Home Explore Help
Register Sign In
drachfly
/
android10
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6b68537209
Branches Tags
android10
/
system
/
sepolicy
/
public
/
mediaextractor.te

mediaextractor.te 2.7 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. # mediaextractor - multimedia daemon
    2. 

  2. type mediaextractor, domain;
    3. 

  3. type mediaextractor_exec, system_file_type, exec_type, file_type;
    4. 

  4. type mediaextractor_tmpfs, file_type;
    5. 

  5. 

  6. typeattribute mediaextractor mlstrustedsubject;
    7. 

  7. 

  8. binder_use(mediaextractor)
    9. 

  9. binder_call(mediaextractor, binderservicedomain)
    10. 

  10. binder_call(mediaextractor, appdomain)
    11. 

  11. binder_service(mediaextractor)
    12. 

  12. 

  13. add_service(mediaextractor, mediaextractor_service)
    14. 

  14. allow mediaextractor mediametrics_service:service_manager find;
    15. 

  15. allow mediaextractor hidl_token_hwservice:hwservice_manager find;
    16. 

  16. 

  17. allow mediaextractor system_server:fd use;
    18. 

  18. 

  19. hal_client_domain(mediaextractor, hal_cas)
    20. 

  20. hal_client_domain(mediaextractor, hal_allocator)
    21. 

  21. 

  22. r_dir_file(mediaextractor, cgroup)
    23. 

  23. allow mediaextractor proc_meminfo:file r_file_perms;
    24. 

  24. 

  25. crash_dump_fallback(mediaextractor)
    26. 

  26. 

  27. # allow mediaextractor read permissions for file sources
    28. 

  28. allow mediaextractor sdcard_type:file { getattr read };
    29. 

  29. allow mediaextractor media_rw_data_file:file { getattr read };
    30. 

  30. allow mediaextractor { app_data_file privapp_data_file }:file { getattr read };
    31. 

  31. 

  32. # Read resources from open apk files passed over Binder
    33. 

  33. allow mediaextractor apk_data_file:file { read getattr };
    34. 

  34. allow mediaextractor asec_apk_file:file { read getattr };
    35. 

  35. allow mediaextractor ringtone_file:file { read getattr };
    36. 

  36. 

  37. # scan extractor library directory to dynamically load extractors
    38. 

  38. allow mediaextractor system_file:dir { read open };
    39. 

  39. 

  40. get_prop(mediaextractor, device_config_media_native_prop)
    41. 

  41. 

  42. ###
    43. 

  43. ### neverallow rules
    44. 

  44. ###
    45. 

  45. 

  46. # mediaextractor should never execute any executable without a
    47. 

  47. # domain transition
    48. 

  48. neverallow mediaextractor { file_type fs_type }:file execute_no_trans;
    49. 

  49. 

  50. # The goal of the mediaserver split is to place media processing code into
    51. 

  51. # restrictive sandboxes with limited responsibilities and thus limited
    52. 

  52. # permissions. Example: Audioserver is only responsible for controlling audio
    53. 

  53. # hardware and processing audio content. Cameraserver does the same for camera
    54. 

  54. # hardware/content. Etc.
    55. 

  55. #
    56. 

  56. # Media processing code is inherently risky and thus should have limited
    57. 

  57. # permissions and be isolated from the rest of the system and network.
    58. 

  58. # Lengthier explanation here:
    59. 

  59. # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
    60. 

  60. neverallow mediaextractor domain:{ tcp_socket udp_socket rawip_socket } *;
    61. 

  61. 

  62. # mediaextractor should not be opening /data files directly. Any files
    63. 

  63. # it touches (with a few exceptions) need to be passed to it via a file
    64. 

  64. # descriptor opened outside the process.
    65. 

  65. neverallow mediaextractor {
    66. 

  66.   data_file_type
    67. 

  67.   -zoneinfo_data_file # time zone data from /data/misc/zoneinfo
    68. 

  68.   userdebug_or_eng(`-apk_data_file') # for loading media extractor plugins
    69. 

  69.   with_native_coverage(`-method_trace_data_file')
    70. 

  70. }:file open;
    71.