transcoding: allow transcoding service to use media services
Also allow it to use fd from shell for unit tests. bug: 154734285 Change-Id: I2c5f3feca11f7ee4ee3ad927050b31f425370a84
This commit is contained in:
Chong Zhang
parent
b3bffe88ab
commit
351dd88e86
@ -7,4 +7,6 @@
|
||||
( new_objects
|
||||
apex_info_file
|
||||
debugfs_kprobes
|
||||
gnss_device))
|
||||
gnss_device
|
||||
mediatranscoding_tmpfs))
|
||||
|
||||
|
||||
@ -11,8 +11,6 @@ hal_client_domain(mediaserver, hal_drm)
|
||||
hal_client_domain(mediaserver, hal_omx)
|
||||
hal_client_domain(mediaserver, hal_codec2)
|
||||
|
||||
allow mediaserver mediatranscoding_service:service_manager find;
|
||||
|
||||
set_prop(mediaserver, audio_prop)
|
||||
|
||||
get_prop(mediaserver, media_config_prop)
|
||||
|
||||
@ -1,3 +1,49 @@
|
||||
# mediatranscoding - daemon for transcoding video and image.
|
||||
type mediatranscoding_exec, system_file_type, exec_type, file_type;
|
||||
type mediatranscoding_tmpfs, file_type;
|
||||
typeattribute mediatranscoding coredomain;
|
||||
|
||||
init_daemon_domain(mediatranscoding)
|
||||
tmpfs_domain(mediatranscoding)
|
||||
allow mediatranscoding appdomain_tmpfs:file { getattr map read write };
|
||||
|
||||
binder_use(mediatranscoding)
|
||||
binder_call(mediatranscoding, binderservicedomain)
|
||||
binder_call(mediatranscoding, appdomain)
|
||||
binder_service(mediatranscoding)
|
||||
|
||||
add_service(mediatranscoding, mediatranscoding_service)
|
||||
|
||||
hal_client_domain(mediatranscoding, hal_graphics_allocator)
|
||||
hal_client_domain(mediatranscoding, hal_configstore)
|
||||
hal_client_domain(mediatranscoding, hal_omx)
|
||||
hal_client_domain(mediatranscoding, hal_codec2)
|
||||
|
||||
allow mediatranscoding mediaserver_service:service_manager find;
|
||||
allow mediatranscoding mediametrics_service:service_manager find;
|
||||
allow mediatranscoding mediaextractor_service:service_manager find;
|
||||
|
||||
allow mediatranscoding system_server:fd use;
|
||||
allow mediatranscoding activity_service:service_manager find;
|
||||
|
||||
# allow mediatranscoding service read/write permissions for file sources
|
||||
allow mediatranscoding sdcardfs:file { getattr read write };
|
||||
allow mediatranscoding media_rw_data_file:file { getattr read write };
|
||||
allow mediatranscoding apk_data_file:file { getattr read };
|
||||
allow mediatranscoding shell_data_file:file { getattr read write };
|
||||
|
||||
# mediatranscoding should never execute any executable without a
|
||||
# domain transition
|
||||
neverallow mediatranscoding { file_type fs_type }:file execute_no_trans;
|
||||
|
||||
# The goal of the mediaserver split is to place media processing code into
|
||||
# restrictive sandboxes with limited responsibilities and thus limited
|
||||
# permissions. Example: Audioserver is only responsible for controlling audio
|
||||
# hardware and processing audio content. Cameraserver does the same for camera
|
||||
# hardware/content. Etc.
|
||||
#
|
||||
# Media processing code is inherently risky and thus should have limited
|
||||
# permissions and be isolated from the rest of the system and network.
|
||||
# Lengthier explanation here:
|
||||
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
|
||||
neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *;
|
||||
|
||||
@ -1,34 +1,3 @@
|
||||
# mediatranscoding - daemon for transcoding video and image.
|
||||
type mediatranscoding, domain;
|
||||
type mediatranscoding_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
binder_use(mediatranscoding)
|
||||
binder_call(mediatranscoding, binderservicedomain)
|
||||
binder_service(mediatranscoding)
|
||||
|
||||
add_service(mediatranscoding, mediatranscoding_service)
|
||||
|
||||
allow mediatranscoding system_server:fd use;
|
||||
allow mediatranscoding activity_service:service_manager find;
|
||||
allow mediatranscoding untrusted_app:binder call;
|
||||
|
||||
# allow mediatranscoding service read/write permissions for file sources
|
||||
allow mediatranscoding sdcardfs:file { getattr read write };
|
||||
allow mediatranscoding media_rw_data_file:file { getattr read write };
|
||||
allow mediatranscoding apk_data_file:file { getattr read };
|
||||
|
||||
# mediatranscoding should never execute any executable without a
|
||||
# domain transition
|
||||
neverallow mediatranscoding { file_type fs_type }:file execute_no_trans;
|
||||
|
||||
# The goal of the mediaserver split is to place media processing code into
|
||||
# restrictive sandboxes with limited responsibilities and thus limited
|
||||
# permissions. Example: Audioserver is only responsible for controlling audio
|
||||
# hardware and processing audio content. Cameraserver does the same for camera
|
||||
# hardware/content. Etc.
|
||||
#
|
||||
# Media processing code is inherently risky and thus should have limited
|
||||
# permissions and be isolated from the rest of the system and network.
|
||||
# Lengthier explanation here:
|
||||
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
|
||||
neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user