platform_system_sepolicy/audioserver.te
Jeff Vander Stoep 6730c591ad camera_device: remove type
camera_device didn't really offer much in terms of control considering
that most domains that need camera_device, also need video_device and
vice versa.

Thus, drop camera_device from the policy.
Change-Id: If438610ac6998399719ab375210c023320d0b7ed
2016-01-15 12:33:10 -08:00

124 lines
4.3 KiB
Text

# audioserver - audio services daemon
type audioserver, domain, domain_deprecated;
type audioserver_exec, exec_type, file_type;
typeattribute audioserver mlstrustedsubject;
net_domain(audioserver)
init_daemon_domain(audioserver)
r_dir_file(audioserver, sdcard_type)
binder_use(audioserver)
binder_call(audioserver, binderservicedomain)
binder_call(audioserver, { appdomain autoplay_app })
binder_service(audioserver)
# Required by Widevine DRM (b/22990512)
allow audioserver self:process execmem;
allow audioserver kernel:system module_request;
allow audioserver media_data_file:dir create_dir_perms;
allow audioserver media_data_file:file create_file_perms;
allow audioserver app_data_file:dir search;
allow audioserver app_data_file:file rw_file_perms;
allow audioserver sdcard_type:file write;
allow audioserver gpu_device:chr_file rw_file_perms;
allow audioserver video_device:dir r_dir_perms;
allow audioserver video_device:chr_file rw_file_perms;
allow audioserver audio_device:dir r_dir_perms;
allow audioserver tee_device:chr_file rw_file_perms;
set_prop(audioserver, audio_prop)
# Access audio devices at all.
allow audioserver audio_device:chr_file rw_file_perms;
# XXX Label with a specific type?
allow audioserver sysfs:file r_file_perms;
# Read resources from open apk files passed over Binder.
allow audioserver apk_data_file:file { read getattr };
allow audioserver asec_apk_file:file { read getattr };
# Read /data/data/com.android.providers.telephony files passed over Binder.
allow audioserver radio_data_file:file { read getattr };
# Use pipes passed over Binder from app domains.
allow audioserver { appdomain autoplay_app }:fifo_file { getattr read write };
# Access camera device.
allow audioserver rpmsg_device:chr_file rw_file_perms;
# Inter System processes communicate over named pipe (FIFO)
allow audioserver system_server:fifo_file r_file_perms;
# Camera data
r_dir_file(audioserver, camera_data_file)
r_dir_file(audioserver, media_rw_data_file)
# Grant access to audio files to audioserver
allow audioserver audio_data_file:dir ra_dir_perms;
allow audioserver audio_data_file:file create_file_perms;
# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
allow audioserver qtaguid_proc:file rw_file_perms;
allow audioserver qtaguid_device:chr_file r_file_perms;
# Allow abstract socket connection
allow audioserver rild:unix_stream_socket { connectto read write setopt };
# Needed on some devices for playing DRM protected content,
# but seems expected and appropriate for all devices.
unix_socket_connect(audioserver, drmserver, drmserver)
# Needed on some devices for playing audio on paired BT device,
# but seems appropriate for all devices.
unix_socket_connect(audioserver, bluetooth, bluetooth)
# Connect to tee service.
allow audioserver tee:unix_stream_socket connectto;
allow audioserver activity_service:service_manager find;
allow audioserver appops_service:service_manager find;
allow audioserver audioserver_service:service_manager { add find };
allow audioserver cameraproxy_service:service_manager find;
allow audioserver batterystats_service:service_manager find;
allow audioserver drmserver_service:service_manager find;
allow audioserver mediaextractor_service:service_manager find;
allow audioserver mediaserver_service:service_manager find;
allow audioserver permission_service:service_manager find;
allow audioserver power_service:service_manager find;
allow audioserver processinfo_service:service_manager find;
allow audioserver scheduling_policy_service:service_manager find;
allow audioserver surfaceflinger_service:service_manager find;
# /oem access
allow audioserver oemfs:dir search;
allow audioserver oemfs:file r_file_perms;
use_drmservice(audioserver)
allow audioserver drmserver:drmservice {
consumeRights
setPlaybackStatus
openDecryptSession
closeDecryptSession
initializeDecryptUnit
decrypt
finalizeDecryptUnit
pread
};
# only allow unprivileged socket ioctl commands
allowxperm audioserver self:{ rawip_socket tcp_socket udp_socket } ioctl unpriv_sock_ioctls;
###
### neverallow rules
###
# audioserver should never execute any executable without a
# domain transition
neverallow audioserver { file_type fs_type }:file execute_no_trans;
# do not allow privileged socket ioctl commands
neverallowxperm audioserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;