Home | History | Annotate | Download | only in sepolicy 
      1 # surfaceflinger - display compositor service
      2 type surfaceflinger, domain;
      3 type surfaceflinger_exec, exec_type, file_type;
      4 
      5 init_daemon_domain(surfaceflinger)
      6 typeattribute surfaceflinger mlstrustedsubject;
      7 
      8 # Talk to init over the property socket.
      9 unix_socket_connect(surfaceflinger, property, init)
     10 
     11 # Perform Binder IPC.
     12 binder_use(surfaceflinger)
     13 binder_call(surfaceflinger, binderservicedomain)
     14 binder_call(surfaceflinger, appdomain)
     15 binder_call(surfaceflinger, bootanim)
     16 binder_service(surfaceflinger)
     17 
     18 # Binder IPC to bu, presently runs in adbd domain.
     19 binder_call(surfaceflinger, adbd)
     20 
     21 # Read /proc/pid files for Binder clients.
     22 r_dir_file(surfaceflinger, binderservicedomain)
     23 r_dir_file(surfaceflinger, appdomain)
     24 
     25 # Access the GPU.
     26 allow surfaceflinger gpu_device:chr_file rw_file_perms;
     27 
     28 # Access /dev/graphics/fb0.
     29 allow surfaceflinger graphics_device:dir search;
     30 allow surfaceflinger graphics_device:chr_file rw_file_perms;
     31 
     32 # Access /dev/video1.
     33 allow surfaceflinger video_device:dir r_dir_perms;
     34 allow surfaceflinger video_device:chr_file rw_file_perms;
     35 
     36 # Create and use netlink kobject uevent sockets.
     37 allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms;
     38 
     39 # Set properties.
     40 allow surfaceflinger system_prop:property_service set;
     41 allow surfaceflinger ctl_bootanim_prop:property_service set;
     42 
     43 # Use open files supplied by an app.
     44 allow surfaceflinger appdomain:fd use;
     45 allow surfaceflinger app_data_file:file { read write };
     46 
     47 # Use open file provided by bootanim.
     48 allow surfaceflinger bootanim:fd use;
     49 
     50 # Allow a dumpstate triggered screenshot
     51 binder_call(surfaceflinger, dumpstate)
     52 binder_call(surfaceflinger, shell)
     53 r_dir_file(surfaceflinger, dumpstate)
     54 
     55 # Needed on some devices for playing DRM protected content,
     56 # but seems expected and appropriate for all devices.
     57 allow surfaceflinger tee:unix_stream_socket connectto;
     58 allow surfaceflinger tee_device:chr_file rw_file_perms;
     59 
     60 allow surfaceflinger surfaceflinger_service:service_manager add;
     61 
     62 ###
     63 ### Neverallow rules
     64 ###
     65 ### surfaceflinger should NEVER do any of this
     66 
     67 # Do not allow accessing SDcard files as unsafe ejection could
     68 # cause the kernel to kill the process.
     69 neverallow surfaceflinger sdcard_type:file rw_file_perms;
     70