1# surfaceflinger - display compositor service 2 3typeattribute surfaceflinger coredomain; 4 5type surfaceflinger_exec, system_file_type, exec_type, file_type; 6init_daemon_domain(surfaceflinger) 7tmpfs_domain(surfaceflinger) 8 9typeattribute surfaceflinger mlstrustedsubject; 10typeattribute surfaceflinger display_service_server; 11 12read_runtime_log_tags(surfaceflinger) 13 14# Perform HwBinder IPC. 15hal_client_domain(surfaceflinger, hal_graphics_allocator) 16hal_client_domain(surfaceflinger, hal_graphics_composer) 17typeattribute surfaceflinger_tmpfs hal_graphics_composer_client_tmpfs; 18hal_client_domain(surfaceflinger, hal_codec2) 19hal_client_domain(surfaceflinger, hal_omx) 20hal_client_domain(surfaceflinger, hal_configstore) 21hal_client_domain(surfaceflinger, hal_power) 22allow surfaceflinger hidl_token_hwservice:hwservice_manager find; 23 24# Perform Binder IPC. 25binder_use(surfaceflinger) 26binder_call(surfaceflinger, binderservicedomain) 27binder_call(surfaceflinger, appdomain) 28binder_call(surfaceflinger, bootanim) 29binder_call(surfaceflinger, system_server); 30binder_service(surfaceflinger) 31 32# Binder IPC to bu, presently runs in adbd domain. 33binder_call(surfaceflinger, adbd) 34 35# Read /proc/pid files for Binder clients. 36r_dir_file(surfaceflinger, binderservicedomain) 37r_dir_file(surfaceflinger, appdomain) 38 39# Access the GPU. 40allow surfaceflinger gpu_device:chr_file rw_file_perms; 41allow surfaceflinger gpu_device:dir r_dir_perms; 42allow surfaceflinger sysfs_gpu:file r_file_perms; 43 44# Access /dev/graphics/fb0. 45allow surfaceflinger graphics_device:dir search; 46allow surfaceflinger graphics_device:chr_file rw_file_perms; 47 48# Access /dev/video1. 49allow surfaceflinger video_device:dir r_dir_perms; 50allow surfaceflinger video_device:chr_file rw_file_perms; 51 52# Create and use netlink kobject uevent sockets. 53allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 54 55# Set properties. 56set_prop(surfaceflinger, system_prop) 57set_prop(surfaceflinger, bootanim_system_prop) 58set_prop(surfaceflinger, exported_system_prop) 59set_prop(surfaceflinger, exported3_system_prop) 60set_prop(surfaceflinger, ctl_bootanim_prop) 61set_prop(surfaceflinger, surfaceflinger_display_prop) 62 63# Get properties. 64get_prop(surfaceflinger, qemu_sf_lcd_density_prop) 65get_prop(surfaceflinger, device_config_surface_flinger_native_boot_prop) 66 67# Use open files supplied by an app. 68allow surfaceflinger appdomain:fd use; 69allow surfaceflinger { app_data_file privapp_data_file }:file { read write }; 70 71# Allow writing surface traces to /data/misc/wmtrace. 72userdebug_or_eng(` 73 allow surfaceflinger wm_trace_data_file:dir rw_dir_perms; 74 allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms }; 75') 76 77# Needed to register as a Perfetto producer. 78perfetto_producer(surfaceflinger) 79 80# Use socket supplied by adbd, for cmd gpu vkjson etc. 81allow surfaceflinger adbd:unix_stream_socket { read write getattr }; 82 83# Allow a dumpstate triggered screenshot 84binder_call(surfaceflinger, dumpstate) 85binder_call(surfaceflinger, shell) 86r_dir_file(surfaceflinger, dumpstate) 87 88# media.player service 89 90# do not use add_service() as hal_graphics_composer_default may be the 91# provider as well 92#add_service(surfaceflinger, surfaceflinger_service) 93allow surfaceflinger surfaceflinger_service:service_manager { add find }; 94 95allow surfaceflinger mediaserver_service:service_manager find; 96allow surfaceflinger permission_service:service_manager find; 97allow surfaceflinger power_service:service_manager find; 98allow surfaceflinger vr_manager_service:service_manager find; 99allow surfaceflinger window_service:service_manager find; 100allow surfaceflinger inputflinger_service:service_manager find; 101 102 103# allow self to set SCHED_FIFO 104allow surfaceflinger self:global_capability_class_set sys_nice; 105allow surfaceflinger proc_meminfo:file r_file_perms; 106r_dir_file(surfaceflinger, cgroup) 107r_dir_file(surfaceflinger, cgroup_v2) 108r_dir_file(surfaceflinger, system_file) 109allow surfaceflinger tmpfs:dir r_dir_perms; 110allow surfaceflinger system_server:fd use; 111allow surfaceflinger system_server:unix_stream_socket { read write }; 112allow surfaceflinger ion_device:chr_file r_file_perms; 113allow surfaceflinger dmabuf_system_heap_device:chr_file r_file_perms; 114 115# pdx IPC 116pdx_server(surfaceflinger, display_client) 117pdx_server(surfaceflinger, display_manager) 118pdx_server(surfaceflinger, display_screenshot) 119pdx_server(surfaceflinger, display_vsync) 120 121pdx_client(surfaceflinger, bufferhub_client) 122pdx_client(surfaceflinger, performance_client) 123 124# Allow supplying timestats statistics to statsd 125allow surfaceflinger stats_service:service_manager find; 126allow surfaceflinger statsmanager_service:service_manager find; 127# TODO(146461633): remove this once native pullers talk to StatsManagerService 128binder_call(surfaceflinger, statsd); 129 130# Allow to use files supplied by hal_evs 131allow surfaceflinger hal_evs:fd use; 132 133# Allow pushing jank event atoms to statsd 134userdebug_or_eng(` 135 unix_socket_send(surfaceflinger, statsdw, statsd) 136') 137 138# Surfaceflinger should not be reading default vendor-defined properties. 139dontaudit surfaceflinger vendor_default_prop:file read; 140 141### 142### Neverallow rules 143### 144### surfaceflinger should NEVER do any of this 145 146# Do not allow accessing SDcard files as unsafe ejection could 147# cause the kernel to kill the process. 148neverallow surfaceflinger { sdcard_type fuse }:file rw_file_perms; 149 150# b/68864350 151dontaudit surfaceflinger unlabeled:dir search; 152