| Tri Vo | bc8dc3a | 2019-05-26 13:17:08 -0700 | [diff] [blame^] | 1 | # adbd seclabel is specified in init.rc since |
| 2 | # it lives in the rootfs and has no unique file type. | ||||
| 3 | type adbd, domain; | ||||
| 4 | type adbd_exec, exec_type, file_type, system_file_type; | ||||
| 5 | |||||
| 6 | # Only init is allowed to enter the adbd domain via exec() | ||||
| 7 | neverallow { domain -init } adbd:process transition; | ||||
| 8 | neverallow * adbd:process dyntransition; | ||||
| 9 | |||||
| 10 | # Allow adbd start/stop mdnsd via ctl.start | ||||
| 11 | set_prop(adbd, ctl_mdnsd_prop) | ||||