| David Anderson | 9bae515 | 2024-09-19 20:36:11 -0700 | [diff] [blame^] | 1 | ### ADB daemon common rules. |
| 2 | ### Put things here that are needed for both adbd proper and adbd in trade-in mode. |
| 3 | |
| 4 | # Connect to mdnsd via mdnsd socket. |
| 5 | unix_socket_connect(adbd, mdnsd, mdnsd) |
| 6 | |
| 7 | # adbd probes for vsock support. Do not generate denials when |
| 8 | # this occurs. (b/123569840) |
| 9 | dontaudit { adbd } self:{ socket vsock_socket } create; |
| 10 | |
| 11 | # Allow adbd inside vm to forward vm's vsock. |
| 12 | allow { adbd } self:vsock_socket { create_socket_perms_no_ioctl listen accept }; |
| 13 | |
| 14 | # Access device logging gating property |
| 15 | get_prop(adbd, device_logging_prop) |
| 16 | |
| 17 | # Use a pseudo tty. |
| 18 | allow { adbd } devpts:chr_file rw_file_perms; |
| 19 | |
| 20 | # adb push/pull /data/local/tmp. |
| 21 | allow { adbd } shell_data_file:dir create_dir_perms; |
| 22 | allow { adbd } shell_data_file:file create_file_perms; |
| 23 | |
| 24 | # Read persist.adb.tls_server.enable property |
| 25 | get_prop(adbd, system_adbd_prop) |
| 26 | |
| 27 | # Read whether or not Test Harness Mode is enabled |
| 28 | get_prop(adbd, test_harness_prop) |
| 29 | |
| 30 | # Set service.adb.tcp.port, service.adb.tls.port, persist.adb.wifi.* properties |
| 31 | set_prop(adbd, adbd_prop) |
| 32 | set_prop(adbd, adbd_config_prop) |
| 33 | |
| 34 | # Read device's serial number from system properties |
| 35 | get_prop(adbd, serialno_prop) |