| # mediatuner - mediatuner daemon |
| type mediatuner, domain; |
| type mediatuner_exec, system_file_type, exec_type, file_type; |
| |
| typeattribute mediatuner coredomain; |
| |
| init_daemon_domain(mediatuner) |
| hal_client_domain(mediatuner, hal_tv_tuner) |
| |
| binder_use(mediatuner) |
| binder_call(mediatuner, appdomain) |
| binder_service(mediatuner) |
| |
| add_service(mediatuner, mediatuner_service) |
| allow mediatuner system_server:fd use; |
| allow mediatuner tv_tuner_resource_mgr_service:service_manager find; |
| allow mediatuner package_native_service:service_manager find; |
| binder_call(mediatuner, system_server) |
| |
| # Read ro.tuner.lazyhal |
| get_prop(mediatuner, tuner_config_prop) |
| |
| # Read tuner.server.enable |
| get_prop(mediatuner, tuner_server_ctl_prop) |
| |
| ### |
| ### neverallow rules |
| ### |
| |
| # mediatuner should never execute any executable without a |
| # domain transition |
| neverallow mediatuner { file_type fs_type }:file execute_no_trans; |
| |
| # do not allow privileged socket ioctl commands |
| neverallowxperm mediatuner domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; |
| |