PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d70f0af2bf
android_system_sepolicy/private/surfaceflinger.te
Steven Moreland cc7de177ec Remove bufferhub HAL policy. 
The bufferhub daemon policy still remains, since it still needs to be
deleted. However, since the HAL no longer exists, removing policy
related to this.

Bug: 204068144
Test: build only
Change-Id: I96b96c77a39e2ba2024680ebaf3067283d0cfc65
2021-10-27 10:54:45 -07:00

147 lines
5.1 KiB
Plaintext
Raw Blame History

# surfaceflinger - display compositor service
typeattribute surfaceflinger coredomain;
type surfaceflinger_exec, system_file_type, exec_type, file_type;
init_daemon_domain(surfaceflinger)
tmpfs_domain(surfaceflinger)
typeattribute surfaceflinger mlstrustedsubject;
typeattribute surfaceflinger display_service_server;
read_runtime_log_tags(surfaceflinger)
# Perform HwBinder IPC.
hal_client_domain(surfaceflinger, hal_graphics_allocator)
hal_client_domain(surfaceflinger, hal_graphics_composer)
typeattribute surfaceflinger_tmpfs hal_graphics_composer_client_tmpfs;
hal_client_domain(surfaceflinger, hal_codec2)
hal_client_domain(surfaceflinger, hal_omx)
hal_client_domain(surfaceflinger, hal_configstore)
hal_client_domain(surfaceflinger, hal_power)
allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
# Perform Binder IPC.
binder_use(surfaceflinger)
binder_call(surfaceflinger, binderservicedomain)
binder_call(surfaceflinger, appdomain)
binder_call(surfaceflinger, bootanim)
binder_call(surfaceflinger, system_server);
binder_service(surfaceflinger)
# Binder IPC to bu, presently runs in adbd domain.
binder_call(surfaceflinger, adbd)
# Read /proc/pid files for Binder clients.
r_dir_file(surfaceflinger, binderservicedomain)
r_dir_file(surfaceflinger, appdomain)
# Access the GPU.
allow surfaceflinger gpu_device:chr_file rw_file_perms;
# Access /dev/graphics/fb0.
allow surfaceflinger graphics_device:dir search;
allow surfaceflinger graphics_device:chr_file rw_file_perms;
# Access /dev/video1.
allow surfaceflinger video_device:dir r_dir_perms;
allow surfaceflinger video_device:chr_file rw_file_perms;
# Create and use netlink kobject uevent sockets.
allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
# Set properties.
set_prop(surfaceflinger, system_prop)
set_prop(surfaceflinger, bootanim_system_prop)
set_prop(surfaceflinger, exported_system_prop)
set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop)
set_prop(surfaceflinger, surfaceflinger_display_prop)
# Get properties.
get_prop(surfaceflinger, qemu_sf_lcd_density_prop)
get_prop(surfaceflinger, device_config_surface_flinger_native_boot_prop)
# Use open files supplied by an app.
allow surfaceflinger appdomain:fd use;
allow surfaceflinger { app_data_file privapp_data_file }:file { read write };
# Allow writing surface traces to /data/misc/wmtrace.
userdebug_or_eng(`
allow surfaceflinger wm_trace_data_file:dir rw_dir_perms;
allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
')
# Needed to register as a Perfetto producer.
perfetto_producer(surfaceflinger)
# Use socket supplied by adbd, for cmd gpu vkjson etc.
allow surfaceflinger adbd:unix_stream_socket { read write getattr };
# Allow a dumpstate triggered screenshot
binder_call(surfaceflinger, dumpstate)
binder_call(surfaceflinger, shell)
r_dir_file(surfaceflinger, dumpstate)
# media.player service
# do not use add_service() as hal_graphics_composer_default may be the
# provider as well
#add_service(surfaceflinger, surfaceflinger_service)
allow surfaceflinger surfaceflinger_service:service_manager { add find };
allow surfaceflinger mediaserver_service:service_manager find;
allow surfaceflinger permission_service:service_manager find;
allow surfaceflinger power_service:service_manager find;
allow surfaceflinger vr_manager_service:service_manager find;
allow surfaceflinger window_service:service_manager find;
allow surfaceflinger inputflinger_service:service_manager find;
# allow self to set SCHED_FIFO
allow surfaceflinger self:global_capability_class_set sys_nice;
allow surfaceflinger proc_meminfo:file r_file_perms;
r_dir_file(surfaceflinger, cgroup)
r_dir_file(surfaceflinger, cgroup_v2)
r_dir_file(surfaceflinger, system_file)
allow surfaceflinger tmpfs:dir r_dir_perms;
allow surfaceflinger system_server:fd use;
allow surfaceflinger system_server:unix_stream_socket { read write };
allow surfaceflinger ion_device:chr_file r_file_perms;
allow surfaceflinger dmabuf_system_heap_device:chr_file r_file_perms;
# pdx IPC
pdx_server(surfaceflinger, display_client)
pdx_server(surfaceflinger, display_manager)
pdx_server(surfaceflinger, display_screenshot)
pdx_server(surfaceflinger, display_vsync)
pdx_client(surfaceflinger, bufferhub_client)
pdx_client(surfaceflinger, performance_client)
# Allow supplying timestats statistics to statsd
allow surfaceflinger stats_service:service_manager find;
allow surfaceflinger statsmanager_service:service_manager find;
# TODO(146461633): remove this once native pullers talk to StatsManagerService
binder_call(surfaceflinger, statsd);
# Allow pushing jank event atoms to statsd
userdebug_or_eng(`
unix_socket_send(surfaceflinger, statsdw, statsd)
')
# Surfaceflinger should not be reading default vendor-defined properties.
dontaudit surfaceflinger vendor_default_prop:file read;
###
### Neverallow rules
###
### surfaceflinger should NEVER do any of this
# Do not allow accessing SDcard files as unsafe ejection could
# cause the kernel to kill the process.
neverallow surfaceflinger { sdcard_type fuse }:file rw_file_perms;
# b/68864350
dontaudit surfaceflinger unlabeled:dir search;
Reference in New Issue View Git Blame Copy Permalink