1type usbforward, domain; 2type usbforward_exec, exec_type, vendor_file_type, file_type; 3 4init_daemon_domain(usbforward) 5 6# Virtual serial device I/O 7allow usbforward virtual_serial_device:chr_file rw_file_perms; 8 9# USB I/O 10allow usbforward usb_device:dir r_dir_perms; 11allow usbforward usb_device:chr_file rw_file_perms; 12 13# Read /sys/devices/platform/dummy_hcd.0/usb1/1-1/speed. Although this file is labelled 14# It is acceptable to give usbforward this wide access because usbforward is not a stock Android 15# domain and it does not run Android apps. Thus, the laxer access restrictions of this domain 16# do not impact how compatible the resulting Android emulator appears to system services and apps. 17allow usbforward sysfs:file r_file_perms; 18 19# Do not audit attempts to read /dev directory. This access does not appear to be necessary. 20dontaudit usbforward device:dir r_dir_perms; 21 22allow usbforward self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 23