df5469d864
Bug: 37916906 Test: Builds 'n' boots. Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668 Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb
36 lines
1 KiB
Text
36 lines
1 KiB
Text
# vdc spawned from init for the following services:
|
|
# defaultcrypto
|
|
# encrypt
|
|
#
|
|
# We also transition into this domain from dumpstate, when
|
|
# collecting bug reports.
|
|
|
|
type vdc, domain;
|
|
type vdc_exec, exec_type, file_type;
|
|
|
|
# TODO: remove as part of 13758960
|
|
unix_socket_connect(vdc, vold, vold)
|
|
|
|
# vdc sends information back to dumpstate when "adb bugreport" is used
|
|
# TODO: remove as part of 13758960
|
|
allow vdc dumpstate:fd use;
|
|
allow vdc dumpstate:unix_stream_socket { read write getattr };
|
|
|
|
# vdc information is written to shell owned bugreport files
|
|
# TODO: remove as part of 13758960
|
|
allow vdc shell_data_file:file { write getattr };
|
|
|
|
# Why?
|
|
# TODO: remove as part of 13758960
|
|
allow vdc dumpstate:unix_dgram_socket { read write };
|
|
|
|
# vdc can be invoked with logwrapper, so let it write to pty
|
|
allow vdc devpts:chr_file rw_file_perms;
|
|
|
|
# vdc writes directly to kmsg during the boot process
|
|
allow vdc kmsg_device:chr_file w_file_perms;
|
|
|
|
# vdc talks to vold over Binder
|
|
binder_use(vdc)
|
|
binder_call(vdc, vold)
|
|
allow vdc vold_service:service_manager find;
|