Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 0fee0133c676975f4398f6209ddcca045620c601 / . / vendor / mediacodec.te
blob: f78b58f2854568552b903fb8035d54d09cdecd02 [file] [log] [blame]
Steven Moreland7baf7252018-05-25 16:23:37 -0700[diff] [blame]1type mediacodec, domain, mlstrustedsubject;
2type mediacodec_exec, exec_type, vendor_file_type, file_type;
3
4init_daemon_domain(mediacodec)
5
Chong Zhangbdbfff12018-09-20 12:07:44 -0700[diff] [blame]6# can route /dev/binder traffic to /dev/vndbinder
7vndbinder_use(mediacodec)
8
Pawin Vongmasa609c2432019-04-30 05:09:28 -0700[diff] [blame]9hal_server_domain(mediacodec, hal_codec2)
Steven Moreland7baf7252018-05-25 16:23:37 -0700[diff] [blame]10hal_server_domain(mediacodec, hal_omx)
11
Pawin Vongmasa609c2432019-04-30 05:09:28 -0700[diff] [blame]12# mediacodec may use an input surface from a different Codec2 or OMX service
13hal_client_domain(mediacodec, hal_codec2)
14hal_client_domain(mediacodec, hal_omx)
15
Steven Moreland7baf7252018-05-25 16:23:37 -0700[diff] [blame]16hal_client_domain(mediacodec, hal_allocator)
Steven Moreland7baf7252018-05-25 16:23:37 -0700[diff] [blame]17hal_client_domain(mediacodec, hal_graphics_allocator)
Chong Zhangbdbfff12018-09-20 12:07:44 -0700[diff] [blame]18
19allow mediacodec gpu_device:chr_file rw_file_perms;
Pawin Vongmasa609c2432019-04-30 05:09:28 -0700[diff] [blame]20allow mediacodec ion_device:chr_file rw_file_perms;
Hridya Valsaraju0fee0132021-01-13 21:05:07 -0800[diff] [blame^]21allow mediacodec dmabuf_system_heap_device:chr_file r_file_perms;
Chong Zhangbdbfff12018-09-20 12:07:44 -0700[diff] [blame]22allow mediacodec video_device:chr_file rw_file_perms;
23allow mediacodec video_device:dir search;
24
Pawin Vongmasa609c2432019-04-30 05:09:28 -0700[diff] [blame]25crash_dump_fallback(mediacodec)
26
Inseob Kimbdcbcf02020-05-06 18:30:20 +0900[diff] [blame]27# get aac_drc_* properties
28get_prop(mediacodec, aac_drc_prop)
29
Pawin Vongmasa609c2432019-04-30 05:09:28 -0700[diff] [blame]30# mediacodec should never execute any executable without a domain transition
31neverallow mediacodec { file_type fs_type }:file execute_no_trans;
32
33# Media processing code is inherently risky and thus should have limited
34# permissions and be isolated from the rest of the system and network.
35# Lengthier explanation here:
36# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
37neverallow mediacodec domain:{ tcp_socket udp_socket rawip_socket } *;
38