| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 1 | # audioserver - audio services daemon |
| 2 | |
| Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 3 | typeattribute audioserver coredomain; |
| 4 | |
| Nick Kralevich | 5e37271 | 2018-09-27 10:21:37 -0700 | [diff] [blame] | 5 | type audioserver_exec, exec_type, file_type, system_file_type; |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 6 | init_daemon_domain(audioserver) |
| Jeff Vander Stoep | e16fb91 | 2019-01-23 15:07:40 -0800 | [diff] [blame] | 7 | tmpfs_domain(audioserver) |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 8 | |
| 9 | r_dir_file(audioserver, sdcard_type) |
| 10 | |
| 11 | binder_use(audioserver) |
| 12 | binder_call(audioserver, binderservicedomain) |
| 13 | binder_call(audioserver, appdomain) |
| 14 | binder_service(audioserver) |
| 15 | |
| Alex Klyubin | 7cda44f | 2017-03-21 14:28:53 -0700 | [diff] [blame] | 16 | hal_client_domain(audioserver, hal_allocator) |
| Alex Klyubin | 2d70446 | 2017-04-10 11:40:53 -0700 | [diff] [blame] | 17 | # /system/lib64/hw for always-passthrough Allocator HAL ashmem / mapper .so |
| 18 | r_dir_file(audioserver, system_file) |
| 19 | |
| Alex Klyubin | ac2b4cd | 2017-02-13 14:40:49 -0800 | [diff] [blame] | 20 | hal_client_domain(audioserver, hal_audio) |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 21 | |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 22 | userdebug_or_eng(` |
| 23 | # used for TEE sink - pcm capture for debug. |
| 24 | allow audioserver media_data_file:dir create_dir_perms; |
| 25 | allow audioserver audioserver_data_file:dir create_dir_perms; |
| 26 | allow audioserver audioserver_data_file:file create_file_perms; |
| 27 | |
| 28 | # ptrace to processes in the same domain for memory leak detection |
| 29 | allow audioserver self:process ptrace; |
| 30 | ') |
| 31 | |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 32 | add_service(audioserver, audioserver_service) |
| Svet Ganov | b9a1e7b | 2018-01-16 21:14:34 -0800 | [diff] [blame] | 33 | allow audioserver activity_service:service_manager find; |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 34 | allow audioserver appops_service:service_manager find; |
| 35 | allow audioserver batterystats_service:service_manager find; |
| Michael Wright | e9f1668 | 2019-01-22 20:55:08 +0000 | [diff] [blame] | 36 | allow audioserver external_vibrator_service:service_manager find; |
| Kevin Rocard | 25f6057 | 2019-02-23 11:41:26 -0800 | [diff] [blame] | 37 | allow audioserver package_native_service:service_manager find; |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 38 | allow audioserver permission_service:service_manager find; |
| Svet Ganov | 365c57f | 2021-05-20 16:15:31 +0000 | [diff] [blame] | 39 | allow audioserver permission_checker_service:service_manager find; |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 40 | allow audioserver power_service:service_manager find; |
| 41 | allow audioserver scheduling_policy_service:service_manager find; |
| Ray Essick | b85e382 | 2018-05-07 13:30:53 -0700 | [diff] [blame] | 42 | allow audioserver mediametrics_service:service_manager find; |
| Michael Groover | 1f6b919 | 2018-12-17 21:33:15 -0800 | [diff] [blame] | 43 | allow audioserver sensor_privacy_service:service_manager find; |
| Ytai Ben-Tsvi | 43a4742 | 2019-11-18 14:52:43 -0800 | [diff] [blame] | 44 | allow audioserver soundtrigger_middleware_service:service_manager find; |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 45 | |
| Aniket Kumar Lata | d3d7800 | 2018-01-31 20:20:08 -0800 | [diff] [blame] | 46 | # Allow read/write access to bluetooth-specific properties |
| Jaekyun Seok | 224921d | 2018-04-09 12:07:32 +0900 | [diff] [blame] | 47 | set_prop(audioserver, bluetooth_a2dp_offload_prop) |
| Cheney Ni | e55a74b | 2019-03-18 11:07:32 +0800 | [diff] [blame] | 48 | set_prop(audioserver, bluetooth_audio_hal_prop) |
| Aniket Kumar Lata | d3d7800 | 2018-01-31 20:20:08 -0800 | [diff] [blame] | 49 | set_prop(audioserver, bluetooth_prop) |
| Jaekyun Seok | 224921d | 2018-04-09 12:07:32 +0900 | [diff] [blame] | 50 | set_prop(audioserver, exported_bluetooth_prop) |
| Ajay Panicker | e32d940 | 2018-02-27 11:43:23 -0800 | [diff] [blame] | 51 | |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 52 | # Grant access to audio files to audioserver |
| 53 | allow audioserver audio_data_file:dir ra_dir_perms; |
| 54 | allow audioserver audio_data_file:file create_file_perms; |
| 55 | |
| Phil Burk | 2b7f74e | 2017-04-19 13:21:27 -0700 | [diff] [blame] | 56 | # allow access to ALSA MMAP FDs for AAudio API |
| 57 | allow audioserver audio_device:chr_file { read write }; |
| 58 | |
| Joel Galenson | 6e8bfa2 | 2018-03-19 17:13:48 -0700 | [diff] [blame] | 59 | not_full_treble(`allow audioserver audio_device:dir r_dir_perms;') |
| 60 | not_full_treble(`allow audioserver audio_device:chr_file rw_file_perms;') |
| 61 | |
| Mikhail Naganov | 9450a87 | 2017-04-27 18:54:52 -0700 | [diff] [blame] | 62 | # For A2DP bridge which is loaded directly into audioserver |
| 63 | unix_socket_connect(audioserver, bluetooth, bluetooth) |
| 64 | |
| Mikhail Naganov | 05e12db | 2018-04-06 14:52:15 -0700 | [diff] [blame] | 65 | # Allow shell commands from ADB and shell for CTS testing/dumping |
| Svet Ganov | b9a1e7b | 2018-01-16 21:14:34 -0800 | [diff] [blame] | 66 | allow audioserver adbd:fd use; |
| 67 | allow audioserver adbd:unix_stream_socket { read write }; |
| Mikhail Naganov | 05e12db | 2018-04-06 14:52:15 -0700 | [diff] [blame] | 68 | allow audioserver shell:fifo_file { read write }; |
| Svet Ganov | b9a1e7b | 2018-01-16 21:14:34 -0800 | [diff] [blame] | 69 | |
| 70 | # Allow shell commands from ADB for CTS testing/dumping |
| 71 | userdebug_or_eng(` |
| 72 | allow audioserver su:fd use; |
| 73 | allow audioserver su:fifo_file { read write }; |
| 74 | allow audioserver su:unix_stream_socket { read write }; |
| 75 | ') |
| 76 | |
| Tomoharu Kasahara | 0a65041 | 2018-11-08 15:54:02 +0900 | [diff] [blame] | 77 | # Allow write access to log tag property |
| 78 | set_prop(audioserver, log_tag_prop); |
| 79 | |
| Alex Klyubin | 238ce79 | 2017-02-07 10:47:18 -0800 | [diff] [blame] | 80 | ### |
| 81 | ### neverallow rules |
| 82 | ### |
| 83 | |
| 84 | # audioserver should never execute any executable without a |
| 85 | # domain transition |
| 86 | neverallow audioserver { file_type fs_type }:file execute_no_trans; |
| 87 | |
| Nick Kralevich | 38c1282 | 2017-02-16 12:34:51 -0800 | [diff] [blame] | 88 | # The goal of the mediaserver split is to place media processing code into |
| 89 | # restrictive sandboxes with limited responsibilities and thus limited |
| 90 | # permissions. Example: Audioserver is only responsible for controlling audio |
| 91 | # hardware and processing audio content. Cameraserver does the same for camera |
| 92 | # hardware/content. Etc. |
| 93 | # |
| 94 | # Media processing code is inherently risky and thus should have limited |
| 95 | # permissions and be isolated from the rest of the system and network. |
| 96 | # Lengthier explanation here: |
| 97 | # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html |
| Yifan Hong | be04b09 | 2021-06-07 12:37:31 -0700 | [diff] [blame] | 98 | neverallow audioserver domain:{ udp_socket rawip_socket } *; |
| 99 | neverallow audioserver { domain userdebug_or_eng(`-su') }:tcp_socket *; |
| Tri Vo | ef81102 | 2018-05-17 17:27:54 -0700 | [diff] [blame] | 100 | |
| 101 | # Allow using wake locks |
| 102 | wakelock_use(audioserver) |
| Inseob Kim | 4ce4e87 | 2020-05-06 19:17:42 +0900 | [diff] [blame] | 103 | |
| 104 | # Allow reading audio config props, e.g. af.fast_track_multiplier |
| 105 | get_prop(audioserver, audio_config_prop) |