typeattribute mediaswcodec coredomain;

init_daemon_domain(mediaswcodec)

get_prop(mediaswcodec, device_config_media_native_prop)
get_prop(mediaswcodec, device_config_swcodec_native_prop)

hal_server_domain(mediaswcodec, hal_codec2)

# mediaswcodec may use an input surface from a different Codec2 service or an
# OMX service
hal_client_domain(mediaswcodec, hal_codec2)
hal_client_domain(mediaswcodec, hal_omx)

hal_client_domain(mediaswcodec, hal_allocator)
hal_client_domain(mediaswcodec, hal_graphics_allocator)

# get aac_drc_* properties
get_prop(mediaswcodec, aac_drc_prop)

crash_dump_fallback(mediaswcodec)

allow mediaswcodec dmabuf_system_heap_device:chr_file r_file_perms;
allow mediaswcodec dmabuf_system_secure_heap_device:chr_file r_file_perms;
allow mediaswcodec gpu_device:chr_file rw_file_perms;
allow mediaswcodec gpu_device:dir r_dir_perms;

###
### Neverallow rules
###

# mediaswcodec_server should never execute any executable without a
# domain transition
neverallow mediaswcodec { file_type fs_type }:file execute_no_trans;

# Media processing code is inherently risky and thus should have limited
# permissions and be isolated from the rest of the system and network.
# Lengthier explanation here:
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
neverallow mediaswcodec domain:{ udp_socket rawip_socket } *;
neverallow mediaswcodec { domain userdebug_or_eng(`-su') }:tcp_socket *;