1type vendor_shell, domain; 2type vendor_shell_exec, exec_type, vendor_file_type, file_type; 3 4allow vendor_shell vendor_shell_exec:file rx_file_perms; 5allow vendor_shell vendor_toolbox_exec:file rx_file_perms; 6 7# Use fd from shell when vendor_shell is started from shell 8allow vendor_shell shell:fd use; 9 10# adbd: allow `adb shell /vendor/bin/sh` and `adb shell` then `/vendor/bin/sh` 11allow vendor_shell adbd:fd use; 12allow vendor_shell adbd:process sigchld; 13allow vendor_shell adbd:unix_stream_socket { getattr ioctl read write }; 14 15allow vendor_shell devpts:chr_file rw_file_perms; 16allow vendor_shell tty_device:chr_file rw_file_perms; 17allow vendor_shell console_device:chr_file rw_file_perms; 18allow vendor_shell input_device:dir r_dir_perms; 19allow vendor_shell input_device:chr_file rw_file_perms; 20