adbd.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # adbd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
 type adbd, domain;
 unconfined_domain(adbd)
 domain_auto_trans(adbd, shell_exec, shell)
 # this is an entrypoint
 allow adbd rootfs:file entrypoint;

 # Read /data/misc/adb/adb_keys.
 allow adbd adb_keys_file:dir search;
 allow adbd adb_keys_file:file r_file_perms;

 # Allow access in case /data/misc/adb still has the old type.
 allow adbd system_data_file:dir search;
 allow adbd system_data_file:file r_file_perms;

 # ndk-gdb invokes adb forward to forward the gdbserver socket.
 allow adbd app_data_file:dir search;
 allow adbd app_data_file:sock_file write;
 allow adbd appdomain:unix_stream_socket connectto;

 # ndk-gdb invokes adb pull of app_process, linker, and libc.so.
 allow adbd zygote_exec:file r_file_perms;
 allow adbd system_file:file r_file_perms;
	# adbd seclabel is specified in init.rc since
	# it lives in the rootfs and has no unique file type.
	type adbd, domain;
	unconfined_domain(adbd)
	domain_auto_trans(adbd, shell_exec, shell)
	# this is an entrypoint
	allow adbd rootfs:file entrypoint;

	# Read /data/misc/adb/adb_keys.
	allow adbd adb_keys_file:dir search;
	allow adbd adb_keys_file:file r_file_perms;

	# Allow access in case /data/misc/adb still has the old type.
	allow adbd system_data_file:dir search;
	allow adbd system_data_file:file r_file_perms;

	# ndk-gdb invokes adb forward to forward the gdbserver socket.
	allow adbd app_data_file:dir search;
	allow adbd app_data_file:sock_file write;
	allow adbd appdomain:unix_stream_socket connectto;

	# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
	allow adbd zygote_exec:file r_file_perms;
	allow adbd system_file:file r_file_perms;