1# mediatranscoding - daemon for transcoding video and image. 2type mediatranscoding_exec, system_file_type, exec_type, file_type; 3type mediatranscoding_tmpfs, file_type; 4typeattribute mediatranscoding coredomain; 5 6init_daemon_domain(mediatranscoding) 7tmpfs_domain(mediatranscoding) 8allow mediatranscoding appdomain_tmpfs:file { getattr map read write }; 9 10binder_use(mediatranscoding) 11binder_call(mediatranscoding, binderservicedomain) 12binder_call(mediatranscoding, appdomain) 13binder_service(mediatranscoding) 14 15add_service(mediatranscoding, mediatranscoding_service) 16 17hal_client_domain(mediatranscoding, hal_graphics_allocator) 18hal_client_domain(mediatranscoding, hal_configstore) 19hal_client_domain(mediatranscoding, hal_omx) 20hal_client_domain(mediatranscoding, hal_codec2) 21hal_client_domain(mediatranscoding, hal_allocator) 22 23allow mediatranscoding mediaserver_service:service_manager find; 24allow mediatranscoding mediametrics_service:service_manager find; 25allow mediatranscoding mediaextractor_service:service_manager find; 26allow mediatranscoding package_native_service:service_manager find; 27allow mediatranscoding thermal_service:service_manager find; 28 29allow mediatranscoding system_server:fd use; 30allow mediatranscoding activity_service:service_manager find; 31 32# allow mediatranscoding service read/write permissions for file sources 33allow mediatranscoding sdcardfs:file { getattr read write }; 34allow mediatranscoding media_rw_data_file:file { getattr read write }; 35allow mediatranscoding apk_data_file:file { getattr read }; 36allow mediatranscoding app_data_file:file { getattr read write }; 37allow mediatranscoding shell_data_file:file { getattr read write }; 38 39# allow mediatranscoding service write permission to statsd socket 40unix_socket_send(mediatranscoding, statsdw, statsd) 41 42# Allow mediatranscoding to access the DMA-BUF system heap 43allow mediatranscoding dmabuf_system_heap_device:chr_file r_file_perms; 44 45allow mediatranscoding gpu_device:chr_file rw_file_perms; 46allow mediatranscoding gpu_device:dir r_dir_perms; 47 48# Allow mediatranscoding service to access media-related system properties 49get_prop(mediatranscoding, media_config_prop) 50 51# mediatranscoding should never execute any executable without a 52# domain transition 53neverallow mediatranscoding { file_type fs_type }:file execute_no_trans; 54 55# The goal of the mediaserver split is to place media processing code into 56# restrictive sandboxes with limited responsibilities and thus limited 57# permissions. Example: Audioserver is only responsible for controlling audio 58# hardware and processing audio content. Cameraserver does the same for camera 59# hardware/content. Etc. 60# 61# Media processing code is inherently risky and thus should have limited 62# permissions and be isolated from the rest of the system and network. 63# Lengthier explanation here: 64# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html 65neverallow mediatranscoding domain:{ udp_socket rawip_socket } *; 66neverallow mediatranscoding { domain userdebug_or_eng(`-su') }:tcp_socket *; 67