ae5869abf4
Introduce hypervisor-generic type for VM managers: vm_manager_device_type. Bug: 274758531 Change-Id: I0937e2c717ff973eeb61543bd05a7dcc2e5dc19c Suggested-by: Steven Moreland <smoreland@google.com> Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
26 lines
886 B
Text
26 lines
886 B
Text
# Creating files on sysfs is impossible so this isn't a threat
|
|
# Sometimes we have to write to non-existent files to avoid conditional
|
|
# init behavior. See b/35303861 for an example.
|
|
dontaudit vendor_init sysfs:dir write;
|
|
|
|
# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now
|
|
allow vendor_init system_data_root_file:dir rw_dir_perms;
|
|
|
|
# Let vendor_init set service.adb.tcp.port.
|
|
set_prop(vendor_init, adbd_config_prop)
|
|
|
|
# Let vendor_init react to AVF device config changes
|
|
get_prop(vendor_init, device_config_virtualization_framework_native_prop)
|
|
|
|
# Let vendor_init use apex.<name>.ready to start services from vendor APEX
|
|
get_prop(vendor_init, apex_ready_prop)
|
|
|
|
# chown/chmod on devices, e.g. /dev/ttyHS0
|
|
allow vendor_init {
|
|
dev_type
|
|
-keychord_device
|
|
-vm_manager_device_type
|
|
-port_device
|
|
-lowpan_device
|
|
-hw_random_device
|
|
}:chr_file setattr;
|