platform_system_sepolicy/public/vdc.te
Dan Cashman df5469d864 Sync internal master and AOSP sepolicy.
Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb
2017-09-27 18:55:47 -07:00

36 lines
1 KiB
Text

# vdc spawned from init for the following services:
# defaultcrypto
# encrypt
#
# We also transition into this domain from dumpstate, when
# collecting bug reports.
type vdc, domain;
type vdc_exec, exec_type, file_type;
# TODO: remove as part of 13758960
unix_socket_connect(vdc, vold, vold)
# vdc sends information back to dumpstate when "adb bugreport" is used
# TODO: remove as part of 13758960
allow vdc dumpstate:fd use;
allow vdc dumpstate:unix_stream_socket { read write getattr };
# vdc information is written to shell owned bugreport files
# TODO: remove as part of 13758960
allow vdc shell_data_file:file { write getattr };
# Why?
# TODO: remove as part of 13758960
allow vdc dumpstate:unix_dgram_socket { read write };
# vdc can be invoked with logwrapper, so let it write to pty
allow vdc devpts:chr_file rw_file_perms;
# vdc writes directly to kmsg during the boot process
allow vdc kmsg_device:chr_file w_file_perms;
# vdc talks to vold over Binder
binder_use(vdc)
binder_call(vdc, vold)
allow vdc vold_service:service_manager find;