1# surfaceflinger - display compositor service
2
3typeattribute surfaceflinger coredomain;
4
5type surfaceflinger_exec, exec_type, file_type;
6init_daemon_domain(surfaceflinger)
7
8typeattribute surfaceflinger mlstrustedsubject;
9typeattribute surfaceflinger display_service_server;
10
11read_runtime_log_tags(surfaceflinger)
12
13# Perform HwBinder IPC.
14hal_client_domain(surfaceflinger, hal_graphics_allocator)
15hal_client_domain(surfaceflinger, hal_graphics_composer)
16hal_client_domain(surfaceflinger, hal_configstore)
17allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
18
19# Perform Binder IPC.
20binder_use(surfaceflinger)
21binder_call(surfaceflinger, binderservicedomain)
22binder_call(surfaceflinger, appdomain)
23binder_call(surfaceflinger, bootanim)
24binder_service(surfaceflinger)
25
26# Binder IPC to bu, presently runs in adbd domain.
27binder_call(surfaceflinger, adbd)
28
29# Read /proc/pid files for Binder clients.
30r_dir_file(surfaceflinger, binderservicedomain)
31r_dir_file(surfaceflinger, appdomain)
32
33# Access the GPU.
34allow surfaceflinger gpu_device:chr_file rw_file_perms;
35
36# Access /dev/graphics/fb0.
37allow surfaceflinger graphics_device:dir search;
38allow surfaceflinger graphics_device:chr_file rw_file_perms;
39
40# Access /dev/video1.
41allow surfaceflinger video_device:dir r_dir_perms;
42allow surfaceflinger video_device:chr_file rw_file_perms;
43
44# Create and use netlink kobject uevent sockets.
45allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
46
47# Set properties.
48set_prop(surfaceflinger, system_prop)
49set_prop(surfaceflinger, ctl_bootanim_prop)
50
51# Use open files supplied by an app.
52allow surfaceflinger appdomain:fd use;
53allow surfaceflinger app_data_file:file { read write };
54
55# Use socket supplied by adbd, for cmd gpu vkjson etc.
56allow surfaceflinger adbd:unix_stream_socket { read write getattr };
57
58# Allow a dumpstate triggered screenshot
59binder_call(surfaceflinger, dumpstate)
60binder_call(surfaceflinger, shell)
61r_dir_file(surfaceflinger, dumpstate)
62
63# Needed on some devices for playing DRM protected content,
64# but seems expected and appropriate for all devices.
65allow surfaceflinger tee_device:chr_file rw_file_perms;
66
67
68# media.player service
69add_service(surfaceflinger, gpu_service)
70
71# do not use add_service() as hal_graphics_composer_default may be the
72# provider as well
73#add_service(surfaceflinger, surfaceflinger_service)
74allow surfaceflinger surfaceflinger_service:service_manager { add find };
75
76allow surfaceflinger mediaserver_service:service_manager find;
77allow surfaceflinger permission_service:service_manager find;
78allow surfaceflinger power_service:service_manager find;
79allow surfaceflinger vr_manager_service:service_manager find;
80allow surfaceflinger window_service:service_manager find;
81
82
83# allow self to set SCHED_FIFO
84allow surfaceflinger self:capability sys_nice;
85allow surfaceflinger proc_meminfo:file r_file_perms;
86r_dir_file(surfaceflinger, cgroup)
87r_dir_file(surfaceflinger, sysfs_type)
88r_dir_file(surfaceflinger, system_file)
89allow surfaceflinger tmpfs:dir r_dir_perms;
90allow surfaceflinger system_server:fd use;
91allow surfaceflinger ion_device:chr_file r_file_perms;
92
93# pdx IPC
94pdx_server(surfaceflinger, display_client)
95pdx_server(surfaceflinger, display_manager)
96pdx_server(surfaceflinger, display_screenshot)
97pdx_server(surfaceflinger, display_vsync)
98
99pdx_client(surfaceflinger, bufferhub_client)
100pdx_client(surfaceflinger, performance_client)
101
102###
103### Neverallow rules
104###
105### surfaceflinger should NEVER do any of this
106
107# Do not allow accessing SDcard files as unsafe ejection could
108# cause the kernel to kill the process.
109neverallow surfaceflinger sdcard_type:file rw_file_perms;
110