1 # surfaceflinger - display compositor service 2 3 typeattribute surfaceflinger coredomain; 4 5 type surfaceflinger_exec, exec_type, file_type; 6 init_daemon_domain(surfaceflinger) 7 8 typeattribute surfaceflinger mlstrustedsubject; 9 typeattribute surfaceflinger display_service_server; 10 11 read_runtime_log_tags(surfaceflinger) 12 13 # Perform HwBinder IPC. 14 hal_client_domain(surfaceflinger, hal_graphics_allocator) 15 hal_client_domain(surfaceflinger, hal_graphics_composer) 16 hal_client_domain(surfaceflinger, hal_configstore) 17 allow surfaceflinger hidl_token_hwservice:hwservice_manager find; 18 19 # Perform Binder IPC. 20 binder_use(surfaceflinger) 21 binder_call(surfaceflinger, binderservicedomain) 22 binder_call(surfaceflinger, appdomain) 23 binder_call(surfaceflinger, bootanim) 24 binder_service(surfaceflinger) 25 26 # Binder IPC to bu, presently runs in adbd domain. 27 binder_call(surfaceflinger, adbd) 28 29 # Read /proc/pid files for Binder clients. 30 r_dir_file(surfaceflinger, binderservicedomain) 31 r_dir_file(surfaceflinger, appdomain) 32 33 # Access the GPU. 34 allow surfaceflinger gpu_device:chr_file rw_file_perms; 35 36 # Access /dev/graphics/fb0. 37 allow surfaceflinger graphics_device:dir search; 38 allow surfaceflinger graphics_device:chr_file rw_file_perms; 39 40 # Access /dev/video1. 41 allow surfaceflinger video_device:dir r_dir_perms; 42 allow surfaceflinger video_device:chr_file rw_file_perms; 43 44 # Create and use netlink kobject uevent sockets. 45 allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 46 47 # Set properties. 48 set_prop(surfaceflinger, system_prop) 49 set_prop(surfaceflinger, ctl_bootanim_prop) 50 51 # Use open files supplied by an app. 52 allow surfaceflinger appdomain:fd use; 53 allow surfaceflinger app_data_file:file { read write }; 54 55 # Use socket supplied by adbd, for cmd gpu vkjson etc. 56 allow surfaceflinger adbd:unix_stream_socket { read write getattr }; 57 58 # Allow a dumpstate triggered screenshot 59 binder_call(surfaceflinger, dumpstate) 60 binder_call(surfaceflinger, shell) 61 r_dir_file(surfaceflinger, dumpstate) 62 63 # Needed on some devices for playing DRM protected content, 64 # but seems expected and appropriate for all devices. 65 allow surfaceflinger tee_device:chr_file rw_file_perms; 66 67 68 # media.player service 69 add_service(surfaceflinger, gpu_service) 70 71 # do not use add_service() as hal_graphics_composer_default may be the 72 # provider as well 73 #add_service(surfaceflinger, surfaceflinger_service) 74 allow surfaceflinger surfaceflinger_service:service_manager { add find }; 75 76 allow surfaceflinger mediaserver_service:service_manager find; 77 allow surfaceflinger permission_service:service_manager find; 78 allow surfaceflinger power_service:service_manager find; 79 allow surfaceflinger vr_manager_service:service_manager find; 80 allow surfaceflinger window_service:service_manager find; 81 82 83 # allow self to set SCHED_FIFO 84 allow surfaceflinger self:capability sys_nice; 85 allow surfaceflinger proc_meminfo:file r_file_perms; 86 r_dir_file(surfaceflinger, cgroup) 87 r_dir_file(surfaceflinger, sysfs_type) 88 r_dir_file(surfaceflinger, system_file) 89 allow surfaceflinger tmpfs:dir r_dir_perms; 90 allow surfaceflinger system_server:fd use; 91 allow surfaceflinger ion_device:chr_file r_file_perms; 92 93 # pdx IPC 94 pdx_server(surfaceflinger, display_client) 95 pdx_server(surfaceflinger, display_manager) 96 pdx_server(surfaceflinger, display_screenshot) 97 pdx_server(surfaceflinger, display_vsync) 98 99 pdx_client(surfaceflinger, bufferhub_client) 100 pdx_client(surfaceflinger, performance_client) 101 102 ### 103 ### Neverallow rules 104 ### 105 ### surfaceflinger should NEVER do any of this 106 107 # Do not allow accessing SDcard files as unsafe ejection could 108 # cause the kernel to kill the process. 109 neverallow surfaceflinger sdcard_type:file rw_file_perms; 110
