1# Creating files on sysfs is impossible so this isn't a threat 2# Sometimes we have to write to non-existent files to avoid conditional 3# init behavior. See b/35303861 for an example. 4dontaudit vendor_init sysfs:dir write; 5 6# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now 7allow vendor_init system_data_root_file:dir rw_dir_perms; 8 9# Let vendor_init set service.adb.tcp.port. 10set_prop(vendor_init, adbd_config_prop) 11 12# chown/chmod on devices, e.g. /dev/ttyHS0 13allow vendor_init { 14 dev_type 15 -keychord_device 16 -kvm_device 17 -port_device 18 -lowpan_device 19 -hw_random_device 20}:chr_file setattr; 21