Home | History | Annotate | Download | only in private 
      1 # audioserver - audio services daemon
      2 
      3 typeattribute audioserver coredomain;
      4 
      5 type audioserver_exec, exec_type, file_type;
      6 init_daemon_domain(audioserver)
      7 
      8 r_dir_file(audioserver, sdcard_type)
      9 
     10 binder_use(audioserver)
     11 binder_call(audioserver, binderservicedomain)
     12 binder_call(audioserver, appdomain)
     13 binder_service(audioserver)
     14 
     15 hal_client_domain(audioserver, hal_allocator)
     16 # /system/lib64/hw for always-passthrough Allocator HAL ashmem / mapper .so
     17 r_dir_file(audioserver, system_file)
     18 
     19 hal_client_domain(audioserver, hal_audio)
     20 
     21 userdebug_or_eng(`
     22   # used for TEE sink - pcm capture for debug.
     23   allow audioserver media_data_file:dir create_dir_perms;
     24   allow audioserver audioserver_data_file:dir create_dir_perms;
     25   allow audioserver audioserver_data_file:file create_file_perms;
     26 
     27   # ptrace to processes in the same domain for memory leak detection
     28   allow audioserver self:process ptrace;
     29 ')
     30 
     31 add_service(audioserver, audioserver_service)
     32 allow audioserver appops_service:service_manager find;
     33 allow audioserver batterystats_service:service_manager find;
     34 allow audioserver permission_service:service_manager find;
     35 allow audioserver power_service:service_manager find;
     36 allow audioserver scheduling_policy_service:service_manager find;
     37 
     38 # Grant access to audio files to audioserver
     39 allow audioserver audio_data_file:dir ra_dir_perms;
     40 allow audioserver audio_data_file:file create_file_perms;
     41 
     42 # allow access to ALSA MMAP FDs for AAudio API
     43 allow audioserver audio_device:chr_file { read write };
     44 
     45 # For A2DP bridge which is loaded directly into audioserver
     46 unix_socket_connect(audioserver, bluetooth, bluetooth)
     47 
     48 ###
     49 ### neverallow rules
     50 ###
     51 
     52 # audioserver should never execute any executable without a
     53 # domain transition
     54 neverallow audioserver { file_type fs_type }:file execute_no_trans;
     55 
     56 # The goal of the mediaserver split is to place media processing code into
     57 # restrictive sandboxes with limited responsibilities and thus limited
     58 # permissions. Example: Audioserver is only responsible for controlling audio
     59 # hardware and processing audio content. Cameraserver does the same for camera
     60 # hardware/content. Etc.
     61 #
     62 # Media processing code is inherently risky and thus should have limited
     63 # permissions and be isolated from the rest of the system and network.
     64 # Lengthier explanation here:
     65 # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
     66 neverallow audioserver domain:{ tcp_socket udp_socket rawip_socket } *;
     67