1 # surfaceflinger - display compositor service 2 3 typeattribute surfaceflinger coredomain; 4 5 type surfaceflinger_exec, exec_type, file_type; 6 init_daemon_domain(surfaceflinger) 7 8 typeattribute surfaceflinger mlstrustedsubject; 9 typeattribute surfaceflinger display_service_server; 10 11 read_runtime_log_tags(surfaceflinger) 12 13 # Perform HwBinder IPC. 14 hal_client_domain(surfaceflinger, hal_graphics_allocator) 15 hal_client_domain(surfaceflinger, hal_graphics_composer) 16 hal_client_domain(surfaceflinger, hal_configstore) 17 allow surfaceflinger hidl_token_hwservice:hwservice_manager find; 18 19 # Perform Binder IPC. 20 binder_use(surfaceflinger) 21 binder_call(surfaceflinger, binderservicedomain) 22 binder_call(surfaceflinger, appdomain) 23 binder_call(surfaceflinger, bootanim) 24 binder_service(surfaceflinger) 25 26 # Binder IPC to bu, presently runs in adbd domain. 27 binder_call(surfaceflinger, adbd) 28 29 # Read /proc/pid files for Binder clients. 30 r_dir_file(surfaceflinger, binderservicedomain) 31 r_dir_file(surfaceflinger, appdomain) 32 33 # Access the GPU. 34 allow surfaceflinger gpu_device:chr_file rw_file_perms; 35 36 # Access /dev/graphics/fb0. 37 allow surfaceflinger graphics_device:dir search; 38 allow surfaceflinger graphics_device:chr_file rw_file_perms; 39 40 # Access /dev/video1. 41 allow surfaceflinger video_device:dir r_dir_perms; 42 allow surfaceflinger video_device:chr_file rw_file_perms; 43 44 # Create and use netlink kobject uevent sockets. 45 allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 46 47 # Set properties. 48 set_prop(surfaceflinger, system_prop) 49 set_prop(surfaceflinger, exported_system_prop) 50 set_prop(surfaceflinger, exported2_system_prop) 51 set_prop(surfaceflinger, exported3_system_prop) 52 set_prop(surfaceflinger, ctl_bootanim_prop) 53 54 # Use open files supplied by an app. 55 allow surfaceflinger appdomain:fd use; 56 allow surfaceflinger app_data_file:file { read write }; 57 58 # Allow writing surface traces to /data/misc/wmtrace. 59 userdebug_or_eng(` 60 allow surfaceflinger wm_trace_data_file:dir rw_dir_perms; 61 allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms }; 62 ') 63 64 # Use socket supplied by adbd, for cmd gpu vkjson etc. 65 allow surfaceflinger adbd:unix_stream_socket { read write getattr }; 66 67 # Allow a dumpstate triggered screenshot 68 binder_call(surfaceflinger, dumpstate) 69 binder_call(surfaceflinger, shell) 70 r_dir_file(surfaceflinger, dumpstate) 71 72 # Needed on some devices for playing DRM protected content, 73 # but seems expected and appropriate for all devices. 74 allow surfaceflinger tee_device:chr_file rw_file_perms; 75 76 77 # media.player service 78 add_service(surfaceflinger, gpu_service) 79 80 # do not use add_service() as hal_graphics_composer_default may be the 81 # provider as well 82 #add_service(surfaceflinger, surfaceflinger_service) 83 allow surfaceflinger surfaceflinger_service:service_manager { add find }; 84 85 allow surfaceflinger mediaserver_service:service_manager find; 86 allow surfaceflinger permission_service:service_manager find; 87 allow surfaceflinger power_service:service_manager find; 88 allow surfaceflinger vr_manager_service:service_manager find; 89 allow surfaceflinger window_service:service_manager find; 90 91 92 # allow self to set SCHED_FIFO 93 allow surfaceflinger self:global_capability_class_set sys_nice; 94 allow surfaceflinger proc_meminfo:file r_file_perms; 95 r_dir_file(surfaceflinger, cgroup) 96 r_dir_file(surfaceflinger, system_file) 97 allow surfaceflinger tmpfs:dir r_dir_perms; 98 allow surfaceflinger system_server:fd use; 99 allow surfaceflinger ion_device:chr_file r_file_perms; 100 101 # pdx IPC 102 pdx_server(surfaceflinger, display_client) 103 pdx_server(surfaceflinger, display_manager) 104 pdx_server(surfaceflinger, display_screenshot) 105 pdx_server(surfaceflinger, display_vsync) 106 107 pdx_client(surfaceflinger, bufferhub_client) 108 pdx_client(surfaceflinger, performance_client) 109 110 ### 111 ### Neverallow rules 112 ### 113 ### surfaceflinger should NEVER do any of this 114 115 # Do not allow accessing SDcard files as unsafe ejection could 116 # cause the kernel to kill the process. 117 neverallow surfaceflinger sdcard_type:file rw_file_perms; 118 119 # b/68864350 120 dontaudit surfaceflinger unlabeled:dir search; 121