mediaserver.te revision 8a814a7604afd20f12c9ff3dcdae7d10e9b75f84
1# mediaserver - multimedia daemon 2type mediaserver, domain; 3type mediaserver_exec, exec_type, file_type; 4 5typeattribute mediaserver mlstrustedsubject; 6 7net_domain(mediaserver) 8init_daemon_domain(mediaserver) 9unix_socket_connect(mediaserver, property, init) 10 11r_dir_file(mediaserver, sdcard_type) 12 13binder_use(mediaserver) 14binder_call(mediaserver, binderservicedomain) 15binder_call(mediaserver, appdomain) 16binder_service(mediaserver) 17 18allow mediaserver kernel:system module_request; 19allow mediaserver app_data_file:dir search; 20allow mediaserver app_data_file:file rw_file_perms; 21allow mediaserver platform_app_data_file:file { getattr read }; 22allow mediaserver sdcard_type:file write; 23allow mediaserver camera_device:chr_file rw_file_perms; 24allow mediaserver graphics_device:chr_file rw_file_perms; 25allow mediaserver video_device:chr_file rw_file_perms; 26allow mediaserver audio_device:dir r_dir_perms; 27allow mediaserver audio_device:chr_file rw_file_perms; 28allow mediaserver qemu_device:chr_file rw_file_perms; 29allow mediaserver tee_device:chr_file rw_file_perms; 30allow mediaserver audio_prop:property_service set; 31 32# XXX Label with a specific type? 33allow mediaserver sysfs:file rw_file_perms; 34 35# XXX Why? 36allow mediaserver apk_data_file:file { read getattr }; 37 38# To use remote processor 39allow mediaserver rpmsg_device:chr_file rw_file_perms; 40 41# Inter System processes communicate over named pipe (FIFO) 42allow mediaserver system:fifo_file r_file_perms; 43 44# Camera calibration 45allow mediaserver camera_calibration_file:dir r_dir_perms; 46allow mediaserver camera_calibration_file:file r_file_perms; 47 48# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid 49allow mediaserver qtaguid_proc:file rw_file_perms; 50allow mediaserver qtaguid_device:chr_file r_file_perms; 51 52# Allow abstract socket connection 53allow mediaserver rild:unix_stream_socket connectto; 54