cae2368d2d
Since the property is supposed to be used by vendor-side .rc file as read-only (especially by vendor apex), it should be "system_restricted". Also allow vendor_init to read the property. Bug: 232172382 Test: boot cuttlefish (with vendor apex using the property) Change-Id: I502388e550e0a3c961a51af2e2cf11335a45b992
26 lines
874 B
Text
26 lines
874 B
Text
# Creating files on sysfs is impossible so this isn't a threat
|
|
# Sometimes we have to write to non-existent files to avoid conditional
|
|
# init behavior. See b/35303861 for an example.
|
|
dontaudit vendor_init sysfs:dir write;
|
|
|
|
# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now
|
|
allow vendor_init system_data_root_file:dir rw_dir_perms;
|
|
|
|
# Let vendor_init set service.adb.tcp.port.
|
|
set_prop(vendor_init, adbd_config_prop)
|
|
|
|
# Let vendor_init react to AVF device config changes
|
|
get_prop(vendor_init, device_config_virtualization_framework_native_prop)
|
|
|
|
# Let vendor_init use apex.<name>.ready to start services from vendor APEX
|
|
get_prop(vendor_init, apex_ready_prop)
|
|
|
|
# chown/chmod on devices, e.g. /dev/ttyHS0
|
|
allow vendor_init {
|
|
dev_type
|
|
-keychord_device
|
|
-kvm_device
|
|
-port_device
|
|
-lowpan_device
|
|
-hw_random_device
|
|
}:chr_file setattr;
|