3ade7cefde
Currently vdc emits logs to stderr, which makes sense for command
line invocations, but when exec'ed they're silently dropped unless
the caller uses logwrapper.
avc: denied { read write } for path="/dev/pts/2" dev="devpts" ino=5 scontext=u:r:vdc:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0
Bug: 25796509
Change-Id: Ib92e0a7f580b1934a9853a83684f95b24bdc355c
26 lines
744 B
Text
26 lines
744 B
Text
# vdc spawned from init for the following services:
|
|
# defaultcrypto
|
|
# encrypt
|
|
#
|
|
# We also transition into this domain from dumpstate, when
|
|
# collecting bug reports.
|
|
|
|
type vdc, domain, domain_deprecated;
|
|
type vdc_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(vdc)
|
|
|
|
unix_socket_connect(vdc, vold, vold)
|
|
|
|
# vdc sends information back to dumpstate when "adb bugreport" is used
|
|
allow vdc dumpstate:fd use;
|
|
allow vdc dumpstate:unix_stream_socket { read write getattr };
|
|
|
|
# vdc information is written to shell owned bugreport files
|
|
allow vdc shell_data_file:file { write getattr };
|
|
|
|
# Why?
|
|
allow vdc dumpstate:unix_dgram_socket { read write };
|
|
|
|
# vdc can be invoked with logwrapper, so let it write to pty
|
|
allow vdc devpts:chr_file rw_file_perms;
|