| # adbd seclabel is specified in init.rc since |
| # it lives in the rootfs and has no unique file type. |
| type adbd, domain; |
| type adbd_exec, exec_type, file_type, system_file_type; |
| |
| # Only init is allowed to enter the adbd domain via exec() |
| neverallow { domain -init } adbd:process transition; |
| neverallow * adbd:process dyntransition; |
| |
| # Access /data/local/tests. |
| allow adbd shell_test_data_file:dir create_dir_perms; |
| allow adbd shell_test_data_file:file create_file_perms; |
| allow adbd shell_test_data_file:lnk_file create_file_perms; |