Skip to content
Snippets Groups Projects
Normal view Permalink
surfaceflinger.te 747 B
Newer Older
  • Learn to ignore specific revisions
    • Stephen Smalley's avatar
    SE Android policy.
    Stephen Smalley committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 
    # surfaceflinger - display compositor service
type surfaceflinger, domain;
type surfaceflinger_exec, exec_type, file_type;

init_daemon_domain(surfaceflinger)
typeattribute surfaceflinger mlstrustedsubject;

# Talk to init over the property socket.
unix_socket_connect(surfaceflinger, property, init)

# Perform Binder IPC.
binder_use(surfaceflinger)
binder_call(surfaceflinger, system)
binder_service(surfaceflinger)

# Access /dev/graphics/fb0.
allow surfaceflinger graphics_device:dir search;
allow surfaceflinger graphics_device:chr_file rw_file_perms;

# Access /dev/video1.
allow surfaceflinger video_device:chr_file rw_file_perms;

# Create and use netlink kobject uevent sockets.
allow surfaceflinger self:netlink_kobject_uevent_socket *;