| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 1 | # surfaceflinger - display compositor service |
| 2 | |
| 3 | type surfaceflinger_exec, exec_type, file_type; |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 4 | init_daemon_domain(surfaceflinger) |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 5 | |
| 6 | typeattribute surfaceflinger mlstrustedsubject; |
| 7 | |
| 8 | read_runtime_log_tags(surfaceflinger) |
| 9 | |
| 10 | # Perform HwBinder IPC. |
| 11 | hwbinder_use(surfaceflinger) |
| Alex Klyubin | 9e6b24c | 2017-03-16 18:48:40 -0700 | [diff] [blame] | 12 | hal_client_domain(surfaceflinger, hal_graphics_allocator) |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 13 | binder_call(surfaceflinger, hal_graphics_composer) |
| Alex Klyubin | 9e6b24c | 2017-03-16 18:48:40 -0700 | [diff] [blame] | 14 | hal_client_domain(surfaceflinger, hal_graphics_composer) |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 15 | binder_call(surfaceflinger, hal_configstore) |
| Alex Klyubin | 9e6b24c | 2017-03-16 18:48:40 -0700 | [diff] [blame] | 16 | hal_client_domain(surfaceflinger, hal_configstore) |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 17 | |
| 18 | # Perform Binder IPC. |
| 19 | binder_use(surfaceflinger) |
| 20 | binder_call(surfaceflinger, binderservicedomain) |
| 21 | binder_call(surfaceflinger, appdomain) |
| 22 | binder_call(surfaceflinger, bootanim) |
| 23 | binder_service(surfaceflinger) |
| 24 | |
| 25 | # Binder IPC to bu, presently runs in adbd domain. |
| 26 | binder_call(surfaceflinger, adbd) |
| 27 | |
| 28 | # Read /proc/pid files for Binder clients. |
| 29 | r_dir_file(surfaceflinger, binderservicedomain) |
| 30 | r_dir_file(surfaceflinger, appdomain) |
| 31 | |
| 32 | # Access the GPU. |
| 33 | allow surfaceflinger gpu_device:chr_file rw_file_perms; |
| 34 | |
| 35 | # Access /dev/graphics/fb0. |
| 36 | allow surfaceflinger graphics_device:dir search; |
| 37 | allow surfaceflinger graphics_device:chr_file rw_file_perms; |
| 38 | |
| 39 | # Access /dev/video1. |
| 40 | allow surfaceflinger video_device:dir r_dir_perms; |
| 41 | allow surfaceflinger video_device:chr_file rw_file_perms; |
| 42 | |
| 43 | # Create and use netlink kobject uevent sockets. |
| 44 | allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; |
| 45 | |
| 46 | # Set properties. |
| 47 | set_prop(surfaceflinger, system_prop) |
| 48 | set_prop(surfaceflinger, ctl_bootanim_prop) |
| 49 | |
| 50 | # Use open files supplied by an app. |
| 51 | allow surfaceflinger appdomain:fd use; |
| 52 | allow surfaceflinger app_data_file:file { read write }; |
| 53 | |
| 54 | # Allow a dumpstate triggered screenshot |
| 55 | binder_call(surfaceflinger, dumpstate) |
| 56 | binder_call(surfaceflinger, shell) |
| 57 | r_dir_file(surfaceflinger, dumpstate) |
| 58 | |
| 59 | # Needed on some devices for playing DRM protected content, |
| 60 | # but seems expected and appropriate for all devices. |
| 61 | allow surfaceflinger tee:unix_stream_socket connectto; |
| 62 | allow surfaceflinger tee_device:chr_file rw_file_perms; |
| 63 | |
| 64 | |
| 65 | # media.player service |
| 66 | add_service(surfaceflinger, gpu_service) |
| 67 | |
| 68 | # do not use add_service() as hal_graphics_composer_default may be the |
| 69 | # provider as well |
| 70 | #add_service(surfaceflinger, surfaceflinger_service) |
| 71 | allow surfaceflinger surfaceflinger_service:service_manager { add find }; |
| 72 | |
| 73 | allow surfaceflinger mediaserver_service:service_manager find; |
| 74 | allow surfaceflinger permission_service:service_manager find; |
| 75 | allow surfaceflinger power_service:service_manager find; |
| Jeff Vander Stoep | 8bf3b7a | 2017-02-10 13:33:56 -0800 | [diff] [blame] | 76 | allow surfaceflinger vr_manager_service:service_manager find; |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 77 | allow surfaceflinger window_service:service_manager find; |
| 78 | |
| Jeff Vander Stoep | 8bf3b7a | 2017-02-10 13:33:56 -0800 | [diff] [blame] | 79 | |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 80 | # allow self to set SCHED_FIFO |
| 81 | allow surfaceflinger self:capability sys_nice; |
| 82 | allow surfaceflinger proc_meminfo:file r_file_perms; |
| 83 | r_dir_file(surfaceflinger, cgroup) |
| 84 | r_dir_file(surfaceflinger, sysfs_type) |
| 85 | r_dir_file(surfaceflinger, system_file) |
| 86 | allow surfaceflinger tmpfs:dir r_dir_perms; |
| 87 | allow surfaceflinger system_server:fd use; |
| 88 | allow surfaceflinger ion_device:chr_file r_file_perms; |
| 89 | |
| Nick Bray | 084faf0 | 2017-02-09 15:15:11 -0800 | [diff] [blame] | 90 | # pdx IPC |
| 91 | pdx_server(surfaceflinger) |
| 92 | |
| 93 | use_pdx(surfaceflinger, bufferhubd) |
| 94 | use_pdx(surfaceflinger, performanced) |
| 95 | use_pdx(surfaceflinger, sensord) |
| 96 | |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 97 | ### |
| 98 | ### Neverallow rules |
| 99 | ### |
| 100 | ### surfaceflinger should NEVER do any of this |
| 101 | |
| 102 | # Do not allow accessing SDcard files as unsafe ejection could |
| 103 | # cause the kernel to kill the process. |
| 104 | neverallow surfaceflinger sdcard_type:file rw_file_perms; |