Create vdc domain The init.rc one-shot services "defaultcrypto" and "encrypt" call out to the /system/bin/vdc command line to ask vold to perform encryption operations. Create a new domain for these one-shot services. Allow the vdc domain to talk to vold. Change-Id: I73dc2ee4cc265bc16056b27307c254254940fd9f

commit: bf8a37b8eb00568d677c789f3857681ef41e4a92 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Jun 20 18:11:11 2014 -0700
committer: Nick Kralevich <nnk@google.com> Sat Jun 21 01:40:54 2014 +0000
tree: 40089745daa1b6419038805f0edd0e8d1c051e39
parent: ed21bfca194d8a5d88e8ed00c22db044cafdb611 [diff]
diff --git a/file_contexts b/file_contexts
index dd09c1f..85a1b04 100644
--- a/file_contexts
+++ b/file_contexts

@@ -158,6 +158,7 @@
 /system/bin/logd        u:object_r:logd_exec:s0
 /system/bin/uncrypt     u:object_r:uncrypt_exec:s0
 /system/bin/logwrapper  u:object_r:system_file:s0
+/system/bin/vdc         u:object_r:vdc_exec:s0
 #############################
 # Vendor files
 #

diff --git a/vdc.te b/vdc.te
new file mode 100644
index 0000000..a5ca2f2
--- /dev/null
+++ b/vdc.te

@@ -0,0 +1,10 @@
+# vdc spawned from init for the following services:
+#  defaultcrypto
+#  encrypt
+
+type vdc, domain;
+type vdc_exec, exec_type, file_type;
+
+init_daemon_domain(vdc)
+
+unix_socket_connect(vdc, vold, vold)
commit	bf8a37b8eb00568d677c789f3857681ef41e4a92	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Jun 20 18:11:11 2014 -0700
committer	Nick Kralevich <nnk@google.com>	Sat Jun 21 01:40:54 2014 +0000
tree	40089745daa1b6419038805f0edd0e8d1c051e39
parent	ed21bfca194d8a5d88e8ed00c22db044cafdb611 [diff]