| Tom Cherry | 63492cd | 2017-11-15 14:57:14 -0800 | [diff] [blame] | 1 | # Creating files on sysfs is impossible so this isn't a threat |
| 2 | # Sometimes we have to write to non-existent files to avoid conditional |
| 3 | # init behavior. See b/35303861 for an example. |
| 4 | dontaudit vendor_init sysfs:dir write; |
| Paul Crowley | aed0f76 | 2019-08-01 15:57:47 -0700 | [diff] [blame] | 5 | |
| 6 | # TODO(b/140259336) We want to remove vendor_init in the long term but allow for now |
| 7 | allow vendor_init system_data_root_file:dir rw_dir_perms; |
| Josh Gao | 0cac6fd | 2020-10-28 13:56:23 -0700 | [diff] [blame] | 8 | |
| 9 | # Let vendor_init set service.adb.tcp.port. |
| 10 | set_prop(vendor_init, adbd_config_prop) |
| Andrew Walbran | a995e84 | 2021-03-29 17:19:12 +0000 | [diff] [blame] | 11 | |
| Andrew Scull | aedd65a | 2021-10-08 12:13:46 +0000 | [diff] [blame] | 12 | # Let vendor_init react to AVF device config changes |
| 13 | get_prop(vendor_init, device_config_virtualization_framework_native_prop) |
| 14 | |
| Andrew Walbran | a995e84 | 2021-03-29 17:19:12 +0000 | [diff] [blame] | 15 | # chown/chmod on devices, e.g. /dev/ttyHS0 |
| 16 | allow vendor_init { |
| 17 | dev_type |
| 18 | -keychord_device |
| 19 | -kvm_device |
| 20 | -port_device |
| 21 | -lowpan_device |
| 22 | -hw_random_device |
| 23 | }:chr_file setattr; |