1# mediaserver - multimedia daemon 2type mediaserver, domain; 3type mediaserver_exec, system_file_type, exec_type, file_type; 4type mediaserver_tmpfs, file_type; 5 6typeattribute mediaserver mlstrustedsubject; 7 8net_domain(mediaserver) 9 10r_dir_file(mediaserver, sdcard_type) 11r_dir_file(mediaserver, fuse) 12r_dir_file(mediaserver, cgroup) 13r_dir_file(mediaserver, cgroup_v2) 14 15# stat /proc/self 16allow mediaserver proc:lnk_file getattr; 17 18# open /vendor/lib/mediadrm 19allow mediaserver system_file:dir r_dir_perms; 20 21userdebug_or_eng(` 22 # ptrace to processes in the same domain for memory leak detection 23 allow mediaserver self:process ptrace; 24') 25 26binder_use(mediaserver) 27binder_call(mediaserver, binderservicedomain) 28binder_call(mediaserver, appdomain) 29binder_service(mediaserver) 30 31allow mediaserver media_data_file:dir create_dir_perms; 32allow mediaserver media_data_file:file create_file_perms; 33allow mediaserver { app_data_file privapp_data_file }:file { append getattr ioctl lock map read write }; 34allow mediaserver { sdcard_type fuse }:file write; 35allow mediaserver gpu_device:chr_file rw_file_perms; 36allow mediaserver gpu_device:dir r_dir_perms; 37allow mediaserver video_device:dir r_dir_perms; 38allow mediaserver video_device:chr_file rw_file_perms; 39 40# Read resources from open apk files passed over Binder. 41allow mediaserver apk_data_file:file { read getattr }; 42allow mediaserver asec_apk_file:file { read getattr }; 43allow mediaserver ringtone_file:file { read getattr }; 44 45# Read /data/data/com.android.providers.telephony files passed over Binder. 46allow mediaserver radio_data_file:file { read getattr }; 47 48# Use pipes passed over Binder from app domains. 49allow mediaserver appdomain:fifo_file { getattr read write }; 50 51allow mediaserver rpmsg_device:chr_file rw_file_perms; 52 53# Inter System processes communicate over named pipe (FIFO) 54allow mediaserver system_server:fifo_file r_file_perms; 55 56r_dir_file(mediaserver, media_rw_data_file) 57 58# Grant access to read files on appfuse. 59allow mediaserver app_fuse_file:file { read getattr }; 60 61# Needed on some devices for playing DRM protected content, 62# but seems expected and appropriate for all devices. 63unix_socket_connect(mediaserver, drmserver, drmserver) 64 65# Needed on some devices for playing audio on paired BT device, 66# but seems appropriate for all devices. 67unix_socket_connect(mediaserver, bluetooth, bluetooth) 68 69add_service(mediaserver, mediaserver_service) 70allow mediaserver activity_service:service_manager find; 71allow mediaserver appops_service:service_manager find; 72allow mediaserver audio_service:service_manager find; 73allow mediaserver audioserver_service:service_manager find; 74allow mediaserver cameraserver_service:service_manager find; 75allow mediaserver batterystats_service:service_manager find; 76allow mediaserver drmserver_service:service_manager find; 77allow mediaserver mediaextractor_service:service_manager find; 78allow mediaserver mediametrics_service:service_manager find; 79allow mediaserver media_session_service:service_manager find; 80allow mediaserver permission_service:service_manager find; 81allow mediaserver permission_checker_service:service_manager find; 82allow mediaserver power_service:service_manager find; 83allow mediaserver processinfo_service:service_manager find; 84allow mediaserver scheduling_policy_service:service_manager find; 85allow mediaserver surfaceflinger_service:service_manager find; 86 87# for ModDrm/MediaPlayer 88allow mediaserver mediadrmserver_service:service_manager find; 89 90# For hybrid interfaces 91allow mediaserver hidl_token_hwservice:hwservice_manager find; 92 93# /oem access 94allow mediaserver oemfs:dir search; 95allow mediaserver oemfs:file r_file_perms; 96 97# /vendor apk access 98allow mediaserver vendor_app_file:file { read map getattr }; 99 100use_drmservice(mediaserver) 101allow mediaserver drmserver:drmservice { 102 consumeRights 103 setPlaybackStatus 104 openDecryptSession 105 closeDecryptSession 106 initializeDecryptUnit 107 decrypt 108 finalizeDecryptUnit 109 pread 110}; 111 112# only allow unprivileged socket ioctl commands 113allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket } 114 ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; 115 116# Access to /data/media. 117# This should be removed if sdcardfs is modified to alter the secontext for its 118# accesses to the underlying FS. 119allow mediaserver media_rw_data_file:dir create_dir_perms; 120allow mediaserver media_rw_data_file:file create_file_perms; 121 122# Access to media in /data/preloads 123allow mediaserver preloads_media_file:file { getattr read ioctl }; 124 125allow mediaserver ion_device:chr_file r_file_perms; 126allow mediaserver dmabuf_system_heap_device:chr_file r_file_perms; 127allow mediaserver dmabuf_system_secure_heap_device:chr_file r_file_perms; 128allow mediaserver hal_graphics_allocator:fd use; 129allow mediaserver hal_graphics_composer:fd use; 130allow mediaserver hal_camera:fd use; 131 132allow mediaserver system_server:fd use; 133 134# b/120491318 allow mediaserver to access void:fd 135allow mediaserver vold:fd use; 136 137# overlay package access 138allow mediaserver vendor_overlay_file:file { read getattr map }; 139 140hal_client_domain(mediaserver, hal_allocator) 141 142### 143### neverallow rules 144### 145 146# mediaserver should never execute any executable without a 147# domain transition 148neverallow mediaserver { file_type fs_type }:file execute_no_trans; 149 150# do not allow privileged socket ioctl commands 151neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 152