blob: acbd84eb06caa8e2222d73e9a123c81fda56c5cc [file] [log] [blame]
# Creating files on sysfs is impossible so this isn't a threat
# Sometimes we have to write to non-existent files to avoid conditional
# init behavior. See b/35303861 for an example.
dontaudit vendor_init sysfs:dir write;
# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now
allow vendor_init system_data_root_file:dir rw_dir_perms;
# Let vendor_init set service.adb.tcp.port.
set_prop(vendor_init, adbd_config_prop)
# Let vendor_init react to AVF device config changes
get_prop(vendor_init, device_config_virtualization_framework_native_prop)
# Let vendor_init use apex.<name>.ready to start services from vendor APEX
get_prop(vendor_init, apex_ready_prop)
# chown/chmod on devices, e.g. /dev/ttyHS0
allow vendor_init {
dev_type
-keychord_device
-kvm_device
-port_device
-lowpan_device
-hw_random_device
}:chr_file setattr;