public/mediaprovider.te - android_system_sepolicy - Gitiles

 type mediaprovider, domain;

 # MtpServer uses /dev/mtp_usb
 allow mediaprovider mtp_device:chr_file rw_file_perms;

 # MtpServer uses /dev/usb-ffs/mtp
 allow mediaprovider functionfs:dir search;
 allow mediaprovider functionfs:file rw_file_perms;

 # MtpServer sets sys.usb.ffs.mtp.ready
 set_prop(mediaprovider, ffs_prop)

 allow mediaprovider mediacodec_service:service_manager find;
 allow mediaprovider mediadrmserver_service:service_manager find;
 allow mediaprovider mediaextractor_service:service_manager find;
 allow mediaprovider mediaserver_service:service_manager find;
 allow mediaprovider app_api_service:service_manager find;
 allow mediaprovider system_api_service:service_manager find;

 # /sys and /proc access
 r_dir_file(mediaprovider, sysfs_type)
 r_dir_file(mediaprovider, proc)
 r_dir_file(mediaprovider, rootfs)

 # Access to /data/preloads
 allow mediaprovider preloads_data_file:file r_file_perms;

 ###
 ### neverallow rules (see corresponding rules in priv_app)
 ###

 # Receive or send uevent messages.
 neverallow mediaprovider domain:netlink_kobject_uevent_socket *;

 # Receive or send generic netlink messages
 neverallow mediaprovider domain:netlink_socket *;

 # Too much leaky information in debugfs. It's a security
 # best practice to ensure these files aren't readable.
 neverallow mediaprovider debugfs:file read;

 # Only trusted components of Android should be registering
 # services.
 neverallow mediaprovider service_manager_type:service_manager add;

 # Do not allow mediaprovider to be assigned mlstrustedsubject.
 neverallow mediaprovider mlstrustedsubject:process fork;

 # Do not allow mediaprovider to hard link to any files.
 neverallow mediaprovider file_type:file link;
	type mediaprovider, domain;

	# MtpServer uses /dev/mtp_usb
	allow mediaprovider mtp_device:chr_file rw_file_perms;

	# MtpServer uses /dev/usb-ffs/mtp
	allow mediaprovider functionfs:dir search;
	allow mediaprovider functionfs:file rw_file_perms;

	# MtpServer sets sys.usb.ffs.mtp.ready
	set_prop(mediaprovider, ffs_prop)

	allow mediaprovider mediacodec_service:service_manager find;
	allow mediaprovider mediadrmserver_service:service_manager find;
	allow mediaprovider mediaextractor_service:service_manager find;
	allow mediaprovider mediaserver_service:service_manager find;
	allow mediaprovider app_api_service:service_manager find;
	allow mediaprovider system_api_service:service_manager find;

	# /sys and /proc access
	r_dir_file(mediaprovider, sysfs_type)
	r_dir_file(mediaprovider, proc)
	r_dir_file(mediaprovider, rootfs)

	# Access to /data/preloads
	allow mediaprovider preloads_data_file:file r_file_perms;

	###
	### neverallow rules (see corresponding rules in priv_app)
	###

	# Receive or send uevent messages.
	neverallow mediaprovider domain:netlink_kobject_uevent_socket *;

	# Receive or send generic netlink messages
	neverallow mediaprovider domain:netlink_socket *;

	# Too much leaky information in debugfs. It's a security
	# best practice to ensure these files aren't readable.
	neverallow mediaprovider debugfs:file read;

	# Only trusted components of Android should be registering
	# services.
	neverallow mediaprovider service_manager_type:service_manager add;

	# Do not allow mediaprovider to be assigned mlstrustedsubject.
	neverallow mediaprovider mlstrustedsubject:process fork;

	# Do not allow mediaprovider to hard link to any files.
	neverallow mediaprovider file_type:file link;