| Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 1 | typeattribute mediametrics coredomain; |
| 2 | |
| Ray Essick | 3918540 | 2017-01-24 12:53:45 -0800 | [diff] [blame] | 3 | init_daemon_domain(mediametrics) |
| Robert Shih | d37ba73 | 2021-03-12 03:57:38 -0800 | [diff] [blame] | 4 | |
| 5 | # Needed for stats callback registration to statsd. |
| 6 | allow mediametrics stats_service:service_manager find; |
| 7 | allow mediametrics statsmanager_service:service_manager find; |
| 8 | binder_call(mediametrics, statsd) |
| Inseob Kim | 75806ef | 2024-03-27 17:18:41 +0900 | [diff] [blame^] | 9 | |
| 10 | binder_use(mediametrics) |
| 11 | binder_call(mediametrics, binderservicedomain) |
| 12 | binder_service(mediametrics) |
| 13 | |
| 14 | add_service(mediametrics, mediametrics_service) |
| 15 | |
| 16 | allow mediametrics system_server:fd use; |
| 17 | |
| 18 | r_dir_file(mediametrics, cgroup) |
| 19 | r_dir_file(mediametrics, cgroup_v2) |
| 20 | allow mediametrics proc_meminfo:file r_file_perms; |
| 21 | |
| 22 | # allows interactions with dumpsys to GMScore |
| 23 | allow mediametrics { app_data_file privapp_data_file }:file write; |
| 24 | |
| 25 | # allow access to package manager for uid->apk mapping |
| 26 | allow mediametrics package_native_service:service_manager find; |
| 27 | |
| 28 | # Allow metrics service to send information to statsd socket. |
| 29 | unix_socket_send(mediametrics, statsdw, statsd) |
| 30 | |
| 31 | ### |
| 32 | ### neverallow rules |
| 33 | ### |
| 34 | |
| 35 | # mediametrics should never execute any executable without a |
| 36 | # domain transition |
| 37 | neverallow mediametrics { file_type fs_type }:file execute_no_trans; |
| 38 | |
| 39 | # The goal of the mediaserver split is to place media processing code into |
| 40 | # restrictive sandboxes with limited responsibilities and thus limited |
| 41 | # permissions. Example: Audioserver is only responsible for controlling audio |
| 42 | # hardware and processing audio content. Cameraserver does the same for camera |
| 43 | # hardware/content. Etc. |
| 44 | # |
| 45 | # Media processing code is inherently risky and thus should have limited |
| 46 | # permissions and be isolated from the rest of the system and network. |
| 47 | # Lengthier explanation here: |
| 48 | # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html |
| 49 | neverallow mediametrics domain:{ udp_socket rawip_socket } *; |
| 50 | neverallow mediametrics { domain userdebug_or_eng(`-su') }:tcp_socket *; |