1# mediatranscoding - daemon for transcoding video and image. 2type mediatranscoding, domain; 3type mediatranscoding_exec, system_file_type, exec_type, file_type; 4type mediatranscoding_tmpfs, file_type; 5typeattribute mediatranscoding coredomain; 6 7init_daemon_domain(mediatranscoding) 8tmpfs_domain(mediatranscoding) 9allow mediatranscoding appdomain_tmpfs:file { getattr map read write }; 10 11binder_use(mediatranscoding) 12binder_call(mediatranscoding, binderservicedomain) 13binder_call(mediatranscoding, appdomain) 14binder_service(mediatranscoding) 15 16add_service(mediatranscoding, mediatranscoding_service) 17 18hal_client_domain(mediatranscoding, hal_graphics_allocator) 19hal_client_domain(mediatranscoding, hal_configstore) 20hal_client_domain(mediatranscoding, hal_omx) 21hal_client_domain(mediatranscoding, hal_codec2) 22hal_client_domain(mediatranscoding, hal_allocator) 23 24allow mediatranscoding mediaserver_service:service_manager find; 25allow mediatranscoding mediametrics_service:service_manager find; 26allow mediatranscoding mediaextractor_service:service_manager find; 27allow mediatranscoding package_native_service:service_manager find; 28allow mediatranscoding thermal_service:service_manager find; 29 30allow mediatranscoding system_server:fd use; 31allow mediatranscoding activity_service:service_manager find; 32 33# allow mediatranscoding service read/write permissions for file sources 34allow mediatranscoding sdcardfs:file { getattr read write }; 35allow mediatranscoding media_rw_data_file:file { getattr read write }; 36allow mediatranscoding apk_data_file:file { getattr read }; 37allow mediatranscoding app_data_file:file { getattr read write }; 38allow mediatranscoding shell_data_file:file { getattr read write }; 39 40# allow mediatranscoding service write permission to statsd socket 41unix_socket_send(mediatranscoding, statsdw, statsd) 42 43# Allow mediatranscoding to access the DMA-BUF system heap 44allow mediatranscoding dmabuf_system_heap_device:chr_file r_file_perms; 45 46allow mediatranscoding gpu_device:dir search; 47 48# Allow mediatranscoding service to access media-related system properties 49get_prop(mediatranscoding, media_config_prop) 50 51# mediatranscoding should never execute any executable without a 52# domain transition 53neverallow mediatranscoding { file_type fs_type }:file execute_no_trans; 54 55# The goal of the mediaserver split is to place media processing code into 56# restrictive sandboxes with limited responsibilities and thus limited 57# permissions. Example: Audioserver is only responsible for controlling audio 58# hardware and processing audio content. Cameraserver does the same for camera 59# hardware/content. Etc. 60# 61# Media processing code is inherently risky and thus should have limited 62# permissions and be isolated from the rest of the system and network. 63# Lengthier explanation here: 64# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html 65neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *; 66