9bf0a0c141
Now that FDE (Full Disk Encryption) is no longer supported, the SELinux policy doesn't need to support it. Remove two rules that are no longer needed. Also update some comments that implied that other rules were needed only because of FDE support, when actually they are still needed for other reasons. Finally, fix some outdated documentation links. Bug: 208476087 Change-Id: I4e03dead91d34fcefdfcdc68d44dd97f433d6eaf
20 lines
707 B
Text
20 lines
707 B
Text
# vdc is a helper program for making Binder calls to vold. It is spawned from
|
|
# init for various reasons, such as initializing file-based encryption and
|
|
# metadata encryption, and managing userdata checkpointing.
|
|
#
|
|
# We also transition into this domain from dumpstate, when
|
|
# collecting bug reports.
|
|
|
|
type vdc, domain;
|
|
type vdc_exec, system_file_type, exec_type, file_type;
|
|
|
|
# vdc can be invoked with logwrapper, so let it write to pty
|
|
allow vdc devpts:chr_file rw_file_perms;
|
|
|
|
# vdc writes directly to kmsg during the boot process
|
|
allow vdc kmsg_device:chr_file { getattr w_file_perms };
|
|
|
|
# vdc talks to vold over Binder
|
|
binder_use(vdc)
|
|
binder_call(vdc, vold)
|
|
allow vdc vold_service:service_manager find;
|