surfaceflinger.te revision ef28e767036baac3228cdb5060a36a9ff27468d6
1# surfaceflinger - display compositor service 2type surfaceflinger, domain; 3type surfaceflinger_exec, exec_type, file_type; 4 5init_daemon_domain(surfaceflinger) 6typeattribute surfaceflinger mlstrustedsubject; 7 8# Talk to init over the property socket. 9unix_socket_connect(surfaceflinger, property, init) 10 11# Perform Binder IPC. 12binder_use(surfaceflinger) 13binder_call(surfaceflinger, binderservicedomain) 14binder_call(surfaceflinger, appdomain) 15binder_call(surfaceflinger, bootanim) 16binder_service(surfaceflinger) 17 18# Binder IPC to bu, presently runs in adbd domain. 19binder_call(surfaceflinger, adbd) 20 21# Read /proc/pid files for Binder clients. 22r_dir_file(surfaceflinger, binderservicedomain) 23r_dir_file(surfaceflinger, appdomain) 24 25# Access the GPU. 26allow surfaceflinger gpu_device:chr_file rw_file_perms; 27 28# Access /dev/graphics/fb0. 29allow surfaceflinger graphics_device:dir search; 30allow surfaceflinger graphics_device:chr_file rw_file_perms; 31 32# Access ADF device nodes. 33allow surfaceflinger adf_device:chr_file rw_file_perms; 34 35# Access /dev/video1. 36allow surfaceflinger video_device:dir r_dir_perms; 37allow surfaceflinger video_device:chr_file rw_file_perms; 38 39# Create and use netlink kobject uevent sockets. 40allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms; 41 42# Set properties. 43allow surfaceflinger system_prop:property_service set; 44allow surfaceflinger ctl_bootanim_prop:property_service set; 45 46# Use open files supplied by an app. 47allow surfaceflinger appdomain:fd use; 48allow surfaceflinger app_data_file:file { read write }; 49 50# Use open file provided by bootanim. 51allow surfaceflinger bootanim:fd use; 52 53# Allow a dumpstate triggered screenshot 54binder_call(surfaceflinger, dumpstate) 55binder_call(surfaceflinger, shell) 56r_dir_file(surfaceflinger, dumpstate) 57 58# Needed on some devices for playing DRM protected content, 59# but seems expected and appropriate for all devices. 60allow surfaceflinger tee:unix_stream_socket connectto; 61allow surfaceflinger tee_device:chr_file rw_file_perms; 62 63### 64### Neverallow rules 65### 66### surfaceflinger should NEVER do any of this 67 68# Do not allow accessing SDcard files as unsafe ejection could 69# cause the kernel to kill the process. 70# TODO: Remove -unconfineddomain when we remove permissive_or_unconfined above. 71neverallow { surfaceflinger -unconfineddomain } sdcard_type:file rw_file_perms; 72