# adbd seclabel is specified in init.rc since | |
# it lives in the rootfs and has no unique file type. | |
type adbd, domain; | |
type adbd_exec, exec_type, file_type, system_file_type; | |
# Only init is allowed to enter the adbd domain via exec() | |
neverallow { domain -init } adbd:process transition; | |
neverallow * adbd:process dyntransition; | |
# Access /data/local/tests. | |
allow adbd shell_test_data_file:dir create_dir_perms; | |
allow adbd shell_test_data_file:file create_file_perms; | |
allow adbd shell_test_data_file:lnk_file create_file_perms; |