1# mediaserver - multimedia daemon 2type mediaserver, domain; 3type mediaserver_exec, system_file_type, exec_type, file_type; 4type mediaserver_tmpfs, file_type; 5 6typeattribute mediaserver mlstrustedsubject; 7 8net_domain(mediaserver) 9 10r_dir_file(mediaserver, sdcard_type) 11r_dir_file(mediaserver, fuse) 12r_dir_file(mediaserver, cgroup) 13r_dir_file(mediaserver, cgroup_v2) 14 15# stat /proc/self 16allow mediaserver proc:lnk_file getattr; 17 18# open /vendor/lib/mediadrm 19allow mediaserver system_file:dir r_dir_perms; 20 21userdebug_or_eng(` 22 # ptrace to processes in the same domain for memory leak detection 23 allow mediaserver self:process ptrace; 24') 25 26binder_use(mediaserver) 27binder_call(mediaserver, binderservicedomain) 28binder_call(mediaserver, appdomain) 29binder_service(mediaserver) 30 31allow mediaserver media_data_file:dir create_dir_perms; 32allow mediaserver media_data_file:file create_file_perms; 33allow mediaserver { app_data_file privapp_data_file }:file { append getattr ioctl lock map read write }; 34allow mediaserver { sdcard_type fuse }:file write; 35allow mediaserver gpu_device:chr_file rw_file_perms; 36allow mediaserver gpu_device:dir r_dir_perms; 37allow mediaserver video_device:dir r_dir_perms; 38allow mediaserver video_device:chr_file rw_file_perms; 39 40# Read resources from open apk files passed over Binder. 41allow mediaserver apk_data_file:file { read getattr }; 42allow mediaserver asec_apk_file:file { read getattr }; 43allow mediaserver ringtone_file:file { read getattr }; 44 45# Read /data/data/com.android.providers.telephony files passed over Binder. 46allow mediaserver radio_data_file:file { read getattr }; 47 48# Use pipes passed over Binder from app domains. 49allow mediaserver appdomain:fifo_file { getattr read write }; 50 51allow mediaserver rpmsg_device:chr_file rw_file_perms; 52 53# Inter System processes communicate over named pipe (FIFO) 54allow mediaserver system_server:fifo_file r_file_perms; 55 56r_dir_file(mediaserver, media_rw_data_file) 57 58# Grant access to read files on appfuse. 59allow mediaserver app_fuse_file:file { read getattr }; 60 61# Needed on some devices for playing DRM protected content, 62# but seems expected and appropriate for all devices. 63unix_socket_connect(mediaserver, drmserver, drmserver) 64 65# Needed on some devices for playing audio on paired BT device, 66# but seems appropriate for all devices. 67unix_socket_connect(mediaserver, bluetooth, bluetooth) 68 69# Needed for mediaserver to send information to statsd socket. 70unix_socket_send(mediaserver, statsdw, statsd) 71 72add_service(mediaserver, mediaserver_service) 73allow mediaserver activity_service:service_manager find; 74allow mediaserver appops_service:service_manager find; 75allow mediaserver audio_service:service_manager find; 76allow mediaserver audioserver_service:service_manager find; 77allow mediaserver cameraserver_service:service_manager find; 78allow mediaserver batterystats_service:service_manager find; 79allow mediaserver drmserver_service:service_manager find; 80allow mediaserver mediaextractor_service:service_manager find; 81allow mediaserver mediametrics_service:service_manager find; 82allow mediaserver media_session_service:service_manager find; 83allow mediaserver package_native_service:service_manager find; 84allow mediaserver permission_service:service_manager find; 85allow mediaserver permission_checker_service:service_manager find; 86allow mediaserver power_service:service_manager find; 87allow mediaserver processinfo_service:service_manager find; 88allow mediaserver scheduling_policy_service:service_manager find; 89allow mediaserver surfaceflinger_service:service_manager find; 90 91# for ModDrm/MediaPlayer 92allow mediaserver mediadrmserver_service:service_manager find; 93 94# For hybrid interfaces 95allow mediaserver hidl_token_hwservice:hwservice_manager find; 96 97# /oem access 98allow mediaserver oemfs:dir search; 99allow mediaserver oemfs:file r_file_perms; 100 101# /oem boot animation file 102allow mediaserver bootanim_oem_file:file r_file_perms; 103 104# /vendor apk access 105allow mediaserver vendor_app_file:file { read map getattr }; 106 107use_drmservice(mediaserver) 108allow mediaserver drmserver:drmservice { 109 consumeRights 110 setPlaybackStatus 111 openDecryptSession 112 closeDecryptSession 113 initializeDecryptUnit 114 decrypt 115 finalizeDecryptUnit 116 pread 117}; 118 119# only allow unprivileged socket ioctl commands 120allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket } 121 ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; 122 123# Access to /data/media. 124# This should be removed if sdcardfs is modified to alter the secontext for its 125# accesses to the underlying FS. 126allow mediaserver media_rw_data_file:dir create_dir_perms; 127allow mediaserver media_rw_data_file:file create_file_perms; 128 129# Access to media in /data/preloads 130allow mediaserver preloads_media_file:file { getattr read ioctl }; 131 132allow mediaserver ion_device:chr_file r_file_perms; 133allow mediaserver dmabuf_system_heap_device:chr_file r_file_perms; 134allow mediaserver dmabuf_system_secure_heap_device:chr_file r_file_perms; 135allow mediaserver hal_graphics_allocator:fd use; 136allow mediaserver hal_graphics_composer:fd use; 137allow mediaserver hal_camera:fd use; 138 139allow mediaserver system_server:fd use; 140 141# b/120491318 allow mediaserver to access void:fd 142allow mediaserver vold:fd use; 143 144# overlay package access 145allow mediaserver vendor_overlay_file:file { read getattr map }; 146 147hal_client_domain(mediaserver, hal_allocator) 148 149### 150### neverallow rules 151### 152 153# mediaserver should never execute any executable without a 154# domain transition 155neverallow mediaserver { file_type fs_type }:file execute_no_trans; 156 157# do not allow privileged socket ioctl commands 158neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 159