transcoding: allow transcoding service to use media services
Also allow it to use fd from shell for unit tests.
bug: 154734285
Change-Id: I2c5f3feca11f7ee4ee3ad927050b31f425370a84
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 8a6c602..2c4dce1 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -7,4 +7,6 @@
( new_objects
apex_info_file
debugfs_kprobes
- gnss_device))
+ gnss_device
+ mediatranscoding_tmpfs))
+
diff --git a/private/mediaserver.te b/private/mediaserver.te
index 1691da5..fa2fc08 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -11,8 +11,6 @@
hal_client_domain(mediaserver, hal_omx)
hal_client_domain(mediaserver, hal_codec2)
-allow mediaserver mediatranscoding_service:service_manager find;
-
set_prop(mediaserver, audio_prop)
get_prop(mediaserver, media_config_prop)
diff --git a/private/mediatranscoding.te b/private/mediatranscoding.te
index e0ad84c..0163f13 100644
--- a/private/mediatranscoding.te
+++ b/private/mediatranscoding.te
@@ -1,3 +1,49 @@
+# mediatranscoding - daemon for transcoding video and image.
+type mediatranscoding_exec, system_file_type, exec_type, file_type;
+type mediatranscoding_tmpfs, file_type;
typeattribute mediatranscoding coredomain;
init_daemon_domain(mediatranscoding)
+tmpfs_domain(mediatranscoding)
+allow mediatranscoding appdomain_tmpfs:file { getattr map read write };
+
+binder_use(mediatranscoding)
+binder_call(mediatranscoding, binderservicedomain)
+binder_call(mediatranscoding, appdomain)
+binder_service(mediatranscoding)
+
+add_service(mediatranscoding, mediatranscoding_service)
+
+hal_client_domain(mediatranscoding, hal_graphics_allocator)
+hal_client_domain(mediatranscoding, hal_configstore)
+hal_client_domain(mediatranscoding, hal_omx)
+hal_client_domain(mediatranscoding, hal_codec2)
+
+allow mediatranscoding mediaserver_service:service_manager find;
+allow mediatranscoding mediametrics_service:service_manager find;
+allow mediatranscoding mediaextractor_service:service_manager find;
+
+allow mediatranscoding system_server:fd use;
+allow mediatranscoding activity_service:service_manager find;
+
+# allow mediatranscoding service read/write permissions for file sources
+allow mediatranscoding sdcardfs:file { getattr read write };
+allow mediatranscoding media_rw_data_file:file { getattr read write };
+allow mediatranscoding apk_data_file:file { getattr read };
+allow mediatranscoding shell_data_file:file { getattr read write };
+
+# mediatranscoding should never execute any executable without a
+# domain transition
+neverallow mediatranscoding { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/mediatranscoding.te b/public/mediatranscoding.te
index 2e539df..82d4045 100644
--- a/public/mediatranscoding.te
+++ b/public/mediatranscoding.te
@@ -1,34 +1,3 @@
# mediatranscoding - daemon for transcoding video and image.
type mediatranscoding, domain;
-type mediatranscoding_exec, system_file_type, exec_type, file_type;
-binder_use(mediatranscoding)
-binder_call(mediatranscoding, binderservicedomain)
-binder_service(mediatranscoding)
-
-add_service(mediatranscoding, mediatranscoding_service)
-
-allow mediatranscoding system_server:fd use;
-allow mediatranscoding activity_service:service_manager find;
-allow mediatranscoding untrusted_app:binder call;
-
-# allow mediatranscoding service read/write permissions for file sources
-allow mediatranscoding sdcardfs:file { getattr read write };
-allow mediatranscoding media_rw_data_file:file { getattr read write };
-allow mediatranscoding apk_data_file:file { getattr read };
-
-# mediatranscoding should never execute any executable without a
-# domain transition
-neverallow mediatranscoding { file_type fs_type }:file execute_no_trans;
-
-# The goal of the mediaserver split is to place media processing code into
-# restrictive sandboxes with limited responsibilities and thus limited
-# permissions. Example: Audioserver is only responsible for controlling audio
-# hardware and processing audio content. Cameraserver does the same for camera
-# hardware/content. Etc.
-#
-# Media processing code is inherently risky and thus should have limited
-# permissions and be isolated from the rest of the system and network.
-# Lengthier explanation here:
-# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
-neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *;