9b718c409f
This switches DRM HAL policy to the design which enables us to conditionally remove unnecessary rules from domains which are clients of DRM HAL. Domains which are clients of DRM HAL, such as mediadrmserver domain, are granted rules targeting hal_drm only when the DRM HAL runs in passthrough mode (i.e., inside the client's process). When the HAL runs in binderized mode (i.e., in another process/domain, with clients talking to the HAL over HwBinder IPC), rules targeting hal_drm are not granted to client domains. Domains which offer a binderized implementation of DRM HAL, such as hal_drm_default domain, are always granted rules targeting hal_drm. Test: Play movie using Google Play Movies Test: Play movie using Netflix Bug: 34170079 Change-Id: I3ab0e84818ccd61e54b90f7ade3509b7dbf86fb9
30 lines
1022 B
Plaintext
30 lines
1022 B
Plaintext
# mediadrmserver - mediadrm daemon
|
|
type mediadrmserver, domain;
|
|
type mediadrmserver_exec, exec_type, file_type;
|
|
|
|
typeattribute mediadrmserver mlstrustedsubject;
|
|
|
|
net_domain(mediadrmserver)
|
|
binder_use(mediadrmserver)
|
|
binder_call(mediadrmserver, binderservicedomain)
|
|
binder_call(mediadrmserver, appdomain)
|
|
binder_service(mediadrmserver)
|
|
hal_client_domain(mediadrmserver, hal_drm)
|
|
|
|
add_service(mediadrmserver, mediadrmserver_service)
|
|
allow mediadrmserver mediaserver_service:service_manager find;
|
|
allow mediadrmserver mediametrics_service:service_manager find;
|
|
allow mediadrmserver processinfo_service:service_manager find;
|
|
allow mediadrmserver surfaceflinger_service:service_manager find;
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# mediadrmserver should never execute any executable without a
|
|
# domain transition
|
|
neverallow mediadrmserver { file_type fs_type }:file execute_no_trans;
|
|
|
|
# do not allow privileged socket ioctl commands
|
|
neverallowxperm mediadrmserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
|