commit bc8dc3aa9d03598fc69df3e0b3990cddcf807616
author Tri Vo <trong@google.com> Sun May 26 13:17:08 2019 -0700
committer Tri Vo <trong@google.com> Sun May 26 14:19:26 2019 -0700
tree 68f796377c8252d188bca113981996217ed28eb3
parent b693197a34902c7d92006b2173a69d9620ee3e9f

DO NOT MERGE Fake 29.0 sepolicy prebuilts

I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:

mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec

Bug: 133196056
Test: n/a
Change-Id: I2cbe749777684146114c89e1e6fc3f07400c0ae5

prebuilts/api/29.0/public/vdc.te

diff --git a/prebuilts/api/29.0/public/vdc.te b/prebuilts/api/29.0/public/vdc.te
new file mode 100644
index 0000000..e638e50
--- /dev/null
+++ b/prebuilts/api/29.0/public/vdc.te
@@ -0,0 +1,20 @@
+# vdc spawned from init for the following services:
+#  defaultcrypto
+#  encrypt
+#
+# We also transition into this domain from dumpstate, when
+# collecting bug reports.
+
+type vdc, domain;
+type vdc_exec, system_file_type, exec_type, file_type;
+
+# vdc can be invoked with logwrapper, so let it write to pty
+allow vdc devpts:chr_file rw_file_perms;
+
+# vdc writes directly to kmsg during the boot process
+allow vdc kmsg_device:chr_file { getattr w_file_perms };
+
+# vdc talks to vold over Binder
+binder_use(vdc)
+binder_call(vdc, vold)
+allow vdc vold_service:service_manager find;