1# mediatuner - mediatuner daemon 2type mediatuner, domain; 3type mediatuner_exec, system_file_type, exec_type, file_type; 4 5typeattribute mediatuner coredomain; 6 7init_daemon_domain(mediatuner) 8hal_client_domain(mediatuner, hal_tv_tuner) 9 10binder_use(mediatuner) 11binder_call(mediatuner, appdomain) 12binder_service(mediatuner) 13 14add_service(mediatuner, mediatuner_service) 15allow mediatuner system_server:fd use; 16allow mediatuner tv_tuner_resource_mgr_service:service_manager find; 17allow mediatuner package_native_service:service_manager find; 18binder_call(mediatuner, system_server) 19 20# Read ro.tuner.lazyhal 21get_prop(mediatuner, tuner_config_prop) 22 23# Read tuner.server.enable 24get_prop(mediatuner, tuner_server_ctl_prop) 25 26### 27### neverallow rules 28### 29 30# mediatuner should never execute any executable without a 31# domain transition 32neverallow mediatuner { file_type fs_type }:file execute_no_trans; 33 34# do not allow privileged socket ioctl commands 35neverallowxperm mediatuner domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 36 37