket_connect(audioserver, bluetooth, bluetooth)
47
48###
49### neverallow rules
50###
51
52# audioserver should never execute any executable without a
53# domain transition
54neverallow audioserver { file_type fs_type }:file execute_no_trans;
55
56# The goal of the mediaserver split is to place media processing code into
57# restrictive sandboxes with limited responsibilities and thus limited
58# permissions. Example: Audioserver is only responsible for controlling audio
59# hardware and processing audio content. Cameraserver does the same for camera
60# hardware/content. Etc.
61#
62# Media processing code is inherently risky and thus should have limited
63# permissions and be isolated from the rest of the system and network.
64# Lengthier explanation here:
65# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
66neverallow audioserver domain:{ tcp_socket udp_socket rawip_socket } *;
67