public/adbd.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # adbd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
 type adbd, domain;
 type adbd_exec, exec_type, file_type, system_file_type;

 # Only init is allowed to enter the adbd domain via exec()
 neverallow { domain -init } adbd:process transition;
 neverallow * adbd:process dyntransition;

 # Access /data/local/tests.
 allow adbd shell_test_data_file:dir create_dir_perms;
 allow adbd shell_test_data_file:file create_file_perms;
 allow adbd shell_test_data_file:lnk_file create_file_perms;
	# adbd seclabel is specified in init.rc since
	# it lives in the rootfs and has no unique file type.
	type adbd, domain;
	type adbd_exec, exec_type, file_type, system_file_type;

	# Only init is allowed to enter the adbd domain via exec()
	neverallow { domain -init } adbd:process transition;
	neverallow * adbd:process dyntransition;

	# Access /data/local/tests.
	allow adbd shell_test_data_file:dir create_dir_perms;
	allow adbd shell_test_data_file:file create_file_perms;
	allow adbd shell_test_data_file:lnk_file create_file_perms;