1 # mediaextractor - multimedia daemon 2 type mediaextractor, domain; 3 type mediaextractor_exec, exec_type, file_type; 4 5 typeattribute mediaextractor mlstrustedsubject; 6 7 binder_use(mediaextractor) 8 binder_call(mediaextractor, binderservicedomain) 9 binder_call(mediaextractor, appdomain) 10 binder_service(mediaextractor) 11 12 add_service(mediaextractor, mediaextractor_service) 13 allow mediaextractor mediametrics_service:service_manager find; 14 allow mediaextractor mediacasserver_service:service_manager find; 15 16 allow mediaextractor system_server:fd use; 17 18 r_dir_file(mediaextractor, cgroup) 19 allow mediaextractor proc_meminfo:file r_file_perms; 20 21 crash_dump_fallback(mediaextractor) 22 23 # allow mediaextractor read permissions for file sources 24 allow mediaextractor media_rw_data_file:file { getattr read }; 25 allow mediaextractor app_data_file:file { getattr read }; 26 27 # Read resources from open apk files passed over Binder 28 allow mediaextractor apk_data_file:file { read getattr }; 29 allow mediaextractor asec_apk_file:file { read getattr }; 30 allow mediaextractor ringtone_file:file { read getattr }; 31 32 ### 33 ### neverallow rules 34 ### 35 36 # mediaextractor should never execute any executable without a 37 # domain transition 38 neverallow mediaextractor { file_type fs_type }:file execute_no_trans; 39 40 # The goal of the mediaserver split is to place media processing code into 41 # restrictive sandboxes with limited responsibilities and thus limited 42 # permissions. Example: Audioserver is only responsible for controlling audio 43 # hardware and processing audio content. Cameraserver does the same for camera 44 # hardware/content. Etc. 45 # 46 # Media processing code is inherently risky and thus should have limited 47 # permissions and be isolated from the rest of the system and network. 48 # Lengthier explanation here: 49 # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html 50 neverallow mediaextractor domain:{ tcp_socket udp_socket rawip_socket } *; 51
