# vdc is a helper program for making Binder calls to vold.  It is spawned from
# init for various reasons, such as initializing file-based encryption and
# metadata encryption, and managing userdata checkpointing.
#
# We also transition into this domain from dumpstate, when
# collecting bug reports.

type vdc, domain;
type vdc_exec, system_file_type, exec_type, file_type;

# vdc can be invoked with logwrapper, so let it write to pty
allow vdc devpts:chr_file rw_file_perms;

# vdc writes directly to kmsg during the boot process
allow vdc kmsg_device:chr_file { getattr w_file_perms };

# vdc talks to vold over Binder
binder_use(vdc)
binder_call(vdc, vold)
allow vdc vold_service:service_manager find;