Blame - drmserver.te - fp2-dev/platform/external/sepolicy

blob: eb050a2cd1ec5db4240d2f41c1592efdbd80f85e [file] [log] [blame]

Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	1	# drmserver - DRM service
				2	type drmserver, domain;
				3	type drmserver_exec, exec_type, file_type;
				4
				5	init_daemon_domain(drmserver)
Stephen Smalley	3b26848	2013-10-29 14:42:35 -0400	[diff] [blame]	6	typeattribute drmserver mlstrustedsubject;
				7
				8	# Perform Binder IPC to system server.
				9	binder_use(drmserver)
				10	binder_call(drmserver, system_server)
				11	binder_call(drmserver, appdomain)
				12	binder_service(drmserver)
				13
				14	# Perform Binder IPC to mediaserver
				15	binder_call(drmserver, mediaserver)
				16
				17	allow drmserver sdcard_type:dir search;
				18	allow drmserver drm_data_file:dir create_dir_perms;
				19	allow drmserver drm_data_file:file create_file_perms;
				20	allow drmserver self:{ tcp_socket udp_socket } *;
				21	allow drmserver port:tcp_socket name_connect;
				22	allow drmserver tee_device:chr_file rw_file_perms;
				23	allow drmserver platform_app_data_file:file { read write getattr };
Robert Craig	48b1883	2014-02-04 11:36:41 -0500	[diff] [blame]	24	allow drmserver app_data_file:file { read write getattr };
Stephen Smalley	3b26848	2013-10-29 14:42:35 -0400	[diff] [blame]	25	allow drmserver sdcard_type:file { read write getattr };
Nick Kralevich	7cbe44f	2014-01-31 13:20:20 -0800	[diff] [blame]	26	r_dir_file(drmserver, efs_file)
Stephen Smalley	3b26848	2013-10-29 14:42:35 -0400	[diff] [blame]	27
Nick Kralevich	1a1ad95	2014-02-04 21:49:01 +0000	[diff] [blame]	28	type drmserver_socket, file_type;
				29
				30	# /data/app/tlcd_sock socket file.
				31	# Clearly, /data/app is the most logical place to create a socket. Not.
				32	allow drmserver apk_data_file:dir rw_dir_perms;
				33	type_transition drmserver apk_data_file:sock_file drmserver_socket;
				34	allow drmserver drmserver_socket:sock_file create_file_perms;
Stephen Smalley	3b26848	2013-10-29 14:42:35 -0400	[diff] [blame]	35	allow drmserver tee:unix_stream_socket connectto;
Nick Kralevich	1a1ad95	2014-02-04 21:49:01 +0000	[diff] [blame]	36	# Delete old socket file if present.
				37	allow drmserver apk_data_file:sock_file unlink;
Nick Kralevich	37339c7	2014-01-06 12:39:19 -0800	[diff] [blame]	38
				39	# After taking a video, drmserver looks at the video file.
				40	r_dir_file(drmserver, media_rw_data_file)