Home | History | Annotate | Download | only in private 
      1 # surfaceflinger - display compositor service
      2 
      3 typeattribute surfaceflinger coredomain;
      4 
      5 type surfaceflinger_exec, exec_type, file_type;
      6 init_daemon_domain(surfaceflinger)
      7 
      8 typeattribute surfaceflinger mlstrustedsubject;
      9 typeattribute surfaceflinger display_service_server;
     10 
     11 read_runtime_log_tags(surfaceflinger)
     12 
     13 # Perform HwBinder IPC.
     14 hal_client_domain(surfaceflinger, hal_graphics_allocator)
     15 hal_client_domain(surfaceflinger, hal_graphics_composer)
     16 hal_client_domain(surfaceflinger, hal_configstore)
     17 allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
     18 
     19 # Perform Binder IPC.
     20 binder_use(surfaceflinger)
     21 binder_call(surfaceflinger, binderservicedomain)
     22 binder_call(surfaceflinger, appdomain)
     23 binder_call(surfaceflinger, bootanim)
     24 binder_service(surfaceflinger)
     25 
     26 # Binder IPC to bu, presently runs in adbd domain.
     27 binder_call(surfaceflinger, adbd)
     28 
     29 # Read /proc/pid files for Binder clients.
     30 r_dir_file(surfaceflinger, binderservicedomain)
     31 r_dir_file(surfaceflinger, appdomain)
     32 
     33 # Access the GPU.
     34 allow surfaceflinger gpu_device:chr_file rw_file_perms;
     35 
     36 # Access /dev/graphics/fb0.
     37 allow surfaceflinger graphics_device:dir search;
     38 allow surfaceflinger graphics_device:chr_file rw_file_perms;
     39 
     40 # Access /dev/video1.
     41 allow surfaceflinger video_device:dir r_dir_perms;
     42 allow surfaceflinger video_device:chr_file rw_file_perms;
     43 
     44 # Create and use netlink kobject uevent sockets.
     45 allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
     46 
     47 # Set properties.
     48 set_prop(surfaceflinger, system_prop)
     49 set_prop(surfaceflinger, exported_system_prop)
     50 set_prop(surfaceflinger, exported2_system_prop)
     51 set_prop(surfaceflinger, exported3_system_prop)
     52 set_prop(surfaceflinger, ctl_bootanim_prop)
     53 
     54 # Use open files supplied by an app.
     55 allow surfaceflinger appdomain:fd use;
     56 allow surfaceflinger app_data_file:file { read write };
     57 
     58 # Allow writing surface traces to /data/misc/wmtrace.
     59 userdebug_or_eng(`
     60   allow surfaceflinger wm_trace_data_file:dir rw_dir_perms;
     61   allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
     62 ')
     63 
     64 # Use socket supplied by adbd, for cmd gpu vkjson etc.
     65 allow surfaceflinger adbd:unix_stream_socket { read write getattr };
     66 
     67 # Allow a dumpstate triggered screenshot
     68 binder_call(surfaceflinger, dumpstate)
     69 binder_call(surfaceflinger, shell)
     70 r_dir_file(surfaceflinger, dumpstate)
     71 
     72 # Needed on some devices for playing DRM protected content,
     73 # but seems expected and appropriate for all devices.
     74 allow surfaceflinger tee_device:chr_file rw_file_perms;
     75 
     76 
     77 # media.player service
     78 add_service(surfaceflinger, gpu_service)
     79 
     80 # do not use add_service() as hal_graphics_composer_default may be the
     81 # provider as well
     82 #add_service(surfaceflinger, surfaceflinger_service)
     83 allow surfaceflinger surfaceflinger_service:service_manager { add find };
     84 
     85 allow surfaceflinger mediaserver_service:service_manager find;
     86 allow surfaceflinger permission_service:service_manager find;
     87 allow surfaceflinger power_service:service_manager find;
     88 allow surfaceflinger vr_manager_service:service_manager find;
     89 allow surfaceflinger window_service:service_manager find;
     90 
     91 
     92 # allow self to set SCHED_FIFO
     93 allow surfaceflinger self:global_capability_class_set sys_nice;
     94 allow surfaceflinger proc_meminfo:file r_file_perms;
     95 r_dir_file(surfaceflinger, cgroup)
     96 r_dir_file(surfaceflinger, system_file)
     97 allow surfaceflinger tmpfs:dir r_dir_perms;
     98 allow surfaceflinger system_server:fd use;
     99 allow surfaceflinger ion_device:chr_file r_file_perms;
    100 
    101 # pdx IPC
    102 pdx_server(surfaceflinger, display_client)
    103 pdx_server(surfaceflinger, display_manager)
    104 pdx_server(surfaceflinger, display_screenshot)
    105 pdx_server(surfaceflinger, display_vsync)
    106 
    107 pdx_client(surfaceflinger, bufferhub_client)
    108 pdx_client(surfaceflinger, performance_client)
    109 
    110 ###
    111 ### Neverallow rules
    112 ###
    113 ### surfaceflinger should NEVER do any of this
    114 
    115 # Do not allow accessing SDcard files as unsafe ejection could
    116 # cause the kernel to kill the process.
    117 neverallow surfaceflinger sdcard_type:file rw_file_perms;
    118 
    119 # b/68864350
    120 dontaudit surfaceflinger unlabeled:dir search;
    121