tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public/mediaextractor.te
Andy Hung ec5f80cb61 MediaExtractor: Allow reading of app data files. 
Needed to allow lower power Play Music of downloaded files.

    05-24 10:12:49.331 24025 24025 W generic : type=1400
          audit(0.0:1259): avc: denied { read } for
          path="/data/data/com.google.android.music/files/music/925.mp3"
          dev="sda35" ino=2179256 scontext=u:r:mediaextractor:s0
          tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file
          permissive=0

Test: Play Music
Bug: 62059834

Change-Id: I97bdb1d175dba8f7a8ec6cd9084323cfcd3660bd
2017-05-24 14:18:38 -07:00

50 lines
1.9 KiB
Text
Raw Blame History

# mediaextractor - multimedia daemon
type mediaextractor, domain;
type mediaextractor_exec, exec_type, file_type;
typeattribute mediaextractor mlstrustedsubject;
binder_use(mediaextractor)
binder_call(mediaextractor, binderservicedomain)
binder_call(mediaextractor, appdomain)
binder_service(mediaextractor)
add_service(mediaextractor, mediaextractor_service)
allow mediaextractor mediametrics_service:service_manager find;
allow mediaextractor mediacasserver_service:service_manager find;
allow mediaextractor system_server:fd use;
r_dir_file(mediaextractor, cgroup)
allow mediaextractor proc_meminfo:file r_file_perms;
crash_dump_fallback(mediaextractor)
# allow mediaextractor read permissions for file sources
allow mediaextractor media_rw_data_file:file { getattr read };
allow mediaextractor app_data_file:file { getattr read };
# Read resources from open apk files passed over Binder
allow mediaextractor apk_data_file:file { read getattr };
allow mediaextractor asec_apk_file:file { read getattr };
allow mediaextractor ringtone_file:file { read getattr };
###
### neverallow rules
###
# mediaextractor should never execute any executable without a
# domain transition
neverallow mediaextractor { file_type fs_type }:file execute_no_trans;
# The goal of the mediaserver split is to place media processing code into
# restrictive sandboxes with limited responsibilities and thus limited
# permissions. Example: Audioserver is only responsible for controlling audio
# hardware and processing audio content. Cameraserver does the same for camera
# hardware/content. Etc.
#
# Media processing code is inherently risky and thus should have limited
# permissions and be isolated from the rest of the system and network.
# Lengthier explanation here:
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
neverallow mediaextractor domain:{ tcp_socket udp_socket rawip_socket } *;
Reference in a new issue View git blame Copy permalink