55e5c9b513
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.
Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
26 lines
939 B
Plaintext
26 lines
939 B
Plaintext
type mediaswcodec, domain;
|
|
type mediaswcodec_exec, system_file_type, exec_type, file_type;
|
|
|
|
hal_server_domain(mediaswcodec, hal_codec2)
|
|
|
|
# mediaswcodec may use an input surface from a different Codec2 service or an
|
|
# OMX service
|
|
hal_client_domain(mediaswcodec, hal_codec2)
|
|
hal_client_domain(mediaswcodec, hal_omx)
|
|
|
|
hal_client_domain(mediaswcodec, hal_allocator)
|
|
hal_client_domain(mediaswcodec, hal_graphics_allocator)
|
|
|
|
crash_dump_fallback(mediaswcodec)
|
|
|
|
# mediaswcodec_server should never execute any executable without a
|
|
# domain transition
|
|
neverallow mediaswcodec { file_type fs_type }:file execute_no_trans;
|
|
|
|
# Media processing code is inherently risky and thus should have limited
|
|
# permissions and be isolated from the rest of the system and network.
|
|
# Lengthier explanation here:
|
|
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
|
|
neverallow mediaswcodec domain:{ tcp_socket udp_socket rawip_socket } *;
|
|
|