| ### trade-in mode |
| |
| type tradeinmode, domain, coredomain; |
| type tradeinmode_exec, exec_type, file_type, system_file_type; |
| |
| allow tradeinmode adbd_tradeinmode:fd use; |
| allow tradeinmode adbd_tradeinmode:unix_stream_socket { read write ioctl }; |
| |
| # Needed to enable trade-in mode for testing. |
| set_prop(tradeinmode, adbd_tradeinmode_prop) |
| |
| # Allow running from normal shell. |
| allow tradeinmode { adbd shell }:fd use; |
| allow tradeinmode adbd:unix_stream_socket { read write ioctl }; |
| |
| allow tradeinmode devpts:chr_file rw_file_perms; |
| |
| # Allow executing am/content without a domain transition. |
| allow tradeinmode system_file:file rx_file_perms; |
| allow tradeinmode zygote_exec:file rx_file_perms; |
| allow tradeinmode apex_info_file:file r_file_perms; |
| |
| allow tradeinmode activity_service:service_manager find; |
| |
| get_prop(tradeinmode, odsign_prop) |
| get_prop(tradeinmode, build_attestation_prop) |
| get_prop(tradeinmode, adbd_tradeinmode_prop) |
| set_prop(tradeinmode, powerctl_prop) |
| |
| # Needed to start activities through "am". |
| binder_call(tradeinmode, system_server) |
| binder_call(tradeinmode, servicemanager) |
| |
| # Needed to run "content". |
| binder_call(tradeinmode, platform_app) |