Home | History | Annotate | Download | only in sepolicy 
      1 # surfaceflinger - display compositor service
      2 type surfaceflinger, domain, domain_deprecated;
      3 type surfaceflinger_exec, exec_type, file_type;
      4 
      5 init_daemon_domain(surfaceflinger)
      6 typeattribute surfaceflinger mlstrustedsubject;
      7 
      8 # Perform Binder IPC.
      9 binder_use(surfaceflinger)
     10 binder_call(surfaceflinger, binderservicedomain)
     11 binder_call(surfaceflinger, { appdomain autoplay_app })
     12 binder_call(surfaceflinger, bootanim)
     13 binder_service(surfaceflinger)
     14 
     15 # Binder IPC to bu, presently runs in adbd domain.
     16 binder_call(surfaceflinger, adbd)
     17 
     18 # Read /proc/pid files for Binder clients.
     19 r_dir_file(surfaceflinger, binderservicedomain)
     20 r_dir_file(surfaceflinger, { appdomain autoplay_app })
     21 
     22 # Access the GPU.
     23 allow surfaceflinger gpu_device:chr_file rw_file_perms;
     24 
     25 # Access /dev/graphics/fb0.
     26 allow surfaceflinger graphics_device:dir search;
     27 allow surfaceflinger graphics_device:chr_file rw_file_perms;
     28 
     29 # Access /dev/video1.
     30 allow surfaceflinger video_device:dir r_dir_perms;
     31 allow surfaceflinger video_device:chr_file rw_file_perms;
     32 
     33 # Create and use netlink kobject uevent sockets.
     34 allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms;
     35 
     36 # Set properties.
     37 set_prop(surfaceflinger, system_prop)
     38 set_prop(surfaceflinger, ctl_bootanim_prop)
     39 
     40 # Use open files supplied by an app.
     41 allow surfaceflinger { appdomain autoplay_app }:fd use;
     42 allow surfaceflinger app_data_file:file { read write };
     43 
     44 # Allow a dumpstate triggered screenshot
     45 binder_call(surfaceflinger, dumpstate)
     46 binder_call(surfaceflinger, shell)
     47 r_dir_file(surfaceflinger, dumpstate)
     48 
     49 # Needed on some devices for playing DRM protected content,
     50 # but seems expected and appropriate for all devices.
     51 allow surfaceflinger tee:unix_stream_socket connectto;
     52 allow surfaceflinger tee_device:chr_file rw_file_perms;
     53 
     54 
     55 # media.player service
     56 allow surfaceflinger mediaserver_service:service_manager find;
     57 allow surfaceflinger permission_service:service_manager find;
     58 allow surfaceflinger power_service:service_manager find;
     59 allow surfaceflinger gpu_service:service_manager { add find };
     60 allow surfaceflinger surfaceflinger_service:service_manager { add find };
     61 allow surfaceflinger window_service:service_manager find;
     62 
     63 # allow self to set SCHED_FIFO
     64 allow surfaceflinger self:capability sys_nice;
     65 
     66 ###
     67 ### Neverallow rules
     68 ###
     69 ### surfaceflinger should NEVER do any of this
     70 
     71 # Do not allow accessing SDcard files as unsafe ejection could
     72 # cause the kernel to kill the process.
     73 neverallow surfaceflinger sdcard_type:file rw_file_perms;
     74