| Steven Moreland | 7baf725 | 2018-05-25 16:23:37 -0700 | [diff] [blame] | 1 | type mediacodec, domain, mlstrustedsubject; |
| 2 | type mediacodec_exec, exec_type, vendor_file_type, file_type; |
| 3 | |
| 4 | init_daemon_domain(mediacodec) |
| 5 | |
| Chong Zhang | bdbfff1 | 2018-09-20 12:07:44 -0700 | [diff] [blame] | 6 | # can route /dev/binder traffic to /dev/vndbinder |
| 7 | vndbinder_use(mediacodec) |
| 8 | |
| Pawin Vongmasa | 609c243 | 2019-04-30 05:09:28 -0700 | [diff] [blame] | 9 | hal_server_domain(mediacodec, hal_codec2) |
| Steven Moreland | 7baf725 | 2018-05-25 16:23:37 -0700 | [diff] [blame] | 10 | hal_server_domain(mediacodec, hal_omx) |
| 11 | |
| Pawin Vongmasa | 609c243 | 2019-04-30 05:09:28 -0700 | [diff] [blame] | 12 | # mediacodec may use an input surface from a different Codec2 or OMX service |
| 13 | hal_client_domain(mediacodec, hal_codec2) |
| 14 | hal_client_domain(mediacodec, hal_omx) |
| 15 | |
| Steven Moreland | 7baf725 | 2018-05-25 16:23:37 -0700 | [diff] [blame] | 16 | hal_client_domain(mediacodec, hal_allocator) |
| Steven Moreland | 7baf725 | 2018-05-25 16:23:37 -0700 | [diff] [blame] | 17 | hal_client_domain(mediacodec, hal_graphics_allocator) |
| Chong Zhang | bdbfff1 | 2018-09-20 12:07:44 -0700 | [diff] [blame] | 18 | |
| 19 | allow mediacodec gpu_device:chr_file rw_file_perms; |
| Jason Macnak | 4ddaa3f | 2022-02-24 18:32:16 +0000 | [diff] [blame] | 20 | allow mediacodec gpu_device:dir r_dir_perms; |
| Pawin Vongmasa | 609c243 | 2019-04-30 05:09:28 -0700 | [diff] [blame] | 21 | allow mediacodec ion_device:chr_file rw_file_perms; |
| Hridya Valsaraju | 0fee013 | 2021-01-13 21:05:07 -0800 | [diff] [blame] | 22 | allow mediacodec dmabuf_system_heap_device:chr_file r_file_perms; |
| Chong Zhang | bdbfff1 | 2018-09-20 12:07:44 -0700 | [diff] [blame] | 23 | allow mediacodec video_device:chr_file rw_file_perms; |
| 24 | allow mediacodec video_device:dir search; |
| 25 | |
| Pawin Vongmasa | 609c243 | 2019-04-30 05:09:28 -0700 | [diff] [blame] | 26 | crash_dump_fallback(mediacodec) |
| 27 | |
| Inseob Kim | bdcbcf0 | 2020-05-06 18:30:20 +0900 | [diff] [blame] | 28 | # get aac_drc_* properties |
| 29 | get_prop(mediacodec, aac_drc_prop) |
| 30 | |
| Pawin Vongmasa | 609c243 | 2019-04-30 05:09:28 -0700 | [diff] [blame] | 31 | # mediacodec should never execute any executable without a domain transition |
| 32 | neverallow mediacodec { file_type fs_type }:file execute_no_trans; |
| 33 | |
| 34 | # Media processing code is inherently risky and thus should have limited |
| 35 | # permissions and be isolated from the rest of the system and network. |
| 36 | # Lengthier explanation here: |
| 37 | # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html |
| Yifan Hong | be04b09 | 2021-06-07 12:37:31 -0700 | [diff] [blame] | 38 | neverallow mediacodec domain:{ udp_socket rawip_socket } *; |
| 39 | neverallow mediacodec { domain userdebug_or_eng(`-su') }:tcp_socket *; |
| Pawin Vongmasa | 609c243 | 2019-04-30 05:09:28 -0700 | [diff] [blame] | 40 | |