1# mediaserver - multimedia daemon 2type mediaserver, domain; 3type mediaserver_exec, system_file_type, exec_type, file_type; 4type mediaserver_tmpfs, file_type; 5 6typeattribute mediaserver mlstrustedsubject; 7 8net_domain(mediaserver) 9 10r_dir_file(mediaserver, sdcard_type) 11r_dir_file(mediaserver, fuse) 12r_dir_file(mediaserver, cgroup) 13r_dir_file(mediaserver, cgroup_v2) 14 15# stat /proc/self 16allow mediaserver proc:lnk_file getattr; 17 18# open /vendor/lib/mediadrm 19allow mediaserver system_file:dir r_dir_perms; 20 21userdebug_or_eng(` 22 # ptrace to processes in the same domain for memory leak detection 23 allow mediaserver self:process ptrace; 24') 25 26binder_use(mediaserver) 27binder_call(mediaserver, binderservicedomain) 28binder_call(mediaserver, appdomain) 29binder_service(mediaserver) 30 31allow mediaserver media_data_file:dir create_dir_perms; 32allow mediaserver media_data_file:file create_file_perms; 33allow mediaserver { app_data_file privapp_data_file }:file { append getattr ioctl lock map read write }; 34allow mediaserver { sdcard_type fuse }:file write; 35allow mediaserver gpu_device:chr_file rw_file_perms; 36allow mediaserver gpu_device:dir r_dir_perms; 37allow mediaserver video_device:dir r_dir_perms; 38allow mediaserver video_device:chr_file rw_file_perms; 39 40# Read resources from open apk files passed over Binder. 41allow mediaserver apk_data_file:file { read getattr }; 42allow mediaserver asec_apk_file:file { read getattr }; 43allow mediaserver ringtone_file:file { read getattr }; 44 45# Read /data/data/com.android.providers.telephony files passed over Binder. 46allow mediaserver radio_data_file:file { read getattr }; 47 48# Use pipes passed over Binder from app domains. 49allow mediaserver appdomain:fifo_file { getattr read write }; 50 51allow mediaserver rpmsg_device:chr_file rw_file_perms; 52 53# Inter System processes communicate over named pipe (FIFO) 54allow mediaserver system_server:fifo_file r_file_perms; 55 56r_dir_file(mediaserver, media_rw_data_file) 57 58# Grant access to read files on appfuse. 59allow mediaserver app_fuse_file:file { read getattr }; 60 61# Needed on some devices for playing DRM protected content, 62# but seems expected and appropriate for all devices. 63unix_socket_connect(mediaserver, drmserver, drmserver) 64 65# Needed on some devices for playing audio on paired BT device, 66# but seems appropriate for all devices. 67unix_socket_connect(mediaserver, bluetooth, bluetooth) 68 69# Needed for mediaserver to send information to statsd socket. 70unix_socket_send(mediaserver, statsdw, statsd) 71 72add_service(mediaserver, mediaserver_service) 73allow mediaserver activity_service:service_manager find; 74allow mediaserver appops_service:service_manager find; 75allow mediaserver audio_service:service_manager find; 76allow mediaserver audioserver_service:service_manager find; 77allow mediaserver cameraserver_service:service_manager find; 78allow mediaserver batterystats_service:service_manager find; 79allow mediaserver drmserver_service:service_manager find; 80allow mediaserver mediaextractor_service:service_manager find; 81allow mediaserver mediametrics_service:service_manager find; 82allow mediaserver media_session_service:service_manager find; 83allow mediaserver package_native_service:service_manager find; 84allow mediaserver permission_service:service_manager find; 85allow mediaserver permission_checker_service:service_manager find; 86allow mediaserver power_service:service_manager find; 87allow mediaserver processinfo_service:service_manager find; 88allow mediaserver scheduling_policy_service:service_manager find; 89allow mediaserver surfaceflinger_service:service_manager find; 90 91# for ModDrm/MediaPlayer 92allow mediaserver mediadrmserver_service:service_manager find; 93 94# For hybrid interfaces 95allow mediaserver hidl_token_hwservice:hwservice_manager find; 96 97# /oem access 98allow mediaserver oemfs:dir search; 99allow mediaserver oemfs:file r_file_perms; 100 101# /vendor apk access 102allow mediaserver vendor_app_file:file { read map getattr }; 103 104use_drmservice(mediaserver) 105allow mediaserver drmserver:drmservice { 106 consumeRights 107 setPlaybackStatus 108 openDecryptSession 109 closeDecryptSession 110 initializeDecryptUnit 111 decrypt 112 finalizeDecryptUnit 113 pread 114}; 115 116# only allow unprivileged socket ioctl commands 117allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket } 118 ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; 119 120# Access to /data/media. 121# This should be removed if sdcardfs is modified to alter the secontext for its 122# accesses to the underlying FS. 123allow mediaserver media_rw_data_file:dir create_dir_perms; 124allow mediaserver media_rw_data_file:file create_file_perms; 125 126# Access to media in /data/preloads 127allow mediaserver preloads_media_file:file { getattr read ioctl }; 128 129allow mediaserver ion_device:chr_file r_file_perms; 130allow mediaserver dmabuf_system_heap_device:chr_file r_file_perms; 131allow mediaserver dmabuf_system_secure_heap_device:chr_file r_file_perms; 132allow mediaserver hal_graphics_allocator:fd use; 133allow mediaserver hal_graphics_composer:fd use; 134allow mediaserver hal_camera:fd use; 135 136allow mediaserver system_server:fd use; 137 138# b/120491318 allow mediaserver to access void:fd 139allow mediaserver vold:fd use; 140 141# overlay package access 142allow mediaserver vendor_overlay_file:file { read getattr map }; 143 144hal_client_domain(mediaserver, hal_allocator) 145 146### 147### neverallow rules 148### 149 150# mediaserver should never execute any executable without a 151# domain transition 152neverallow mediaserver { file_type fs_type }:file execute_no_trans; 153 154# do not allow privileged socket ioctl commands 155neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 156