1allow adbd self:{ socket vsock_socket } {create listen accept rw_socket_perms_no_ioctl}; 2# TODO(b/130668487): Label the vsock sockets. 3allow adbd unlabeled:{socket vsock_socket} rw_socket_perms_no_ioctl; 4allow adbd kernel:system module_request; 5 6recovery_only(` 7allow adbd tmpfs:dir w_dir_perms; 8allow adbd tmpfs:file create_file_perms; 9# TODO(b/130668487): Label the vsock sockets. 10allow su unlabeled:{ socket vsock_socket } rw_socket_perms_no_ioctl; 11') 12