1*e4a36f41SAndroid Build Coastguard Workertypeattribute mediaextractor coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(mediaextractor) 4*e4a36f41SAndroid Build Coastguard Workertmpfs_domain(mediaextractor) 5*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor appdomain_tmpfs:file { getattr map read write }; 6*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor mediaserver_tmpfs:file { getattr map read write }; 7*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor system_server_tmpfs:file { getattr map read write }; 8*e4a36f41SAndroid Build Coastguard Worker 9*e4a36f41SAndroid Build Coastguard Workerget_prop(mediaextractor, device_config_media_native_prop) 10*e4a36f41SAndroid Build Coastguard Workerget_prop(mediaextractor, device_config_swcodec_native_prop) 11*e4a36f41SAndroid Build Coastguard Worker 12*e4a36f41SAndroid Build Coastguard Workertypeattribute mediaextractor mlstrustedsubject; 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Workerbinder_use(mediaextractor) 15*e4a36f41SAndroid Build Coastguard Workerbinder_call(mediaextractor, binderservicedomain) 16*e4a36f41SAndroid Build Coastguard Workerbinder_call(mediaextractor, appdomain) 17*e4a36f41SAndroid Build Coastguard Workerbinder_service(mediaextractor) 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Workeradd_service(mediaextractor, mediaextractor_service) 20*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor mediametrics_service:service_manager find; 21*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor hidl_token_hwservice:hwservice_manager find; 22*e4a36f41SAndroid Build Coastguard Worker 23*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor system_server:fd use; 24*e4a36f41SAndroid Build Coastguard Worker 25*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(mediaextractor, hal_cas) 26*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(mediaextractor, hal_allocator) 27*e4a36f41SAndroid Build Coastguard Worker 28*e4a36f41SAndroid Build Coastguard Workerr_dir_file(mediaextractor, cgroup) 29*e4a36f41SAndroid Build Coastguard Workerr_dir_file(mediaextractor, cgroup_v2) 30*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor proc_meminfo:file r_file_perms; 31*e4a36f41SAndroid Build Coastguard Worker 32*e4a36f41SAndroid Build Coastguard Workercrash_dump_fallback(mediaextractor) 33*e4a36f41SAndroid Build Coastguard Worker 34*e4a36f41SAndroid Build Coastguard Worker# allow mediaextractor read permissions for file sources 35*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor { sdcard_type fuse }:file { getattr read }; 36*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor media_rw_data_file:file { getattr read }; 37*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor { app_data_file privapp_data_file }:file { getattr read }; 38*e4a36f41SAndroid Build Coastguard Worker 39*e4a36f41SAndroid Build Coastguard Worker# Read resources from open apk files passed over Binder 40*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor apk_data_file:file { read getattr }; 41*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor asec_apk_file:file { read getattr }; 42*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor ringtone_file:file { read getattr }; 43*e4a36f41SAndroid Build Coastguard Worker 44*e4a36f41SAndroid Build Coastguard Worker# overlay package access 45*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor vendor_overlay_file:file { read map }; 46*e4a36f41SAndroid Build Coastguard Worker 47*e4a36f41SAndroid Build Coastguard Worker# scan extractor library directory to dynamically load extractors 48*e4a36f41SAndroid Build Coastguard Workerallow mediaextractor system_file:dir { read open }; 49*e4a36f41SAndroid Build Coastguard Worker 50*e4a36f41SAndroid Build Coastguard Worker### 51*e4a36f41SAndroid Build Coastguard Worker### neverallow rules 52*e4a36f41SAndroid Build Coastguard Worker### 53*e4a36f41SAndroid Build Coastguard Worker 54*e4a36f41SAndroid Build Coastguard Worker# mediaextractor should never execute any executable without a 55*e4a36f41SAndroid Build Coastguard Worker# domain transition 56*e4a36f41SAndroid Build Coastguard Workerneverallow mediaextractor { file_type fs_type }:file execute_no_trans; 57*e4a36f41SAndroid Build Coastguard Worker 58*e4a36f41SAndroid Build Coastguard Worker# The goal of the mediaserver split is to place media processing code into 59*e4a36f41SAndroid Build Coastguard Worker# restrictive sandboxes with limited responsibilities and thus limited 60*e4a36f41SAndroid Build Coastguard Worker# permissions. Example: Audioserver is only responsible for controlling audio 61*e4a36f41SAndroid Build Coastguard Worker# hardware and processing audio content. Cameraserver does the same for camera 62*e4a36f41SAndroid Build Coastguard Worker# hardware/content. Etc. 63*e4a36f41SAndroid Build Coastguard Worker# 64*e4a36f41SAndroid Build Coastguard Worker# Media processing code is inherently risky and thus should have limited 65*e4a36f41SAndroid Build Coastguard Worker# permissions and be isolated from the rest of the system and network. 66*e4a36f41SAndroid Build Coastguard Worker# Lengthier explanation here: 67*e4a36f41SAndroid Build Coastguard Worker# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html 68*e4a36f41SAndroid Build Coastguard Workerneverallow mediaextractor domain:{ udp_socket rawip_socket } *; 69*e4a36f41SAndroid Build Coastguard Workerneverallow mediaextractor { domain userdebug_or_eng(`-su') }:tcp_socket *; 70*e4a36f41SAndroid Build Coastguard Worker 71*e4a36f41SAndroid Build Coastguard Worker# mediaextractor should not be opening /data files directly. Any files 72*e4a36f41SAndroid Build Coastguard Worker# it touches (with a few exceptions) need to be passed to it via a file 73*e4a36f41SAndroid Build Coastguard Worker# descriptor opened outside the process. 74*e4a36f41SAndroid Build Coastguard Workerneverallow mediaextractor { 75*e4a36f41SAndroid Build Coastguard Worker data_file_type 76*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-apk_data_file') # for loading media extractor plugins 77*e4a36f41SAndroid Build Coastguard Worker with_native_coverage(`-method_trace_data_file') 78*e4a36f41SAndroid Build Coastguard Worker}:file open; 79