75806ef3c5
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
37 lines
1.2 KiB
Text
37 lines
1.2 KiB
Text
typeattribute mediadrmserver coredomain;
|
|
|
|
init_daemon_domain(mediadrmserver)
|
|
|
|
# allocate and use graphic buffers
|
|
hal_client_domain(mediadrmserver, hal_graphics_allocator)
|
|
auditallow mediadrmserver hal_graphics_allocator_server:binder call;
|
|
|
|
typeattribute mediadrmserver mlstrustedsubject;
|
|
|
|
net_domain(mediadrmserver)
|
|
binder_use(mediadrmserver)
|
|
binder_call(mediadrmserver, binderservicedomain)
|
|
binder_call(mediadrmserver, appdomain)
|
|
binder_service(mediadrmserver)
|
|
hal_client_domain(mediadrmserver, hal_drm)
|
|
|
|
add_service(mediadrmserver, mediadrmserver_service)
|
|
allow mediadrmserver mediaserver_service:service_manager find;
|
|
allow mediadrmserver mediametrics_service:service_manager find;
|
|
allow mediadrmserver processinfo_service:service_manager find;
|
|
allow mediadrmserver surfaceflinger_service:service_manager find;
|
|
allow mediadrmserver system_file:dir r_dir_perms;
|
|
|
|
# TODO(b/80317992): remove
|
|
binder_call(mediadrmserver, hal_omx_server)
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# mediadrmserver should never execute any executable without a
|
|
# domain transition
|
|
neverallow mediadrmserver { file_type fs_type }:file execute_no_trans;
|
|
|
|
# do not allow privileged socket ioctl commands
|
|
neverallowxperm mediadrmserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
|