1# mediatuner - mediatuner daemon 2type mediatuner, domain; 3type mediatuner_exec, system_file_type, exec_type, file_type; 4 5typeattribute mediatuner coredomain; 6 7init_daemon_domain(mediatuner) 8hal_client_domain(mediatuner, hal_tv_tuner) 9 10binder_use(mediatuner) 11binder_call(mediatuner, appdomain) 12binder_service(mediatuner) 13 14add_service(mediatuner, mediatuner_service) 15allow mediatuner system_server:fd use; 16allow mediatuner tv_tuner_resource_mgr_service:service_manager find; 17allow mediatuner package_native_service:service_manager find; 18binder_call(mediatuner, system_server) 19 20# Read ro.tuner.lazyhal 21get_prop(mediatuner, tuner_config_prop) 22 23### 24### neverallow rules 25### 26 27# mediatuner should never execute any executable without a 28# domain transition 29neverallow mediatuner { file_type fs_type }:file execute_no_trans; 30 31# do not allow privileged socket ioctl commands 32neverallowxperm mediatuner domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 33 34