| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # surfaceflinger - display compositor service |
| 2 | type surfaceflinger, domain; |
| 3 | type surfaceflinger_exec, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(surfaceflinger) |
| Stephen Smalley | 52a8523 | 2013-10-29 14:42:40 -0400 | [diff] [blame] | 6 | typeattribute surfaceflinger mlstrustedsubject; |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 7 | |
| 8 | # Talk to init over the property socket. |
| 9 | unix_socket_connect(surfaceflinger, property, init) |
| Stephen Smalley | 52a8523 | 2013-10-29 14:42:40 -0400 | [diff] [blame] | 10 | |
| 11 | # Perform Binder IPC. |
| 12 | binder_use(surfaceflinger) |
| Stephen Smalley | 244aa02 | 2014-03-05 10:17:16 -0500 | [diff] [blame] | 13 | binder_call(surfaceflinger, binderservicedomain) |
| 14 | binder_call(surfaceflinger, appdomain) |
| Nick Kralevich | fd352f1 | 2014-04-16 16:31:23 -0700 | [diff] [blame] | 15 | binder_call(surfaceflinger, bootanim) |
| Stephen Smalley | 52a8523 | 2013-10-29 14:42:40 -0400 | [diff] [blame] | 16 | binder_service(surfaceflinger) |
| Stephen Smalley | 52a8523 | 2013-10-29 14:42:40 -0400 | [diff] [blame] | 17 | |
| Stephen Smalley | 244aa02 | 2014-03-05 10:17:16 -0500 | [diff] [blame] | 18 | # Binder IPC to bu, presently runs in adbd domain. |
| 19 | binder_call(surfaceflinger, adbd) |
| 20 | |
| 21 | # Read /proc/pid files for Binder clients. |
| 22 | r_dir_file(surfaceflinger, binderservicedomain) |
| 23 | r_dir_file(surfaceflinger, appdomain) |
| 24 | |
| Stephen Smalley | 3ba9012 | 2013-12-12 09:09:53 -0500 | [diff] [blame] | 25 | # Access the GPU. |
| 26 | allow surfaceflinger gpu_device:chr_file rw_file_perms; |
| 27 | |
| Stephen Smalley | 52a8523 | 2013-10-29 14:42:40 -0400 | [diff] [blame] | 28 | # Access /dev/graphics/fb0. |
| 29 | allow surfaceflinger graphics_device:dir search; |
| 30 | allow surfaceflinger graphics_device:chr_file rw_file_perms; |
| 31 | |
| 32 | # Access /dev/video1. |
| Nick Kralevich | 37339c7 | 2014-01-06 12:39:19 -0800 | [diff] [blame] | 33 | allow surfaceflinger video_device:dir r_dir_perms; |
| Stephen Smalley | 52a8523 | 2013-10-29 14:42:40 -0400 | [diff] [blame] | 34 | allow surfaceflinger video_device:chr_file rw_file_perms; |
| 35 | |
| 36 | # Create and use netlink kobject uevent sockets. |
| Stephen Smalley | 1601132 | 2014-02-24 15:06:11 -0500 | [diff] [blame] | 37 | allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms; |
| Stephen Smalley | 52a8523 | 2013-10-29 14:42:40 -0400 | [diff] [blame] | 38 | |
| 39 | # Set properties. |
| 40 | allow surfaceflinger system_prop:property_service set; |
| Robert Craig | 4b3893f | 2014-02-18 13:24:26 -0500 | [diff] [blame] | 41 | allow surfaceflinger ctl_bootanim_prop:property_service set; |
| Stephen Smalley | 52a8523 | 2013-10-29 14:42:40 -0400 | [diff] [blame] | 42 | |
| 43 | # Use open files supplied by an app. |
| 44 | allow surfaceflinger appdomain:fd use; |
| Stephen Smalley | 52a8523 | 2013-10-29 14:42:40 -0400 | [diff] [blame] | 45 | allow surfaceflinger app_data_file:file { read write }; |
| Stephen Smalley | acde43f | 2013-12-11 15:17:53 -0500 | [diff] [blame] | 46 | |
| 47 | # Use open file provided by bootanim. |
| 48 | allow surfaceflinger bootanim:fd use; |
| Nick Kralevich | 3d770d2 | 2014-01-06 14:04:34 -0800 | [diff] [blame] | 49 | |
| 50 | # Allow a dumpstate triggered screenshot |
| 51 | binder_call(surfaceflinger, dumpstate) |
| Stephen Smalley | a506613 | 2014-01-07 13:25:25 -0500 | [diff] [blame] | 52 | binder_call(surfaceflinger, shell) |
| Stephen Smalley | 5795571 | 2014-03-21 10:36:24 -0400 | [diff] [blame] | 53 | r_dir_file(surfaceflinger, dumpstate) |
| Nick Kralevich | e45603d | 2014-01-08 11:19:52 -0800 | [diff] [blame] | 54 | |
| 55 | # Needed on some devices for playing DRM protected content, |
| 56 | # but seems expected and appropriate for all devices. |
| 57 | allow surfaceflinger tee:unix_stream_socket connectto; |
| 58 | allow surfaceflinger tee_device:chr_file rw_file_perms; |
| Stephen Smalley | 244aa02 | 2014-03-05 10:17:16 -0500 | [diff] [blame] | 59 | |
| Riley Spahn | f90c41f | 2014-06-05 15:52:02 -0700 | [diff] [blame] | 60 | allow surfaceflinger surfaceflinger_service:service_manager add; |
| 61 | |
| Stephen Smalley | 244aa02 | 2014-03-05 10:17:16 -0500 | [diff] [blame] | 62 | ### |
| 63 | ### Neverallow rules |
| 64 | ### |
| 65 | ### surfaceflinger should NEVER do any of this |
| 66 | |
| 67 | # Do not allow accessing SDcard files as unsafe ejection could |
| 68 | # cause the kernel to kill the process. |
| Nick Kralevich | b53e84a | 2014-06-08 22:30:58 -0700 | [diff] [blame] | 69 | neverallow surfaceflinger sdcard_type:file rw_file_perms; |