Blame - private/surfaceflinger.te - android_system_sepolicy

blob: 1e0e1ef9c5e12292c3c45cd12f1064afc30b4cd1 [file] [log] [blame]

Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	1	# surfaceflinger - display compositor service
				2
Alex Klyubin	f5446eb	2017-03-23 14:27:32 -0700	[diff] [blame]	3	typeattribute surfaceflinger coredomain;
				4
Nick Kralevich	5e37271	2018-09-27 10:21:37 -0700	[diff] [blame]	5	type surfaceflinger_exec, system_file_type, exec_type, file_type;
dcashman	cc39f63	2016-07-22 13:13:11 -0700	[diff] [blame]	6	init_daemon_domain(surfaceflinger)
Jeff Vander Stoep	9f5d0d9	2019-01-29 14:43:45 -0800	[diff] [blame]	7	tmpfs_domain(surfaceflinger)
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	8
				9	typeattribute surfaceflinger mlstrustedsubject;
Steven Moreland	e8ab002	2017-05-16 17:43:52 -0700	[diff] [blame]	10	typeattribute surfaceflinger display_service_server;
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	11
				12	read_runtime_log_tags(surfaceflinger)
				13
				14	# Perform HwBinder IPC.
Alex Klyubin	9e6b24c	2017-03-16 18:48:40 -0700	[diff] [blame]	15	hal_client_domain(surfaceflinger, hal_graphics_allocator)
Alex Klyubin	9e6b24c	2017-03-16 18:48:40 -0700	[diff] [blame]	16	hal_client_domain(surfaceflinger, hal_graphics_composer)
Jeff Vander Stoep	9f5d0d9	2019-01-29 14:43:45 -0800	[diff] [blame]	17	typeattribute surfaceflinger_tmpfs hal_graphics_composer_client_tmpfs;
Pawin Vongmasa	609c243	2019-04-30 05:09:28 -0700	[diff] [blame]	18	hal_client_domain(surfaceflinger, hal_codec2)
Pawin Vongmasa	ff2dcca	2018-06-29 17:02:23 -0700	[diff] [blame]	19	hal_client_domain(surfaceflinger, hal_omx)
Alex Klyubin	9e6b24c	2017-03-16 18:48:40 -0700	[diff] [blame]	20	hal_client_domain(surfaceflinger, hal_configstore)
Peiyong Lin	02be597	2018-06-22 10:37:10 -0700	[diff] [blame]	21	hal_client_domain(surfaceflinger, hal_power)
Alex Klyubin	53656c1	2017-04-13 19:05:27 -0700	[diff] [blame]	22	allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	23
				24	# Perform Binder IPC.
				25	binder_use(surfaceflinger)
				26	binder_call(surfaceflinger, binderservicedomain)
				27	binder_call(surfaceflinger, appdomain)
				28	binder_call(surfaceflinger, bootanim)
Jeffrey Huang	225850b	2020-02-04 16:58:57 -0800	[diff] [blame]	29	binder_call(surfaceflinger, system_server);
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	30	binder_service(surfaceflinger)
				31
				32	# Binder IPC to bu, presently runs in adbd domain.
				33	binder_call(surfaceflinger, adbd)
				34
				35	# Read /proc/pid files for Binder clients.
				36	r_dir_file(surfaceflinger, binderservicedomain)
				37	r_dir_file(surfaceflinger, appdomain)
				38
				39	# Access the GPU.
				40	allow surfaceflinger gpu_device:chr_file rw_file_perms;
Jason Macnak	a933980	2022-02-24 18:32:16 +0000	[diff] [blame]	41	allow surfaceflinger gpu_device:dir r_dir_perms;
				42	allow surfaceflinger sysfs_gpu:file r_file_perms;
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	43
				44	# Access /dev/graphics/fb0.
				45	allow surfaceflinger graphics_device:dir search;
				46	allow surfaceflinger graphics_device:chr_file rw_file_perms;
				47
				48	# Access /dev/video1.
				49	allow surfaceflinger video_device:dir r_dir_perms;
				50	allow surfaceflinger video_device:chr_file rw_file_perms;
				51
Jörg Wagner	213e1d8	2023-01-18 16:00:52 +0000	[diff] [blame]	52	# Access the secure heap.
				53	allow surfaceflinger dmabuf_system_secure_heap_device:chr_file r_file_perms;
				54
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	55	# Create and use netlink kobject uevent sockets.
				56	allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
				57
				58	# Set properties.
				59	set_prop(surfaceflinger, system_prop)
Nicolas Geoffray	6a31147	2021-04-28 13:57:11 +0100	[diff] [blame]	60	set_prop(surfaceflinger, bootanim_system_prop)
Jaekyun Seok	e497145	2017-10-19 16:54:49 +0900	[diff] [blame]	61	set_prop(surfaceflinger, exported_system_prop)
Jaekyun Seok	e497145	2017-10-19 16:54:49 +0900	[diff] [blame]	62	set_prop(surfaceflinger, exported3_system_prop)
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	63	set_prop(surfaceflinger, ctl_bootanim_prop)
Neil Fuller	8fa264d	2022-09-28 08:52:46 +0000	[diff] [blame]	64	set_prop(surfaceflinger, locale_prop)
Midas Chien	0d0391f	2020-06-17 22:13:21 +0800	[diff] [blame]	65	set_prop(surfaceflinger, surfaceflinger_display_prop)
Neil Fuller	8fa264d	2022-09-28 08:52:46 +0000	[diff] [blame]	66	set_prop(surfaceflinger, timezone_prop)
Amy Hsu	98412ab	2020-05-05 13:20:30 +0800	[diff] [blame]	67
Roman Kiryanov	f6afebf	2021-02-23 15:08:56 -0800	[diff] [blame]	68	# Get properties.
				69	get_prop(surfaceflinger, qemu_sf_lcd_density_prop)
Rachel Lee	e0cbab2	2021-07-02 16:30:36 -0700	[diff] [blame]	70	get_prop(surfaceflinger, device_config_surface_flinger_native_boot_prop)
Roman Kiryanov	f6afebf	2021-02-23 15:08:56 -0800	[diff] [blame]	71
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	72	# Use open files supplied by an app.
				73	allow surfaceflinger appdomain:fd use;
Nick Kralevich	23c9d91	2018-08-02 15:54:23 -0700	[diff] [blame]	74	allow surfaceflinger { app_data_file privapp_data_file }:file { read write };
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	75
Vishnu Nair	2d6942d	2017-11-17 08:23:32 -0800	[diff] [blame]	76	# Allow writing surface traces to /data/misc/wmtrace.
				77	userdebug_or_eng(`
				78	allow surfaceflinger wm_trace_data_file:dir rw_dir_perms;
				79	allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
				80	')
				81
Ryan Savitski	babba5e	2022-06-30 15:20:13 +0100	[diff] [blame]	82	# Needed to register as a Perfetto producer.
Florian Mayer	5e52281	2019-10-08 16:15:14 +0100	[diff] [blame]	83	perfetto_producer(surfaceflinger)
Mikael Pessa	c97ea91	2019-07-01 09:22:59 -0700	[diff] [blame]	84
Chris Forbes	676003c	2017-04-28 10:10:36 -0700	[diff] [blame]	85	# Use socket supplied by adbd, for cmd gpu vkjson etc.
				86	allow surfaceflinger adbd:unix_stream_socket { read write getattr };
				87
Patrick Williams	eec9b70	2024-08-29 15:50:54 +0000	[diff] [blame]	88	# Allow reading and writing to sockets used for BLAST buffer releases.
				89	# SurfaceFlinger never reads from these sockets but needs read permissions in order to receive
				90	# the file descriptors over binder. There's no mechanism to mark a socket as write-only.
				91	# shutdown is used to close the read-end of the sockets that are sent to SurfaceFlinger. See
				92	# b/353597444
Patrick Williams	e85c803	2024-07-09 22:21:28 +0000	[diff] [blame]	93	allow surfaceflinger { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:unix_stream_socket { read write };
				94	allow surfaceflinger bootanim:unix_stream_socket { read write };
Patrick Williams	eec9b70	2024-08-29 15:50:54 +0000	[diff] [blame]	95	allow surfaceflinger automotive_display_service:unix_stream_socket { read write };
Patrick Williams	e85c803	2024-07-09 22:21:28 +0000	[diff] [blame]	96
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	97	# Allow a dumpstate triggered screenshot
				98	binder_call(surfaceflinger, dumpstate)
				99	binder_call(surfaceflinger, shell)
				100	r_dir_file(surfaceflinger, dumpstate)
				101
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	102	# media.player service
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	103
				104	# do not use add_service() as hal_graphics_composer_default may be the
				105	# provider as well
				106	#add_service(surfaceflinger, surfaceflinger_service)
				107	allow surfaceflinger surfaceflinger_service:service_manager { add find };
				108
				109	allow surfaceflinger mediaserver_service:service_manager find;
				110	allow surfaceflinger permission_service:service_manager find;
				111	allow surfaceflinger power_service:service_manager find;
Jeff Vander Stoep	8bf3b7a	2017-02-10 13:33:56 -0800	[diff] [blame]	112	allow surfaceflinger vr_manager_service:service_manager find;
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	113	allow surfaceflinger window_service:service_manager find;
Robert Carr	a49b27a	2018-11-16 13:32:58 -0800	[diff] [blame]	114	allow surfaceflinger inputflinger_service:service_manager find;
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	115
Jeff Vander Stoep	8bf3b7a	2017-02-10 13:33:56 -0800	[diff] [blame]	116
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	117	# allow self to set SCHED_FIFO
Benjamin Gordon	9b2e0cb	2017-11-09 15:51:26 -0700	[diff] [blame]	118	allow surfaceflinger self:global_capability_class_set sys_nice;
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	119	allow surfaceflinger proc_meminfo:file r_file_perms;
				120	r_dir_file(surfaceflinger, cgroup)
Marco Ballesio	aa4ce95	2021-02-11 15:18:11 -0800	[diff] [blame]	121	r_dir_file(surfaceflinger, cgroup_v2)
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	122	r_dir_file(surfaceflinger, system_file)
				123	allow surfaceflinger tmpfs:dir r_dir_perms;
				124	allow surfaceflinger system_server:fd use;
Robert Carr	a49b27a	2018-11-16 13:32:58 -0800	[diff] [blame]	125	allow surfaceflinger system_server:unix_stream_socket { read write };
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	126	allow surfaceflinger ion_device:chr_file r_file_perms;
Hridya Valsaraju	8d5403c	2021-02-15 21:57:42 -0800	[diff] [blame]	127	allow surfaceflinger dmabuf_system_heap_device:chr_file r_file_perms;
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	128
Nick Bray	084faf0	2017-02-09 15:15:11 -0800	[diff] [blame]	129	# pdx IPC
Alex Vakulenko	41daa7f	2017-05-01 13:01:44 -0700	[diff] [blame]	130	pdx_server(surfaceflinger, display_client)
				131	pdx_server(surfaceflinger, display_manager)
				132	pdx_server(surfaceflinger, display_screenshot)
				133	pdx_server(surfaceflinger, display_vsync)
Nick Bray	084faf0	2017-02-09 15:15:11 -0800	[diff] [blame]	134
Alex Vakulenko	41daa7f	2017-05-01 13:01:44 -0700	[diff] [blame]	135	pdx_client(surfaceflinger, bufferhub_client)
				136	pdx_client(surfaceflinger, performance_client)
Nick Bray	084faf0	2017-02-09 15:15:11 -0800	[diff] [blame]	137
Alec Mouri	f5df7b4	2019-09-23 18:45:05 -0700	[diff] [blame]	138	# Allow supplying timestats statistics to statsd
				139	allow surfaceflinger stats_service:service_manager find;
Jeffrey Huang	225850b	2020-02-04 16:58:57 -0800	[diff] [blame]	140	allow surfaceflinger statsmanager_service:service_manager find;
				141	# TODO(146461633): remove this once native pullers talk to StatsManagerService
Alec Mouri	f5df7b4	2019-09-23 18:45:05 -0700	[diff] [blame]	142	binder_call(surfaceflinger, statsd);
Alec Mouri	8809e9b	2024-10-17 17:36:59 +0000	[diff] [blame]	143	# Allow pushing atoms to the stats bootstrap atom service
				144	allow surfaceflinger statsbootstrap_service:service_manager find;
Alec Mouri	f5df7b4	2019-09-23 18:45:05 -0700	[diff] [blame]	145
Changyeon Jo	eacb109	2022-02-10 14:09:02 +0000	[diff] [blame]	146	# Allow to use files supplied by hal_evs
				147	allow surfaceflinger hal_evs:fd use;
				148
Syed Haq	ed5ecbb	2022-06-02 11:03:59 -0700	[diff] [blame]	149	# Allow to use release fence fds supplied by hal_camera
				150	allow surfaceflinger hal_camera:fd use;
				151
Alec Mouri	b254ff2	2020-02-07 13:41:06 -0800	[diff] [blame]	152
Jeff Vander Stoep	67896ee	2020-04-02 13:36:17 +0200	[diff] [blame]	153	# Surfaceflinger should not be reading default vendor-defined properties.
				154	dontaudit surfaceflinger vendor_default_prop:file read;
				155
Alex Klyubin	5d30beb	2017-02-07 10:05:07 -0800	[diff] [blame]	156	###
				157	### Neverallow rules
				158	###
				159	### surfaceflinger should NEVER do any of this
				160
				161	# Do not allow accessing SDcard files as unsafe ejection could
				162	# cause the kernel to kill the process.
Thiébaud Weksteen	9ec5327	2021-06-23 10:21:49 +0200	[diff] [blame]	163	neverallow surfaceflinger { sdcard_type fuse }:file rw_file_perms;
Joel Galenson	f7ec413	2018-02-14 16:32:28 -0800	[diff] [blame]	164
				165	# b/68864350
				166	dontaudit surfaceflinger unlabeled:dir search;