Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / acde43f23fbe9b2d180034c6a99b8711a6af7f21 / . / surfaceflinger.te
blob: c9dbda9ae8126c0ed28014537074e01c68de4661 [file] [log] [blame]
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]1# surfaceflinger - display compositor service
2type surfaceflinger, domain;
Stephen Smalley52a85232013-10-29 14:42:40 -0400[diff] [blame]3permissive surfaceflinger;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]4type surfaceflinger_exec, exec_type, file_type;
5
6init_daemon_domain(surfaceflinger)
Stephen Smalley52a85232013-10-29 14:42:40 -0400[diff] [blame]7typeattribute surfaceflinger mlstrustedsubject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]8
9# Talk to init over the property socket.
10unix_socket_connect(surfaceflinger, property, init)
Stephen Smalley52a85232013-10-29 14:42:40 -0400[diff] [blame]11
12# Perform Binder IPC.
13binder_use(surfaceflinger)
14binder_call(surfaceflinger, system_server)
15binder_service(surfaceflinger)
Stephen Smalley52a85232013-10-29 14:42:40 -0400[diff] [blame]16
Stephen Smalley3ba90122013-12-12 09:09:53 -0500[diff] [blame]17# Access the GPU.
18allow surfaceflinger gpu_device:chr_file rw_file_perms;
19
Stephen Smalley52a85232013-10-29 14:42:40 -0400[diff] [blame]20# Access /dev/graphics/fb0.
21allow surfaceflinger graphics_device:dir search;
22allow surfaceflinger graphics_device:chr_file rw_file_perms;
23
24# Access /dev/video1.
25allow surfaceflinger video_device:chr_file rw_file_perms;
26
27# Create and use netlink kobject uevent sockets.
28allow surfaceflinger self:netlink_kobject_uevent_socket *;
29
30# Set properties.
31allow surfaceflinger system_prop:property_service set;
32allow surfaceflinger ctl_default_prop:property_service set;
33
34# Use open files supplied by an app.
35allow surfaceflinger appdomain:fd use;
36allow surfaceflinger platform_app_data_file:file { read write };
37allow surfaceflinger app_data_file:file { read write };
Stephen Smalleyacde43f2013-12-11 15:17:53 -0500[diff] [blame^]38
39# Use open file provided by bootanim.
40allow surfaceflinger bootanim:fd use;