1*e4a36f41SAndroid Build Coastguard Workertypeattribute mediametrics coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(mediametrics) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# Needed for stats callback registration to statsd. 6*e4a36f41SAndroid Build Coastguard Workerallow mediametrics stats_service:service_manager find; 7*e4a36f41SAndroid Build Coastguard Workerallow mediametrics statsmanager_service:service_manager find; 8*e4a36f41SAndroid Build Coastguard Workerbinder_call(mediametrics, statsd) 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Workerbinder_use(mediametrics) 11*e4a36f41SAndroid Build Coastguard Workerbinder_call(mediametrics, binderservicedomain) 12*e4a36f41SAndroid Build Coastguard Workerbinder_service(mediametrics) 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Workeradd_service(mediametrics, mediametrics_service) 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Workerallow mediametrics system_server:fd use; 17*e4a36f41SAndroid Build Coastguard Worker 18*e4a36f41SAndroid Build Coastguard Workerr_dir_file(mediametrics, cgroup) 19*e4a36f41SAndroid Build Coastguard Workerr_dir_file(mediametrics, cgroup_v2) 20*e4a36f41SAndroid Build Coastguard Workerallow mediametrics proc_meminfo:file r_file_perms; 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker# allows interactions with dumpsys to GMScore 23*e4a36f41SAndroid Build Coastguard Workerallow mediametrics { app_data_file privapp_data_file }:file write; 24*e4a36f41SAndroid Build Coastguard Worker 25*e4a36f41SAndroid Build Coastguard Worker# allow access to package manager for uid->apk mapping 26*e4a36f41SAndroid Build Coastguard Workerallow mediametrics package_native_service:service_manager find; 27*e4a36f41SAndroid Build Coastguard Worker 28*e4a36f41SAndroid Build Coastguard Worker# Allow metrics service to send information to statsd socket. 29*e4a36f41SAndroid Build Coastguard Workerunix_socket_send(mediametrics, statsdw, statsd) 30*e4a36f41SAndroid Build Coastguard Worker 31*e4a36f41SAndroid Build Coastguard Worker### 32*e4a36f41SAndroid Build Coastguard Worker### neverallow rules 33*e4a36f41SAndroid Build Coastguard Worker### 34*e4a36f41SAndroid Build Coastguard Worker 35*e4a36f41SAndroid Build Coastguard Worker# mediametrics should never execute any executable without a 36*e4a36f41SAndroid Build Coastguard Worker# domain transition 37*e4a36f41SAndroid Build Coastguard Workerneverallow mediametrics { file_type fs_type }:file execute_no_trans; 38*e4a36f41SAndroid Build Coastguard Worker 39*e4a36f41SAndroid Build Coastguard Worker# The goal of the mediaserver split is to place media processing code into 40*e4a36f41SAndroid Build Coastguard Worker# restrictive sandboxes with limited responsibilities and thus limited 41*e4a36f41SAndroid Build Coastguard Worker# permissions. Example: Audioserver is only responsible for controlling audio 42*e4a36f41SAndroid Build Coastguard Worker# hardware and processing audio content. Cameraserver does the same for camera 43*e4a36f41SAndroid Build Coastguard Worker# hardware/content. Etc. 44*e4a36f41SAndroid Build Coastguard Worker# 45*e4a36f41SAndroid Build Coastguard Worker# Media processing code is inherently risky and thus should have limited 46*e4a36f41SAndroid Build Coastguard Worker# permissions and be isolated from the rest of the system and network. 47*e4a36f41SAndroid Build Coastguard Worker# Lengthier explanation here: 48*e4a36f41SAndroid Build Coastguard Worker# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html 49*e4a36f41SAndroid Build Coastguard Workerneverallow mediametrics domain:{ udp_socket rawip_socket } *; 50*e4a36f41SAndroid Build Coastguard Workerneverallow mediametrics { domain userdebug_or_eng(`-su') }:tcp_socket *; 51