2012-01-04 18:33:27 +01:00
|
|
|
# drmserver - DRM service
|
|
|
|
|
type drmserver, domain;
|
2014-01-11 10:31:03 +01:00
|
|
|
permissive_or_unconfined(drmserver)
|
2012-01-04 18:33:27 +01:00
|
|
|
type drmserver_exec, exec_type, file_type;
|
|
|
|
|
|
|
|
|
|
init_daemon_domain(drmserver)
|
2013-10-29 19:42:35 +01:00
|
|
|
typeattribute drmserver mlstrustedsubject;
|
|
|
|
|
|
|
|
|
|
# Perform Binder IPC to system server.
|
|
|
|
|
binder_use(drmserver)
|
|
|
|
|
binder_call(drmserver, system_server)
|
|
|
|
|
binder_call(drmserver, appdomain)
|
|
|
|
|
binder_service(drmserver)
|
|
|
|
|
|
|
|
|
|
# Perform Binder IPC to mediaserver
|
|
|
|
|
binder_call(drmserver, mediaserver)
|
|
|
|
|
|
|
|
|
|
allow drmserver sdcard_type:dir search;
|
|
|
|
|
allow drmserver drm_data_file:dir create_dir_perms;
|
|
|
|
|
allow drmserver drm_data_file:file create_file_perms;
|
|
|
|
|
allow drmserver self:{ tcp_socket udp_socket } *;
|
|
|
|
|
allow drmserver port:tcp_socket name_connect;
|
|
|
|
|
allow drmserver tee_device:chr_file rw_file_perms;
|
|
|
|
|
allow drmserver platform_app_data_file:file { read write getattr };
|
|
|
|
|
allow drmserver { app_data_file asec_apk_file }:file { read write getattr };
|
|
|
|
|
allow drmserver sdcard_type:file { read write getattr };
|
|
|
|
|
allow drmserver efs_file:file { open read getattr };
|
|
|
|
|
|
|
|
|
|
type drmserver_socket, file_type;
|
|
|
|
|
|
|
|
|
|
# /data/app/tlcd_sock socket file.
|
|
|
|
|
# Clearly, /data/app is the most logical place to create a socket. Not.
|
|
|
|
|
allow drmserver apk_data_file:dir rw_dir_perms;
|
|
|
|
|
type_transition drmserver apk_data_file:sock_file drmserver_socket;
|
|
|
|
|
allow drmserver drmserver_socket:sock_file create_file_perms;
|
|
|
|
|
allow drmserver tee:unix_stream_socket connectto;
|
2014-01-06 21:39:19 +01:00
|
|
|
|
|
|
|
|
# After taking a video, drmserver looks at the video file.
|
|
|
|
|
r_dir_file(drmserver, media_rw_data_file)
|
