# vdc spawned from init for the following services:
#  defaultcrypto
#  encrypt
#
# We also transition into this domain from dumpstate, when
# collecting bug reports.

type vdc, domain;
type vdc_exec, exec_type, file_type;

unix_socket_connect(vdc, vold, vold)

# vdc sends information back to dumpstate when "adb bugreport" is used
allow vdc dumpstate:fd use;
allow vdc dumpstate:unix_stream_socket { read write getattr };

# vdc information is written to shell owned bugreport files
allow vdc shell_data_file:file { write getattr };

# Why?
allow vdc dumpstate:unix_dgram_socket { read write };

# vdc can be invoked with logwrapper, so let it write to pty
allow vdc devpts:chr_file rw_file_perms;

# vdc writes directly to kmsg during the boot process
allow vdc kmsg_device:chr_file w_file_perms;