Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 3fce5ad00269b135ddcb8fc20e3641a681d46028 / . / private / adbd_common.te
blob: c24b0292702705516adb6e632e71389a5b62c61b [file] [log] [blame]
David Anderson9bae5152024-09-19 20:36:11 -0700[diff] [blame]1### ADB daemon common rules.
2### Put things here that are needed for both adbd proper and adbd in trade-in mode.
3
4# Connect to mdnsd via mdnsd socket.
David Anderson3fce5ad2024-10-11 08:58:23 -0700[diff] [blame^]5unix_socket_connect(adbd_common, mdnsd, mdnsd)
David Anderson9bae5152024-09-19 20:36:11 -0700[diff] [blame]6
7# adbd probes for vsock support. Do not generate denials when
8# this occurs. (b/123569840)
David Anderson3fce5ad2024-10-11 08:58:23 -0700[diff] [blame^]9dontaudit adbd_common self:{ socket vsock_socket } create;
David Anderson9bae5152024-09-19 20:36:11 -0700[diff] [blame]10
11# Allow adbd inside vm to forward vm's vsock.
David Anderson3fce5ad2024-10-11 08:58:23 -0700[diff] [blame^]12allow adbd_common self:vsock_socket { create_socket_perms_no_ioctl listen accept };
David Anderson9bae5152024-09-19 20:36:11 -0700[diff] [blame]13
14# Access device logging gating property
David Anderson3fce5ad2024-10-11 08:58:23 -0700[diff] [blame^]15get_prop(adbd_common, device_logging_prop)
David Anderson9bae5152024-09-19 20:36:11 -0700[diff] [blame]16
17# Use a pseudo tty.
David Anderson3fce5ad2024-10-11 08:58:23 -0700[diff] [blame^]18allow adbd_common devpts:chr_file rw_file_perms;
David Anderson9bae5152024-09-19 20:36:11 -0700[diff] [blame]19
20# Read persist.adb.tls_server.enable property
David Anderson3fce5ad2024-10-11 08:58:23 -0700[diff] [blame^]21get_prop(adbd_common, system_adbd_prop)
David Anderson9bae5152024-09-19 20:36:11 -0700[diff] [blame]22
23# Read whether or not Test Harness Mode is enabled
David Anderson3fce5ad2024-10-11 08:58:23 -0700[diff] [blame^]24get_prop(adbd_common, test_harness_prop)
David Anderson9bae5152024-09-19 20:36:11 -0700[diff] [blame]25
26# Set service.adb.tcp.port, service.adb.tls.port, persist.adb.wifi.* properties
David Anderson3fce5ad2024-10-11 08:58:23 -0700[diff] [blame^]27set_prop(adbd_common, adbd_prop)
28set_prop(adbd_common, adbd_config_prop)
David Anderson9bae5152024-09-19 20:36:11 -0700[diff] [blame]29
30# Read device's serial number from system properties
David Anderson3fce5ad2024-10-11 08:58:23 -0700[diff] [blame^]31get_prop(adbd_common, serialno_prop)