audioserver.te - platform/external/sepolicy - Git at Google

 # audioserver - audio services daemon
 type audioserver, domain, domain_deprecated;
 type audioserver_exec, exec_type, file_type;

 typeattribute audioserver mlstrustedsubject;

 net_domain(audioserver)
 init_daemon_domain(audioserver)

 r_dir_file(audioserver, sdcard_type)

 binder_use(audioserver)
 binder_call(audioserver, binderservicedomain)
 binder_call(audioserver, { appdomain autoplay_app })
 binder_service(audioserver)

 # Read access to pseudo filesystems.
 r_dir_file(audioserver, proc)

 # Required by Widevine DRM (b/22990512)
 allow audioserver self:process execmem;

 allow audioserver kernel:system module_request;
 allow audioserver media_data_file:dir create_dir_perms;
 allow audioserver media_data_file:file create_file_perms;
 allow audioserver app_data_file:dir search;
 allow audioserver app_data_file:file rw_file_perms;
 allow audioserver sdcard_type:file write;
 allow audioserver gpu_device:chr_file rw_file_perms;
 allow audioserver video_device:dir r_dir_perms;
 allow audioserver video_device:chr_file rw_file_perms;
 allow audioserver audio_device:dir r_dir_perms;
 allow audioserver tee_device:chr_file rw_file_perms;

 set_prop(audioserver, audio_prop)

 # Access audio devices at all.
 allow audioserver audio_device:chr_file rw_file_perms;

 # XXX Label with a specific type?
 allow audioserver sysfs:file r_file_perms;

 # Read resources from open apk files passed over Binder.
 allow audioserver apk_data_file:file { read getattr };
 allow audioserver asec_apk_file:file { read getattr };

 # Read /data/data/com.android.providers.telephony files passed over Binder.
 allow audioserver radio_data_file:file { read getattr };

 # Use pipes passed over Binder from app domains.
 allow audioserver { appdomain autoplay_app }:fifo_file { getattr read write };

 # Access camera device.
 allow audioserver rpmsg_device:chr_file rw_file_perms;

 # Inter System processes communicate over named pipe (FIFO)
 allow audioserver system_server:fifo_file r_file_perms;

 # Camera data
 r_dir_file(audioserver, camera_data_file)
 r_dir_file(audioserver, media_rw_data_file)

 # Grant access to audio files to audioserver
 allow audioserver audio_data_file:dir ra_dir_perms;
 allow audioserver audio_data_file:file create_file_perms;

 # Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
 allow audioserver qtaguid_proc:file rw_file_perms;
 allow audioserver qtaguid_device:chr_file r_file_perms;

 # Allow abstract socket connection
 allow audioserver rild:unix_stream_socket { connectto read write setopt };

 # Needed on some devices for playing DRM protected content,
 # but seems expected and appropriate for all devices.
 unix_socket_connect(audioserver, drmserver, drmserver)

 # Needed on some devices for playing audio on paired BT device,
 # but seems appropriate for all devices.
 unix_socket_connect(audioserver, bluetooth, bluetooth)

 # Connect to tee service.
 allow audioserver tee:unix_stream_socket connectto;

 allow audioserver activity_service:service_manager find;
 allow audioserver appops_service:service_manager find;
 allow audioserver audioserver_service:service_manager { add find };
 allow audioserver cameraproxy_service:service_manager find;
 allow audioserver batterystats_service:service_manager find;
 allow audioserver drmserver_service:service_manager find;
 allow audioserver mediaextractor_service:service_manager find;
 allow audioserver mediaserver_service:service_manager find;
 allow audioserver permission_service:service_manager find;
 allow audioserver power_service:service_manager find;
 allow audioserver processinfo_service:service_manager find;
 allow audioserver scheduling_policy_service:service_manager find;
 allow audioserver surfaceflinger_service:service_manager find;

 # /oem access
 allow audioserver oemfs:dir search;
 allow audioserver oemfs:file r_file_perms;

 use_drmservice(audioserver)
 allow audioserver drmserver:drmservice {
     consumeRights
     setPlaybackStatus
     openDecryptSession
     closeDecryptSession
     initializeDecryptUnit
     decrypt
     finalizeDecryptUnit
     pread
 };

 # only allow unprivileged socket ioctl commands
 allowxperm audioserver self:{ rawip_socket tcp_socket udp_socket } ioctl unpriv_sock_ioctls;

 ###
 ### neverallow rules
 ###

 # audioserver should never execute any executable without a
 # domain transition
 neverallow audioserver { file_type fs_type }:file execute_no_trans;

 # do not allow privileged socket ioctl commands
 neverallowxperm audioserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
	# audioserver - audio services daemon
	type audioserver, domain, domain_deprecated;
	type audioserver_exec, exec_type, file_type;

	typeattribute audioserver mlstrustedsubject;

	net_domain(audioserver)
	init_daemon_domain(audioserver)

	r_dir_file(audioserver, sdcard_type)

	binder_use(audioserver)
	binder_call(audioserver, binderservicedomain)
	binder_call(audioserver, { appdomain autoplay_app })
	binder_service(audioserver)

	# Read access to pseudo filesystems.
	r_dir_file(audioserver, proc)

	# Required by Widevine DRM (b/22990512)
	allow audioserver self:process execmem;

	allow audioserver kernel:system module_request;
	allow audioserver media_data_file:dir create_dir_perms;
	allow audioserver media_data_file:file create_file_perms;
	allow audioserver app_data_file:dir search;
	allow audioserver app_data_file:file rw_file_perms;
	allow audioserver sdcard_type:file write;
	allow audioserver gpu_device:chr_file rw_file_perms;
	allow audioserver video_device:dir r_dir_perms;
	allow audioserver video_device:chr_file rw_file_perms;
	allow audioserver audio_device:dir r_dir_perms;
	allow audioserver tee_device:chr_file rw_file_perms;

	set_prop(audioserver, audio_prop)

	# Access audio devices at all.
	allow audioserver audio_device:chr_file rw_file_perms;

	# XXX Label with a specific type?
	allow audioserver sysfs:file r_file_perms;

	# Read resources from open apk files passed over Binder.
	allow audioserver apk_data_file:file { read getattr };
	allow audioserver asec_apk_file:file { read getattr };

	# Read /data/data/com.android.providers.telephony files passed over Binder.
	allow audioserver radio_data_file:file { read getattr };

	# Use pipes passed over Binder from app domains.
	allow audioserver { appdomain autoplay_app }:fifo_file { getattr read write };

	# Access camera device.
	allow audioserver rpmsg_device:chr_file rw_file_perms;

	# Inter System processes communicate over named pipe (FIFO)
	allow audioserver system_server:fifo_file r_file_perms;

	# Camera data
	r_dir_file(audioserver, camera_data_file)
	r_dir_file(audioserver, media_rw_data_file)

	# Grant access to audio files to audioserver
	allow audioserver audio_data_file:dir ra_dir_perms;
	allow audioserver audio_data_file:file create_file_perms;

	# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
	allow audioserver qtaguid_proc:file rw_file_perms;
	allow audioserver qtaguid_device:chr_file r_file_perms;

	# Allow abstract socket connection
	allow audioserver rild:unix_stream_socket { connectto read write setopt };

	# Needed on some devices for playing DRM protected content,
	# but seems expected and appropriate for all devices.
	unix_socket_connect(audioserver, drmserver, drmserver)

	# Needed on some devices for playing audio on paired BT device,
	# but seems appropriate for all devices.
	unix_socket_connect(audioserver, bluetooth, bluetooth)

	# Connect to tee service.
	allow audioserver tee:unix_stream_socket connectto;

	allow audioserver activity_service:service_manager find;
	allow audioserver appops_service:service_manager find;
	allow audioserver audioserver_service:service_manager { add find };
	allow audioserver cameraproxy_service:service_manager find;
	allow audioserver batterystats_service:service_manager find;
	allow audioserver drmserver_service:service_manager find;
	allow audioserver mediaextractor_service:service_manager find;
	allow audioserver mediaserver_service:service_manager find;
	allow audioserver permission_service:service_manager find;
	allow audioserver power_service:service_manager find;
	allow audioserver processinfo_service:service_manager find;
	allow audioserver scheduling_policy_service:service_manager find;
	allow audioserver surfaceflinger_service:service_manager find;

	# /oem access
	allow audioserver oemfs:dir search;
	allow audioserver oemfs:file r_file_perms;

	use_drmservice(audioserver)
	allow audioserver drmserver:drmservice {
	consumeRights
	setPlaybackStatus
	openDecryptSession
	closeDecryptSession
	initializeDecryptUnit
	decrypt
	finalizeDecryptUnit
	pread
	};

	# only allow unprivileged socket ioctl commands
	allowxperm audioserver self:{ rawip_socket tcp_socket udp_socket } ioctl unpriv_sock_ioctls;

	###
	### neverallow rules
	###

	# audioserver should never execute any executable without a
	# domain transition
	neverallow audioserver { file_type fs_type }:file execute_no_trans;

	# do not allow privileged socket ioctl commands
	neverallowxperm audioserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;