1# mediatranscoding - daemon for transcoding video and image. 2type mediatranscoding, domain; 3type mediatranscoding_exec, system_file_type, exec_type, file_type; 4type mediatranscoding_tmpfs, file_type; 5typeattribute mediatranscoding coredomain; 6 7init_daemon_domain(mediatranscoding) 8tmpfs_domain(mediatranscoding) 9allow mediatranscoding appdomain_tmpfs:file { getattr map read write }; 10 11binder_use(mediatranscoding) 12binder_call(mediatranscoding, binderservicedomain) 13binder_call(mediatranscoding, appdomain) 14binder_service(mediatranscoding) 15 16add_service(mediatranscoding, mediatranscoding_service) 17 18hal_client_domain(mediatranscoding, hal_graphics_allocator) 19hal_client_domain(mediatranscoding, hal_configstore) 20hal_client_domain(mediatranscoding, hal_omx) 21hal_client_domain(mediatranscoding, hal_codec2) 22 23allow mediatranscoding mediaserver_service:service_manager find; 24allow mediatranscoding mediametrics_service:service_manager find; 25allow mediatranscoding mediaextractor_service:service_manager find; 26 27allow mediatranscoding system_server:fd use; 28allow mediatranscoding activity_service:service_manager find; 29 30# allow mediatranscoding service read/write permissions for file sources 31allow mediatranscoding sdcardfs:file { getattr read write }; 32allow mediatranscoding media_rw_data_file:file { getattr read write }; 33allow mediatranscoding apk_data_file:file { getattr read }; 34allow mediatranscoding app_data_file:file { getattr read write }; 35allow mediatranscoding shell_data_file:file { getattr read write }; 36 37# mediatranscoding should never execute any executable without a 38# domain transition 39neverallow mediatranscoding { file_type fs_type }:file execute_no_trans; 40 41# The goal of the mediaserver split is to place media processing code into 42# restrictive sandboxes with limited responsibilities and thus limited 43# permissions. Example: Audioserver is only responsible for controlling audio 44# hardware and processing audio content. Cameraserver does the same for camera 45# hardware/content. Etc. 46# 47# Media processing code is inherently risky and thus should have limited 48# permissions and be isolated from the rest of the system and network. 49# Lengthier explanation here: 50# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html 51neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *; 52