• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Creating files on sysfs is impossible so this isn't a threat
2# Sometimes we have to write to non-existent files to avoid conditional
3# init behavior. See b/35303861 for an example.
4dontaudit vendor_init sysfs:dir write;
5
6# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now
7allow vendor_init system_data_root_file:dir rw_dir_perms;
8
9# Let vendor_init set service.adb.tcp.port.
10set_prop(vendor_init, adbd_config_prop)
11
12# chown/chmod on devices, e.g. /dev/ttyHS0
13allow vendor_init {
14  dev_type
15  -keychord_device
16  -kvm_device
17  -port_device
18  -lowpan_device
19  -hw_random_device
20}:chr_file setattr;
21