| # Creating files on sysfs is impossible so this isn't a threat |
| # Sometimes we have to write to non-existent files to avoid conditional |
| # init behavior. See b/35303861 for an example. |
| dontaudit vendor_init sysfs:dir write; |
| |
| # TODO(b/140259336) We want to remove vendor_init in the long term but allow for now |
| allow vendor_init system_data_root_file:dir rw_dir_perms; |
| |
| # Let vendor_init set service.adb.tcp.port. |
| set_prop(vendor_init, adbd_config_prop) |
| |
| # Let vendor_init react to AVF device config changes |
| get_prop(vendor_init, device_config_virtualization_framework_native_prop) |
| |
| # Let vendor_init use apex.<name>.ready to start services from vendor APEX |
| get_prop(vendor_init, apex_ready_prop) |
| |
| # chown/chmod on devices, e.g. /dev/ttyHS0 |
| allow vendor_init { |
| dev_type |
| -keychord_device |
| -kvm_device |
| -port_device |
| -lowpan_device |
| -hw_random_device |
| }:chr_file setattr; |