public/vdc.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # vdc spawned from init for the following services:
 #  defaultcrypto
 #  encrypt
 #
 # We also transition into this domain from dumpstate, when
 # collecting bug reports.

 type vdc, domain;
 type vdc_exec, exec_type, file_type;

 unix_socket_connect(vdc, vold, vold)

 # vdc sends information back to dumpstate when "adb bugreport" is used
 allow vdc dumpstate:fd use;
 allow vdc dumpstate:unix_stream_socket { read write getattr };

 # vdc information is written to shell owned bugreport files
 allow vdc shell_data_file:file { write getattr };

 # Why?
 allow vdc dumpstate:unix_dgram_socket { read write };

 # vdc can be invoked with logwrapper, so let it write to pty
 allow vdc devpts:chr_file rw_file_perms;

 # vdc writes directly to kmsg during the boot process
 allow vdc kmsg_device:chr_file w_file_perms;
	# vdc spawned from init for the following services:
	# defaultcrypto
	# encrypt
	#
	# We also transition into this domain from dumpstate, when
	# collecting bug reports.

	type vdc, domain;
	type vdc_exec, exec_type, file_type;

	unix_socket_connect(vdc, vold, vold)

	# vdc sends information back to dumpstate when "adb bugreport" is used
	allow vdc dumpstate:fd use;
	allow vdc dumpstate:unix_stream_socket { read write getattr };

	# vdc information is written to shell owned bugreport files
	allow vdc shell_data_file:file { write getattr };

	# Why?
	allow vdc dumpstate:unix_dgram_socket { read write };

	# vdc can be invoked with logwrapper, so let it write to pty
	allow vdc devpts:chr_file rw_file_perms;

	# vdc writes directly to kmsg during the boot process
	allow vdc kmsg_device:chr_file w_file_perms;