1 # mediaserver - multimedia daemon 2 type mediaserver, domain; 3 type mediaserver_exec, exec_type, file_type; 4 5 typeattribute mediaserver mlstrustedsubject; 6 7 # TODO(b/36375899): replace with hal_client_domain macro on hal_omx 8 typeattribute mediaserver halclientdomain; 9 10 net_domain(mediaserver) 11 12 r_dir_file(mediaserver, sdcard_type) 13 r_dir_file(mediaserver, cgroup) 14 15 # stat /proc/self 16 allow mediaserver proc:lnk_file getattr; 17 18 # open /vendor/lib/mediadrm 19 allow mediaserver system_file:dir r_dir_perms; 20 21 userdebug_or_eng(` 22 # ptrace to processes in the same domain for memory leak detection 23 allow mediaserver self:process ptrace; 24 ') 25 26 binder_use(mediaserver) 27 binder_call(mediaserver, binderservicedomain) 28 binder_call(mediaserver, appdomain) 29 binder_service(mediaserver) 30 31 allow mediaserver media_data_file:dir create_dir_perms; 32 allow mediaserver media_data_file:file create_file_perms; 33 allow mediaserver app_data_file:dir search; 34 allow mediaserver app_data_file:file rw_file_perms; 35 allow mediaserver sdcard_type:file write; 36 allow mediaserver gpu_device:chr_file rw_file_perms; 37 allow mediaserver video_device:dir r_dir_perms; 38 allow mediaserver video_device:chr_file rw_file_perms; 39 40 set_prop(mediaserver, audio_prop) 41 42 # Read resources from open apk files passed over Binder. 43 allow mediaserver apk_data_file:file { read getattr }; 44 allow mediaserver asec_apk_file:file { read getattr }; 45 allow mediaserver ringtone_file:file { read getattr }; 46 47 # Read /data/data/com.android.providers.telephony files passed over Binder. 48 allow mediaserver radio_data_file:file { read getattr }; 49 50 # Use pipes passed over Binder from app domains. 51 allow mediaserver appdomain:fifo_file { getattr read write }; 52 53 allow mediaserver rpmsg_device:chr_file rw_file_perms; 54 55 # Inter System processes communicate over named pipe (FIFO) 56 allow mediaserver system_server:fifo_file r_file_perms; 57 58 r_dir_file(mediaserver, media_rw_data_file) 59 60 # Grant access to read files on appfuse. 61 allow mediaserver app_fuse_file:file { read getattr }; 62 63 # Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid 64 allow mediaserver qtaguid_proc:file rw_file_perms; 65 allow mediaserver qtaguid_device:chr_file r_file_perms; 66 67 # Needed on some devices for playing DRM protected content, 68 # but seems expected and appropriate for all devices. 69 unix_socket_connect(mediaserver, drmserver, drmserver) 70 71 # Needed on some devices for playing audio on paired BT device, 72 # but seems appropriate for all devices. 73 unix_socket_connect(mediaserver, bluetooth, bluetooth) 74 75 add_service(mediaserver, mediaserver_service) 76 allow mediaserver activity_service:service_manager find; 77 allow mediaserver appops_service:service_manager find; 78 allow mediaserver audioserver_service:service_manager find; 79 allow mediaserver cameraserver_service:service_manager find; 80 allow mediaserver batterystats_service:service_manager find; 81 allow mediaserver drmserver_service:service_manager find; 82 allow mediaserver mediaextractor_service:service_manager find; 83 allow mediaserver mediacodec_service:service_manager find; 84 allow mediaserver mediametrics_service:service_manager find; 85 allow mediaserver media_session_service:service_manager find; 86 allow mediaserver permission_service:service_manager find; 87 allow mediaserver power_service:service_manager find; 88 allow mediaserver processinfo_service:service_manager find; 89 allow mediaserver scheduling_policy_service:service_manager find; 90 allow mediaserver surfaceflinger_service:service_manager find; 91 92 # for ModDrm/MediaPlayer 93 allow mediaserver mediadrmserver_service:service_manager find; 94 95 # For interfacing with OMX HAL 96 allow mediaserver hidl_token_hwservice:hwservice_manager find; 97 98 # /oem access 99 allow mediaserver oemfs:dir search; 100 allow mediaserver oemfs:file r_file_perms; 101 102 use_drmservice(mediaserver) 103 allow mediaserver drmserver:drmservice { 104 consumeRights 105 setPlaybackStatus 106 openDecryptSession 107 closeDecryptSession 108 initializeDecryptUnit 109 decrypt 110 finalizeDecryptUnit 111 pread 112 }; 113 114 # only allow unprivileged socket ioctl commands 115 allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket } 116 ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; 117 118 # Access to /data/media. 119 # This should be removed if sdcardfs is modified to alter the secontext for its 120 # accesses to the underlying FS. 121 allow mediaserver media_rw_data_file:dir create_dir_perms; 122 allow mediaserver media_rw_data_file:file create_file_perms; 123 124 # Access to media in /data/preloads 125 allow mediaserver preloads_media_file:file { getattr read ioctl }; 126 127 allow mediaserver ion_device:chr_file r_file_perms; 128 allow mediaserver hal_graphics_allocator:fd use; 129 allow mediaserver hal_graphics_composer:fd use; 130 allow mediaserver hal_camera:fd use; 131 132 allow mediaserver system_server:fd use; 133 134 hal_client_domain(mediaserver, hal_allocator) 135 136 binder_call(mediaserver, mediacodec) 137 138 ### 139 ### neverallow rules 140 ### 141 142 # mediaserver should never execute any executable without a 143 # domain transition 144 neverallow mediaserver { file_type fs_type }:file execute_no_trans; 145 146 # do not allow privileged socket ioctl commands 147 neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 148
