75806ef3c5
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
17 lines
474 B
Text
17 lines
474 B
Text
typeattribute vdc coredomain;
|
|
|
|
init_daemon_domain(vdc)
|
|
|
|
# Allow stdin/out back to vehicle_binding_util
|
|
allow vdc vehicle_binding_util:fd use;
|
|
|
|
# vdc can be invoked with logwrapper, so let it write to pty
|
|
allow vdc devpts:chr_file rw_file_perms;
|
|
|
|
# vdc writes directly to kmsg during the boot process
|
|
allow vdc kmsg_device:chr_file { getattr w_file_perms };
|
|
|
|
# vdc talks to vold over Binder
|
|
binder_use(vdc)
|
|
binder_call(vdc, vold)
|
|
allow vdc vold_service:service_manager find;
|